Instabee’s Transparency Act Statement, FY 2023

This statement is published pursuant to Section 5 (§ 5) of the Norwegian Transparency Act (2021) and was approved by the Boards of Directors of Porterbuddy Norge AS, Porter AS and Instabox Norway AS on 18 June 2024, covers the period 2023.01.01-2023.12.31 and covers the Group’s entire Norwegian operations, including the wholly owned companies Porterbuddy Norge AS, Porter AS and Instabox Norway AS.

Our structure, operations and human rights management systems

Instabee is a leading last-mile delivery provider, founded in 2022 through the combination of Budbee and Instabox, including its subsidiary Porterbuddy. We specialise in both home and parcel locker deliveries, with consumers across Europe and locations in Norway, Sweden, Finland, Denmark and the Netherlands. In 2023, operations in Germany and Belgium were discontinued (parts of Belgium are still serviced through the Dutch organisation).

Within Norway, our delivery workforce consists of external contracted drivers and terminal workers who utilise the Porterbuddy platform (contracted via Porterbuddy Norge AS) or are contracted via Instabox Norway AS, and, to some extent, internal drivers under the Instabox brand (employed in Instabox Norway AS). New contracts are signed exclusively with Instabox Norway AS and the long term ambition is to discontinue Porterbuddy Norge AS as a contract party.

Besides our drivers and terminal workers, we have a small office-based workforce based in Oslo, where the tech team is employed in Porter AS and the rest in Instabox Norway AS.

Instabee is committed to assessing the human rights and sustainability implications of all our business decisions. We remain committed to respecting internationally recognised human rights, as set out in the ‘International Bill of Human Rights’ and in accord with the ‘UN Guiding Principles for Business and Human Rights’. Our business partner relationships are governed by our Code of Conduct for business partners, updated in 2023. This includes specific references to respect for human rights and the prohibition of child and forced labour throughout any part of Instabee’s own operations and business relationships. Furthermore, protections for non-discrimination, working conditions and occupational environment, health and safety are also included. Instabee maintains a right to information and audit to ensure compliance with the Code of Conduct and additionally maintains a right to terminate contracts with any business partner for violations of the Code of Conduct.

Instabee is committed to conducting human rights due diligence in accordance with the ‘Norwegian Transparency Act’ and ‘OECD Guidelines for Multinational Enterprises’. This year’s statement is based on the work from last year as well as interviews and analyses of improvements and changes since the 2022 statement. We remain committed to continuous improvement across our own operations and throughout our business relationships.

Instabee’s human rights due diligence

In the first quarter of 2024, Instabee conducted a human rights saliency assessment for our Norwegian operations to identify our most salient human rights to focus our due diligence efforts. This assessment reviewed risks associated with the core operational areas of our Norwegian operations and took note of the review from the previous year.

Since the nature of our business is fundamentally the same as last year, we have had no reason to adjust the focus areas of our human rights due diligence efforts and have not identified any specific negative human rights impacts. The main focus areas of the work will remain:

• Health and safety
• Wages and hours
• Privacy rights
• Forced/Child labour

Additionally, a high-level review of our supply chain was conducted, mainly related to the sourcing of our boxes and cages. The assessment concluded that our overall supply chain risks were low because the majority of our supply chain is based in European countries with lower overall human rights risks connected to our suppliers’ industries. Moreover, there was no or little material purchased in 2023 related to our Norwegian business, and none from outside Europe, wherefore the relevance of this part of our value chain is lower. Where potential risks are identified, we will continue to work to reduce our exposure.

Priority issues:

For each priority issue, our aim is to stop or mitigate any actual or potential negative impact on people. We will regularly review our priority issues to ensure that we are tackling those most likely to severely negatively impact people.

Health and safety risk management

Our delivery operations involve intrinsic risks which may adversely impact our drivers, including risks stemming from operating vehicles and ensuring driver protection and well-being. As for the drivers, they belong to three different categories:

1. employed by us
2. employed by our courier partners
3. platform workers using Porterbuddy’s mobile platform

In 2023, the majority of home deliveries were performed by platform workers but in October, we initiated the transition to a courier based model. With the courier model, the drivers are employed by an AS contracted by Instabox Norway AS. All courier partners sign our Code of Conduct, meaning we get increased possibilities to audit working conditions, reimbursement levels and health and safety related aspects for the drivers, as compared to having them on individual assignments as temporary workers. By December 2023, approximately 85% of all home deliveries in Norway were performed by contracted courier partners.

Our own employed drivers mainly perform box deliveries and in 2023, we worked towards implementing a courier model for these deliveries as well.

In 2023, we took steps to further improve our internal health and safety measures, e.g. through giving our managers Health and Safety Environment (HSE) training, setting HSE targets and plans as well as establish AMU (Arbetsmiljøutvalg) in Instabox Norway AS. AMU conducted four meetings in 2023, but did not identify any major occupational health risks worth mentioning in the context of this statement. In 2023, we signed a contract with an established occupational health service provider to support us in the above mentioned processes, and to take part in the AMU group’s work. Being part of Instabee Group has also provided increasing Group level support, e.g. in terms of digital training tools for managers, and a library of policies accessible to employees.

Even though the above mentioned measures mainly target our own employees, we apply the same routines and principles when dealing with suppliers that perform work on our premises. When onboarding new colleagues employed by external partners, we give them access to basic training of our tools and processes.

In 2024, we will continue to deliver on the set plans and develop additional policies and guidelines.

Hours and wages risk management

We are aware that our platform business model (used by Porterbuddy Norge AS for home deliveries) has been criticised for potentially negatively impacting external drivers and have focused on addressing the risks within this business model to ensure that Instabee’s external drivers are not adversely impacted. The platform business model can lead to increased risks pertaining to wages and labour rights. This business model particularly may lead to drivers operating without insurance, carrying high financial liability, misunderstanding taxation responsibilities, and failing to receive pension accruals, holiday pay and other benefits.

We have introduced measures to mitigate these risks, including minimum guaranteed compensations, tax guidance, limited and clear use of feeds, regular reviews of variable economic costs, quarterly checks of linehaul suppliers, and an updated supplier Code of Conduct, inclusive of terms on remuneration and hours. In 2023, the Group Leadership Team in Instabee decided to phase out platform workers from our operating system and that process was initiated in October. By December, 2023, approximately 85% of all home deliveries in Norway were performed by contracted courier partners and we expect all of them to be under courier contracts by May 2024. As we have transitioned to courier contracts for these routes, we have alsoimplemented our updated Code of Conduct and started to establish relevant routines for audits.

In the past, we have had on-call framework agreements (sometimes referred to as zero hour contracts) for some box routes but these have been almost completely phased out in 2023, as we have transitioned to a courier based model for these routes.

In our terminals, we have worked with a similar mix of employment forms as for drivers; own employees; courier employees, and platform workers. In 2023, approximately 25% were employed by Instabox Norway AS whereas 75% were external. We are in the transition to exclude the platform workers also from our terminal operations and expect this to be complete in 2024.

Privacy and information security

Our operations as a delivery provider result in the handling of personal data, as defined under the General Data Protection Regulation (“GDPR”). The two main privacy risks arising from deliveries are: the use of drivers' data when performing routes, and the drivers’ access to end-users’ personal data. Said risks are relevant for all three Norwegian companies: Porterbuddy Norge AS, Porter AS and Instabox Norway AS.

Following Instabox and Budbee's combination, we are working on implementing a unified driver app (i.e. the digital interface used by the drivers to perform deliveries) across Instabee Group. The unified app has started to be rolled out and is expected to be fully implemented across all markets and types of deliveries in 2024.

Drivers have access only to addresses and names of the end-users for home deliveries, whereas phone numbers are always hidden in the application. In the same manner, our parcel labels do not contain phone numbers. For locker deliveries, drivers only have access to the end-user’s name in the application.

In addition, we make sure that drivers only have access to the end-user’s personal data for the routes they perform. They receive their routes’ summary the same day and can only access the end-user’s limited personal data when a route has started. Once a route is completed, they no longer have access to any personal data that may have been included in such a route.

In 2023, parts of Instabee Group became ISO 27001 certified. Instabee has implemented policies and procedures to effectively manage and protect Instabee’s information, i.e. to ensure confidentiality, integrity, and availability of our information. Training of personnel is an important and integral part of implementing these policy documents and Instabee’s office employees and the terminal management (includingconsultants), therefore received training in privacy and information security in 2023. These training sessions were also included as part of our onboarding in 2023.

Drivers are supposed to go through training especially related to home deliveries, including the reading of relevant material and taking some tests. We are also working on a new version of our driver training program which will be rolled out via our digital training platform.

Forced/child labour risk management

Our operations maintain a certain degree of risk related to forced and child labour, although we have not identified any cases of this. The inability to fully monitor any additional individuals present in an external driver’s vehicle or fully ensure that it is the registered external driver who is fulfilling the delivery may lead to other individuals (potentially minors) being used to complete deliveries, resulting in either child labour or forced labour. Furthermore, general forced labour risks within the transportation industry may lead to abuses in our value chain. These risks are mainly relevant for Porterbuddy Norge AS and Instabox Norway AS.

In 2023, we added measures to verify the identity of the driver of each route, including mandatory branded work gear and visual identification by our inhouse personnel at the start of each route. In 2024, we will implement further improvements including photos of registration plates at the beginning of each route.

Moreover, the transition to a courier based model where all partner companies have signed our Code of Conduct, gives us better control over our value chain and puts us in a better position to set clear demands and perform checks.

Next steps

No specific human rights violations were raised in the prior reporting period. Nonetheless, we remain committed to continuing to improve our policies and procedures as outlined above to continue to actively mitigate potential rights impacts. If any adverse human rights issues are identified either in our own operations or across our value chain, we are committed to communicating these impacts, seeking appropriate remedy for affected stakeholders, and updating our policies and procedures to avoid future negative impacts. The country manager (or the closest higher-ranking person) at Instabee is primarily responsible for this oversight.

Having conducted a saliency assessment to identify our salient human rights issues during this reporting period, we will work towards enhancing policies and management practices in relation to these risk areas in the year ahead. Creating specific action plans for each of these four issue areas will allow us to better manage these human rights risks across our operations.

Requests for information

Requests for information regarding this Transparency Act statement or Instabee’s human rights due diligence policies and practices at large can be made to Erik Enfors, Country Manager Instabee Norway.