Supplier Code of Conduct

This Supplier Code of Conduct sets baseline expectations for vendors, contractors, subcontractors, consultants, agencies, freelancers, platforms, and service providers that support VarenyaZ operations or client delivery.

The code protects VarenyaZ by making supplier expectations explicit before risk appears in security reviews, customer questionnaires, procurement processes, accessibility reviews, data protection reviews, or public commitments.

This code applies to suppliers when they provide goods or services to VarenyaZ, access VarenyaZ systems, process VarenyaZ or client information, contribute to deliverables, interact with clients, or support a VarenyaZ-controlled workflow.

If a supplier agreement, purchase order, statement of work, data processing agreement, or security addendum contains stricter terms, the stricter written terms control.

Suppliers must operate lawfully and must not use forced labor, child labor, human trafficking, slavery, deceptive recruitment, unsafe working conditions, unlawful discrimination, harassment, retaliation, or wage and hour violations.

Suppliers are expected to maintain work environments and subcontracting practices that support lawful, safe, and respectful work.

Suppliers must protect VarenyaZ, client, employee, prospect, vendor, and user information with appropriate controls. Data should be accessed only where needed for authorized work.

Suppliers must notify VarenyaZ promptly of suspected unauthorized access, credential exposure, data loss, malware, privacy incident, security incident, or misuse of information involving VarenyaZ work.

Suppliers must not use AI, automated tools, or external platforms with VarenyaZ or client confidential information unless permitted by the applicable engagement and suitable for the data involved.

AI-assisted supplier work must be reviewed for accuracy, confidentiality, intellectual property, bias, security, and accessibility before it is delivered to VarenyaZ or a client.

Where suppliers create or affect websites, apps, documents, media, design systems, components, UX flows, PDFs, content, or third-party widgets, they are expected to support VarenyaZ accessibility obligations and remediation goals.

Suppliers should not deliver inaccessible documents, unlabeled media, mouse-only controls, low-contrast UI, inaccessible PDFs, or third-party widgets without identifying the issue and providing an accessible alternative path where required.

Suppliers must avoid bribery, corruption, kickbacks, undisclosed conflicts, sanctions violations, deceptive claims, fake reviews, misleading credentials, unlawful scraping, infringement, and misuse of VarenyaZ or client brand assets.

Suppliers must disclose material conflicts of interest, ownership relationships, subcontracting dependencies, or incentives that could affect objectivity, pricing, confidentiality, or delivery quality.

VarenyaZ may request reasonable evidence of supplier compliance for higher-risk services, regulated customer work, security-sensitive work, privacy-sensitive work, accessibility-sensitive work, AI-enabled work, or public-sector/customer procurement needs.

If a supplier violates this code, VarenyaZ may request remediation, suspend work, remove access, notify affected clients, terminate the relationship, withhold payment for nonconforming work where permitted, or pursue other remedies.