Skip to content

Code of Conduct

1) Overview

This Code of Conduct (“Code”) sets the minimum standards that Caribou Digital (UK) Limited and its subsidiaries and affiliates (together, “Caribou”) require from suppliers, vendors, consultants, independent contractors, associates, grantees, delivery partners, agents and subcontractors (“Associates & Suppliers”) It applies globally. Where laws differ, the higher/stricter standard applies. 

Compliance with this Code is a material condition of doing business with Caribou. Caribou may incorporate this Code (by URL or attachment) into contracts and purchase orders and require flow-down to all subcontractors engaged on Caribou work.

Individual consultants, associates, and independent contractors working on behalf of Caribou are expected to comply with this Code in the same manner as organisational suppliers.

2) Ethics & compliance

  • Anti-bribery & corruption: No bribes, facilitation payments, kickbacks, or improper advantages. Prohibit bribery of public officials; keep accurate books and records.
  • Conflicts of interest: Disclose actual, potential, or perceived COIs before engagement and as they arise; cooperate with mitigations.
  • Financial crime & sanctions: Comply with applicable anti-money laundering, counter-terrorist financing, and sanctions/export-control laws; do not deal with sanctioned parties.
  • Competition & fair dealing: No collusion, bid-rigging, market allocation, or misuse of confidential information.

3) Labour & human rights

  • No forced, bonded, or child labour; verify worker age and right to work.
  • Fair wages, hours, benefits meeting or exceeding legal minimums.
  • Non-discrimination, dignity, and respect; zero tolerance for harassment.
  • Respect freedom of association and lawful collective bargaining.
  • Provide a safe and healthy workplace; manage risks and incidents.

4) Respect at work

Caribou is committed to maintaining a professional, inclusive, and respectful working environment for everyone involved in our work.

Suppliers, consultants, contractors, grantees, delivery partners, agents, subcontractors, and their personnel must treat all individuals with dignity, courtesy, and respect, including Caribou employees, other suppliers, clients, partners, research participants, and members of the public.

The following behaviours are prohibited:

  • Bullying, intimidation, threatening behaviour, or abuse of authority.
  • Harassment, including sexual harassment and unwanted conduct related to a person’s protected characteristics.
  • Discrimination on the basis of age, disability, race, ethnicity, nationality, religion or belief, sex, sexual orientation, gender identity, marital status, pregnancy, maternity, or any other characteristic protected by applicable law.
  • Victimisation or retaliation against any person who raises a concern, participates in an investigation, or reports suspected misconduct in good faith.
  • Conduct that creates an intimidating, hostile, degrading, humiliating, or offensive working environment.
  • Deliberate or reckless behaviour that may harm the wellbeing, safety, dignity, or reputation of others.

These standards apply in all work-related contexts, including virtual meetings, digital communications, client engagements, fieldwork, conferences, retreats, social events connected to Caribou’s work, and any other situation where an individual is representing or working on behalf of Caribou.

Suppliers are expected to take reasonable steps to ensure that their personnel understand and comply with these standards and to address concerns promptly when they arise.

Concerns relating to inappropriate behaviour may be reported through Caribou’s Speak Up channels or to an appropriate Caribou representative.

Serious or repeated breaches of this section may result in corrective actions, removal from assignments, suspension of work, termination of contracts, exclusion from future engagements, or referral to relevant authorities where appropriate.

5) Safeguarding (people we work with)

Where work involves research participants, children, or vulnerable adults, Suppliers must:

  • Apply safeguarding practices (risk assessment, appropriate vetting where lawful, supervision).
  • Obtain informed consent and protect participants from harm.
  • Report concerns immediately to Caribou and relevant authorities where required.

6) Data protection & privacy

If a Supplier processes personal data for Caribou, it must:

  • Process lawfully, fairly, and for limited purposes agreed with Caribou.
  • Implement appropriate security measures (confidentiality, integrity, resilience).
  • Notify Caribou without undue delay (and within 72 hours where feasible) of any suspected or actual personal-data breach affecting Caribou data.
  • Comply with international transfer rules where applicable. Any additional data-protection terms will be set out in the contract.

7) Information security

Where Suppliers access Caribou systems or data, they must at minimum:

  • Enforce Multi-factor authentication (MFA), strong authentication, and least-privilege access.
  • Encrypt data in transit and at rest where feasible.
  • Patch and manage vulnerabilities; use reputable anti-malware / Endpoint Detection & Response (EDR).
  • Segregate client data; prohibit shared credentials.
  • Report security incidents promptly and cooperate with investigation and remediation.

8) Environmental responsibility

Operate in a manner that minimises environmental impact (efficient travel, energy, and waste practices) and comply with applicable Environment, Health & Safety (EHS) laws. Support Caribou’s sustainability goals where relevant to the engagement.

9) Business continuity

If you provide a critical service to Caribou or host data/systems, maintain a documented Business Continuity / Disaster Recovery plan, test it periodically, meet agreed Recovery Time Objective (RTO) / Recovery Point Objective (RPO), and notify Caribou of incidents that could affect service delivery.

10) Records & reporting

Maintain accurate, complete, and timely records that fairly reflect transactions; no off-book accounts. Provide information reasonably needed for due diligence, audits, or regulatory inquiries.

11) Speak Up (reporting concerns)

Anyone may report concerns confidentially (and, where lawful, anonymously) via Caribou’s EthicsPoint portal: cariboudigital.ethicspoint.com. No retaliation is permitted against good-faith reporters. Suppliers must allow their personnel to use this channel and must not retaliate.

12) Subcontracting & flow-down

Do not subcontract material obligations without Caribou’s consent. You remain responsible for your subcontractors and must flow down this Code and applicable contractual obligations.

13) Monitoring, audits & consequences

Caribou may request evidence of compliance, conduct audits on reasonable notice, or require corrective actions. Serious or repeated breaches may lead to suspension, termination for cause, removal from approved-supplier lists, and/or reporting to authorities.

Related Policies

This policy should be read in conjunction with other Caribou policies, namely: