Supplier Code of Conduct

Proofpoint, Inc., including all of its affiliates (collectively, "Proofpoint"), is committed to conducting business in an ethical, legal, and socially responsible manner. Proofpoint expects its suppliers to share this commitment and, therefore, has established this Supplier Code of Conduct. Although there may be different legal and cultural environments applicable to its suppliers, Proofpoint’s suppliers must meet the following minimum requirements to do business with Proofpoint:

1. Compliance with Laws, Regulations, Published Standards, and Contracts

Suppliers must comply with all applicable laws, codes, or regulations of the countries, states, and localities in which they operate. This includes laws and regulations relating to environmental, occupational health and safety, labor practices, and privacy. In addition, suppliers must require their suppliers (including temporary labor agencies) to do the same. Further, Proofpoint’s relationships with its suppliers are governed by contracts and obligations negotiated by both parties. Suppliers must be familiar with, and comply with, the requirements of the agreements in place. A supplier’s contractual obligations also apply to the vendors and subcontractors who work with the supplier on the services that the supplier provides to Proofpoint. If there is a conflict between this Supplier Code of Conduct and a contract, the supplier must raise the issue with the supplier’s internal resources or a Proofpoint resource.  

2.  Environmental Practices

Suppliers shall comply with environmental laws and regulations applicable to their operations worldwide. Such compliance shall include, among other things, the following items:
− Obtaining and maintaining environmental permits and timely filing of required reports;
− Proper handling and disposition of hazardous materials; and
− Monitoring, controlling, and treating discharges generated from operations.

3.  Occupational Health and Safety Practices

Suppliers shall provide their employees with a safe and healthy working environment to prevent accidents and injury to health arising out of, linked with, or occurring in the course of work or as a result of the operation of the supplier.

Suppliers shall, among other things, provide:
− Occupational health and safety training;
− A system for injury and illness reporting for injury prevention;
− Medical treatment and/or compensation to injured/ill workers arising as a result of working for supplier;
− Workplace security and other protective measures to prevent injuries/illnesses to workers; and
− Clean and safe facilities.

4.  Labor Practices

Suppliers shall adopt sound labor practices and treat their workers fairly in accordance with local laws and regulations. In addition, suppliers must comply with the following standards:

− Freely Chosen Employment. Suppliers shall not use any forced labor, whether in the form of human trafficking, slavery, prison labor, indentured labor, bonded labor, or otherwise. Suppliers shall not incorporate into their products materials which were produced using forced labor. Suppliers shall comply with all applicable anti-slavery and child labor laws, including but not limited to the UK Modern Slavery Act.
- No Child Labor. Suppliers shall comply with local minimum working age laws and requirements and not employ child labor.
− Minimum Wages. Suppliers shall provide wages for regular and overtime work and benefits that meet or exceed legal requirements.
− Working Hours. Suppliers shall not require workers to work more than the maximum hours of daily labor set by local laws.
− No Harsh, Inhumane Treatment or Abuse. Suppliers shall treat each employee with dignity and respect. In no event shall Supplier's workers be subject to threats of violence, physical punishment, confinement, or other form of physical, sexual, psychological harassment or abuse.
− No Discrimination. Suppliers shall not discriminate in its employment practices on the basis of race, color, religion, sex, age, physical disability, national origin, creed, sexual orientation, or any other basis prohibited by law.
− Freedom of Association. Suppliers shall recognize and respect the rights of its workers to organize in labor unions in accordance with local labor laws and established practices.

5. Privacy

Suppliers shall commit to protecting the reasonable privacy expectations of personal information of everyone they do business with, including suppliers, customers, consumers, and employees. Suppliers shall comply with applicable privacy and information security laws and regulatory requirements, including, without limitation, the General Data Protection Regulation (GDPR), the Data Protection Act 2018, the Personal Information Protection and Electronic Components Act (PIPEDA), the Privacy Act 1988 (Privacy Act), Health Insurance Portability and Accountability Act (HIPAA), and the California Consumer Privacy Act of 2018, when personal information is collected, processed, shared, stored, and/or transmitted.  Suppliers shall support incident response activities when incidents may involve their systems by: (i) preserving and retaining relevant information, and (ii) exporting, delivering, or otherwise making available relevant information to Proofpoint.

6. Ethical Business Practices

Suppliers shall conduct their businesses in accordance with the highest standards of ethical behavior and in accordance with applicable laws and regulations. Suppliers shall conform to these requirements in each of the following areas:

− Fair Trade Practices. Suppliers shall not engage in collusive bidding, price fixing, price discrimination, or other unfair trade practices in violation of antitrust laws.
− Bribery, Kickbacks, and Fraud. No funds or assets of the supplier shall be paid, loaned, or otherwise disbursed as bribes, kickbacks, or other payments designed to influence or compromise the conduct of Proofpoint.
− Foreign Corrupt Practices Act and UK Bribery Act 2010. While laws and customs vary throughout the world, all suppliers must comply with foreign legal requirements, United States law, United Kingdom law, and local laws that apply to foreign operations, including the Foreign Corrupt Practices Act and the UK Bribery Act 2010. The Foreign Corrupt Practices Act generally makes it unlawful to give anything of value to foreign government officials, foreign political parties, party officials, or candidates for public office for the purposes of obtaining or retaining business. The UK Bribery Act 2010 generally makes it unlawful to give or receive a financial advantage in exchange for improperly performing a relevant function or activity. The UK Bribery Act 2010 also makes it unlawful to promise, offer or give a financial advantage to a foreign public official, either directly or through a third party, where such advantage is not legitimately due.
− Conflict Minerals (Dodd-Frank Section 1502). Supplier shall ensure that parts and products supplied to Proofpoint containing tungsten, tantalum, tin and gold, be DRC Conflict-free. DRC Conflict-free parts and products contain no metals derived from “Conflict Minerals” such that they directly or indirectly finance or benefit armed groups through mining or mineral trading in the Democratic Republic of Congo, or adjoining countries where human rights violations are alleged. Additionally, suppliers shall cooperate with Proofpoint to conduct due diligence and implement policies and procedures so that Proofpoint may make accurate legally required disclosures and to enable Proofpoint products to be DRC Conflict-free.
− Policies and Procedures. Suppliers must comply with Proofpoint’s published policies and procedures, including this Proofpoint Supplier Code of Conduct.
− Intellectual Property Rights. Suppliers shall respect the intellectual property rights of others, especially Proofpoint, its affiliates, and business partners. Suppliers shall take appropriate steps to safeguard and maintain confidential and proprietary information of Proofpoint and shall use such information only for the purposes specified for use by Proofpoint. Suppliers shall observe and respect all of Proofpoint’s patents, trademarks, copyrights, and other intellectual property, and comply with all requirements as to their use as established by Proofpoint.

7.  Terrorism Activities

Suppliers shall not directly or indirectly engage in or support any terrorist activity. Neither suppliers nor any of their affiliates, nor any officer or director of the supplier or any of its affiliates, shall be included on any lists of terrorists or terrorist organizations compiled by the United States government or any other national or international body, including but not limited to:

− The U.S. Treasury Department's Specially Designated Nationals List;
− The U.S. State Department's Terrorist Exclusion List;
− The United Nations List Pursuant to Security Council Resolution 1390 (2002) and Paragraphs 4(B) or Resolution 1267(1999) and 8(C) of Resolution 1333 (2000); and
− The European Union List Implementing Article (2)(3) of Regulation (EC) No. 2580/2001 on Specific Restrictive Measures Directed Against Certain Persons and Entities with a View to Combating Terrorism.

 

8. Monitoring and Compliance

Suppliers shall conduct audits and inspections to ensure their compliance with this Supplier Code of Conduct and applicable legal requirements. If a supplier identifies areas of non-compliance, the supplier agrees to immediately notify Proofpoint at legal@proofpoint.com as to its plans to remedy any such non-compliance.

Proofpoint or its representatives may engage in monitoring activities to confirm a supplier's compliance with this Supplier Code of Conduct, including on-site inspections of facilities, use of questionnaires or report cards, review of publicly available information, or other measures Proofpoint deems necessary to assess supplier's performance.

Any supplier or Proofpoint employee that becomes aware of violations of this Supplier Code of Conduct is obligated to immediately notify Proofpoint at legal@proofpoint.com. Individuals who wish to remain anonymous may contact Proofpoint by mail at Proofpoint, Inc., 925 West Maude Avenue, Sunnyvale, CA 94085, Attention: Compliance Officer or at 1-844-684-4269 or via the web at www.reportlineweb.com/proofpoint. No matter how an individual chooses to contact Proofpoint, Proofpoint prohibits retaliation against anyone raising a concern in good faith. Based on the assessment of information made available to Proofpoint, Proofpoint reserves the right (in addition to all other legal and contractual rights) to disqualify any potential supplier or terminate any relationship with any current supplier found to be in violation of this Supplier Code of Conduct without liability to Proofpoint.

9. Application/Exclusions

This Supplier Code of Conduct is a general statement of Proofpoint’s expectations with respect to suppliers. This Supplier Code of Conduct is not in lieu of, but in addition to, any supplier obligations as set forth in any:

− Request for proposal or other solicitation; and
− Agreements by and between Proofpoint and the supplier. In the event of a conflict between this Supplier Code of Conduct and any Proofpoint solicitation document or applicable agreement, the terms of the Proofpoint solicitation or agreement shall control.

10. Communications

Unless expressly included in the supplier’s agreement with Proofpoint, the supplier is not permitted to publish any marketing materials, press releases, or media interviews that include a reference to Proofpoint, Proofpoint’s clients or customers, or the work being completed together without receiving prior written approval from Proofpoint on a case-by-case basis.

11. Failure to Comply

Failure to comply with the policies, procedures or other requirements of the Supplier Code of Conduct may, in Proofpoint’s sole discretion, constitute cause for termination of any agreement by and between Proofpoint and the Supplier on terms to be determined by Proofpoint.

SUPPLIER ACKNOWLEDGEMENT

Supplier acknowledges the importance of the Code to the proper conduct of business for and with Proofpoint.

Supplier understands the Supplier’s obligations as set forth in the Code and commits to conduct business in accordance with the Code at all times and to report all matters as they arise to the attention of Proofpoint.

Supplier acknowledges that Proofpoint may, in its sole discretion, revise the Code from time to time. Supplier understands its responsibility to comply with the then current Code posted on the Proofpoint’s website, which is located at www.proofpoint.com.

Supplier acknowledges that failure to comply with the policies, procedures or other requirements of the Code may, in Proofpoint’s sole discretion, constitute cause for termination of any agreement by and between Proofpoint and the supplier on terms to be determined by Proofpoint.

Supplier understands that its agreement to comply with the Code does not obligate Proofpoint to conduct business or place any orders with supplier.