ETHICAL GOVERNANCE (CONT’D) Data Privacy and Security Digitalising our operations is a strategic necessity in the current technologically-driven landscape. Adhering to data protection laws is essential to safeguard sensitive information, ensuring seamless business continuity and fostering stakeholder trust. The Group protects customer and employee privacy by limiting data access to authorised personnel and securing it with strong password protection and firewall security. We comply with the Personal Data Protection (Amendment) Act 2024 (“PDPA”) and have developed a Personal Data Protection Act Handbook to guide our employees in data privacy protocols. Supply Chain Management Efficient supply chain management at Keyfield is crucial to our sustainability efforts. We ensure high standards of quality and costeffectiveness by upholding ethical practices and integrity. Leveraging local suppliers reduces our environmental impact and uplifts the local economy. Our vendor evaluation process includes assessments prior to their registration in our Vendor Management List (“VML”). Moving Forward The Group aims to progressively strengthen the integration of ESG considerations into its procurement processes by expanding vendor evaluations to cover 100% of new vendors against ESG criteria by 2026. In addition, the Group plans to extend ESG-based assessments to 100% of major vendors by 2027, enabling more systematic oversight of sustainability-related risks and performance across its supply chain. ZERO substantiated complaints concerning breaches of customer privacy and losses of customer data (FYE 2025: 0) (FYE 2024: 0) (FYE 2023: 0) >60% Proportion Spent on Local Suppliers over 3 years (FYE 2025: 70%) (FYE 2024: 77%) (FYE 2023: 82%) • Screen 100% of new suppliers for environmental and social criteria by 2026. • Assess 100% of major suppliers for environmental and social impacts by 2027. TARGET A complaint form for reporting any data privacy breaches has been established and is accessible through the Group’s whistleblowing channel. For the past three years, the Group has not received any substantiated complaints regarding breaches of customer privacy or losses of customer data. Moving Forward To reinforce its commitment to data protection and responsible information management, the Group intends to publish the steps for lodging data privacy-related complaints on its corporate website to improve accessibility and transparency. The Group also plans to conduct annual refresher training on the Standard Operating Procedures (“SOPs”) for handling customer data and privacy, ensuring that employees remain aware of their roles and responsibilities in protecting sensitive information. 61 Annual Report 2025
RkJQdWJsaXNoZXIy NDgzMzc=