# Environmental, Social and Governance Policy - Badrap Oy

This Environmental, Social and Governance Policy has been approved on 2021-03-24 by the board of directors to be used at Badrap Oy.

# Corporate Responsibility Statement

Safety, security and privacy of our customers, society, people, our employees and our partners are the highest priorities for us. We follow laws, regulations and good corporate governance practices. We respect human rights, labour rights, consider the environment and have anti-corruption measures. Our Code of Conduct has short policy statements on Environmental Protection, Health and Safety, Child and Forced Labour, Anti-Bribery, Anti-Discrimination, Taxes, Security Research and Open Source and Community Work.

# Code of Conduct

Our environmental, social and corporate governance (ESG) policies are the basis for our Code of Conduct. Our ESG policies are approved by our board. We periodically review and communicate our Code of Conduct to our staff, suppliers and partners. Our Code of Conduct is public and it is shared openly.

# Supplier Code of Conduct

Our Code of Conduct and its major updates are communicated to the suppliers and partners and we expect them to uphold the same standards and to obey the legal obligations and local regulations.

# Anti-Bribery Policy

We have zero tolerance towards acts of bribery and corruption, by any employee or anyone acting on our behalf. We, our partners and suppliers should "not offer, promise or give undue pecuniary or other advantage to public officials or the employees of business partners. ... Enterprises should not use third parties such as agents and other intermediaries, consultants, representatives, distributors, consortia, contractors and suppliers and joint venture partners for channelling undue pecuniary or other advantages to public officials, or to employees of their business partners or to their relatives or business associates.", see also further guidelines in chapter "Combating Bribery, Bribe Solicitation and Extortion" in OECD's OECD Guidelines for Multinational Enterprises (opens new window).

# Anti-Discrimination Policy

We have zero tolerance for discrimination, see https://www.syrjinta.fi/syrjinta (Finnish) and https://www.syrjinta.fi/web/en/discrimination (English). We follow the Finnish law on non-discrimination (opens new window).

# Child & Forced Labour Policy

We forbid use of child and forced labour as defined by the Finnish laws, see Laki nuorista työntekijöistä (opens new window) and Valtioneuvoston asetus nuorille työntekijöille erityisen haitallisista ja vaarallisista töistä (opens new window).

# Environmental Policy

As a bare minimum we, our suppliers and partners are to follow environmental laws, in Finland see Luonnonsuojelulaki (opens new window). However, we strongly encourage going beyond that. We will be periodically reviewing United Nations' Sustainable Development goals (opens new window) for goal setting and adoption in our operations.

# Health and Safety Policy

We follow Finnish laws for health and safety in employment and workplace, see Työterveyshuoltolaki (opens new window) and Työturvallisuuslaki (opens new window). Local laws should be respected abroad.

# Open Source and Community Work

Our employees and suppliers are encouraged to participate in community efforts such as developing and contributing to free open source software (FOSS). Contributing to the common good is a shared interest.

# Security Research

Our employees and suppliers who participate in security and vulnerability research are encouraged to work responsibly and disclose any findings with care (e.g. using a responsible disclosure model).

# Tax Policy

We have a zero tolerance to tax evasion and the facilitation of tax evasion. We are not engaged in aggressive tax planning. Our headquarters is in Finland and we follow local tax laws in regions where we operate.

# Standard Clause for Suppliers and Partners

All Suppliers and Partners can include the following standard clause (or equivalent content in their own language) into their contract terms to demonstrate their willingness to uphold our ESG standards.

"The Supplier/Contractor/Partner has received a copy of the Company's Code of Conduct at https:/docs.badrap.io/esg.html (opens new window) and agrees to uphold or to exceed the same standards and to obey legal obligations and local regulations."