Baringa Supplier Code of Conduct

 1.1 General Requirements for Prospective Suppliers

 

 

1.8 Information Security & Data Protection

• Suppliers shall comply with all relevant laws pertaining to data protection and shall not do or omit to do anything which would cause Baringa to be in breach of such relevant laws.
• To the extent that a Supplier will be processing personal data on behalf of Baringa, it will do so only in accordance with the terms set out in the relevant contract between Baringa and the Supplier.
• To the extent that a Supplier will be collecting personal data in situations where Baringa will be a controller or joint controller with the Supplier, the Supplier agrees to provide each individual to whom the personal data relates with an appropriate Processing Notice.
• To the extent that a Supplier will be processing personal data as a processor and Baringa will be a controller, the Supplier agrees to process all personal data exclusively for the purposes outlined in the applicable Contract and provide a written confirmation of deletion at the end of the above contracts. The Supplier agrees to ensure that all sub-processors used by them adhere to the same levels of protection for any data provided to them by Baringa.
• Each Supplier will comply with the information security requirements set out in Baringa’s Information Security Policy for Suppliers, to the extent relevant to the Supplier’s business and the provision of the services.

 

1.9 Resilience and Business Continuity

• Baringa expects all businesses in our supply chain to have appropriate business continuity arrangements in place to ensure that you can continue to provide your key contracted services to us in the event of any disruption to your operations. As a minimum, these resilience arrangements should consider people, premises, processes (information and technology) and providers.
• Baringa expects all businesses in our supply chain to have Business Continuity Management System (BCMS) in place which are defined, implemented, and executed in an appropriate and sustainable way, to ensure that you can continue to provide your services to us in the event of any disruption to your operations.
• The scope of the Supplier’s BCMS must be determined by a Business Impact Analysis (BIA) which covers the products and/or services delivered to Baringa e.g. critical employees, processes, IT applications and systems, infrastructure, and third-party suppliers.
• The Supplier’s Business Continuity Plans (BCPs) must be regularly (at least annually) tested, reviewed, and updated. They must also be comprehensively taught to the supplier’s key personnel relevant to the products and/or services supplied to Baringa.
• Baringa’s Suppliers must have a communication plan and process to inform customers in due course on business disruptions.
• Baringa may, as part of ongoing contract management, request information on a Supplier’s BCMS framework, processes, and documentation.

 

1.10 Cyber Security

• We are committed to ensuring effective controls are in place to protect people, property and services. Compromises of physical or cyber security can result in disruption, with potentially serious social and economic consequences. We require our supply chain partners to demonstrate a similar commitment to security and have appropriate policies and procedures in place to provide a continued safe and secure work environment. Security related controls should be proportionate to the risk, the detail of which will be contained within, and managed through individual contracts.
• Baringa is committed to delivering safe, secure, reliable and sustainable operations. This includes ensuring all reasonably practicable cyber security controls are in place to prevent unauthorised access, damage or interference to our information assets or data. Failing to protect information can also have a serious reputational impact.
• Suppliers shall implement mandatory Cyber Security and Data Protection training for staff members, appropriate oversight, regular risk assessments, appropriate due diligence, and procedural audits to protect the availability, integrity, and confidentiality of the data.

 

1.11 Cyber Security Incidents/Breaches

• Suppliers shall take steps to reduce the risk of a cyber security breach. Suppliers must ensure that their own cyber security arrangements and those within their supply chain are appropriate to the requirements of the information assets concerned, and any contractual obligations to us. This must include appropriate governance and risk management processes, ensuring access to data is maintained on a need to know, least privileged basis and that processes are in place to respond effectively to any incidents. Suppliers should inform us if they become aware of any cyber security incident that could or has compromised our data or services.
• Suppliers shall encourage staff members to report data breaches or security incidents immediately, making sure the ICO 72-hour deadline is considered. Appropriate investigations must be undertaken, and actions taken to mitigate future issues. Suppliers shall implement disciplinary action for any staff member failing to comply with such procedures.
• Suppliers shall keep sufficiently detailed records relating to the data breach and security incidents and shall promptly notify Baringa upon becoming aware of any instance connected to the business relationship between Baringa and the Supplier or which might impact upon Baringa’s reputation.
• Suppliers shall provide a copy of the remediation plan, if requested, on the security incident/breach and ensure that this is managed and tracked. Regular updates will be required. 

 

1.12 Data Protection

• We require that all businesses within our supply chain must design their organisational structure in such a way that it meets our data protection standards and all relevant UK legislation. In support of this Suppliers must ensure that they are able to demonstrate compliance with:
• Our data privacy policy which is available on our website here.
• Any data incidents or suspected breaches should be reported to Baringa within 24 hours. These notifications should be sent to Privacy@Baringa.com and should be prior to any notification to any government regulator to enable Baringa to undertake any remedial work or prepare notifications as may be required by the law.
• Any additional requirements contained within individual contracts, master service agreements or statement of work including where data protection obligations may be subject to review as part of the ongoing management of the contract.
• Suppliers must ensure they follow the following data privacy principles:
  • Purpose Limitation - you only process personal data for the sole purposes of the performance, management, and monitoring of the contract
  • Lawfulness, fairness, and transparency – you ensure any personal data is processed transparently, fairly, and clearly as stated in the contract
  • Data Minimisation – you ensure the use of personal data is necessary for the performance of the contract
  • Accuracy – you ensure that personal data is recorded accurately and rectify or erase personal data if required
  • Integrity and Confidentiality – you ensure personal data is kept secure by (a) using secure methods of transfer/ delivery/ access to data; (b) using encryption methods to ensure that data cannot be lost, read, copied or erased without authorisation; and (c) ensuring personal data is not transferred outside the country of source without prior authorisation of Baringa
  • Storage Limitation - you must delete personal data when it is no longer required for the contractual purposes and ensure the transfer/return any personal data to the data controller if required
  • Accountability - you must report any data breach, potential data breach, or concerns regarding personal data related to us to Privacy@baringa.com
• Suppliers should inform Baringa within 24 hours upon receipt of any data subject requests or other requests pertaining to any data which has originated from Baringa. Suppliers will provide necessary responses to such data subject requests or other authorities post written confirmation from Baringa.
• Suppliers needs to provide 30 days advance warning for any new sub-processors who may have access to our data, where Baringa can object to these sub-processors should it believe there is material data protection risk with these sub-processors.
• Suppliers needs to ensure that all the current sub-processor and future sub-processor agreements provide adequate protection to all Baringa's data as equivalent to this Supplier Code of Conduct.
• Baringa has the right to Audit the Supplier for compliance with data protection legislations. The Supplier will make the necessary arrangements for these audits and assist Baringa with such audits in a timely manner
• Supplier should undertake necessary Data Protection Impact Assessments (DPIA) and assist with the same for Baringa to ensure ongoing compliance with various Data Protection Legislations.
• Suppliers are required to seek written approvals prior to transfer of any Baringa data outside UK or EEA.

 

1.13 Health & Safety

• Baringa requires that a safe and healthy workplace is provided for all Supplier personnel in accordance with relevant health and safety at work laws and such laws are complied with at all times.
• Clear documented procedures must be in place to ensure regulated occupational health, safety and wellbeing standards are adhered to.
• Health and safety in the workplace shall be the responsibility of a senior member of the Supplier's management where the Supplier is contracted to carry out delivery of goods or services within the Baringa workplace.

 

1.14 Training

• The Supplier shall implement a system of training for its workers to ensure that they are aware of the requirements of this Supplier Code of Conduct.
• The Supplier shall keep a record of all training offered and completed by its workers and shall make a copy of such record available to Baringa on request.

 

1.15 Certifying compliance and audit

• The Supplier shall provide written confirmation to Baringa at least once per year that:
  • it has appropriate systems in place to monitor its compliance with this Supplier Code of Conduct; and
  • it is able to comply with this Supplier Code of Conduct for the duration of its relationship with Baringa.
• In addition to the written confirmation required above, Baringa may conduct audits to verify the Supplier's compliance with this Supplier Code of Conduct and Supplier will provide all reasonable access and assistance to Baringa to conduct such audits. Baringa has no obligation to conduct such audits.

 

1.16 Self-monitoring and reporting breaches

• The Supplier shall monitor its compliance with this Supplier Code of Conduct and shall report any breaches (actual or suspected) of this this Supplier Code of Conduct as soon as possible to LegalDept@Baringa.com.
• The Supplier shall not retaliate or take disciplinary action against any worker that has, in good faith, reported breaches of this this Supplier Code of Conduct or questionable behaviour, or who has sought advice regarding this this Supplier Code of Conduct.

 

1.17 Breach, remediation, and termination

• Where Baringa becomes aware of a breach of this this Supplier Code of Conduct  by a Supplier or its workers, Baringa may either:
  • immediately terminate its business relationship with the Supplier (including any contracts); or
  • require the Supplier to produce a remediation plan specifying the actions that the Supplier will take that will lead to compliance with this Supplier Code of Conduct, and present it to Baringa within 5 working days of being requested to do so. If the Supplier fails to produce the remediation plan within this timeframe or fails to implement it within a reasonable time, Baringa may immediately terminate its business relationship with the Supplier (including any contracts).

 

Annex: Baringa ‘Code of Business Ethics’

1. Introduction  

Baringa has adopted this Code of Business Ethics so that every person working at the Company, whether a partner, employee, associate or sub-contractor, will clearly understand the ethical and legal standards that Baringa people are required to observe. These ethical standards will apply to all aspects of your role at the Company – whether you are dealing with our clients, our suppliers, our business partners, our people or others who interact with the firm. This Code is designed to help set our interactions with colleagues, external stakeholders and the communities in which we work on strong ethical foundations.  

Baringa’s objective in introducing and ensuring compliance with this Code is not only to protect the reputation of the Company, but also to protect the interests of every Baringa person by ensuring individual legal and regulatory compliance as well as responsible behaviour.  

When you face an ethical or legal issue and are not certain what ‘doing the right thing’ or ‘being a good corporate citizen’ means in that situation, the principles described in this Code are intended to guide you on what action to take. Because both our industry and the laws that apply to it change quickly, new ethical and legal issues can often arise unexpectedly. We are therefore unable to create a Code that will cover every one of the many situations our people will face. If you are at any time in doubt on how to apply this Code when faced with an unexpected situation then please contact either the Legal & Business Integrity team or the People team for more detailed guidance.  

This Code is intended to supplement, and operate in conjunction with, the Company’s Core Values:  

Quality: We recruit the best people and invest in them to ensure they remain the best. We also attract the best projects to ensure our employees are engaged and motivated. When the work is interesting then it benefits our people and our company.  

Passion: We believe in what we do, and our people show a real desire to make a difference. We care about the outcome of each project and apply energy and determination to make each one a success. Satisfying our personal pride is as important as exceeding client expectations.  

Integrity: Our success is built on doing the right thing by our clients, by our people and by ourselves. We communicate openly and honestly internally and to our clients. We adhere to the highest professional standards and the highest levels of respect for each other's personal lives.  

Collaboration: Excellent relationships underpin everything we do. The strength of trust, friendship and teamwork between all our people is a defining feature at Baringa Partners, and we have become trusted advisors to key players in the energy and financial services industries.   

Ownership: At Baringa Partners there are no restrictions on ideas and no hierarchical boundaries. We foster a sense of ownership throughout the company for everything from long-term company strategy to day-to-day operations. We are all responsible for our company, our careers and our reputation.  

If an employee believes that someone they work with may be violating this Code they have a responsibility to tell their manager, the HR team or the Legal team about it. This responsibility to tell us is also part of the employee’s duty to act ethically. We undertake that anyone raising a concern in good faith may do so without fear of victimisation or negative consequences.  

Finally, it is important for all Baringa people to understand the legal importance of complying with this Code. For employees, compliance is required in accordance with terms of employment as the Code constitutes a Company policy. For associates and sub-contractors, compliance is required as a legal condition of doing business with the Company. In many instances we will also contract with our clients to observe this Code and non-compliance could place the firm in contravention of its contractual commitments.  

The partners and senior executive management of the Company endorse and support this Code of Business Ethics.  

In this Code, “Baringa People” means all Baringa partners, employees, associates and sub-contractors to the Company and “Company” means Baringa Partners LLP and all its group entities.  

The details of the Code of Business Ethics are set out below. The latest and applicable version of any referenced Company policy may be found on the Company intranet site and/or within the Employee Handbook. This Code is not intended to replace existing Company policies but it serves as a governing document to which other policies must adhere. All Baringa People will be advised of any revisions to this Code.  

 

2. Our Standards of Conduct 

• We will conduct every aspect of our business with honesty, integrity and openness, respecting human rights and the interests of our employees, associates, sub-contractors, clients and third parties;  

• We will rely on common sense and common decency to advocate positive behaviour at all times;  

• We will comply with all laws and regulations applicable to the Company and our business;  

• We will respect the legitimate interests of third parties with whom we have dealings in the course of our business;  

• We will always maintain the highest standards of integrity - for example, we will not promise more than we can reasonably deliver or make commitments we cannot or do not intend to keep. 

 

3. Commitment to Baringa People  

The Company is committed to:  

• Developing a workforce where there is mutual trust and respect, free from bullying and harassment, where every person feels responsible for the performance and reputation of our company;  

• Respecting the rights of individuals their customs, background, beliefs, religion, sexuality, age and traditions; 

• Recruiting, employing and promoting employees on the basis of objective criteria and the qualifications and abilities needed for the job to be performed in line with the Company’s Equal Opportunities Policy; 

• Respecting the rights of individuals to elect not to join a project because of concerns about ethics and/or safety and ensuring that such a decision will not adversely impact their performance review/banding or career progression prospects;  

• Ensuring all of the Company’s meetings, events and hospitality (both internal and external) are enjoyable and inclusive for all whom attend. The Company places trust in employees to ensure events are not damaging to the interests of the Company both financially and in terms of its reputation and image. Specifically the use of the sex industry as part of employee or client entertaining/socialising is prohibited;  

• Ensuring the good reputation of the Company is maintained by expecting employees to display decorum, advocate positive behaviour and, if drinking alcohol, do so sensibly. See also Baringa’s Drugs and Alcohol Policy;  

• Maintaining good communications with employees through our information and consultation procedures (e.g. advisor process);  

• Providing our employees with suitable training and assisting them in realising their potential;  

• Ensuring the privacy and confidentiality of our employees' personal information is respected;  

• Providing mechanisms whereby employees can raise legitimate concerns confidentially regarding malpractice and ensuring no one will be victimised for a report made in good faith. (This is not intended to replace the Company’s Grievance Procedure that remains the appropriate method of dealing with issues of a personal nature relating to matters of employment);  

• Providing employees with the appropriate information and training to comply with this Code and the associated Company policies;  

• Seeking to protect our employees from third party abuse that might be injurious to their safety, health or well-being.  

 

4. Business Integrity  

Baringa aims to develop strong relationships with our sub-contractors, suppliers, stakeholders and others with whom we have dealings, based on mutual trust, understanding and respect. In those dealings, we expect those with whom we do business to adhere to ethical business principles consistent with this Code.  

• The Company will conduct its operations in accordance with the principles of fair competition and laws and regulations applicable to our business, wherever we do business. The Company will obtain legal advice  

• where felt necessary to comply with this commitment;  

• The Company will not facilitate, support, tolerate or condone any form of money laundering; 

• The Company will reimburse employees for all reasonable and necessary expenses incurred in the course of Company business. Employees are responsible for ensuring that no unnecessary costs are incurred, and that the Company receives good value for money. Employees are expected to act honourably and sensibly within the limits and spirit of the Company’s Expenses Policy;  

• The Company as a firm will oversee and ensure compliance with its Anti-Corruption and Bribery Policy (see the Company’s Anti-Corruption & Bribery Policy);  

• The Company as a firm will oversee and ensure that neither slavery nor human trafficking is taking place within our business or our supply chain (See Baringa’s Modern Slavery Statement on the Company’s intranet)  

• We will seek to compete fairly and ethically within the framework of applicable competition and anti-trust laws and we will not prevent others from competing fairly with us;  

• We will comply with all applicable export control laws and sanctions when conducting business around the world.  

 

5. Personal Conduct  

All Baringa People are expected to:  

• Behave in accordance with the principles set out in this Code of Business Ethics.  

• Protect and not misuse company assets such as buildings, vehicles, equipment, computer equipment, company credit cards, etc;  

• Use e-mail, internet, IT and telephones in a manner appropriate for business purposes in line with the principles contained in this Code and the Company’s IT and Company Equipment Policies;  

• Observe the Company’s Anti-Corruption and Bribery Policy. 

 

6. Conflicts of Interest 

Whilst the Company respects the privacy of Baringa People, all Baringa People are expected to avoid personal relations, activities and financial interests, which could conflict with their responsibilities to the Company, our business and our clients’ business. See also the Company’s Employment of Relatives policy.  

Baringa People must not seek gain for themselves or others through misuse of their positions or Company property.  

All actual and potential conflicts of interests of Baringa People (including those arising from the activities or interests of close relatives or partners) in performing a role for the Company should be disclosed to and discussed with either your manager, advisor, the HR team or the Legal team.  

In addition, employees shall not use funds or resources of the Company in support of any political party or candidate for elected office. Employees may not use their position, authority, or influence with the Company for the purpose of affecting the result of an election or a nomination or a party or public office. Employees shall not directly or indirectly coerce, attempt to coerce, command or advise other employees to pay, lend, or contribute anything of value or to contribute personal services to a party, committee, organisation, agency or person for political purposes. 

 

7. Confidentiality, Data Privacy and Intellectual Property 

Information received by any Baringa person in the course of their employment or the provision of services to the Company must not be used for personal gain or for any purpose other than that for which it was given.  

Where confidential information of the Company or any third party (including our clients, sub-contractors or suppliers) is obtained in the course of business, that confidentiality must be respected.  

All Baringa People are expected to observe the Company’s Data Privacy Compliance Policy.  

The use of third party intellectual property (including software) for internal or client delivery purposes is subject to the third parties’ explicit terms of use and/or licence terms. The Company will only use such third party intellectual property in the manner authorised and will not make any downloads or copies without approval. 

 

8. Political Activity and Human Rights 

The Company does not make any donations to political parties or take part in party politics. However, when invited to do so by any Government, local authority or regulatory body we may make legitimate concerns known. These relationships are conducted in accordance with this Code.  

The Company seeks to uphold all internationally recognised human rights wherever its operations are located. 

 

9. Health and Safety 

The Company is committed to creating and maintaining a safe and healthy working environment for all Baringa People and the community in which we operate.  

The Company as a firm will oversee and ensure compliance with the Company’s Health and Safety Policy. 

 

10. The Environment 

The Company is committed to ensuring that, as far as reasonably practicable, any detrimental effects of its activities, products and services upon the environment are minimised whilst ensuring compliance with the Company’s Environmental Policy.

 

11. Supply Chain 

The Company will seek to ensure all goods and services obtained from suppliers are from sources that have not jeopardised human rights, safety or the environment.  

We expect our suppliers to adhere to ethical business principles consistent with this Code. 

 

12. Community Involvement 

We understand that our operations may touch members of the communities in which we operate daily, whether as clients, neighbours, employees, businesses or residents. We are committed to fostering good relationships with such communities and where possible building community partnerships that deliver positive change in accordance with the Company’s Corporate Social Responsibility Policy. 

February 2025