We aim to ensure our business partners also take responsibility and make this the basis of our cooperation, so as to be able to build reliable, long-term relationships and assume responsibility together. In addition to our existing close cooperation and personal contacts with our business partners, especially in the wholesale area, the contracts we have agreed with major suppliers of smartphones and other ICT devices in particular specify that ethical principles and working standards must be observed. Partner Management is in close contact with our major wholesalers here.
The National Action Plan for Business and Human Rights (NAP) and Germany’s LkSG expect large enterprises to take responsibility throughout their value chain, to perform a risk analysis, and then on this basis to introduce an appropriate corporate due diligence process to ensure respect for human rights. The five core elements of the NAP are:
The requirements of the new LkSG will enter into force on January 1, 2023. United Internet has already taken measures to prepare for the new human rights due diligence requirements this will bring. Among other things, these include process-driven preventive measures in its own operations and the implementation of a grievance procedure. In the following year, United Internet will compare the new due diligence requirements with the measures it has already implemented, identify any new action areas that may be required, and introduce any necessary new measures.
For United Internet, respect for human rights is an integral component of its corporate culture. The Company has committed itself to observing the United Nations’ Universal Declaration on Human Rights. It has taken measures to prevent, mitigate, and redress any potential adverse human rights impacts. In this context, United Internet bases its activities on the UN Guiding Principles on Business and Human Rights. We have included principles designed to ensure respect for human rights in our corporate values and our Code of Conduct.
We have established confidential reporting channels to enable adverse impacts to be identified at an early stage. By appointing compliance managers and designated persons of trust, the organization has created confidential points of contact for employees outside their immediate working environments. These personal reporting channels are supplemented by IntegrityLine, the new electronic whistleblowing system that was introduced in 2021 and that enables whistleblowers to remain anonymous if desired. The goal of these grievance mechanisms is to become aware of any human rights complaints at an early stage and to get to the bottom of all complaints regarding human rights violations. There were no indications in fiscal year 2021 of any violations suggesting actually or potentially adverse human rights impacts.
As regards our business partners, we consider appropriate working conditions – from the remuneration paid through working times down to occupational safety – to be a key relevant topic. In light of these issues and other topics affecting the supply and value chain, United Internet has introduced a Code of Conduct for Business Partners that formulates the expectations it has of business partners regarding human rights topics, among other things.
The risk of human rights violations within the United Internet Group is very small: As of the 2021 year-end, United Internet employed 8,199 (2020: 7,929; 2019: 7,761) members of staff in Germany. No human rights risks were established for these employees. In addition, United Internet employed 1,776 (2020; 1,709; 2019: 1,613) members of staff outside Germany, mostly in the EU or in OECD countries with strict labor law standards; no human rights risks were established for these employees either.
Formal reporting on human rights due diligence is mainly performed in connection with the sustainability report. This external communication is flanked by our readiness to enter into an open dialog with customers, interested stakeholders, and (potentially) affected individuals, and to provide information if requested.
Code of Conduct for Business Partners (German only) builds on our corporate values to define minimum social and environmental standards in the areas of business integrity and compliance, human rights and labor rights, health and safety, and the environment. The Code specifies how the requirements are to be met and provides information on suitable channels for reporting any indications of problems. For example, United Internet provides employees at our business partners who want to notify it of potential violations of the law or of the Code of Conduct for Business Partners with a confidential reporting channel. At the same time, its business partners must ensure that employees are aware of this confidential reporting channel and that they can use it without any fear of reprisals.
The Code of Conduct for Business Partners requires business partners to take appropriate measures to comply with all applicable laws, regulations, and requirements (compliance). No undue benefits may be requested or offered; anti-corruption laws and regulations, and competition law and antitrust regulations must be observed; and sanctions and embargoes that have been imposed must be complied with (fair competition). In addition, suitable technical and organizational measures must be taken to protect the confidentiality, availability, and integrity of all information transmitted by United Internet, and in particular of sensitive corporate data and personal data (information security and data privacy).
With respect to human rights, the Code of Conduct for Business Partners is based on the UN Guiding Principles on Business and Human Rights. The Code stipulates that appropriate measures must be taken to prevent, mitigate and, if necessary, redress adverse human rights impacts, and that it also expects business partners to do this.
In concrete terms, the Code of Conduct for Business Partners contains requirements to comply with the rules governing working times, wages, and social security benefits (wages and working times). In addition, business partners may not use any form of forced, prison, slave, or compulsory labor, and the use of conflict minerals must be examined and prevented, especially during the procurement and manufacture of goods (voluntary labor). Business partners may not employ children under the minimum age specified by the International Labour Organization (ILO) or national legislation (no child labor). Above and beyond this, business partners must ensure working environments are free from psychological, physical, sexual, or verbal abuse, intimidation, threats, or harassment, and must undertake to ensure equal opportunities in their human resources decisions. Discrimination on the basis of nationality and national origin, ethnicity, political affiliation, gender, religion or belief, disability, age, or sexual identity is prohibited (prohibition on discrimination).
See the ILO Conventions and Recommendations.
Business partners must ensure safe, healthy working environments in order to prevent accidents and sickness. Among other things, this includes holding regular training courses and providing suitable protective clothing.
Business partners undertake to comply with all applicable environmental legislation and to ensure the conservation of natural resources. Business partners whose activities have significant ecological impacts on the environment should have effective environmental management policies in place to reduce the adverse impacts of their products and services on the environment.
The Code of Conduct for Business Partners has been incorporated into the contracts entered into with business partners by including it in our General Terms and Conditions for Procurement (German only).
The establishment of reporting channels has ensured that external call center staff can draw attention to any cases of fraud of which they have become aware in the course of their support and sales activities. United Internet performs a systematic review of the outsourcing service providers with which it interfaces (due diligence outsourcing or DDO). This due diligence is built around self-reporting by the service provider using lists of questions on specific topics, plus a subsequent analysis and assessment by United Internet. The standardized review focuses on the organizational, financial, and legal position of the outsourcing service providers with whom contracts have been signed. This allows information about compliance and the internal control system (ICS), among other things, to be captured. Since 2019, the review includes all segments with outsourcing activities, and is performed in close cooperation with the departments performing the outsourcing (in addition to Consumer Access(1) these are Consumer Applications and Business Applications). We have established binding rules to prevent fraud in the support and sales functions at our outsourcing service providers and have agreed them with our partners. We have implemented an internal control function to review conspicuous behavior by both external and internal call center employees. The results are documented in a review report and addressed, in the form of concrete recommendations for measures, to Compliance, Legal, and the management of the operating segments responsible for implementing the measures, among other instances. In fiscal year 2021, a total of 10 outsourcing service providers were reviewed. This means that, five years after the DDO process was introduced, a large proportion of the call centers with which interfaces exist have now been reviewed. There were no material indications of adverse impacts in relation to the social aspects of working practices, human rights, and compliance.
(1) To date, this comprises 1&1 Telecommunication SE and its subsidiaries. The entire 1&1 Group already performs a thorough review of its service providers.
Six members of staff have been trained as auditors for our strict data protection requirements so as to ensure that regular reviews of these areas can also be performed at the call center service providers that 1&1 uses. Going forward, regular on-site audits of these service providers will be performed in addition to the abovementioned DDO reviews. No on-site audits could be performed in 2021 due to the pandemic. As soon as this becomes possible again, at least one regular audit per year and service provider is planned. The idea is to alternate full audits performed by two auditors with focused checklist audits across a two-year cycle. The latter should be performed unannounced if possible, or at most at short notice.