Supplier Code of Conduct

1 Purpose of the policy

This Supplier Code of Conduct (“Code”) establishes the minimum standards of ethical, legal, environmental, and social responsibility that Connexin requires all suppliers, contractors, and third parties (“Suppliers”) to meet when conducting business with, or on behalf of, the Company.

Connexin is committed to operating in compliance with all applicable laws and regulations and to upholding the highest standards of integrity, sustainability, and corporate responsibility. Accordingly, Suppliers are expected to conduct their business in a manner that is lawful, ethical, and socially responsible, including adherence to all applicable legislation relating to labour practices, human rights, anti-bribery and corruption, data protection, environmental protection, and modern slavery.

Suppliers must also demonstrate a commitment to continuous improvement in environmental and social performance, transparency in their operations, and responsible governance practices.

Compliance with this Code is a mandatory condition of doing business with Connexin and forms an integral part of all contractual agreements. Connexin reserves the right to assess, monitor, and take appropriate action in relation to Supplier compliance, including the termination of business relationships where standards are not met

2 Applicable Legislation

Suppliers must comply with all applicable laws and regulations in the countries where they operate. This includes, but is not limited to, laws and regulations related to labour, health and safety, the environment, anti-corruption, and data protection.

• List of Employment Laws and Legislation UK | 2022 Law Acts - UK Rules
• Employment status and employment rights - GOV.UK
• Health and Safety at Work etc Act 1974 - HSE
• Environment Act 2021
• World-leading Environment Act becomes law - GOV.UK
• Legislation - HSE
• Bribery Act 2010
• Anti-bribery policy - GOV.UK
• Modern Slavery Act 2015
• Data Protection Act 2018
• UK General Data Protection Regulation | ICO
• Equality Act 2010
• Competition Act 1998
• Public Interest Disclosure Act 1998

3 Abbreviations and definitions

Supplier – Any third-party entity who supplies goods or services to Connexin Group of Companies.

Child labour – Refers to the employment of children which has the potential to be harmful to their health or development and interferes with educational and development requirements.

Forced labour – A situation where an individual is forced to work against their will, often under threat of harm or punishment.

Modern slavery – Includes slavery, servitude, forced or compulsory labour, and human trafficking as defined under the Modern Slavery Act 2015.

Due diligence – The process of identifying, assessing, preventing, and mitigating actual and potential adverse impacts within operations and supply chains

4 labour & human rights

Suppliers must respect the human rights of their employees and treat them with dignity and respect, including within their own supply chain. This includes, but is not limited to, the following:

• No forced, bonded, or involuntary labour.
• No child labour.
• Freedom of association and the right to collective bargaining.
• Wages, benefits and employment conditions that meet or exceed applicable legal requirements.
• Reasonable working hours.
• No discrimination.
• No harsh or inhumane treatment.
• Compliance with the Modern Slavery Act 2015, including taking reasonable steps to identify and mitigate risks.
• Compliance with the Equality Act 2010 and prohibition of unlawful discrimination.

Suppliers must take a proactive, risk-based approach to identifying and managing labour and human rights risks.

5 Health & Safety

Suppliers must provide a safe and healthy working environment for their employees. This includes, but is not limited to, the following:

• Adequate health and safety training,
• Safe and well-maintained equipment and facilities,
• Appropriate personal protective equipment,
• Emergency preparedness and response procedures,
• Implementation of appropriate health and safety management processes aligned with recognised standards (such as ISO 45001) where appropriate.

6 Environment

Suppliers must operate in an environmentally responsible manner and minimize their impact on the environment. This includes, but is not limited to, the following:

• Compliance with all applicable environmental laws and regulations.
• Reduction of waste, emissions, and energy consumption.
• Responsible use of natural resources.
• Correct disposal of hazardous materials.
• Taking reasonable steps to minimise environmental impact.
• Setting environmental objectives where appropriate.
• Maintaining appropriate environmental management processes (aligned to standards such as ISO 14001 where relevant).

7 carbon Emissions monitoring

Suppliers must monitor and report their carbon emissions to enable our company to accurately calculate our scope 3 emissions. This includes, but is not limited to, the following:

• Measuring and reporting direct and indirect greenhouse gas emissions from their operations.
• Implementing a system to track and report emissions data.
• Providing Connexin with regular emissions reports and supporting documentation.
• Working with Connexin to identify opportunities to reduce emissions and improve environmental performance.
• Setting targets to reduce greenhouse gas emissions over time.
• Alignment where feasible with recognised frameworks such as Science Based Targets or net Zero commitments.

8 Anti - corruption

Suppliers must not engage in any form of corruption, bribery, or unethical business practices. This includes, but is not limited to, the following:

• No bribes, kickbacks, or other improper payments.
• No gifts or entertainment that could be seen as an attempt to influence business decisions.
• No conflicts of interest.
• No anti-competitive practices.
• Compliance with the UK Bribery Act 2010 and applicable competition laws including the Competition Act 1998.

Suppliers should engage in fair competition and refrain from any anti-competitive practices.

9 Data protection

Suppliers must comply with the UK General Gata Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Suppliers are required to:

• Protect Personal Data
  Safeguard the personal data of employees, customers, and business partners by ensuring it is processed lawfully, fairly, and transparently, and only for legitimate business purposes.
• Implement Security Measures
  Establish and maintain appropriate technical and organisational measures to protect personal and confidential data against unauthorised access, loss, destruction, alteration, or disclosure.
• Maintain Confidentiality
  Protect any confidential information received from Connexin and ensure it is not disclosed, shared, or used for any purpose other than fulfilling the agreed contractual obligations.
• Respect Intellectual Property Rights
  Respect and uphold the intellectual property rights of Connexin and third parties, ensuring that such rights are not infringed or misused.
• Limit Data Access
  Ensure that access to personal and confidential data is restricted to authorised personnel who require it for legitimate business purposes and who are subject to confidentiality obligations.
• Report Data Breaches
  Promptly notify Connexin of any actual or suspected data breach or security incident affecting Connexin data, in accordance with agreed contractual requirements.
• Ensure Third-Party Compliance
  Ensure that any subcontractors or third parties engaged by the Supplier who process personal or confidential data adhere to equivalent data protection and confidentiality standards.

Failure to comply with these requirements may result in termination of the business relationship and potential legal action.

10 Monitoring and compliance

Suppliers must implement appropriate controls, systems, and procedures to monitor compliance with this Code.

Suppliers must cooperate with due diligence activities, assessments, and audits, including providing relevant documentation upon request.

Where non-compliance is identified, suppliers must implement corrective action plans within agreed timeframes.

11 Reporting concerns

Suppliers are encouraged to report any concerns or violations of this Code of Conduct to our company through our confidential reporting channels.

Suppliers should have mechanisms in place for employees to report concerns or any violations of this Code of Conduct. Reporting mechanisms must be accessible, confidential and allow for anonymous reporting without fear of retaliation, where legally permitted.

Suppliers must ensure that whistleblowers are protected in accordance with the Public Interest Disclosure Act 1998. We will not tolerate any retaliation against anyone who reports a concern in good faith.

12 Continuous improvement

Suppliers should continuously strive to improve their operations through measurable objectives, performance monitoring, and implementation of corrective and preventive actions in line with the principles outlined in this Code of Conduct.

Suppliers should actively engage with us to identify opportunities to improve environmental, social and ethical performance across the supply chain. Connexin is committed to working with suppliers to enhance their practices where necessary.

13 Supply chain due duiligence & Risk Management

Suppliers must take a risk-based approach to managing environmental, social, and governance risks within their own supply chains.

This includes:

• Identifying and assessing risks within their operations and supply chains
• Implementing measures to prevent and mitigate adverse impacts
• Supporting supply chain transparency and mapping activities
• Cooperating with requests for information related to supply chain due diligence

Where adverse impacts are identified, suppliers must work collaboratively to implement remediation actions.

14 monitoring and audit

This Policy is subject to company policy review on an annual basis or wherever there are legislative, regulatory or organisational changes.

Suppliers are expected to support the ongoing review process and adapt to updated requirements where communicated.