Worldline - 2019 Universal Registration Document

D

EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Building customer trust with reliable, secured, innovative and sustainable solutions

KEY RESULTS AND OBJECTIVES Thus, in 2019, Worldline’s services availability rate was over 99.95% for SIPS Solution highlighting a secure and robust platform [WL1].

Targets 2020

2019

Indicator

2015

2016

2017

2018

Quality Score – Contracts’ Service Availability & Response Time % of incident responses compliant with Worldline security policy

-

-

-

9,608

9,871

9,875

-

97% 98.67% 98.74% 99.64%

100%

Guarantee data protection [GRI 102-13] D.2.4 [GRI 103-1 Customer privacy] [GRI 418-1]

Worldline’s comprehensive data protection approach D.2.4.1

Every day, Worldline processes huge volumes of personal data for its own use and on behalf of its customers. As a fundamental right, this personal data, meaning by that, any information relating to an identified or identifiable natural person (such as a name, an identification number, specific genetic factors, etc.) used in day to day business from both Worldline’s customers and employees is managed to comply with the strictest applicable regulations. Worldline also leverages the stakes raised by the increasing processing of personal data as a differentiating criterion, thereby Since November 2014, Worldline has been part of the Atos group Binding Corporate Rules (BCR) for the processing of personal data, both as a data controller (for itself) and as a data processor (on behalf of its clients). With Worldline leaving the Atos group, the application of BCR for Worldline is no longer creating a benefit for data protection and hence has been limited until end 2019. From 2020 all Worldline Group entities worldwide will stay bound by the same obligations and processes, regardless of the country in which they are located, based on Worldline’s data protection policies and reflected by relevant certification such as ISO 27001. The use of BCR to process data outside of the EU with an adequate level of protection will be replaced by the use of Standard Contractual

guaranteeing a high level of protection to its employees’ and customers’ personal data. In this regard, Worldline complies with data protection regulation and informs and limits collection of essential personal identifiable information to the strict minimum required for the running of its operations and Consistently with this approach, Data Protection was prioritized among the four most significant extra-financial business risks identified by Worldline. business projects.

Binding Corporate Rules: Worldline still in scope in 2019 D.2.4.2

Clauses, another mechanism in line with the General Data

Protection Regulation (GDPR).

Following a risk-based approach, Worldline fulfills the strict obligations to do detailed assessments and ultimately to demonstrate their compliance with the rules and regulations set out in the GDPR. Worldline is prepared to meet the requirements of this regulation, with a specific focus on, but not limited to, the enhanced data subjects’ rights, the assessment and mitigation of risks for data subjects and the comprehensive documentation of all activities related to data protection.

114

Universal Registration Document 2019