Welcome to the ZF Trustline

Your local contact person

Want to report to your local ZF entity instead of to Corporate Compliance, please contact the respective member of the ZF Compliance Community by following the link:

https://web-mp04.emea.zf-world.com/sites/0981/Lists/ComplianceDelegatePublic/AllItems.aspx

You can also contact us at casemanagement@zf.com.

Why should I make a report?

Compliance with the applicable laws and the internal guidelines of the company, as well as resulting behaviour that is lawful and proper, is of the highest priority at ZF.

The ZF Trustline supports this priority, allowing employees, customers and business partners to submit reports (anonymously, if desired) regarding potential compliance violations in identified categories. These reports allow us to protect against behaviour that is damaging to the business, reputation and employees of ZF.

What reports help ZF?

You can make good faith reports concerning potential violations in the following categories:

Violation of antitrust law

Violations of laws designed to ensure and maintain a proper competition in the market by protecting trade from abusive practices such as anti-competitive agreements between competitors and monopolization.

Corruption and bribery

Corruption can be defined as dishonest or fraudulent conduct by a person in power, typically to achieve an improper benefit. One form of corruption is bribery. Bribery includes the improper use of gratuities, such as gifts, entertainment and hospitality, in exchange for improper gain. Corruption can be committed both actively (such as asking, offering, promising or granting an improper gratuity) and passively (such as acceptance of improper gratuities).

Conflict of interest

A conflict of interest is a situation where a person or company is involved in multiple interests, and one or more of these interests could possibly corrupt the motivation or decision-making of that person or company. For example, a conflict of interest includes a situation in which an employee has a personal interest, especially economic, that could possibly influence or interfere with the employee's job responsibilities.

Violation of Product Regulatory Compliance

Possible violation of product regulatory compliance, for example in the areas of product safety and minimum performance standards, environmental compliance, or any inconsistency with product conformity e.g., congruence of actual functions with advertised and documented functions.

Fraud and financial reporting concerns

Fraud can be defined as wrongful or criminal actions that are intended to deceive others in order to result in improper personal or financial gain. Fraud can include the intentional distortion of facts to others in order to induce them to grant benefits to the person behaving fraudulently. Fraudulent actions can include actions taken to benefit the individual or the company. Financial reporting concerns comprise any activity that is in violation of generally accepted accounting principles and thereby violates financial reporting policies or practices of the company. Financial reporting concerns can include improper reporting or accounting of items, causing misrepresentation on the company's books and records.

Anti-Money Laundering

Process of placing assets from illegal sources or illegal business activities (e.g. drug trafficking, theft, etc.) into the legal financial or economic cycle for the purpose of concealing or disguising the illicit origin of the assets.

Violation of Data Privacy Laws

Violations of privacy laws designed to ensure that privacy of individuals remain protected and the processing of personal date does not have unlawful negative impacts on their rights and freedoms.

Violation of export controls and sanctions regulations.

Violations of laws designed to ensure goods (including software and technology) do not get into the wrong hands or used for dangerous purposes (e.g., Weapons of Mass Destruction).

Environmental, Health and Safety (EHS) violations or concerns

Violation of EHS rules and requirements, unsafe place of work, environmental pollution not taken seriously by site leaders

Violation of human rights

We place great value on mutual respect, trust, tolerance and fairness in our business as well as in our dealings with our business partners. The dignity, privacy and personal rights of every individual shall be respected.

We reject any form of human trafficking, forced labor and child labor. Indeed, we do our utmost to abolish slavery, forced labor and exploitative child labor.

Furthermore, we do not tolerate any discrimination on the grounds of race, gender, religion, age, nationality, social or ethnic origin, pregnancy, disability, ideology, sexual orientation, political and trade union engagement or other characteristics.

Employment-related matters

Violations of national employment law in the country where you work, company policy, or negotiated terms and conditions of employment. This can include claims of mobbing, harassment, discrimination, compensation, or violations of specific company policy.

Other material violations of policies or law

This category is for other materials violations of ZF policies or laws. This includes crimes, violations and breaches that put ZF at risk of signification financial loss or serious reputational damages.

As examples, topics can include material violations that relate to: money laundering laws, export control and customs laws, theft, blackmail, spying or sabotage, bankruptcy laws, and product compliance topics.

In addition, violations of occupational health and safety regulations, such as laws that protect employee safety, can constitute a criminal offense and serious violation for ZF. Also, violations of environmental protection laws and regulations can pose a serious threat for ZF, such as environmental pollution and improper handling of hazardous waste.

What is the process for submitting a report? How do I set up a postbox?

To submit an anonymous or personalized report, start by clicking the "Submit report" button located at the top of the introduction page.

There are 4 steps to the report process:

• First, you will be asked to read some information on the protection of your anonymity and to respond to a security query.
• Second, on the following page, you will be asked about the category of your report.
• Third, on the report page, you can elaborate on your report in your own words and answer questions about the incident by simply selecting from available responses. The reporting system allows you to type up to 5,000 characters into the free text field. You may also submit a file of up to 10MB to support your report. Please keep in mind that files may contain identifying information about the author. Once you submit your report, you will receive a confirming reference number.
• Finally, you will be given the opportunity to set up your own secured postbox. This will allow you to communicate with us via this postbox, including answers to questions and information about the progress of your report. You may use this secured postbox on an anonymous basis.

Should you already have a secured postbox, you can access it directly via the “Login” button on the ZF Trustline introduction page.

As long as you do not enter any data that could reveal your identity, the BKMS^® System used by the ZF Trustline protects your anonymity from a technical perspective.

We encourage you to provide as much detail as possible in your report, and remind you that reports should only be made in good faith.

How can I receive feedback from ZF and still remain anonymous?

The BKMS^® System used by the ZF Trustline places the utmost importance on the protection of the whistleblower.

When submitting a report, you will be given the opportunity to set up a secured postbox. When setting up your secured postbox, you will select a user name and password yourself. Your report is kept anonymous through encryption and other special security routines. You are not required to give any personal details at any time during the reporting process should you not wish to do so. If you wish to remain anonymous as part of the reporting process, do not submit any information that can be traced back to you, and if possible avoid using PC's for your report that are provided by ZF.

As part of the report handling process, the secured postbox will be used to provide any feedback or to ask any necessary follow-up questions. Using the secured postbox, you will remain anonymous during this dialogue. This allows us to focus on the report contents. Depending on the subject matter of the report, various different departments at ZF may be involved to look into and/or handle a report, and may also communicate with you via the secured postbox. If the report was made anonymously, then the report will remain anonymous as part of the involvement of these various departments.

Procedure for whistleblowing complaints and reports to ZF Group

Responsible, fair and sustainable action is a priority for ZF Group and an integral part of our values. We are convinced that only such action leads to long-term success.

ZF Group follows different legal requirements e.g., the German Supply Chain Due Diligence Act (LkSG), the requirements from EU-Directive 2019/1937, and others.

The LkSG imposes certain requirements in connection with complaint procedures. In short, it requires ZF Group to provide potentially affected persons inside and outside of ZF Group effective and accessible ways to address their complaints. All complaints must be handled in a fair and transparent manner. The LkSG is not limited to ZF´s operations in Germany, it also applies to its global operations, company suppliers, customers and other business partners. ZF Group is required by the LkSG to make its complaint procedure rules publicly available.

1 Corporate-wide rules of procedure for whistleblowing complaints and reports

ZF Group operates a corporate-wide, transparent, publicly available, and standardized complaint and reporting procedure that is fully accessible. All complaints and reports from employees or third parties are treated similarly insofar as it is legally permitted.

2 Who can open a complaint or report?

The complaint and reporting procedure is open to all ZF Group employees, customers, business partners and other external persons.

3 What can I report?

Any complaint or report of suspected or actual violations of laws or internal regulations that falls into one of the following categories:

• Violation of competition and antitrust law
• Corruption & Bribery
• Conflict of Interest
• Violation of Product Regulatory Compliance
• Fraud and Financial Reporting Concerns
• Anti-Money Laundering
• Violation of Data Privacy Laws
• Violation of export controls and sanctions regulations
• Environmental, Health and Safety (EHS) violations or concerns
• Violation of human rights
• Employment-related matters
• Other material violations of policies or law

4 Reporting channels for complaints or reports

ZF Group has various reporting channels for complaints or reports. Complaints and reports can be submitted via the “ZF Trustline” hotline 24 hours a day, 7 days a week (https://www.bkms-system.net/zf). They can be in writing or by phone – also anonymously if desired.

There is the option for the reporter to create a postbox to enable anonymous communication between the reporter and ZF Compliance.

The ZF Trustline is available in many different languages and is managed by an independent operator. The data is stored on protected servers and is encrypted so that the content of the complaints or reports is processed exclusively by ZF.

If you prefer to contact someone directly at ZF Group, feel free to get in contact with the ZF Compliance department via email: casemanagement@zf.com.

5 Handling of reports within ZF Group

All complaints and reports, regardless of how they were submitted, are handled by the ZF Compliance Case Management Department. The Compliance Case Management Department reports directly to the Chief Compliance Officer, who has access to the Board of Management and the Supervisory Board of ZF Group. Employees of Compliance Case Management are subject to a special duty of confidentiality, are impartial, and have the necessary expertise to professionally handle complaints.

6 Confidentiality, protection of my identity

All complaints and reports may be submitted anonymously and ZF Group takes great care to protect you as a reporter and ensure your complaint or report is kept confidential. Confidential data may only be disclosed on an as-needed basis as permitted by law. These principles apply regardless of the reporting channel.

7 How do I know my complaint or report is being processed?

Within seven days of receipt of your complaint or report, you will receive an acknowledgement of receipt from ZF Group, provided that you have established a postbox within the ZF Trustline or have otherwise provided us with an opportunity to contact you.

8 Will all complaints and reports be processed?

ZF Group takes all complaints and reports seriously. The Compliance Case Management Department examines each report to clarify whether there is sufficient information to process the matter. We may request additional information from you.

9 Processing of my report and feedback

After Compliance Case Management examines your complaint or report, it may forward it to another responsible department within the company for handling and fact-finding or to a competent authority. All reports are recorded in the Case Management System.

The Compliance Case Management Department may itself handle the report or complaint. If an internal investigation is deemed necessary, an investigation project will be initiated. During the investigation, the Compliance Investigation Department reviews relevant documents, speaks with witnesses, and affected parties, and, if necessary, analyzes electronic data. If the report will be handled by a special department (e.g., HR) the reporter will be informed about that.

All employees who are involved in internal fact-finding activities must adhere to certain rules of conduct, including:

• The whistleblower must be protected! Neither names nor details may be disclosed without reason.
• Any clarification must be done fairly and with respect. All facts shall be evaluated objectively and conscientiously.
• The persons concerned have the right to be heard.
• Data and information must be treated confidentially.
• As soon as an employee notices that it is difficult for him or her to conduct the fact-finding objectively for personal reasons, he or she must report this conflict of interest.
• The responsible department will then transfer the case to another employee.

At the end of the fact-finding process, the results are summarized in a report that is distributed to relevant internal stakeholders. Results may include recommendations for disciplinary action or other remedial measures, including risk management and internal process measures.

The Compliance Case Management Department can close the case if the report was incomplete or not comprehensible.

Insofar as it is possible and legally permissible for us to do so, we will inform the reporter within three months of the measures taken – even if the fact-finding activities have not been completed by then.

10 How am I protected as a reporter?

ZF will not tolerate retaliation of any kind!

Persons who in good faith submit complaints or reports will be fully protected. If you believe you or anyone else has been retaliated against or in any way has been treated differently for submitting a complaint or report, you should inform our company immediately through any of its reporting channels (preferably via ZF Trustline).

We follow up on all plausible allegations of retaliation or mistreatment. Measures will be imposed in response to substantiated acts of retaliation.