Supplier policy

Vigo, 06 November 2024
1. Ethics and Business Practices
  • Suppliers shall act in accordance with applicable laws, regulations, contractual agreements, Information Security Policies, and generally accepted standards.
  • All Company suppliers shall conduct business interactions and activities with integrity and shall, without limitation, comply with the following provisions:
    • Business records: Honestly and accurately record and report all business information and comply with all applicable laws regarding completeness and accuracy. They must create, maintain and dispose of business records in full compliance with all applicable legal and regulatory requirements.
    • Communication: they must be honest, direct and truthful in communications.
    • Media: they should only speak to the press on behalf of the Company with the express written authorisation of the Manager.
    • Gifts and entertainment: they should exercise good judgment in the exchange of business courtesies. Gifts, meals, entertainment, hospitality and travel that are excessive or lack transparency or legitimate purpose may be considered bribes, may create the appearance of a conflict of interest or may be perceived as an attempt to improperly influence decision-making. Business courtesies to company employees should be modest and occasional. They should never be offered to gain an undue business advantage.
    • Conflicts of interest: Be honest, straightforward and truthful when answering company questions about employee relations. Avoid improprieties and conflicts of interest or the appearance thereof. Suppliers should not deal directly with any company employee whose spouse, partner, family member or relative has a financial interest in the supplier.
    • Insider dealing: Insider dealing is prohibited.
    • Any person hired or subcontracted by COMPANY/CUSTOMER shall maintain the confidentiality of information that has been generated, received, processed and/or handled in or for COMPANY/CUSTOMER even after the business and/or employment relationship has ended.
    • Any person or company contracted or subcontracted by COMPANY/CUSTOMER shall maintain the confidentiality of the information that has been generated, received, processed and/or managed in or for COMPANY/CUSTOMER even after the end of the business and/or employment relationship.
    • There must be a commitment to confidentiality and the ‘duty of secrecy’ with respect to personal data to which it has had access through its relationship with COMPANY/CUSTOMER, even after the employment and/or commercial relationship has ended.
2. Information protection: data and intellectual property

Company suppliers shall respect intellectual property rights, protect confidential information and comply with privacy rules and regulations. All company suppliers shall, without limitation:

  • Protect and responsibly use the company’s physical and intellectual assets, including intellectual property, tangible property, supplies, consumables and equipment, when authorised by the company to use such assets.
  • Respect and protect the intellectual property rights of all parties by using only legitimately acquired and licensed software and information technology. Use software, hardware and content only in accordance with their applicable licences or terms of use.
  • Use Company-provided technology and systems (including e-mail) only for authorised Company business-related purposes.
  • The company strictly prohibits suppliers from using company-provided technology and systems to:
    •  Create, access, store, print, solicit or send any intimidating, harassing, threatening, abusive, sexually explicit or otherwise offensive or inappropriate material;
    •  send any false, derogatory or malicious communication.
  • Any solicitation of company employees through information collected from company-provided systems or technology is prohibited.
  • Consider all data stored or transmitted on equipment owned or leased by the entity as company property.
  • The company can control all use of the corporate network and all systems (including email) and will be able to access all data stored or transmitted via the company network.
  • Respect the intellectual property ownership rights of the Company and third parties, including but not limited to copyrights, patents, trademarks and trade secrets. Manage the transfer of technology and knowledge in a manner that protects intellectual property rights.
  • Comply with all privacy and data protection laws.
  • Provide clear and accurate privacy notices when collecting or processing personal data.
  • Respect privacy choices by only using data as agreed.
  • Protect data by creating secure products and services.
  • Cooperate with the company’s compliance efforts.
3. Use of company facilities and networks
  • Suppliers must not use any facilities provided by the company except for the performance of services provided without the prior consent of the company.
  • Suppliers and their employees must not use their location on company premises or network access to obtain information or materials or physical access other than as expressly authorised by the company.
  • If a supplier becomes aware that a ‘significant’ injury to any person or damage to property has occurred on company premises, the supplier should immediately inform a company representative and provide sufficient details to allow the IAGS to investigate the cause. In this case, the term ‘major’ includes physical injury to a person resulting in hospital treatment or death; or damage to or loss of property with an estimated repair or replacement value in excess of €5,000.
4. Raising Concerns and Reporting Questionable Behaviour

To report questionable behaviour or a potential breach of this information security policy, we encourage suppliers to work with their primary company contact to resolve any concerns. If that is not possible or appropriate, please contact the company via the following website.

The company will maintain confidentiality to the extent possible and will not tolerate any form of punishment or retaliation against an individual who, in good faith, has inquired about or reported questionable behaviour, a weakness or a possible violation of this information security policy.

Request a demo

Request a demo