Code of Business Conduct & Ethics

Codigy's mission is to support Engineering Teams and their leaders in building effective value streams and workspaces. The mission is clear, but it's important to remind ourselves:

• Privacy & security is paramount.

• Effective also means an enjoyable workspace for the people. We should always consider empathy, respect, dignity, and fair treatment as part of our product design and service, and make an effort so that our insights would not be misused.

• We are building a sustainable business with a long-term vision. Ethical conduct with colleagues, clients, and partners is fundamental.

This Code of Business Conduct & Ethics (we will refer to this as the "Code") applies to Codigy employees, directors, officers, partners, representatives, contractors, and consultants.

Codigy takes compliance with applicable laws, rules, and regulations seriously.

Codigy employees, consultants, and anyone who is representing or acting on behalf of Codigy are prohibited from engaging in any unlawful activity when conducting Codigy business or carrying out your day-to-day duties or services.

It is your responsibility to read, understand, and acknowledge this Code (including the policies, standards, and guidelines referenced in the Code) on an annual basis or as requested by Codigy.

This Code does not change any legal or contractual obligations that you may otherwise have with Codigy. Instead, the standards in this Code should be viewed as the minimum standards that Codigy expects from you.

1.1 Reporting Possible Violations

We rely on you to recognize potential problems and ask questions if you are ever unsure about the appropriateness of an action or occurrence. Whenever you are unsure, always ask. 

If you have a question or would like to report a violation, please read Compliance, reporting misconduct and whistleblowing below. It explains how reports can be made

1.2 Non-Retaliation & Disciplinary Action

You should feel free to ask questions or make a report without fear of retaliation. We will not tolerate retaliation against anyone who reports a suspected violation in good faith or cooperates in an investigation. Anyone who engages in any form of retaliation will be subject to disciplinary action, which may include termination of employment or services. If you believe you have been subject to retaliation as a result of reporting a suspected violation in good faith, please report it through Compliance, reporting misconduct and whistleblowing.

1.3 Standards of Conduct

We want to ensure that Codigy is a place where our team can thrive. We expect you to follow basic, common-sense rules of conduct that will protect everyone’s interests. If you have violated this Code or any of the policies or practices referenced in it, you will be subject to disciplinary action, up to and including termination of your employment or services.

Codigy is established in the Republic of Lithuania (EU member state), we comply with the local law and are committed to human rights and equal opportunity in the workplace, which includes the expectation that all employees and candidates will be treated fairly, and with dignity and respect.

2.1 Respect and fair treatment

Codigy complies with all applicable laws on non-discrimination and anti-harassment in hiring and employment. We maintain a workplace where business activities are conducted with respect and where treatment is fair and without abuse.

2.2 Safety and security

We promote a safe and secure workplace. All our policies and practices follow the law of the Republic of Lithuania, to ensure the health and safety of our employees.

2.3 Freedom of association

We respect employees’ lawful right of free association, as well as their lawful right to join, form, or not to join a labour union or otherwise engage in collective bargaining. 

Employees and/or their representatives have the opportunity to safely and openly communicate with each other and with management regarding working conditions and management practices without fear of discrimination, reprisal, intimidation, or harassment.

2.4 Employment eligibility and voluntary labour

We only employ workers with a legal right to work. Child labour (as defined by the International Labour Organization) and forced labour (including prison labour, indentured labour, bonded labour, or slave labour) are forbidden in any circumstance.

2.5 Appropriate work hours and wages

We comply with all applicable laws on work hours and overtime, as well as all applicable laws on wages and benefits. We follow the International Labour Organization’s Standards on Working Time and the law of the Republic of Lithuania.

We provide living wages to employees and prohibit employee-borne recruitment fees and the retention of employee passports or other travel documents.

We understand that not everything is about product features. People, integrity, communication, and nuances of the relationship - matter:

3.1 Anti-bribery and anti-corruption

Codigy employees must never offer bribes to anyone. We must never promise, make, or authorize any payment, or thing of value to individuals who are representing the Customer, prospective Customer, or a government organization if the purpose or intent is to gain a business advantage. 

Unacceptable behavior example: Sending a luxury gift to an individual who represents a prospective Customer. This is not acceptable because it manipulates a person to make favors and potentially bad decisions for you.

Acceptable behavior example: Offering a discount to the prospective Customer for their Codigy Service. This is normal business, because "gift" is not intended for personal use but benefits the company the individual represents.

Point 3.4 of this Code, brings clarity on gifts, entertainment or other benefits.

3.2 Competition

Codigy will comply with all applicable laws regarding fair competition and antitrust. We should not take short-term gains over long-term success. That means, You should not take unfair advantage of another person through the abuse of privileged or confidential information or through improper manipulation, concealment, or misrepresentation of material facts. We should compete with all the energy, but within the norms of the law and etchics.

3.3 Conflicts of interest

We understand that tech community is tight-knit. You also have responsibilities outside of work, friends, and family members. However, conflict of interest may bring financial and reputational damage to Codigy and our Partners and Customers. 

It is your responsibility to avoid conflict of interest when conducting your duties or services in relation to Codigy's business. Any situation that may result in a conflict of interest must be reported promptly.

Conflict of interest usually arises when you have an economic or personal interest or activity that interferes with your obligations to Codigy.

This can be direct, in example:

• You own shares of the company who we plan to do business with;

• You serve as a board member of an organization who we plan to do business with;

Or indirect, in example:

• Your family member works for the company we plan to do business with;

• Your significant other is an owner of the competing company;

In either case, transparency is the key. Any transaction that may potentially cause a conflict of interest must be reported to your manager to find appropriate measures and solutions. In case a conflict involves your manager, report directly to The Board of Directors.

3.4 Gifts or other benefits

Gifts, entertainment, or other benefits are a sketchy terrain, they can easily be misinterpreted as a bribe or lead to a conflict of interest. To avoid this, we want to make everything clear.

3.5 Trade sanctions and export controls

Codigy complies with trade sanctions and export controls imposed by the Republic of Lithuania, the European Union, and the United States, even if it may result in the loss of some business opportunities.

That means:

• We have to be familiar with the basic elements of these laws (to an extent it could be applied to Codigy's business);

• Check if any of the upcoming deals may violate some of these laws;

• Getting out of the deal if we found evidence that it violates these laws.

• Monitor compliance for the existing accounts;

3.6 Deals on the side

All new business engagements and transactions have to be documented and follow our formal and standardized contractual process.

Existing agreements can only be modified by an assigned owneer and strictly according to a formal contractual process.

Making agreements for business commitments outside of our formal process are unacceptable.

4.1 Privacy & security

Codigy is responsible for protecting and securing the personal information of our employees, contractors, vendors, customers, and partners.

We take this role seriously and require all Codigy employees, consultants, and contractors to take a role in safeguarding the information that has been entrusted to Codigy. 

You must:

1. Know and comply with your responsibilities under all of Codigy’s internal and external privacy and data security policies, processes, and standards (we will refer to these as the “data security and privacy policies”)

2. Know and comply with applicable global data protection laws.

3. Complete annual privacy and security trainings and tests (Part of our Privacy & Security processes);

You may only access, collect, use, transfer, dispose of, or otherwise process personal information as permitted under Codigy’s data security and privacy policies. You must always honour the individual’s choice to keep their personal information confidential and secure.

If you ever become aware of the misuse or unauthorized access of any personal information, it is your responsibility to report this to the Privacy and Security teams immediately.

4.2 Privacy and Your Use of Codigy Resources 

We seek to respect your personal privacy. However, to be compliant with the law, our standards, and improve our security and privacy procedures we must be able to conduct incident investigations and review audit traces.

This means that information created, accessed, transmitted, or stored using Codigy’s technology resources, such as email messages, computer files, instant messages, or websites in your browsing history, are company resources and assets.

We may access, monitor, or inspect Codigy resources, assets, and property at any time without your prior approval, knowledge, or consent to the extent allowed by law. This includes monitoring and retrieving information that is stored or transmitted on Codigy's electronic devices, computers, equipment, and systems.

WE ARE COMMITTED TO PROTECTING THE PERSONAL DATA PROVIDED TO US. WE MUST ENDEAVOR TO KEEP THIS DATA SECURE, USE IT ONLY FOR INTENDED PURPOSES, AND FOLLOW THESE SIMPLE GUIDELINES:

4.3 Confidential information

The nature of Codigy's business involves creating and gathering Confidential information. It has a critical role in our business, further growth and competitiveness.

"Confidential Information" includes any information and materials that Codigy doesn't ever make publicly known or at a given time. If disclosed, such information and materials may bring significant harm Codigy and our Customers.

The minimum scope of Codigy Confidential Information includes:

• Codigy proprietary source code;

• Non-public technical information about Codigy systems and product;

• Non-public information about Codigy's product roadmap;

• Non-public information about partnerships and customers;

• Non-public financial information;

• Non-public information about employees and terms of employment;

• Non-public information about technical, organizational, operational and design processes;

• Non-public information about business plans and goals;

As part of your day-to-day duties or services, may get you an access to Codigy Confidential Information and related trade secrets. You are expected to protect it, as described in your employemnt agreement and / or non-disclosure agreement. The effect of these agreements in relation to Confidential Information lasts through your entire employment or service period, and continues even after you no longer provide services to Codigy. All Codigy Confidential Information and Priorietary Information must be returned at the end of your engagement with Codigy.

Confidential Information should only be used for legitimate company purposes. You must not distribute or disclose Codigy's Confidential Information, exceptions to this are:

• When Codigy authorizes such disclosure;

• When disclosure is required by law, rule, regulation, or an applicable legal proceeding. In such a case, the Codigy Legal team must be informed.

4.4 Third party confidential information

Due to the nature of Codigy's business, we are entrusted with Confidential Information and trade secrets of third parties. We must protect it, the same way we protect our own confidential materials.

Under a confidential information and non-disclosure section of your empoyment contract or separate non-disclosure agreement, you may get access to confidential information or other non-public information about companies we do business with.

Such access must be authorized and used only for permitted used to conduct your day-to-day duties for Codigy or provide a service. You must respect the proprietary nature of this information and not use it or disclose it publicly without authorization.

Based on Codigy policies, Confidential and proprietary information and materials is classified, and each class has a defined appropriate use, security measures and lifecycle. It is your responsibility to know these processes and standards, and apply them when handling Confidential and proprietary information. Exact details on our processes and standards can be found in relevant policies, seek further assistance by contacting Codigy DPO (Data protection officer);

4.5 Inside information and insider trading

While conducting your day-to-day duties or services, the nature of Codigy service may expose you to non-public information or materials about Codigy or our Customers. 

This information may not be labelled as confidential, but if it's not acquired from public sources it should be treated as confidential. Our Customers include publicly traded companies and companies with venture funding. Inside information may significantly impact trading, fundraising, and competitiveness.

You should never discuss, publish or otherwise disclose this information to anyone or use it for market trading or to tip anyone else in market trading.

Example 1: Our customer is restructuring its engineering organization and shares a desired outcome with Codigy so we could recommend steps to achieve it. This information is very sensitive and should be treated as confidential, as overall Customer's vector can be deducted from this information. 

Example 2: We are planning a Codigy roadmap and discussed a fantastic new idea that will be implemented soon. Keep this information to yourself until it is released or Codigy Communication Team makes an official announcement.

Codigy's assets include its intellectual property rights, source code, technical know-how and documentation, information systems, computers, servers, other equipment, and communication facilities. 

Loss, theft, and misuse of Codigy's assets have a direct negative impact on the company’s business sustainability. 

We must ensure that Codigy assets are not misused, shared with unauthorized employees or other third parties, or sold without appropriate authorization. 

You are expected annually update your knowledge of our Policy – Electronic Systems and Communications and comply with it by ensuring that Codigy’s assets are protected and used only for legitimate business purposes. 

5.1 Computer & Other Equipment 

If you use Codigy equipment at your home or off-site, take precautions to protect it from theft or damage, just as if it were your own. If your employment or engagement with Codigy terminates for any reason, you must immediately return all Codigy resources, assets, and equipment in normal operating condition. 

5.2 Use of Email & Other Forms of Electronic Communication 

Always use emails and other forms of electronic communication (for example, Slack, LinkedIn etc.) appropriately. Please remember that the electronic systems and devices are owned by Codigy and may be subject to monitoring and inspection as part of incident investigation or security and process review, even if protected by password, as permitted by applicable laws. For further details please consult Policy – Electronic Systems and Communications and Policy – Workplace Surveillance. 

5.3 Use of Third-Party Software 

All software that we use to conduct Codigy's business must:

1. Authorized. Codigy has a curated list of approved tools and services that we use in our work, please check our inventory of tools and services or contact your manager if you need a new instrument that is not on the list;

2. Legal. It should have an appropriate commercial or open-source license;

We respect the intellectual property rights of third parties. Using or copying software without a valid license constitutes copyright infringement and may expose you and Codigy to civil and criminal liability. 

5.4 Other Copyrighted Materials 

In general, Codigy produces all materials such as illustrations, videos, screenshots, and photographs in-house to avoid any copyright infringements. Please contact Codigy Communication Team to get any of our materials.

In rare cases, we may need to use external works such as photographs, screenshots, videos, music, articles, and whitepapers in electronic form or as a hardcopy. These works are generally protected by copyright law and their unauthorized use may constitute copyright infringement. Do not use any portion of them without obtaining permission from the copyright holder. If you need assistance in such matters please consult with the Codigy Communication Team.

The integrity, reliability, and accuracy in all material respects of Codigy's books, records, and financial statements are fundamental to our business success. You may not cause Codigy to enter into a transaction with the intent to document or record such a transaction in a deceptive or unlawful manner. 

In addition, you must not create any false or artificial documentation or book entry for any transaction entered into by Codigy. Similarly, officers, employees, consultants, contractors, and others working on behalf of the company who have responsibility for accounting and financial reporting matters have a responsibility to accurately record all funds, assets, and transactions on Codigy's books and records. 

It is important to know when to save the information and when to periodically dispose of documents that are no longer needed or do not need to be retained. If litigation is pending or threatened, we must retain all relevant documents in accordance with instructions received from the Legal team. For record retention, we are guided by the law of the Republic of Lithuania.

Codigy has designated individuals or teams responsible for making public announcements and communications with the media, investors, and government authorities.

All other employees must not make any public announcements on behalf of Codigy and refer any inquiries from such entities to Communications Team.

7.1 Keeping business relationships private

By default, Codigy keeps its business relationships private. We don't publish logos, or proprietary marks or share the existence of the relationship with our Customers or Partners without prior agreement. 

Unacceptable example: Add the logo of a newly onboarded Customer to the Codigy website without consent.

Acceptable example: Make an arrangement with the official representative of the Customer to write a case study and publish it along with the Customer logo on our website and social media platforms.

7.2 Sharing information on social media

If you publish any information in public (social media platforms, networking sites, blogs, chats) you are prohibited from sharing confidential, private, or proprietary information about Codigy. You are not permitted to speak on behalf of Codigy when making any statements in such publications.

7.3 Responding to inquiries from the government 

You must also seek Codigy approval to speak to government or law enforcement officials regarding Codigy or Codigy's business activities. If a disclosure is required by law, you must promptly notify the Board of Directors of such disclosure requirement. 

At our current organization size, we lack the capacity to vet and validate suppliers. Because of this, we prohibit the use of services and tools provided by emerging companies. Sorry fellow startuppers, we know you're awesome and we will change this policy as soon as our internal vetting and validation muscle grows a bit😎

Currently, when we are selecting software tools and services for Codigy, we narrow vendors and suppliers down to known market leaders with a wide community validation. Clear indicators for that are:

• Supplier has been on the market for over 5 years;

• Supplier had no serious incidents that severely damaged their reputation, in the last year before the start of our business relationship;

• Supplier serves larger customers from a similar industry, who have over 1000 employees;

• Supplier is certified with SOC2 or ISO27001;

• Supplier is GDPR and CCPA compliant;

If the software supplier will be acting as a subprocessor for Codigy, we make sure that this supplier adheres to standards and obligations that Codigy takes or higher;

We strive to select Partners, Vendors and Suppliers who reflect our own values. We will terminate our business relationship with Suppliers where unethical business practices were reported, who operate unlawfully, or violate Human Rights, Anti-Bribery policies.

Codigy undertakes to actively reduce its environmental impact, including regular measuring and evaluation of the impact on the environment. We endeavour that all the employees are adequately informed and trained on the issues related to the environmental requirements. Each our employee must make all possible efforts to reduce the amount of waste and any other impact on the environment.

In our activities we endeavour to save natural resources, raw materials and energy, choose our products properly and to purchase and use them in a responsible manner, manage waste and reduce its amount responsibly, support and contribute to the national initiatives on environmental protection.

10.1 Seek guidance first

If you have noticed an ethics-related issue, a violation of our Code, or have a work-related grievance the best starting point for you is to seek advice or send a report to your manager. We have an open-door policy that you could use.

However, if the conduct in question involves your manager, or if you believe your manager has not dealt with the matter properly, or if you do not feel that you can discuss the matter with your manager, you may raise it through other channels.

10.2 Reporting

You can report ethics-related issues, a violation of our Code, or have a work-related grievance, by any of the following methods:

• In writing by email to ethics@codi.gy (Anonymity will depend on the email address you use);

• Submit a report by filling a form on https://codi.gy/ethics-and-compliance (Anonymous option);

• The above methods are preferred, but you may also send an anonymous message by mail, addressed to:

  Ethics review
  Codigy, UAB
  A.Jaksto g.9 Vilnius, Lithuania
  Suite 346
  LT-01105

10.3 Notes about reporting:

10.4 What happens after you have submitted a report

You will be issued a report ID. Report ID will allow you to check status of the report through https://codi.gy/ethics-and-compliance. Once the evaluation or investigation has been finished, status will include decisions and actions.

Codigy's Board of Directors is responsible for administering this Code. The Board of Directors will take reasonable steps from time to time to monitor compliance with the Code, keep it up to date, and when appropriate, impose, and enforce appropriate disciplinary measures for violations of the Code.