3 An efficient and responsible Group Demonstrate ethics and responsibility SAINT-GOBAIN UNIVERSAL REGISTRATION DOCUMENT 2021 73 Personal data protection 1.2.4 Saint-Gobain pays particular attention to personal data protection. The Group’s policy on this subject is publicly available on its website. The purpose of this policy is to set out data collection, use, communication and confidentiality conditions. As Saint-Gobain’s activities are highly decentralized, this governance aims to support the entities by taking into account their needs and the local context in which they operate. Each Group entity established in the European Union has appointed a Privacy Correspondent who manages, with the support of a Privacy Advisor and in close collaboration with the business lines (IT, digital, marketing, human resources, etc.), the compliance of activities. This network of employees who dedicate part of their activity to maintaining this approach (the Privacy Network) is led by the central team (the Central Privacy Team). It is composed of 45 Privacy Advisors approximately (lawyers or auditors) and about 600 Privacy Correspondents (operational profiles). Outside the European Union, Legal Departments also take these issues into account. Indeed, in a process of continuous improvement, Saint-Gobain encourages the application of key principles of personal data protection, regardless of the location of the entity. These principles provide protection beyond the local regulations in force in the main countries. of personal data is covered by the internal control framework for both companies established in the European Union and for those established outside the European Union. Communication actions are implemented with the Privacy Network and functions (human resources, IT, etc.). Practical guides and procedures are made available to them. Training is given, in particular through an e-learning training called “Data Protection by Saint-Gobain” and available in French and English. In addition, the protection Saint-Gobain is continuing to roll out a data protection management platform in its European entities, and also in other regions (for example in Brazil). This platform facilitates the governance of personal data protection, notably by keeping records of processing activities, assessing the guarantees presented by service providers in terms of data protection, carrying out related Data Protection Impact Analysis (DPIAs), the management of incidents involving personal data, etc. Training in the use of this platform is regularly offered to Privacy Correspondents and to Privacy Advisors. Taxation 1.2.5 Saint-Gobain acts in compliance with the tax laws of the countries in which it operates and fulfills its tax reporting and payment obligations in time. The Group has therefore not established structures whose purpose is tax evasion. It applies tax laws and regulations with honesty and integrity. Its intragroup transactions comply with the so-called “arm’s length” principle. Even if the new rules related to the reform of the international tax system initiated by the OECD have not yet all been defined, Saint-Gobain does not anticipate any significant change in its income tax expense since it is correlated with its locations and therefore with the creation of the value. Since 2019, Saint-Gobain has been taking part in the initiative for a tax partnership for regular, transparent dialogue between the French tax authorities and large proactive companies.