Supplier Code of Conduct

1. Purpose

Coaley Peak Limited is committed to conducting business responsibly, ethically, and in compliance with all applicable laws and regulations. This Supplier Code of Conduct sets out the minimum standards we expect from all suppliers, subcontractors, and business partners (collectively referred to as “suppliers”) who provide goods, services, or resources to Coaley Peak Limited.

By entering into a commercial relationship with Coaley Peak Limited, suppliers acknowledge these standards and agree to conduct their operations in a manner consistent with this Code. This Code forms part of our supplier management framework and may be incorporated by reference into contractual agreements.

2. Legal Compliance

Suppliers must comply with all applicable laws, regulations, and statutory requirements in every jurisdiction in which they operate. This includes, but is not limited to, employment law, health and safety legislation, environmental regulation, tax and financial reporting obligations, and sector-specific regulatory requirements.

Where local laws set a lower standard than this Code, suppliers are expected to apply the higher standard set out here. Where local laws impose stricter requirements, those requirements take precedence.

3. Anti-Bribery and Corruption

Coaley Peak Limited has a zero-tolerance approach to bribery and corruption in all its forms. Suppliers are expected to comply with the UK Bribery Act 2010 and all equivalent legislation applicable in their jurisdiction. Suppliers must not offer, promise, give, request, agree to receive, or accept any bribe or corrupt payment in connection with any business conducted with or on behalf of Coaley Peak Limited.

• Facilitation payments — Facilitation payments are strictly prohibited. Suppliers must not make unofficial payments to expedite or secure routine actions, regardless of local custom or practice.
• Gifts and hospitality — Gifts and hospitality exchanged with Coaley Peak personnel must be reasonable, proportionate, and transparent. Cash, cash equivalents, and gifts to public officials are not permitted.
• Third parties — Suppliers must not use agents, intermediaries, or subcontractors to make payments that would be prohibited under this Code if made directly.
• Record keeping — Suppliers must maintain accurate financial records and be able to demonstrate that all transactions relating to Coaley Peak business are properly authorised and documented.

Suppliers with their own anti-bribery policies are encouraged to share these with Coaley Peak upon request.

4. Modern Slavery and Human Trafficking

Coaley Peak Limited is committed to combating modern slavery in all its forms in accordance with the Modern Slavery Act 2015. Suppliers must not engage in, facilitate, or benefit from any form of forced labour, bonded labour, child labour, human trafficking, or other forms of modern slavery.

• Forced and compulsory labour — All work must be freely chosen. Workers must not be required to lodge deposits or identity documents, and must be free to leave employment with reasonable notice.
• Child labour — Suppliers must not employ children below the minimum school-leaving age in any jurisdiction. Young workers above the minimum age must not be employed in hazardous conditions.
• Supply chain transparency — Suppliers are expected to understand and take reasonable steps to address modern slavery risks within their own supply chains. Suppliers may be asked to provide information about their supply chain due diligence processes.
• Reporting — Any suspicion or evidence of modern slavery must be reported to Coaley Peak Limited immediately at compliance@coaleypeak.co.uk.

5. Labour Standards and Human Rights

Suppliers must respect the human rights of their workers and all people affected by their operations. At a minimum, suppliers are expected to uphold the following standards:

• Fair remuneration — Workers must be paid at least the legally required minimum wage and receive all legally mandated benefits. Wages must be paid in a timely manner.
• Working hours — Working hours must comply with applicable law. Overtime must be voluntary and compensated in accordance with legal requirements.
• Safe working conditions — Suppliers must provide a safe, healthy, and clean working environment in compliance with all applicable health and safety legislation. Workers must have access to appropriate protective equipment and emergency procedures.
• Non-discrimination and dignity — Suppliers must not engage in or permit discrimination on the grounds of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, or sexual orientation. All workers must be treated with dignity and respect.
• Freedom of association — Suppliers must respect workers’ rights to join, form, or not join trade unions and to bargain collectively in accordance with applicable law.
• Grievance mechanisms — Suppliers must provide accessible and confidential mechanisms for workers to raise concerns without fear of retaliation.

6. Environmental Standards

Coaley Peak Limited is committed to minimising its environmental impact and expects suppliers to share this commitment. Suppliers must comply with all applicable environmental laws and regulations in their jurisdiction.

• Environmental compliance — Suppliers must hold all required environmental permits and licences and comply with conditions attached to them.
• Reducing environmental impact — Suppliers are encouraged to measure, manage, and reduce their greenhouse gas emissions, energy and water consumption, and waste generation. Progress towards environmental targets is welcomed.
• Public sector work and PPN 06/21 — Where Coaley Peak Limited is engaged on public sector contracts subject to Procurement Policy Note 06/21 or its successors, suppliers involved in delivering those contracts may be required to provide carbon reduction plan information and demonstrate alignment with the requirements of that Note.
• Hazardous materials — Suppliers must handle, store, transport, and dispose of hazardous materials in accordance with applicable law and in a manner that minimises risk to people and the environment.

7. Data Protection

Suppliers who process personal data on behalf of Coaley Peak Limited, or who handle personal data received from Coaley Peak Limited, must comply with all applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

• Data processing agreements — Where a supplier acts as a processor of personal data on behalf of Coaley Peak Limited, a data processing agreement meeting the requirements of Article 28 UK GDPR must be in place before processing commences.
• Lawful processing — Suppliers must only process personal data for the purposes for which it was provided, and must not retain personal data longer than necessary.
• Breach notification — Suppliers must notify Coaley Peak Limited without undue delay, and in any event within 24 hours of becoming aware, of any personal data breach that affects data provided by or relating to Coaley Peak Limited, its clients, or its personnel.
• International transfers — Any transfer of personal data outside the United Kingdom must be made in accordance with UK GDPR Chapter V and with Coaley Peak Limited’s prior written consent.

8. Information Security

Suppliers who handle, store, or have access to Coaley Peak Limited’s systems, networks, or confidential information must maintain appropriate information security controls proportionate to the sensitivity of the data and systems involved.

• Cyber Essentials — Suppliers who access Coaley Peak Limited’s systems or handle Coaley Peak data are expected to hold a current Cyber Essentials or Cyber Essentials Plus certification, or to demonstrate equivalent controls where certification is not practicable.
• Security assessments — Coaley Peak Limited may request that suppliers complete a security questionnaire or cooperate with a security assessment as a condition of, or during, engagement. Suppliers must cooperate fully with such assessments.
• Access controls — Suppliers must ensure that access to Coaley Peak systems and data is limited to personnel who require it for legitimate business purposes, and that access is revoked promptly upon termination of the relevant engagement.
• Incident reporting — Suppliers must report any actual or suspected security incident affecting Coaley Peak systems, data, or operations to Coaley Peak Limited as soon as practicable.

9. Confidentiality

Suppliers will frequently have access to confidential information belonging to Coaley Peak Limited or to Coaley Peak Limited’s clients. Suppliers must protect all such information and must not disclose it to any third party without prior written consent, except where required by law.

Confidential information includes, but is not limited to, business plans, client identities and requirements, pricing, technical specifications, system architectures, and any information marked as confidential or that a reasonable person would understand to be confidential by its nature. Confidentiality obligations survive termination of the supplier relationship.

10. Conflicts of Interest

Suppliers must disclose to Coaley Peak Limited any relationship, financial interest, or circumstance that could give rise to an actual or potential conflict of interest in connection with their engagement. This includes relationships with Coaley Peak Limited’s competitors, clients, or personnel.

Disclosure should be made at the earliest opportunity and, where a conflict is identified, the supplier must work with Coaley Peak Limited to agree appropriate management measures. Failure to disclose a material conflict of interest may be treated as a breach of this Code.

11. Audit Rights

Coaley Peak Limited reserves the right to audit, or appoint a third party to audit, a supplier’s compliance with this Code. Such audits may be conducted with reasonable notice and during normal business hours.

Suppliers must maintain adequate records to demonstrate compliance with this Code and must provide Coaley Peak Limited with reasonable access to those records upon request. The cost of any such audit will ordinarily be borne by Coaley Peak Limited unless the audit reveals material non-compliance, in which case the supplier may be required to bear the cost.

12. Reporting Concerns

Suppliers who become aware of any actual or potential breach of this Code, whether by themselves, their subcontractors, or any other party in connection with Coaley Peak Limited business, are encouraged to report their concerns promptly. Reports may be made confidentially.

Concerns can be reported by email to compliance@coaleypeak.co.uk. Coaley Peak Limited will investigate all reports in good faith and will not take adverse commercial action against any supplier solely because they have raised a concern in good faith.

13. Consequences of Non-Compliance

Failure to comply with this Code may result in one or more of the following consequences, depending on the severity and nature of the breach:

• A formal request for corrective action, with a defined remediation timeline;
• Suspension of the supplier relationship pending investigation;
• Termination of any existing contract or commercial arrangement;
• Removal from Coaley Peak Limited’s approved supplier list;
• Reporting to relevant regulatory or law enforcement authorities where required by law.

Coaley Peak Limited will consider all relevant circumstances before taking action and will act in a fair and proportionate manner.

14. Review

This Supplier Code of Conduct is reviewed annually and updated as necessary to reflect changes in legislation, regulatory guidance, best practice, and organisational requirements. Suppliers will be notified of material changes. The current version is available on the Coaley Peak website and supersedes all previous versions.

For any queries about this Code, please contact compliance@coaleypeak.co.uk.