Main content:
Code of Ethics and Compliance
Company: Forster Holding GmbH – as well as all companies affiliated with it in the group of companies
Version: 1.0 | Published: 16th May 2025
Scope of application: Worldwide; all employees, managers, bodies and – if contractually agreed – business partners (see also Code of Conduct for Suppliers).
1 Purpose and mission statement
This Code brings together all the ethical and legal principles of the Forster Group in a single binding document. It combines the Compliance Guidelines (18th January 2025) and the Code of Conduct (26th April 2025), which were previously maintained separately. The goal is to create a clear, accessible set of rules that apply equally to all employees and business partners and provide guidance for responsible action.
2 Basic principles
We are committed to complying with all laws, acting with integrity, respecting the dignity of every human being, making our business processes transparent, and promoting a culture of personal responsibility. These five principles form the foundation of all our decisions and activities worldwide.
2.1 Compliance with laws and other regulations
In all business decisions and actions, Forster Holding GmbH – as well as all companies affiliated with it in the group of companies – strives to comply with all applicable laws and relevant regulations in Austria and abroad. This obligation applies regardless of whether regulations are of national, European or international origin. Integrity and sincerity shape our presence on the market and promote fair competition, including in relation to customers, suppliers, and other business partners.
3 Anti-corruption and bribery
Corruption – the abuse of entrusted power for private gain – has no place in our company. We have a strict, zero-tolerance policy. This prohibition applies worldwide and without restriction to all employees and bodies and to all third parties who act on our behalf.
3.1 Prohibition of corruption
Employees may neither demand, allow themselves to be promised, or accept any advantage nor offer, promise or grant any advantage to a third party if this could unduly influence business or administrative decisions – or even if the appearance of any such influence arises. Violations will result in systematic disciplinary measures as well as measures under civil and/or criminal law (see Chapter 15).
3.2 Gifts, invitations & hospitality
- Occasional, low-value courtesies of up to €100 per person and occasion are permitted, provided that they do not influence decision-making processes or give the appearance of doing so.
- Cash or cash equivalents (cheques, bank transfers, vouchers) are prohibited without exception.
- Gratuities over €100 or repeated invitations to the same person within twelve months require prior written approval from your supervisorand the compliance officer.
3.3 Dealing with attempted bribery
If employees observe an attempt at bribery or are themselves affected, they must immediately report the incident to their manager or directly to the compliance officer or the company management (see Chapter 12). The identity of the whistleblowers is protected.
4 Competition and antitrust law
Fair competition is a prerequisite for our long-term success. For this reason, we do not participate in any agreements whatsoever regarding prices, markets, or production volumes. The exchange of sensitive competitive information with competitors is prohibited. Visits to trade fairs, associations, or working groups only take place following a compliance briefing that addresses possible anti-trust risks.
4.1 Inadmissible agreements
Agreements with competitors regarding prices, quantities, markets or customers, as well as coordinated forms of behaviour, such as bid rigging, are prohibited without exception.
4.2 Exchange of sensitive information
When making contact with competitors – for example, at association or industry meetings – no strategically relevant data, such as future prices, capacities or margins, may be disclosed or obtained. Meetings are held with an agenda; participants prepare minutes if necessary.
4.3 Preparedness for dawn raids
Any official searches ("dawn raids") must be reported immediately to the Legal or Compliance department. There is an internal instruction manual that regulates the correct behaviour and on which regular training is provided.
Violations of antitrust law can lead to large fines, claims for damages, and reputational damage.
5 Responsible information management
The protection of personal data, as well as business and trade secrets, is a cornerstone of our corporate culture. We collect, process and store personal data exclusively in accordance with the applicable data protection regulations – in particular, the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Austrian Data Protection Act 2018, as amended. Any data processing must serve a clearly documented purpose, be founded on a permissible legal basis, and be limited to what is necessary. Data that is no longer required is immediately and permanently erased or anonymised.
In order to ensure the confidentiality, integrity and availability of this information, we have established extensive technical and organisational measures (TOMs). These include, among other things, physical restrictions on access, role- and demand-based IT usage rights, multi-level authentication and password systems, the encryption of sensitive content, and continuous monitoring as well as regular effectiveness checks of our information security processes.
All employees are subject to data secrecy: information that is entrusted to them or made accessible to them exclusively on the basis of their professional activity must be treated as strictly confidential – without prejudice to other statutory confidentiality obligations. Disclosure to unauthorised third parties, in whatever form, is prohibited. Violations of this obligation may result in measures under labour law as well as consequences under civil or criminal law.
The detailed conduct and security requirements are regulated in the IT Service Instructions. These instructions form an integral part of this Code; their contents, rules of conduct and prohibitions on conduct apply without restriction and must be made known to all employees. Each employee provides confirmation of this by signing to say that they have received and understood the document.
6 Conflicts of interest
Private interests must not influence official decisions. Investments in competitors or important business partners must be disclosed; secondary employment requires prior written approval. Where a conflict of interest is unavoidable, the person concerned will develop suitable measures, together with the compliance officer, to rule out any impairment of business decisions.
Private interests must not influence official decisions. Investments in competitors or suppliers must be disclosed, and secondary employment requires prior approval. Where a conflict of interest is unavoidable, suitable measures will be developed together with the compliance officer to rule out any impairment of business decisions.
7 Human rights & working conditions
We respect internationally recognised human rights and the core labour standards of the International Labour Organization (ILO). Our company expressly undertakes to uphold and promote these rights in all countries in which we operate. These include, in particular, but are not limited to, the following fundamental rights:
- Freedom of association and the right to form trade unions and to participate in collective bargaining
- The prohibition of discrimination in employment and occupation
- The right to equal pay and adequate remuneration
- The protection of the privacy of each individual
- The right to life, liberty, security and health
- The prohibition of child labour, slavery and forced labour
- The right to a fair hearing and fair trial
- Freedom of expression and information
- The right to education
- The right to rest, leisure and the limitation of working hours
- The right to social security, as well as to clean water and adequate nutrition
- Freedom of religion
- The right to property and the protection of legitimate land use rights
- The protection of the rights of indigenous communities
These rights are universal and inalienable. We do not tolerate any actions that prevent their realisation, either in our own company or in our supply chain. All business partners are contractually obliged to respect these principles. Violations will be consistently punished, up to and including termination of the collaboration.
8 Occupational safety
A safe and healthy working environment is non-negotiable. This applies to all persons who work for Forster Holding GmbH – as well as all companies affiliated with it in the group of companies – including temporary workers and employees of suppliers who are deployed in our production facilities or on our construction sites.
Compliance with laws and standards
We are guided by all national occupational health and safety laws and the relevant ILO conventions. Our group-wide Health, Safety and Environment (HSE) Policy sets minimum standards that may at any time exceed, but never fall below, stricter local legal requirements.
Risk assessments and prevention
We carry out a systematic risk analysis for each activity. The protective measures derived from this (e.g., barriers, technical safeguards, ergonomic workplace design) are documented and must be implemented in a binding manner.
Personal protective equipment (PPE)
Suitable PPE is provided free of charge. Employees and suppliers are obliged to wear it properly. Violations will be subject to disciplinary action.
Training & instruction
All persons receive safety training before starting work. Repeat instruction is provided at least annually, or immediately after relevant incidents in the event of a change of activity.
Reporting obligations & lessons learned
Any accidents at work, near-accidents, or unsafe situations must be reported immediately to the HSE department. We analyse the causes and communicate the lessons learned transparently in order to rule out repeat incidents.
Contractor management
Suppliers must confirm in writing that they meet our HSE requirements before deployment. In the event of serious violations, we reserve the right to impose sanctions, up to and including termination of the business relationship.
"Zero Harm" vision
We aim to avoid all accidents at work and work-related illnesses. We measure progress on the basis of internationally recognised key figures (e.g., LTIFR) and publish them in our Sustainability Report.
9 Protection of company assets
Tangible and intangible assets – for example, systems, devices, data or intellectual property – must be treated with care. The private use of company resources is only permitted if it has been previously reported to the supervisor and expressly approved by them.
10 Third-party due diligence & supplier responsibility
10.1 Aim and scope of application
The integrity of our value chain is a central component of responsible corporate governance. This chapter sets out the principles and procedures according to which Forster Holding GmbH – as well as all companies affiliated with it in the group of companies – evaluates each supplier, service provider, commercial agent, or other business partner ("third party") before commissioning and during the collaboration.
10.2 Selection requirements as well as minimum requirements
All third parties must:
- acknowledge the validity of this Code in writing and contractually guarantee compliance with it;
- demonstrate fundamental obligations to human and labour rights, environmental protection, fair business practices and zero tolerance of corruption;
- operate at least one effective management system (e.g., ISO 9001, 14001 or 45001) or commit to introducing one within a defined period; and
- establish transparency about their ownership structure, beneficial owners, and, if applicable, intermediaries.
10.3 Risk-based assessment
We use a multi-step procedure:
| Step | Test item | Procedure |
| 1 – Pre-screening | Sanctions, embargo, and terror lists | Automated checks; positive results rule out any commissioning. |
| 2 – Basic check | Risk of the country of domicile, industry typology, sales volume | Countries with a Human Freedom Index ≤ 6.0 or an EPI Score < 60 are classified as high risk. |
| 3 – In-depth due diligence | Human rights, environmental, and compliance risks | Evaluation of internal questionnaires, audit reports, certificates, and external databases (e.g., HRW, Transparency International). |
| 4 – On-site audit | High-risk suppliers | Carried out by our own or independent auditors; deviations lead to an action plan or exclusion. |
Business partners whose activities could affect indigenous populations are always subject to in-depth scrutiny and special approval by the company management.
10.4 Contractual safeguards and controls
- Contractual clauses: anti-corruption, human rights, environmental, and anti-trust clauses are a mandatory part of every contract.
- Gifts & hospitality: third parties are prohibited from giving any gratuity over €100 or any cash/cash equivalents; exceptions require our written approval.
- Audit and information rights: we reserve the right to carry out unannounced on-site inspections and to inspect relevant documents.
10.5 Ongoing monitoring, escalation, and plans for improvement
- The performance of all major suppliers is evaluated at least annually using scorecards (CSR criteria, quality, punctuality, audit results).
- Deficiencies lead to a binding improvement plan with deadlines; non-compliance may result in suspension or termination of the contract.
- If there is a suspicion of serious violations (e.g., child labour, systematic bribery), the management can initiate immediate measures, up to and including stopping all orders.
10.6 Documentation and reporting
All test steps, decisions and measures are documented centrally in the Supplier Management department. Supplier Management reports to the company management every six months regarding:
- the number of new due diligence reviews;
- the results of the risk classification;
- any outstanding action plans and the degree to which they have been implemented; and
- significant cases for escalation and sanctions imposed.
This way, Forster Holding GmbH – as well as all companies affiliated with it in the group of companies – ensures that collaborative relationships are based on a foundation of transparency, responsibility, and legal compliance – to protect our company, our customers, and all people who work along our supply chain.
11 Sustainability & environmental protection
We understand sustainable management to be an essential part of corporate responsibility. That is why we strive to minimise our environmental impact, use resources efficiently, and comply with or exceed all legal environmental requirements. Wherever possible, we promote circular processes and innovative solutions for a climate-friendly future.
12 Implementation & responsibilities
| Level | Primary responsibilities |
| Company management | Approves the Code, creates the framework conditions for a practised culture of compliance, and provides sufficient resources. |
| Compliance officer (specialist legal department) | Advises the organisation, coordinates training, monitors compliance with the Code, and reports annually to the company management. |
| Managers | Set an example by practising the values, grant the necessary approvals – for example, for gratuities over 100 euros – and ensure that all team members are trained accordingly. |
| Employees | Act in accordance with the Code, participate in training, and report any observed violations immediately. |
13 Reporting system & protection for whistleblowers
Since our company does not currently operate an independent whistleblower portal or hotline, the following reporting channels are available:
- Direct supervisors – first point of contact for all compliance-related concerns.
- Compliance officer – contact can be made confidentially by email or through an in-person conversation.
- Legal or HR department – alternative escalation option if reporting to the manager is not possible or does not seem reasonable.
Reporting obligation
Any employee who, in the course of their professional activity, observes a situation that, in their own opinion, constitutes a violation of this Code, of applicable laws, or of other internal regulations is obliged to immediately report the incident either their own manager or directly to a member of the company management.
Protection for whistleblowers
In all reporting scenarios, appropriate organisational and technical measures will be taken immediately to protect the identity of the whistleblower. Disclosure will only take place if this is absolutely necessary by law or if the whistleblowers expressly agree to it. Any discrimination or retaliation against whistleblowers constitutes a serious violation of this Code and will result in disciplinary action.
Investigation of all reports
We investigate every incoming report without exception. The compliance officer coordinates the investigation process, documents measures, and informs the company management and – if necessary – the competent authorities. Final reports are archived in pseudonymised form to ensure transparency and learning effects.
14 Training & communication
New employees complete mandatory basic training within the first three months. Repeat training takes place on a regular basis, at least every two years. For particularly exposed roles, such as in sales or purchasing, we offer topic-specific in-depth courses. All relevant documents are made available on the intranet portal and are explained in regular dialogue formats.
15 Monitoring & reporting
The compliance officer submits an annual report to the company management, which contains information on violations, training rates, accident rates, and improvement measures taken. The most important key figures – such as the number of signed confirmations of the Code, the rate of successful training, the LTIFR, or the average processing time for reports – are published transparently in the Sustainability Report.
16 Sanctions and incentives
An understanding of values that is put into practice is created not only through prohibitions and sanctions but also through the recognition of exemplary behaviour. Our company therefore recognises integrity and responsible action with appropriate positive incentives. This recognition is transparent, fair, and in accordance with the applicable remuneration and personnel guidelines in order to promote a sustainable culture of compliance.
Violations of this Code – whether intentional or negligent – will be consistently punished. The type of sanction depends on the severity of the violation, the degree of fault, and the possible or actual damage.
Measures under labour law range from a written warning to termination for cause. If the case in question constitutes a criminal offence, we will file a complaint and work closely with the competent authorities. We also expressly reserve the right to take civil action, such as asserting claims for damages. In the case of business partners, a violation can lead to the immediate suspension of the collaboration or to termination of the contract without notice.
Every employee has the right to be heard before a measure is imposed. The decision-making power lies with the company management, which relies on the vote of the compliance officer and – if necessary – the HR or Legal department.
17 Review & updates
This Code is a living document. It is subjected to a comprehensive review at least once a year in order to take into account new legal requirements, international standards, and internal learning processes. An exceptional review will be carried out as soon as relevant legal provisions change, significant areas of the company are expanded, or significant incidents provide insights that make an adjustment necessary.
The compliance officer coordinates the review process and submits proposed changes – including a risk and impact analysis – to the company management for approval. After approval, the new version is given a version number and an effective date, communicated immediately, and archived on the intranet. Earlier versions remain digitally retrievable – with clear version labelling – to ensure complete transparency.
18 Internal and external communication
An effective ethics and compliance culture requires that the Code is clearly known to all stakeholders.
Internal communication
The Code is actively distributed to all employees at the start of work and at the time of each update and is explained in the most important training formats. Managers ensure that its content remains regularly anchored in the team's everyday life.
External communication
To promote transparency, the currently valid version of the Code is publicly available on our website and will be sent to customers, suppliers, or other stakeholders upon request.
Employee sign-off
Each employee confirms that they have received and understood and accept the Code by means of a written – or digital – declaration. This confirmation is stored in their personnel file and must be repeated after any significant changes.
19 Annexes (detailed guidelines)
We use a number of supplementary guidelines and procedural instructions to implement this Code in practice. These documents form an integral part of the compliance system and are each available on the intranet in their current version. They specifically include:
- dthe IT Service Instructions, with detailed regulations on information security and data protection;
- the IMS Manual (integrated management system according to ISO 9001, ISO 14001, ISO 45001; ONR 19025, UN/PAS 53002, ISO 14068-1), including binding risk assessment and accident reporting procedures; regulations on environmental protection and sustainability;
and
- any country-specific addenda that take into account special legal requirements or cultural circumstances.
All annexes are maintained by the offices who bear specialist responsibility, in each case. Changes to individual annexes – as with the Code itself – require approval by the company management to ensure consistency in the overall system.
This Code will enter into force on 16th May 2025 and will replace all previous versions of the Compliance Guidelines and the Code of Conduct.
Wir sind Partner der Bundesbeschaffung:
