Supplier Code of Conduct

Effective date: April 1, 2022

Sitecore Holding II A/S, a Danish limited liability company (CVR. No. 37624071) and our affiliate entities worldwide (“Sitecore”) is the global leader in digital experience management software, offering interation integrated and composable solutions to enable the digital experience at every stage of the customer journey. Sitecore’s digital experience platform combines content management, digital asset and content management, order management, commerce, marketing automation, CDP and personalization so marketers can easily create individualized experiences. Businesses look to Sitecore to power the most relevant experiences possible and to do this, Sitecore relies on its customers, employees, communities, partners and suppliers to support and guide our business.

Doing business is more than just numbers, goals and metrics. It’s also about who we are as a company and how we manage our business internally. At Sitecore, we believe that conducting business ethically, with transparency, and in a sustainable manner is critical to our success. Sitecore is committed to acting with integrity in all our business relationships, and to ensuring that there is no violation of human rights, that there are transparent and ethical business practices within our sphere of influence. We conduct business that is sustainable and in an environmentally conscious manner.

This Supplier Code of Conduct (“Supplier Code”) sets forth standards for Sitecore’s current and potential suppliers, including our vendors and third-parties, as well as their employees, agents, and subcontractors (collectively “Suppliers”) to ensure that we partner with vendors that follow ethical, sustainable and environmentally conscious business practices in Sitecore’s supply chains.

COMPLIANCE WITH THIS SUPPLIER CODE

Adherence. All Suppliers must adhere to this Supplier Code while conducting business with or on behalf of Sitecore. This Supplier Code should be viewed as the minimum standards that we expect from our supplier community. Compliance with this Supplier Code is required in addition to any other agreement a supplier may have with Sitecore, it is not intended to reduce, replace or limit any other contractual obligations that a supplier may have with Sitecore or adherence to applicable laws.

Monitoring and Audit of Compliance. Sitecore Suppliers are expected to review and monitor their compliance with this Supplier Code. Sitecore may periodically audit Suppliers to confirm compliance or request that Suppliers confirm their adherence with a signed statement of compliance by an officer of the Supplier’s company. Sitecore may, at any time, require the immediate removal of any Supplier representative(s) or personnel who behave in a manner that is unlawful or inconsistent with this Supplier Code.

Violation(s) of this Supplier Code: Any violation(s) of this Supplier Code may result in immediate termination of any contract between Supplier and Sitecore.

LEGAL AND REGULATORY COMPLIANCE, BUSINESS PRACTICES AND ETHICS

All Sitecore Suppliers must conduct their business activities with integrity and in full compliance with applicable laws and regulations in all locations where they operate when doing business with and/or on behalf of Sitecore. Suppliers must:

  • Never participate in bribes or kickbacks of any kind. Whether in dealings with public officials or individuals in the private sector, Suppliers must comply with all applicable anti-corruption (such as the U.S. Foreign Corrupt Practices Act and the UK Bribery Act 2010) and anti-money laundering laws. Suppliers must also follow the laws governing lobbying, gifts, and payments to public officials, political campaign contribution laws, and other related regulations;
  • Avoid giving the appearance of or engaging in actual conflicts of interests. Suppliers or their representatives must not deal directly with any Sitecore employee whose spouse, domestic partner, or other family member or relative is employed by or holds a significant financial interest in the Supplier (other than publicly traded securities below 2%). Suppliers must disclose any such relationship or other actual or potential conflict of interest to Sitecore for review as soon as the potential conflict becomes known;
  • Never attempt to improperly influence Sitecore business decisions. Suppliers must never offer a bribe, kickback, bartering arrangement, change in terms outside of the contractual relationship, or other incentive to a Sitecore employee in order to obtain or retain Sitecore business or preferential treatment;
  • Create, retain, and dispose of business records honestly and accurately. Suppliers must be honest, direct, and truthful in discussions with regulatory agency representatives and government officials, and act in accordance with all applicable legal and regulatory requirements; and
  • Comply with all applicable trade controls. This includes all applicable export, re-export, and import laws and regulations. Supplier’s must conduct business in full compliance with antitrust and fair competition laws that govern the jurisdictions in which business is being conducted.

INCLUSION AND DIVERSITY

Sitecore strongly believes that a successful organization must foster an inclusive culture where each employee’s beliefs, values and voice is respected. As a multinational organization, with employees from across the globe, Sitecore believes that diversity should be celebrated and discrimination of any form will not be tolerated. Suppliers must:

  • Comply with practices relating to non-discrimination and diversity. Suppliers must comply with all applicable laws relating to discrimination in hiring, employment practices, and harassment and retaliation.
  • Operate workplaces that are free of discrimination. Suppliers must operate workplaces that are free of discrimination, harassment, victimization, and any other abuse on any grounds including but not limited to age, disability, ethnic or social origin, gender, gender identity, nationality, race, sexual orientation, marital status, parental status, pregnancy, political convictions, religious beliefs, union affiliation, or veteran status.

LABOR PRACTICES AND HUMAN RIGHTS

Sitecore expects its Suppliers to share its commitment to human rights and equal opportunity in the workplace. All Suppliers must conduct their employment practices in full compliance with all applicable laws and regulations, and must:

  • Cooperate with Sitecore’s commitment to a workforce and workplace free of harassment and unlawful discrimination. While we recognize and respect cultural differences, we require that Suppliers not engage in discrimination in hiring, compensation, access to training, promotion, termination, and/or retirement based on race, color, sex, national origin, religion, age, disability, gender identity or expression, marital status, pregnancy, sexual orientation, political affiliation, union membership, or veteran status;
  • Use only voluntary labor. The use of forced labor whether in the form of indentured labor, bonded labor, or prison labor by Suppliers is prohibited. Also prohibited is support for any form of human trafficking of involuntary labor through threat, force, fraudulent claims, or other coercion. Suppliers must comply with any applicable anti-slavery or human trafficking laws, such as the UK Modern Slavery Act 2015;
  • Comply with all local and national minimum working age laws or regulations and not use child labor;
  • Not engage in physical discipline, harassment or abuse. Physical abuse or discipline, the threat of physical abuse, sexual or other harassment, and verbal abuse or other forms of intimidation are prohibited;
  • Pay applicable legal wages under humane conditions. Suppliers must also provide benefits to employees at the levels expected in Supplier’s industry;
  • Provide a safe and healthy work environment. Suppliers must fully comply with all safety and health laws, regulations, and practices including those applicable to the areas of occupational safety, emergency preparedness, occupational injury and illness, industrial hygiene, physically demanding work, machine safeguarding, sanitation, food, and housing. Adequate steps must be taken to minimize the causes of hazards inherent in the working environment; and
  • Prohibit the use, possession, distribution, or sale of illegal drugs while on Sitecore-owned or -leased property.

PRIVACY, DATA PROTECTION AND CYBERSECURITY

Sitecore requires its Suppliers to protect the privacy of individuals and maintain the security of any data that it obtains or systems that it may access. All Suppliers are expected to follow global privacy laws and honor individual choices in how data is collected, managed and destroyed. Suppliers must:

  • Data Protection and Confidentiality. Suppliers must protect all information and data received from Sitecore, its employees, or any agent or other party acting on behalf of Sitecore. Suppliers must protect data and systems in accordance with industry recognised privacy and security best practices, legal and regulatory requirements as well as contractual obligations. Such information and data must be kept confidential at all times and not used for any purposes other than the business purpose for which it was provided or made available.
  • Implement appropriate safeguards of data and systems. Suppliers must take steps to design and implement reasonable technical, organizational and administrative safeguards to protect data and systems. All information and data obtained must be kept confidential and protected from any unauthorised access, destruction, use, modification and disclosure, through appropriate organisational and technical controls.
  • Comply with Sitecore Policies. Suppliers who have access to Sitecore systems must comply with relevant company security policies and complete required compliance trainings within prescribed timeframes.

ENVIRONMENTAL AND SUSTAINABILITY REGULATIONS AND PROTECTION

Sitecore recognizes its social responsibility to protect the environment and expects its Suppliers to share its commitment by responding to challenges posed by climate change and by working toward sustainability and protecting the environment. As a part of this commitment, all Suppliers must:

  • Comply with all applicable environmental laws. This includes regulations and requirements regarding hazardous materials, air emissions, waste, and wastewater discharges, including the manufacture, transportation, storage, disposal, and release to the environment of such materials.
  • Endeavor to reduce or eliminate waste. This includes taking steps to implement appropriate conservation measures in facilities, including water and energy conservation, through maintenance and production processes, and by recycling, re-using, or substituting materials.
  • Obtain, maintain, and keep current all required environmental permits and registrations. Suppliers must follow the operational and reporting requirements of such permits.

PROTECTION OF ASSETS AND INTELLECTUAL PROPERTY

Protection of intellectual property rights is vital for any company regardless of industry or business sector. All Suppliers must:

  • Respect and protect the intellectual property rights of all parties. Suppliers must use information technology and software that has been legitimately acquired and licensed. Suppliers should only use software, hardware, and content in accordance with their associated licenses or terms of use.
  • Comply with the intellectual property ownership rights of all parties. This includes, but is not limited to, copyrights, patents, trademarks, and trade secrets; and manage the transfer of technology and know-how in a manner that protects intellectual property rights.
  • Protect and responsibly use the physical and intellectual assets of Sitecore. This includes intellectual property, tangible property, supplies, consumables, and equipment, when authorized by Sitecore to use such assets.
  • Respect authorization limits. Suppliers must understand what they are (and are not) authorized to do on behalf of Sitecore. Suppliers must not speak to the media about Sitecore or on Sitecore’s behalf unless expressly authorized in writing to do so by an authorized Sitecore employee.
  • Use Sitecore-provided information technology and systems (including email) only for authorized Sitecore business-related purposes. Suppliers using Sitecore-provided technology and systems are strictly prohibited from doing the following:
    • Creating, accessing, storing, printing, soliciting, or sending any material that is intimidating, harassing, threatening, abusive, sexually explicit or otherwise offensive or inappropriate, or
    • Sending any false, derogatory, or malicious communications.
  • Comply with all Sitecore security requirements and procedures.
    • Suppliers must maintain passwords, and follow appropriate protocols for confidentiality, security and privacy as a condition of providing Sitecore with goods or services or receiving access to the internal Sitecore network, systems, and buildings. This includes respecting end-user privacy and maintain privacy and security policies, including Sitecore’s privacy policy available at www.sitecore.com/trust/privacy-policy.
    • All data stored or transmitted on Sitecore-owned or -leased equipment is to be considered private and is the property of Sitecore. Sitecore may monitor all use of its network and systems (including email) and may access all data stored or transmitted using the Sitecore network.

REPORTING QUESTIONABLE BEHAVIOR

This Supplier Code does not confer any rights to any third-parties. In addition, no employees of any Supplier will have any rights against Sitecore by virtue of this Supplier Code, nor will such employees have any rights to cause Sitecore to enforce any provisions of this Supplier Code.

If you wish to report questionable behavior or a possible violation of this Supplier Code, you are encouraged to work with your primary Sitecore business contact in resolving your concern. If that is not possible or appropriate, please contact Sitecore’s Legal Department at: legal@sitecore.com. Sitecore will maintain confidentiality to the extent possible and will not tolerate any retribution or retaliation taken against any individual who has, in good faith, sought out advice or reported questionable behavior or a possible violation of this Supplier Code.

VIOLATIONS AND TERMINATION

In the event of non-compliance with, or violation of, this Supplier Code, Sitecore may give the Supplier a reasonable opportunity to respond with proposed corrective actions, unless the violation is severe, egregious, incurable, or there is a violation of law. Sitecore may suspend or terminate its relationship with the Supplier and/or disclose the matter to the appropriate authorities if there is a violation of law.