Supplier Code of Conduct
TABLE OF CONTENTS
2. Human Rights and Working Conditions
3. Environmental Responsibility
4. Governance and Business Practices
6. Data Protection and Cybersecurity
7. Whistleblowing Channel and Protection of Whistleblowers
1. Introduction
The purpose of this guideline is to define the ethical, social, and environmental principles and minimum requirements for our suppliers we expect to be followed in our supply chain, in addition to applicable laws and regulations. We expect our suppliers to apply the same principles also with their own suppliers and subcontractors. The Code of Conduct is based on our values and commitment to responsible business conduct.
We evaluate and select suppliers based on multiple factors such as quality, responsibility, delivery reliability, delivery terms, and price. We expect our suppliers to continuously develop their operations in these areas as well as invest in the development and cost-efficiency of their own production. VAK’s suppliers are an essential part of our success – enabling the manufacture of our products, and ensuring that their own operations do not jeopardize our reputation or our commitment to responsibility.
Our suppliers are obliged to comply with all applicable national and international laws and regulations. These include, among others, the Universal Declaration of Human Rights of the United Nations, the conventions of the International Labour Organization (ILO), the OECD Guidelines for Multinational Enterprises, as well as local labor and environmental laws.
VAK has the right to carry out audits to ensure that suppliers comply with these ethical guidelines. Audits will always be agreed upon on a case-by-case basis with the supplier. VAK has the right to request relevant documentation and information and to request corrective actions if deficiencies in compliance are found.
All VAK suppliers are required to comply with these guidelines and demonstrate compliance either by signing and committing to this code of conduct or by incorporating similar principles into their own ethical guidelines or practices and providing VAK with documentation thereof. The supplier must address any deficiencies immediately.
2. Human Rights and Working Conditions
Suppliers must respect the human rights of their employees, treat them equally, and comply with labor laws and collective agreements in all circumstances. This means, for example:
- Prohibition of forced labor and child labor. We do not accept any form of modern slavery or human trafficking. In particular, for apprentices under 18 years of age, it must be ensured that they do not perform work likely to endanger their health or safety.
- Compliance with applicable labor laws, considering aspects such as working hours, minimum wages, overtime, adequate breaks and rest periods, as well as sick leave and annual leave.
- Providing a safe and healthy working environment in accordance with applicable laws and regulations. Employees must be provided with clear instructions, training, and information on occupational safety in a language they understand, as well as all necessary protective equipment.
- Non-discrimination in the workplace, in remuneration, career advancement, and recruitment, regardless of an employee’s religion, ethnic background, nationality, gender, sexual orientation or identity, age, physical ability, or other similar characteristics.
- Respectful treatment and prevention of harassment. Suppliers must treat their employees respectfully and with dignity, and no form of harassment – whether physical, mental, sexual, or verbal, direct or indirect – is tolerated.
- Respecting employees’ freedom of association and the right to collective bargaining.
- Managing all personal data in accordance with data protection legislation.
In addition, we expect our suppliers to invest in the development of their employees’ skills, as well as in deepening and maintaining professional competence, so that employees have the necessary skills to succeed in their roles.
3. Environmental Responsibility
Suppliers must actively seek to minimize their environmental impact. This includes, for example, reducing emissions and waste, using energy and natural resources efficiently, responsibly managing hazardous substances, as well as continuously improving environmental protection and, where necessary, providing appropriate reporting, setting targets, and measuring performance.
Suppliers must prevent pollution by monitoring, managing, and properly treating wastewater, air emissions, waste, and hazardous substances resulting from their operations, while striving to conserve natural resources and water. The storage, handling, and monitoring of chemicals and hazardous substances must be carried out appropriately.
Suppliers are encouraged to conduct environmental impact assessments and to adopt a sufficient and systematic approach to addressing and managing environmental aspects, and to implement an appropriate environmental management system where necessary.
4. Governance and Business Practices
All supplier business operations must be based on laws, honesty, and responsibility. This means, for example:
- Compliance with laws. Suppliers must comply with all laws and regulations applicable to their operations, including anti-money laundering, data protection, trade and economic sanctions, and competition law. If this Code of Conduct conflicts with national regulations, the stricter requirement must always be followed.
- Zero tolerance for bribery, corruption, and money laundering. Suppliers must not offer, promise, give, or accept any bribe, facilitation payment, or anything of value to gain an undue advantage or improperly influence another. Hospitality and gifts to VAK employees and representatives are only permitted if they do not influence or appear to influence decision-making. Hospitality or gifts are not appropriate during contract negotiations, tendering processes, or in connection with court decisions. We do not accept money laundering.
- Avoidance of conflicts of interest. Suppliers must identify, avoid, and report any situations that may create a conflict of interest with a VAK employee’s duty to act in VAK’s best interest or that may give the appearance of such a conflict. Suppliers must notify if a VAK employee or their family member has a significant managerial position, financial, or other interest in their business.
- Fair competition and compliance with competition law. We do not engage in anti-competitive activities and do not enter into agreements or other similar practices that restrict competition.
- Protection of confidential information from unauthorized use, disclosure, and misuse. Suppliers must respect the intellectual property rights of VAK and third parties.
- Compliance with sanctions. Suppliers must commit to ensuring that their operations or the products or services they supply do not violate sanctions. Suppliers must certify that the parts, components, raw materials, or other goods used in the delivery are not sourced from or transited through a sanctioned country. Suppliers must immediately notify if the supplier or any of its owners, directors, employees, or subsidiaries becomes subject to sanctions.
- Responsible sourcing of minerals. Suppliers must ensure that their products or components do not contain conflict minerals (particularly tin, tantalum, tungsten, and gold) that have been mined or produced under conditions where mining finances armed groups or is linked to human rights abuses.
Suppliers must ensure that their products and services meet agreed technical specifications, quality requirements, and safety standards. Products and services must be fit for their intended use.
We recommend that suppliers have a quality certificate or other evidence of systematic quality management, an appropriate and maintained quality system, and documentation to ensure product fit and compliance, and traceability.
To support quality management, we recommend procedures such as test plans and reporting, and, where necessary, providing measurement reports. Product quality must be inspected before delivery, and suppliers must continuously monitor, measure, and improve their quality. Where feasible, information systems should be utilized in quality management, and specific quality targets should be established.
6. Data Protection and Cybersecurity
Suppliers must protect all personal and other confidential data they process in accordance with data protection legislation. Suppliers must have adequate technical and organizational measures in place to ensure information security, such as security policy and a person responsible for managing cybersecurity.
Suppliers must have an action plan for cyberattacks and data breaches and the capacity to notify VAK immediately if a data breach affects their delivery capability or any potential system integrations.
We also recommend that suppliers provide their employees with training on cybersecurity risks and prevention, use multi-factor authentication in their critical systems, monitor system usage to detect potential anomalies, and keep security solutions such as firewalls, antivirus software, and intrusion prevention systems, up to date.
7. Whistleblowing Channel and Protection of Whistleblowers
Suppliers or their employees must report any significant, repeated, or material violations or non-compliance with this Code of Conduct through VAK’s whistleblowing channel, either anonymously or with their personal details, at vak.fi. Suppliers must protect whistleblowers, and VAK does not accept any retaliation by suppliers against employees who have, in good faith, reported suspected misconduct.