Groupe Renault - 2020 Universal Registration Document

234 GROUPE RENAULT I UNIVERSAL REGISTRATION DOCUMENT 2020 Find out more at group.renault.com 02 ETHICS AND GOVERNANCE GROUPE RENAULT: A COMPANY THAT ACTS RESPONSIBLY Tax policy EFPD15c 2.5.3 Applicable principles 2.5.3.1 Groupe Renault, in all countries where the Group is established, 1. ensures compliance with tax rules applicable to its activity, in compliance with international treaties and local regulation In its relation vis a vis tax administrations, Groupe Renault aims at 2. strictly complying with tax procedures and endeavours to maintain quality links, in order to maintain its reputation. The Group endeavours to create a lasting, transparent and professional relationship of trust with tax authorities of different countries and opt, whenever possible, for privileged programmes and partnerships with tax administrations. Groupe Renault does not does not encourage or promote tax 3. evasion, either for itself or for its subsidiaries. The Group applies OECD principles for transfer pricing and 4. intra-Group transactions in compliance with the arm’s length principle. When local constraints require deviation from OECD methodologies, such local constraints are documented. Groupe Renault is fully committed to the implementation of 5. regulations aimed at ensuring tax transparency at local, EU law or international level. Given the complexity of tax rules, Groupe Renault may have 6. differences of interpretation with local tax authorities. It then reserves the right to contest any adjustments that are deemed unfounded. Implementation of tax policy 2.5.3.2 Groupe Renault’s Tax department is responsible for the Group’s tax policy worldwide, including the management of all tax related risks. Groupe Renault’s Tax Department, as a support function attached to the Group Finance Department, is independent of the operational functions. It is supported by a local tax network in its mission. Tax risk management is an integral part of the Group’s overall risk management process. The Group’s Tax Department ensures the distribution of tax compliance standards within the Group (Automotive, AVTOVAZ and RCI), through internal communication channels. The Group Tax department takes a responsible approach to managing and controlling tax matters, based on the relevant documentation and rigorous internal control of tax processes. Cybersecurity and data protection 2.5.4 Cybersecurity 2.5.4.1 To manage risks and protect its data, Groupe Renault has set up an organization/governance and operational measures in matters of cybersecurity. The details of these measures are shown in chapter 1.5.2 – Risks related to cross-group functions. Data protection 2.5.4.2 Compliance with personal data protection rules opens up a golden opportunity to strengthen trust between Renault s.a.s. and its stakeholders (shareholders, customers, suppliers and employees). Trust is a value in which Renault s.a.s. believes particularly strongly, and personal data protection is one of the main ethical bases for our actions. Given this commitment, in 2011, Renault designated a data-protection correspondent with an extended scope to the French data protection authority (CNIL). Subsequently, the Group implemented legal, technical and organizational measures to ensure compliance with French data protection law no. 78–17 dated January 6, 1978. More recently, in May 2018, Renault appointed a Data Protection Officer (DPO) in order to comply with the General Data Protection Regulation (GDPR). Since June 2019, this has been a full-time role performed by a dedicated expert. The Data Protection Officer relies on a network of GDPR officers (known as Privacy Ambassadors) in each department, who are responsible for managing the compliance of personal data processing within their own scopes. A legal team dedicated to the protection of personal data has also been created, together with multi-disciplinary working groups bringing together all of Renault’s functional departments. Given the prospect of its digital transformation, developments to its connectivity and data-related activities (mobility services, connected vehicles and autonomous vehicles) in order to comply with the general data protection regulation (GDPR), Groupe Renault launched a program to ensure the implementation of an organization, governance, processes and tools intended to protect the personal data of its employees and its customers/users. Renault is also involved in working groups led by the Comité des Constructeurs Français d’Automobiles (CCFA) and by the European Automobile Manufacturers' Association, on the specific topic of connected services. Groupe Renault takes all necessary precautions in order to ensure that personal data is processed safely an in line with regulations.