Corporate Governance

Hypoport Group Code of Conduct

The Management Board of Hypoport SE is committed to maintaining high standards of lawful and ethical behaviour within the holding company and in all other Hypoport Group companies (collectively: ‘Hypoport’). This Code of Conduct (‘CoC’) sets out Hypoport’s expectations in this regard and is intended to inform the way we behave towards one another and towards our customers, business partners and other third parties. The Code of Conduct brings together in one document the most important basic rules and principles that are binding upon us, both now and in the future. It provides guidance and applies equally to every single member of the Hypoport family – to Management Board members and directors, to senior managers and to every individual employee. It sets out the standards we expect from ourselves, and at the same time enshrines our promise to those outside the Company that we will act responsibly towards business partners and the general public, and also in our dealings with one another within the Company. We share responsibility for our Company’s reputation.  The misconduct of any individual person can cause immense harm to all of us. However, it is clear that it is not possible to regulate behaviour through guidelines alone. If you are uncertain in any given situation, think about what you are intending to do and ask yourself the following questions:

  • Legality test: Am I sure that I am acting within the law and in compliance with the Company’s rules?
  • Publicity test: Could I stand by my decision if it were to become public?
  • Reversibility test: Would I still think this was a good decision even if I were the one adversely affected by it?

You are acting in accordance with our rules and principles only if you can answer ‘yes’ to all these questions. Compliance with the law We regard compliance with the law as the most important basic principle for ethical behaviour in business. We expect every Hypoport employee – without exception – to obey the law. You are responsible for making sure you know what this entails. Infringements of legal provisions can cause severe reputational damage and may result in fines, compensation claims and/or prosecution for administrative or criminal offences, which in turn can cause serious harm to Hypoport or for you personally. We will not tolerate any violation of the law and will take action whenever this occurs. The following areas are particularly important, although the list is not exhaustive. Data protection: The protection of personal data, particularly that of employees, customers and suppliers, is particularly important to Hypoport. We process personal data only where this is absolutely necessary to fulfil a particular task, or where we are required to do so by law. No personal data may be processed unless the data subject has given their consent or there is another legal basis for doing so. Every member of the Hypoport family shares responsibility for ensuring that our stringent data protection standards are respected – without exception. We have established a Privacy Policy and an IT User Policy and embedded them within the Company in order to ensure adherence to our standards. Prevention of insider trading: Hypoport is a publicly listed company, and as such is subject to the rules of the capital markets. We provide ongoing information and training for all Hypoport employees who are involved in activities that may give them access to inside information. Essentially, if you are in possession of information that is not generally available and which would, if generally available, be likely to have a significant effect on the price of Hypoport shares, you are not allowed to trade in shares or other financial instruments of Hypoport AG. Nor are you allowed to pass on such inside information. Please see our Insider Compliance Policy for further details. Prevention of money laundering and terrorist financing: Hypoport complies with its statutory obligations regarding the prevention of money laundering and terrorist financing and does not participate in such activities under any circumstances. If in doubt, every Hypoport employee is required to report unusual financial transactions that could give rise to a suspicion of money laundering or the financing of terrorism, particularly those involving cash, so that they can be investigated by the competent finance or legal team. Our business relationships Fair competition: We are committed to the principles of fair competition and the free market economy. We do business solely on the basis of merit and in accordance with the principle of free, unhindered competition. We only work with suppliers and service providers after carrying out thorough and fair performance assessments. Please see our Procurement Policy for further information. Combating corruption: Hypoport does not tolerate any form of corruption or other criminal activity such as extortion, fraud or the giving or acceptance of bribes. We expect you to act in accordance with the law and our policies and guidelines to prevent even the appearance of corrupt behaviour. Please see our Benefits & Gifts Policy for further information. Avoiding conflicts of interest: We expect every Hypoport employee to act in the best interests of Hypoport. Any personal conflicts of interest or conflicts of interest with other business activities or with other activities, including of family members or other related parties or organisations, must be completely avoided. If they nonetheless occur, they must be resolved in accordance with the law and the applicable Hypoport policies and guidelines. This requires you to be fully open about any potential conflict. Behaviour towards colleagues We have drawn up the Hypoport Principles, a comprehensive set of guidelines governing the way we work together at Hypoport. We also foster a culture of equal opportunity, reciprocal trust and mutual respect. We promote equal opportunities and do not tolerate discrimination in recruitment or when promoting employees or offering further professional training. We treat all employees equally, regardless of gender, age, skin colour, culture, ethnic origin, sexual identity, disability, religious affiliation, or world view. Implementation of the compliance principles Every individual member of the Hypoport family is responsible for ensuring compliance. If there is any breach of the law, of Hypoport policies and guidelines, or of this CoC we will take the organisational, disciplinary and legal measures necessary to prevent any future infringements, regardless of the hierarchical level or position of the person responsible. Our internal auditors carry out regular assessments and we have implemented a compliance management system to ensure that the law, Hypoport policies and guidelines and this CoC are properly adhered to. Every individual Hypoport employee – and also every person outside the organisation – is urged to report any violation of a legal provision, a Hypoport policy or guideline, or this CoC. Violations can be reported anonymously by the following channels: Telephone: +49 30 420 86 1920 In writing: Hypoport SE / Compliance / – Confidential – / Heidestrasse 8 / 10557 Berlin / Germany By email: compliance@hypoport.de (or at www.wegwerfemailadresse.com) If you have any questions about compliance at Hypoport, you can email them to compliance@hypoport.de.

Here you can find the latest Constitution of Hypoport SE (German only).

 

ISAE 3402 Type II

International Standard on Assurance Engagements (ISAE) 3402 ‘Assurance Reports on Controls at a Service Organization’ deals with assurance engagements undertaken by a professional auditor in practice to provide a report that is likely to be relevant to user entities’ internal control as it relates to financial reporting. Both management of the service organization as well as an independent auditor make an assertion about the degree of control. The controls detailed in the ISAE3402 Type II framework aim to ensure Hypoport operates according to its own defined business processes and guidelines when it comes to developing, testing, releasing, maintaining and hosting software solutions to its customers. The processes in scope are:

  1. Access Management process.
  2. Change Management process.
  3. Continuity Management process.
  4. Incident Management process.
  5. Vendor Management process.
  6. Security Management process.
  7. Hosting management process.

 

 

Subservice organisations: ISO 27001 : 2017 / SOC 1 Type II

Most relevant subservice organizations for Hypoport are:

 

  • Quaere: acts as the ICT partner for maintenance of the ICT environment (PC’s, servers, back-up facilities);
  • Microsoft Azure: acts as cloud provider for Hypoport’s ‘PRoMMiSe As A Service’ solution and the LoanByLoan platform. The ‘PRoMMiSe As A Service’ solution can be facilitated for customers directly and/or used for the BPO activities.

 

We have service level agreements in place with these companies, detailing the level of service we agreed on, as well as the timeframe(s) in which we expect those services to be delivered, should we require them. These SLA’s serve as our controls when dealing with these subservice companies. Specific for Microsoft Azure we rely on the SOC 1 Type II report and follow up if needed. Quaere is certified ISO 27001 : 2017 on information security related to supplying and maintaining of workplaces, servers and networks. Delivering of Cloud Services, Server hosting, Website hosting, Internet connections, VoIP and support for customers through their service desk.

 

Hypoport SE Non-Financial report / ESG reports

For information about the treatment of employees, environmental matters, combatting corruption, social responsibility and humans rights please refer the Hypoport Non-Financial Report 2020

Hypoport-SE-CSR-Bericht-2020-ENG

CONTACT

Please contact us directly for product demonstrations

and discuss ways to improve your operations

Legal Notice

Privacy Policy