1. Ethical Business Conduct

1.1. Anti-Corruption and Bribery Suppliers must not engage in any form of corruption, bribery, extortion, embezzlement, or kickbacks. This includes direct or indirect offers of anything of value to obtain or retain business or an improper advantage.

1.2. Gifts and Entertainment Suppliers must avoid giving or receiving gifts, entertainment, or hospitality that could improperly influence business decisions or create a conflict of interest.

1.3. Conflicts of Interest Suppliers must disclose any actual or potential conflicts of interest, including any personal relationships with Sprout employees that could affect impartiality.

2. Data Privacy and Security

2.1. Confidentiality Suppliers must protect confidential information belonging to Sprout, its clients, and employees. This includes both proprietary information and personal data.

2.2. Data Protection Suppliers must comply with all applicable data protection and cybersecurity laws, including the Philippine Data Privacy Act of 2012 (R.A. 10173), its Implementing Rules and Regulations, and National Privacy Commission issuances. If processing personal data on behalf of Sprout, the Supplier shall implement reasonable and appropriate organizational, physical, and technical security measures, aligned with best practices and industry standards such as ISO 27001, SOC 2, or NIST Cybersecurity Framework (CSF).

Sprout is committed to respecting human rights in all aspects of its operations and expects the same from its Suppliers.

3.1. No Forced or Child Labor Suppliers must not use any form of forced, bonded, indentured, or involuntary labor. Child labor is strictly prohibited in any stage of operations.

3.2. Fair Working Conditions Suppliers must comply with applicable wage, benefit, and working hours laws and provide employees with written employment agreements where required.

3.3. Non-Discrimination and Inclusion Suppliers must not discriminate based on race, color, gender, sexual orientation, religion, age, disability, marital status, or any other protected characteristic.

3.4. Freedom of Association Suppliers must respect workers’ rights to freely associate, organize, and bargain collectively in accordance with applicable laws.

4. Health, Safety, and Well-being
Suppliers must provide a safe and healthy working environment for all workers, including proactive health and safety management systems to prevent accidents and occupational illnesses.

5. Environmental Stewardship
Suppliers must operate in an environmentally responsible and resource-efficient manner, complying with all environmental laws and regulations. This includes compliance with the Philippine Environmental Impact Statement (EIS) System, DENR Administrative Orders, LGU ordinances, and other applicable rules on pollution control, waste management, and environmental permitting.

Efforts to reduce energy consumption, manage waste, and minimize carbon emissions are also encouraged.

6. Governance and Compliance

6.1. Compliance with Laws Suppliers must comply with all applicable national and local laws, rules, and regulations in the countries where they operate.

6.2. Anti-Fraud and Accurate Reporting All financial records, reports, and submissions must be accurate and reflect the true nature of the transactions.

6.3. Subcontracting Suppliers shall not subcontract any part of their obligations without prior written consent from Sprout. Any approved subcontractors must comply with the same obligations under this Code.

7. Social Media and Brand Use
Suppliers must not make public statements on behalf of Sprout or use its name, trademarks, or branding without prior written permission. Responsible and respectful conduct is expected when referring to Sprout on any platform. This includes but is not limited to press releases, case studies, marketing materials, or any form of promotional content referring to Sprout as a client, without explicit approval.

8. Compliance Monitoring and Corrective Actions
Sprout reserves the right to assess Suppliers’ compliance through audits, self-assessments, or documentation requests. In cases of non-compliance, Sprout may request corrective actions or terminate the relationship for material breaches.

9. Whistleblowing and Incident Reporting
Sprout Solutions is committed to maintaining a culture of integrity, transparency, and accountability. To support this commitment, we provide clear channels for reporting actual or suspected violations of company policies, applicable laws, or this Supplier Code of Conduct.

9.1. Scope This policy applies to all Sprout employees, Suppliers, contractors, and third-party stakeholders. Concerns may include, but are not limited to:

• Fraud, bribery, or corruption
• Labor or human rights violations
• Health, safety, and environmental issues
• Data privacy or information security breaches
• Unethical business practices
• Any violation of applicable law or Sprout policies

9.2. Reporting Channels Reports may be submitted confidentially via the following: Sprout maintains a single point of contact ([email protected]) for receiving and responding to all incident reports. Security or data privacy incidents affecting Sprout must be reported within 24 hours of discovery, along with a preliminary assessment and mitigation plan.

9.3. Confidentiality and Non-Retaliation Sprout ensures that all reports will be handled with strict confidentiality and in accordance with applicable laws. Retaliation against individuals who, in good faith, report a concern or participate in an investigation is strictly prohibited.

10. Applicability and Updates
This Code is not intended to override any applicable laws or contractual terms between Sprout and the Supplier. Sprout may revise this Code from time to time and expects Suppliers to stay informed of updates.

11. Ongoing Compliance
Sprout may request Suppliers to submit an annual attestation confirming continued adherence to this Code. Suppliers must cooperate with periodic audits or compliance reviews, including the submission of relevant documentation when requested.