Suppliers code of conduct

7 6. ETHICS AND BUSINESS PRACTICES 6.1 Fair competition The Supplier undertakes to conduct its business in line with the principles of free competition and fairness and to refrain from any misleading or illegal market practices and any anti-competitive behaviour. 6.2 Corruption, extortion, embezzlement and money laundering The Esselunga Group does not tolerate any form of fraud, corruption, extortion, embezzlement or money laundering. The Supplier shall operate in full compliance with the law, with transparency, in- tegrity and fairness. The Supplier shall therefore refrain from offering, promising, paying, requesting, receiving, accepting directly or indirectly, money or other benefits in order to obtain an unlawful advantage. The Supplier shall take all appropriate measures to prevent its business from being used for money laundering. 6.3 Conflict of interest The Supplier undertakes to avoid any situation that could lead to a conflict of interest and, before entering into any commercial and/or contractual relationship and in the continuation thereof, to inform the Esselunga Group of the presence of a conflict of interest or any situation that could lead to a conflict of interest. 6.4 Privacy, confidentiality and secrecy of data and information The Supplier shall treat personal data and information acquired in the course of the contractual relationship in accordance with the laws on data protection and confidentiality of information, as well as with the best practices applicable in the jurisdictions in which it operates. The Supplier shall only use the personal data collected for purposes that are le- gitimate, defined and appropriate for the conduct of its business. The Supplier guarantees that it is able to comply with all the conditions required by law when processing personal data as a Data Controller. The Supplier, in relation to the privacy role covered, guarantees to be able to comply with the criteria of reliability and adequacy of the technical and organi- sational security measures adopted so that the processing of personal data, both its own and those of third parties, meets the requirements on the protection of personal data, the protection of the rights of the person concerned is guaranteed and a level of security appropriate to the risk is ensured and storage for a period congruent with the expressed need and the purpose pursued. The Supplier warrants that it has properly trained the persons authorised to pro- cess data, and that it has, in accordance with applicable law, correctly identified the privacy roles in the performance of its activities and services. The Supplier is required to ensure, in compliance with applicable legislation and where it processes personal data on behalf of the Esselunga Group, that it has a privacy organisation chart, a record of processing activities, a procedure for handling requests from data subjects and for managing personal data breaches. The Esselunga Group also expects the Supplier to put in place organisational and technological measures to ensure high standards of IT security to ensure the confidentiality of the information and data shared.