Last updated: 01 June 2025

This Third-Party Code of Conduct (“Code”) sets out the minimum standards of ethical, legal, and professional behaviour expected from all third parties conducting business with or on behalf of VoxSmart Limited and its affiliates (“VoxSmart”).

This Code applies to all third parties, including but not limited to suppliers, vendors, contractors, consultants, agents, distributors, referral and strategic partners (collectively “Third Parties”).

Third Parties shall conduct all business activities with integrity, transparency, and accountability, ensuring compliance with all applicable laws, regulations, and contractual obligations. They must:

• Act honestly and ethically in all dealings with VoxSmart and its stakeholders.
• Maintain accurate and auditable records of business activities.
• Avoid conflicts of interest and disclose any potential or actual conflicts promptly.
• Protect VoxSmart’s confidential and proprietary information.
• Comply with this Code and all contractual obligations with VoxSmart.

Third Parties shall comply with all applicable laws and regulations, including but not limited to:

• Trade controls, export laws, and sanctions regimes;
• Anti-money laundering (AML) and counter-terrorist financing requirements;
• Competition and antitrust laws prohibiting collusion, price-fixing, or unfair business practices; and
• Data protection and privacy laws, including the UK GDPR, EU GDPR, and any equivalent local frameworks.

VoxSmart maintains a zero-tolerance policy toward bribery and corruption. Accordingly, Third Parties shall:

• Not offer, promise, authorise, or accept any bribe, kickback, or facilitation payment.
• Ensure that gifts, hospitality, or entertainment are modest, lawful, and infrequent.
• Maintain policies and controls consistent with the UK Bribery Act 2010 and other applicable legislation.
• Disclose any situation that may create an actual or perceived conflict of interest.

Third Parties who access, process, store, or transmit VoxSmart data or systems must:

• Comply with data protection and privacy laws, including the UK GDPR and EU GDPR.
• Implement technical and organisational measures consistent with the principles of ISO/IEC 27001 and ISO/IEC 27002, including:
- access control, encryption, secure configuration, vulnerability management, and incident response;
- staff awareness and confidentiality obligations.
• Ensure any subcontractors or affiliates meet equivalent standards.
• Report any actual or suspected data breach or security incident to VoxSmart within 24 hours of discovery.
• Use VoxSmart data only for authorised contractual purposes and protect it from unauthorised access, loss, or misuse.
• Cooperate with VoxSmart’s security assurance reviews, audits, and due diligence processes when requested.

Third Parties shall uphold internationally recognised human rights and labour standards. They must:

• Prohibit discrimination and harassment of any kind, including that based on race, colour, nationality, religion, gender, gender identity or expression, sexual orientation, disability, age, marital or parental status, or any other protected characteristic.
• Maintain a workplace free from bullying, harassment, intimidation, or abuse, whether verbal, physical, or psychological.
• Provide equal opportunity in employment and advancement.
• Prohibit child labour, forced labour, and human trafficking.
• Ensure safe, healthy, and lawful working conditions.
• Comply with applicable laws regarding wages, benefits, and working hours.

Third Parties are expected to operate in an environmentally responsible manner. They shall:

• Comply with all relevant environmental laws and regulations.
• Strive to reduce waste, emissions, and environmental impact.
• Promote sustainability and responsible resource use across their operations and supply chains.

Third Parties shall:

• Conduct business fairly and in accordance with antitrust and fair-competition principles.
• Avoid anti-competitive behaviour, collusion, or market manipulation.
• Maintain accurate and truthful records, subject to audit by VoxSmart when contractually required.

Third Parties must promptly report any suspected or actual breach of this Code, applicable law, or contractual obligations. Reports should be made in good faith to: legal@voxsmart.com.

VoxSmart prohibits retaliation against any person or organisation that reports a concern in good faith.

VoxSmart reserves the right to investigate potential breaches and take appropriate corrective or disciplinary action, up to and including termination of engagement.

By working with VoxSmart, Third Parties agree to conduct themselves in accordance with this Code and to uphold VoxSmart’s standards of integrity, security, and respect in all business dealings.