RAG - Home
Sustainability report 2018

Corporate governance and compliance

RAG Austria AG operates with a strong sense of social responsibility and in conformity with the relevant legislation.
The company has no political affiliations, and makes no financial contributions to political parties or organisations, or their representatives. We represent RAG’s interests in dealings with public bodies with regard to matters that affect the company itself, or its employees, customers and shareholders. This relates to memberships or involvement in working groups held by various industrial associations.

Anti-corruption and transparency

Our corporate philosophy states that RAG employees are forbidden from requesting or accepting preferential treatment or inducements, and from offering or providing such advantages to others. This applies to all transactions and all individuals, irrespective of whether they are private individuals or businesspeople, or public office holders. Our employees must avoid conflicts of interest between their personal affairs and the duties they perform for the company.

Employees are taught to distinguish between small gifts and inducements that breach the bribery threshold at mandatory annual training courses. Anything that goes beyond a minor benefit, such as those related to events attended in the company’s interests, must be recorded in the internal reporting system. These reports must be submitted to the Executive Board and the Audit Committee at least once a year. The overarching principles here are transparency and disclosure of all such occurrences.
Donations and sponsorship of third parties requires the express permission of the Executive Board. All such activities are registered centrally and reported in summary to the Executive Board once a year.

Internal control system

Compliance with internal guidelines and processes is maintained by an internal control system (ICS). This is characterised by a functioning organisational structure, a four-eyes principle, separation of functions, and internal guidelines for business processes.

Since 2008, selected critical business processes have been subject to systematic controls to assure their effectiveness and efficiency. Under the process-oriented ICS, individual steps are documented and checks are made to ensure they are carried out. All business transactions concluded on behalf of RAG must be booked or documented in accordance with the applicable regulations, and must be verifiable. Annual evaluations by the officer responsible for the process ensure that the ICS is kept up to date, and its effectiveness is also monitored by the internal audit function. The primary focus of the ICS is on the financial reporting system.

Data protection

Our data protection policy has been amended in accordance with the EU’s 2018 General Data Protection Regulation (GDPR). It governs the treatment of personal data at the company, the conditions for processing data, the rights of data subjects, and reporting obligations. A data protection management process has been established to ensure effective data protection. This provides for annual reporting to the Executive Board. If employees have any questions they can contact the designated data protection officer, the HR department or the legal department. Prior to the entry into force of the GDPR the senior executives were advised by a data protection team. During these discussions an internal survey was conducted to register existing processing activities relating to personal data, and those concerned were sensitised to the need for data protection.

In 2018 all of our employees completed a mandatory e-learning course on the key aspects of our data protection policy and the GDPR. This course was followed up by a test of knowledge the award of a certificate for those who passed. New recruits are also trained.
In addition to the general data protection statement on the RAG Austria AG website, a separate data protection notice, on data protection relating to land management, has been published.


   Goals and Measures (PDF)