Compliance

Q-Park has been working on its compliance programme for several years. We are clearly maturing in many of our compliance areas. In 2022, we again assessed our progress and conducted additional analysis of the risks we face. We defined further steps to ensure our risk management mechanisms are embedded throughout the organisation.

Compliance for continuity

Compliance is important to any organisation and at Q-Park we take all aspects of compliance seriously.

• Our compliance programme covers the most relevant compliance areas for Q-Park. It helps us structure our approach to compliance and is therefore designed to minimise risks to the continuity of our business.

• Our compliance programme ensures that actions taken as part of the risk control cycle are performed based on a clearly defined plan with clear roles and responsibilities. Our compliance programme also ensures that the tone at the top regarding the importance of compliance is consistent.

We aim to comply with national and European laws and regulations regarding our industry. Our risk management policy states that we are averse to the risk of non-compliance with relevant laws or regulations, and to non-compliance with our own codes, contractual agreements, and covenants.

Compliance focus areas

Our priority compliance focus areas are:

• Information security, including PCI DSS

• Ethics and Integrity

• Employment and pensions policy

• Tax, per country and at corporate level

• GDPR

• Risk Control framework

Information security receives special attention

As part of our compliance programme we have established a Cybersecurity Training and Awareness Programme for employees. This is a practical, online training designed to create a culture in which expected security behaviour becomes embedded. And as a result, all relevant individuals make effective risk-based decisions which protect critical and sensitive information throughout the organisation.

We have a multi-year Cybersecurity Awareness Programme in place. This is based on the Q-Park Information Security Governance Framework and is designed to raise awareness of digital security issues among all employees. The online training consists of several modules and relevant topics such as phishing, smartphone risks, identity fraud, social media and internet use.

Ethics and integrity

In 2022, the compliance programme team continued work on the ethics and integrity project plan. We have the Q-Park Integrity Policy and Trade Sanctions Policy in place. A training and awareness programme is scheduled every two years to raise awareness of the importance of this compliance area and to make improvement actions sustainable.