Legal Agreements for CloudLinux Products
1. Introduction
1.1 Message from Igor Seletskiy, CEO
Integrity is one of the core values in which we, Cloud Linux Software, Inc. (“CloudLinux”), operate. The Code of Ethics is companywide and describes how we put CloudLinux values in the way we work every day. It also explains our commitments and, more importantly, expectations towards everyone. Commitments I make to you and, likewise, commitments you make to me and everyone we deal with both internally and externally.
We run our business ethically and responsibly. We are committed to complying with the highest standards of integrity, transparency and honesty. We commit to prevent corruption, fraud and anti-competitive ways of working. We are respectful and follow the laws of the land where we operate.
A document can never cover one hundred percent of every situation you may face on a day-to-day basis. The Code of Ethics is your map. It illustrates the values and provides the tools that will help you, that will guide you in making the right decisions consistently and ethically. Also, it is important to raise your hand, speak out if you become aware or suspect a violation of the Code. We introduced the SOP_OPs_10_Whistleblowing Procedure to help you with this notification so you may do it with one hundred percent confidentiality and privacy.
Our Code of Ethics is important, critical and imperative. We are all responsible for the reputation of CloudLinux and it is an important commitment for us to make and to honor.
1.2 Purpose of this Code
As a multi-national company with an identifiable brand the actions of one CloudLinux employee has the potential to impact upon the entire company. Furthermore, with the diverse range of jurisdictions in which CloudLinux operates there is a wide range of laws, rules, regulations, customs and approaches to conducting business. The continued success of CloudLinux depends on the actions of every CloudLinux employee being transparent, lawful and ethical. As such, the primary function of this Code is to provide a unified set of principles and behaviors which are designed to act as a guide to help you make the right decisions for yourself and for CloudLinux. At the same time, the Code of Ethics cannot describe every law, policy or process that may apply to us or every situation that we may face within our everyday role. As a general rule, we are responsible for understanding and complying with the laws, regulations and policies that relate to our business activities. Detailed guidance on how to deal with important ethical and compliance issues will be described in CloudLinux’s corporate policies and other relevant documents. These will be available on the CloudLinux Google shared drive or Slite platform. However, being aware, understanding and following the principles described in this Code will help to protect the reputation of CloudLinux and CloudLinux employees.
1.3 Scope
This Code applies to and is mandatory to be followed by all CloudLinux employees. Each of us, wherever we work, must behave in accordance with these standards when dealing with fellow CloudLinux employees, clients, suppliers, stakeholders, governmental authorities and competitors. We also should require our suppliers or vendors to adhere to this Code or adopt similar ethical standards.
1.4 Responsibilities
CloudLinux employees
The primary responsibility for maintaining an environment of ethical behavior rests with CloudLinux employees through a demonstrated commitment to compliance with the Code of Ethics and with legal and regulatory requirements relevant to CloudLinux’s business. To carry out this responsibility, CloudLinux employees will:
Read, understand, and abide by the Code of Ethics.
Exercise appropriate behavior and maintain the highest standards of ethical conduct when representing CloudLinux. This includes when traveling on the company business and attending functions hosted by CloudLinux or third parties (e.g., conferences, trade shows, events). Seek advice from your Line Manager if uncertain about the meaning or application of the Code of Ethics or when in doubt about the best course of action in a particular situation.
Learn and contribute to a workplace environment that is conducive to and encourages compliance with the Code of Ethics and with laws and regulations.
Maintain sensitivity to alleged, actual, or suspected illegal, unethical, or improper conduct by a supplier, client, consultant, or other person or organization with whom CloudLinux has a relationship, and to report such conduct to the Compliance Officer.
Leadership Team
In addition to their professional responsibilities in CloudLinux, Senior Management (Leadership team) must maintain a workplace environment that stresses commitment to compliance with the Code of Ethics and with laws and regulations. CloudLinux’s Leadership Team will:
Exhibit the highest standards of ethical conduct at all times and avoid the perception of unethical behavior.
Ensure that CloudLinux employees understand their duty to report actual or suspected Code of Ethics violations and that there are procedures and mechanisms available to facilitate reporting.
Ensure that CloudLinux employees receive appropriate training in the meaning and application of CloudLinux’s compliance documents
Ensure that all policies and references are in place and in the laws and regulations related to CloudLinux.
Maintain a workplace environment that prevents reprisals against CloudLinux employees who in good faith reports actual or suspected Code of Ethics violations.
Approve and/or make modifications to the Code of Ethics as needed.
Review current and proposed corporate policies, processes, and procedures for consistency with the Code of Ethics.
Establish and maintain the means, methods, and procedures for investigating violations of the Code of Ethics.
Monitor disciplinary measures taken for violations of the Code of Ethics.
Provide training and educational programs to enhance CloudLinux employee’s awareness of and compliance with the Code of Ethics.
1.5 How to raise an issue or concern?
The Code cannot cover every situation that we may face. We may find ourselves faced with a dilemma that we are not sure how to resolve. If in doubt, ask yourself these questions:
Does it comply with the CloudLinux’s Code of Ethics?
Does it comply with policy, regulation and law?
Would I be setting a good example?
Would I be comfortable explaining what I did to my colleagues, family and friends without shame or embarrassment?
Would I or CloudLinux be comfortable if the action was written about in a newspaper?
Have I consulted others who have knowledge of the topic and sought advice to help me make an informed decision?
If the answer is ‘No’ to any of these questions, or if you are not sure, stop and seek further advice.
If you become aware or suspect a violation of this Code, we expect you to report promptly to your Line Manager / Project Manager, HR Director or Compliance Officer. If you are uncomfortable making such a notification, you may do so anonymously in accordance with the instructions mentioned in the SOP_OPs_10_Whistleblowing Procedure. There are a number of ways that you can seek advice and support, including through any of the following:
reporting to a line manager at CloudLinux directly via Slack or corporate email;
reporting to the Compliance Officer directly to a corporate email [email protected] or to the HR Director to a corporate email [email protected];
reporting to the Compliance Officer or to the HR Director via an anonymous email service ProtonMail to a corresponding corporate email [email protected] or [email protected]..
Never hesitate to ask questions, raise concerns, or seek the guidance you need. CloudLinux will not tolerate any discrimination against anyone who has reported a concern in good faith.
1.6 Breach of this Code
CloudLinux will investigate any report of a violation with the principles of the Code of Ethics. You must cooperate fully with any investigation, but should not investigate independently as alleged violations may involve complex legal issues, and you may risk compromising the integrity of a formal investigation. Conduct that violates the law and/or company policies is ground for disciplinary or remedial action. In addition, failure to report a known violation of law or company policy by someone else may result in disciplinary action for CloudLinux employees and/or termination of employment/your relationship with CloudLinux. The disciplinary action taken will be decided on a case by case basis. The action will be conducted in accordance with CloudLinux’s SOP_SEC_02_Acceptable Use Policy and corresponding legal requirements. Where laws have been violated, we will cooperate fully with the appropriate authorities.
2. Compliance with laws and regulations
CloudLinux is a global company and our business is subject to the laws of many different countries. Each day we interact with a variety of individuals and groups including our clients, competitors, co-workers, suppliers, and sometimes government officials. We are committed to interacting with all in a respectful, ethical manner and in compliance with legal requirements. We would rather miss out on a business opportunity than compromise our integrity.
2.1 Anti-Bribery & Corruption
Bribery is the offering, giving, receiving or soliciting of any item of value in order to wrongfully influence someone’s actions, or to secure an improper advantage.
Guidance
CloudLinux has a zero-tolerance policy toward bribery and corrupt conduct in any form. Improper inducements involving government officials, clients, suppliers, business partners, and all other counterparties are strictly prohibited. We must all act with the utmost honesty, integrity and transparency in all dealings with clients, suppliers, business partners and government officials. CloudLinux does not allow CloudLinux employees or others to make facilitation payments on its behalf.
We are committed to complying with all anti-corruption/anti-bribery laws, everywhere in the world such as the US Foreign Corrupt Practices Act, the UK Bribery Act and EU Directives. Bribery can have very serious consequences, for the individuals involved and for CloudLinux. Any third-party, agent or intermediary acting on CloudLinux’s behalf is also prohibited from offering, giving or accepting bribes and improper inducements, including acts of favoritism to influence a business decision.
2.2 Gifts and Hospitality
Guidance
CloudLinux SOP_OPs_12_Compliance Policy requires moderation and the use of good judgment when giving or accepting gifts or entertainment in the course of business. Extending or receiving common courtesies such as business meals in connection with legitimate business activities generally is acceptable. However, in any such dealings, CloudLinux employees should not request, accept, offer to give or give anything of value that would give the appearance of impropriety or suggest that the gift or entertainment was intended in any way to influence a business decision or to obtain an improper advantage.
A gift can be an item, but it also can include event tickets or the provision of services when the gift provider is not otherwise involved in the event or service (e.g. the giver provided the tickets but does not accompany the recipient to the event). Entertainment is distinguished from a gift as it typically involves meals, events or other forms of entertainment (e.g. sporting events, concerts, shows) where the provider participates in the meal, event or other form of entertainment.
Permissible gifts and entertainment include those that:
Are given openly and directly;
Come with no strings attached;
Are NOT solicited;
Are NOT in the form of cash or a cash equivalent, such as a cash or gift card;
Are NOT significant in value;
Are NOT accepted as part of or during a business negotiation;
Comply with all applicable laws and with all policies of both the giver and recipient; and
Would NOT reflect poorly on CloudLinux.
You can read more about gifts` limits and prohibitions, permissible and non-permissible gifts in the SOP_OPs_12_Compliance Policy available in CloudLinux Google shared drive and Slite platform. For details, please refer to the Compliance Officer.
2.3 Money Laundering and Sanctions
Money Laundering
People who are involved in criminal activity such as bribery, fraud or trafficking narcotics may attempt to launder money through apparently legitimate businesses in order to use the funds from their criminal activity and reduce suspicion.
CloudLinux will not accept or process money gained through criminal activity; we will only deal with reputable clients who are involved in legitimate business activities and whose funds are derived from legitimate sources. If you become suspicious, you should raise your concern immediately to the Chief Financial Officer and/or Compliance Officer and document all steps that are taken in relation to the transaction.
Sanctions
Sanctions are a foreign policy tool used by Governments to restrict the ability of designated countries, individuals or entities access to particular products, services and markets.
CloudLinux has a zero-tolerance approach to engaging with entities or individuals that are subject to sanctions restrictions implemented by the OFAC, EU, USA or other Governments. If you have any doubts about dealing with an entity which may be subject to sanctions, you should raise the question with the Compliance Officer.
2.4 Fair Competition and Antitrust
Generally, antitrust and competition laws prohibit any activity that may improperly reduce or inhibit competition. Most countries where CloudLinux does business also have laws restricting attempts to monopolize markets or otherwise restrict or control competition.
It is CloudLinux’s obligation to comply with these laws where they are applicable. Because of the complexity of antitrust and competition laws, it is imperative that CloudLinux employees seek advice from the Compliance Officer on any question regarding these issues. The penalties for violating antitrust laws and trade regulations can be extremely severe for both CloudLinux and the individuals involved.
2.5 Personal Information
CloudLinux takes its obligations under applicable data protection and privacy laws (e.g., General Data Protection Regulations (EU) 2016/679 (GDPR), UK Data Protection Act 2018, California Consumer Privacy Act (CPRA), etc.) very seriously. We all have a responsibility to safeguard the privacy, confidentiality and security of personally identifiable information and other private information of CloudLinux employees, clients, partners and other third parties in CloudLinux’s possession. We have in place effective systems to only allow access to our personal information to those who have a valid business reason for accessing it, reducing the risk of our personal data being compromised. While creating documents in a cloud environment we need to provide access only to those people, who are authorized to see it.
You should never provide the information without the individual’s permission. If in doubt you should refer your enquiry to the Compliance Officer.
2.6 Business Records
We must help to ensure that CloudLinux’s books and records, which include virtually all forms of business documentation, electronic or otherwise, accurately and fairly reflect, in reasonable detail, all transactions and dispositions of assets. It is of critical importance that CloudLinux’s financial reporting, including its reports to investors and lenders, be accurate and timely. Depending on the type of services they provide, CloudLinux employees may be called upon to give information necessary to assure that CloudLinux’s financial reports are complete, fair and understandable.
Managing and Protecting CloudLinux’s Assets and Reputation
3.1. Confidential and Proprietary Information
Confidential information includes all non-public information that might be useful to competitors or that could be harmful to CloudLinux if disclosed.
CloudLinux has a duty to its clients, suppliers and personnel to respect all information it holds about them and to protect and handle such information responsibly.
CloudLinux’s legal obligations and its competitive position require that confidential information remain confidential and that we are diligent in our efforts to protect our intellectual assets. Information that is proprietary to our clients, suppliers and others should be treated as confidential and used for the purpose for which it was obtained and disclosed only as permitted between CloudLinux and the other party. Confidential information should be properly and securely stored, transmitted and disposed of, and CloudLinux employees must be mindful of the risk of discussing confidential information in public places. This means that CloudLinux employees should not disclose or share information regarding internal CloudLinux matters with anyone outside CloudLinux, except as required in the performance of their employment duties.
It is never acceptable to discuss confidential information in a public place even if there are no classified documents in use. The security and confidentiality of the information could be compromised if someone overhears the conversation. For more information, please, read SOP_SEC_02_Acceptable Use Policy or refer to the Compliance Officer or Head of Security.
3.2. Conflict of Interest
‘Conflict of interest’ arises where a person’s position or responsibilities within their business unit presents an opportunity for personal gain above the normal rewards of cooperation. In other words, a conflict of interest exists when your personal interests interfere with the best interests of CloudLinux. CloudLinux employees should attempt to avoid actual or apparent conflicts of interest.
Any personal interests (or the interests of a member of the immediate family) in relation to CloudLinux’s business must be disclosed to your manager and the Compliance Officer immediately. Disclosure is mandatory, failing to disclose a conflict or a perceived conflict is a violation of the Code.
In a situation that appears to present a conflict of interest we expect you to “refrain and report”. If it is not possible to avoid participating in the event or activity creating the conflict, promptly disclose the potential conflict to your supervisor and the Compliance Officer, and avoid participating in decisions that might raise the appearance of a conflict until you receive appropriate guidance.
3.3. Use and Protection of Cloudlinux’s Resources
We are each responsible for protecting any intangible assets and goodwill to which we have access to or have been entrusted to safeguard, whether that equipment belongs to CloudLinux company, our clients or other third parties. We need to make sure that these assets are not compromised, lost, damaged, misused or wasted. We use these assets exclusively for CloudLinux’s business purposes.
3.4. Social media
CloudLinux recognizes the role that social media plays in communications and society today. However, sometimes it gets difficult to make a clear division between one’s private voice on social media and the role as a CloudLinux employee. We all need to be responsible in our engagement on social media and exercise judgment when communicating in public forums. While engaging on social media, you should:
Be transparent and make it clear that you are speaking for yourself in your private capacity;
Recognize that anything you say can be viewed as CloudLinux’s own statement;
Protect confidential information;
Be honest, accurate and ethical at all times;
Not announce things which you are not authorized to announce; and
Understand the potential consequences of your actions.
Providing a Dynamic & Diverse Work Environment
4.1. Open, Honest & Respectful
In our relationships with each other, we strive to be open, honest, and respectful in sharing our ideas and thoughts, and in receiving input. We value the free flow of thoughts, ideas, questions and concerns. We encourage CloudLinux employees to raise work related issues or concerns through our established processes as soon as issues or concerns arise.
4.2. Equal Opportunity and Anti-Discrimination
CloudLinux promotes a cooperative and productive work environment by supporting the cultural and ethnic diversity of its workforce. Our collective challenge is to enhance the company’s performance through valuing and understanding differences. CloudLinux is committed to a policy of providing equal employment opportunity to all qualified individuals and applicants. This commitment is reflected in all aspects of our daily operations and SOP_OPs_11_Dignity and Equity Procedure.
We do not discriminate on the basis of race, color, descent, sex, sexual orientation, gender reassignment, political views, confession or religious beliefs, nationality, ethnicity, marital or civil partnership status, family / career responsibilities, pregnancy and maternity / paternity status, age, disability or impairment, profession or occupation, veteran status, physical peculiarity or genetic information in any personnel practice, including recruitment, hiring, employment, compensation and benefits / remuneration, facilities and services, promotion, training and professional development, termination and references, discipline and grievance.
4.3. Health & Safety
At CloudLinux, we are committed to creating a safe, healthy and non-threatening work environment. Under all circumstances, all CloudLinux employees must take due care of their health and safety and ensure that they do not endanger others by any acts or omissions.
Activities that are not conducive to a good work environment are not permitted; this includes the consumption or being under the influence of alcohol or any controlled substances other than substances as prescribed by a physician during working hours, while on company business.
Working Responsibly and Serving Communities
5.1. Political Activities and Contributions
Guidance
CloudLinux strives to comply with all national, federal, state, and local laws and regulations. Respecting the responsibilities of government agencies and cooperating with them in good faith as they execute established guidelines and policies is essential.
CloudLinux employees shall not provide anything of value to any local, state, or national or federal elected or appointed official or government employee unless the CloudLinux employee’s supervisor has confirmed that the item of value complies with all laws or regulations that limit or prohibit such gifts or require the gifts to be reported.
CloudLinux employees are encouraged to participate in the electoral process through voting, contributing time or other appropriate means. You may not contribute funds, assets or services for, or on behalf of, CloudLinux to any political candidates, political party, charity or similar organizations unless such contribution is expressly permitted by law and authorized by CloudLinux.
5.2. Community Investment
We will make a positive social and economic contribution through our activities to the communities in which we work, and we will support, sponsor and contribute to the activities of other organizations, where they are aligned with our own business objectives, our values and will enhance the reputation of CloudLinux. We contribute to charities and good causes through sponsorship and donations and by providing materials. We encourage our employees to give their time as volunteers to these causes. When making sponsorship commitments, charitable donations or promises of ‘in-kind’ support such as company materials or resources, prior approval is required and the activity must be recorded. All requests for sponsorship and charitable donations received must be approved by the Chief Executive Officer to ensure that they meet our sponsorship and charitable giving criteria.
Definitions
Who are CloudLinux employees?
CloudLinux employees are used in this Code as the collective reference for employees (permanent or temporary, full or part time) of any CloudLinux legal entity, or any of its affiliates or subsidiaries, as well as for others performing work for, or on behalf of, CloudLinux.
What is bribery?
Broadly, bribery is defined as giving or receiving a financial or other advantage in connection with the “improper performance” of a position of trust, or a function that is expected to be performed impartially or in good faith.
Bribery does not have to involve cash or an actual payment exchanging hands and can take many forms such as a gift, lavish treatment during a business trip or tickets to an event. The types of bribery that take place in the commercial sector are numerous. Some simple examples are:
bribery in order to secure or keep a contract;
bribery to secure an order;
bribery to gain any advantage over a competitor;
bribery of a local, national or foreign official to secure a contract;
bribery to turn a blind eye to a health safety issue or poor performance or substitution of materials or false labor charges; and
bribery to falsify an inspection report or obtain a certificate.
CloudLinux’s definition of bribery also includes making “facilitation payments”. A “facilitation payment” is a payment or gift given (usually to a government official) to speed up a procedure or to encourage one to be performed. It does not include fees required to be made by law such as the payment of a filing fee for a legal document. The acceptance of a facilitation payment by a government official is an example of corrupt activity.
CloudLinux defines “corrupt conduct” or “corruption” as the abuse of entrusted power for private gain.
What is money laundering and sanctions?
Money laundering
‘Money laundering’ is the process of hiding illegal sources of money. For example, under the UK Proceeds of Crime Act 2002 (POCA) money laundering offenses are committed when a person:
conceals criminal property
enters into an arrangement regarding criminal property
acquires, uses or possesses criminal property.
This process is of critical importance, as it enables the criminal to enjoy these profits without jeopardizing their source. Illegal arms sales, smuggling, and the activities of organized crime can generate huge amounts of proceeds. Embezzlement, insider trading, bribery and computer fraud schemes can also produce large profits and create the incentive to “legitimize” the ill-gotten gains through money laundering. When a criminal activity generates substantial profits, the individual or group involved must find a way to control the funds without attracting attention to the underlying activity or the persons involved. Criminals do this by disguising the sources, changing the form, or moving the funds to a place where they are less likely to attract attention.
Sanctions
Sanctions are a foreign policy tool used by Governments to restrict the ability of designated countries, individuals or entities access to particular products, services and markets. The jurisdictions, individuals and entities who are the target of sanctions are those who particular governments view as engaging activity which is either considered abhorrent (e.g. suppression of civil rights) or would threaten international peace and security (e.g. development of a nuclear weapon). These restrictive measures are most commonly enforced by the OFAC, EU and USA.
What is fair competition and antitrust?
Generally, antitrust and competition laws prohibit any activity that may improperly reduce or inhibit competition. Most competition laws and trade regulations apply to the sale and marketing of services as well as products. It is expected that each of us compete vigorously and fairly in the conduct of business matters but always in compliance with the local and other countries’ laws.
What is personal information?
Personal information is any information that can be used, alone or in combination with other information, to identify a specific individual. It includes such information as a person’s name, address, email address, date of birth, driving license number, financial account numbers, passport, Social Security/Tax ID number or other government identification number and other identifiers.
What is confidential and proprietary information?
Confidential information includes all non-public information that might be useful to competitors or that could be harmful to CloudLinux if disclosed. Proprietary information, i.e. intellectual property, includes data such as trade secrets, patents, trademarks and copyrights, and business information, research and new product plans, objectives and strategies, records, databases, salary and benefits data, employee personal and medical information, client, employee and supplier lists and any unpublished financial or pricing information.
What is the conflict of interest?
‘Conflict of interest’ arises where a person’s position or responsibilities within their business unit presents an opportunity for personal gain above the normal rewards of cooperation. A conflict of interest can arise in many situations, including:
Family and relationships among CloudLinux employees or with the employees of our suppliers, partners, or clients;
Giving or receiving gifts, hospitality, or travel;
Outside work activities;
Dealing with family members employed by a vendor or partner;
Dealing with a vendor or partner who employs family members; and
Dealing with a vendor or partner in which you or a family member have a financial interest