This Code of Business Conduct and Ethics applies to all HolaTECH directors, officers and employees, as well as to directors, officers and employees of any subsidiary of HolaTECH Such directors, officers and employees are referred to herein collectively as the “Covered Parties.” HolaTECH and its subsidiaries are referred to herein collectively as the “Company.”
The Company is proud of the values with which it conducts business. It has and will continue to uphold the highest levels of business ethics and personal integrity in all types of transactions and interactions. To this end, this Code of Business Conduct and Ethics serves to (1) emphasize the Company’s commitment to ethics and compliance with the law; (2) set forth basic standards of ethical and legal behavior; (3) provide reporting mechanisms for known or suspected ethical or legal violations; and (4) help prevent and detect wrongdoing. Given the variety and complexity of ethical questions that may arise in the Company’s course of business, this Code of Business Conduct and Ethics serves only as a rough guide. Confronted with ethically ambiguous situations, the Covered Parties should remember the Company’s commitment to the highest ethical standards and seek advice from supervisors, managers or other appropriate personnel to ensure that all actions they take on behalf of the Company honour this commitment.
CONFLICTS OF INTEREST
A conflict of interest exists when a person’s private interest interferes in any way with the interests of the Company. A conflict can arise when a Covered Party takes actions or has interests that may make it difficult to perform his or her work for the Company objectively and effectively. Conflicts of interest may also arise when a Covered Party, or members of his or her family, receive improper personal benefits as a result of his or her position at the Company. Loans to, or guarantees of obligations of, Covered Parties and their family members may create conflicts of interest. It is almost always a conflict of interest for a Covered Party to work simultaneously for a competitor, customer or supplier. Conflicts of interest may not always be clear-cut, so if you have a question, you should consult with your supervisor or manager or, if circumstances warrant, the chief financial officer of the Company. Any Covered Party who becomes aware of a conflict or potential conflict should bring it to the attention of a supervisor, manager or other appropriate personnel or consult the procedures described in Section E of this Code. All directors and executive officers of the Company shall disclose any material transaction or relationship that reasonably could be expected to give rise to such a conflict to the Chairman of the Company. No action may be taken with respect to such transaction or party unless and until such action has been approved by the Audit Committee.
Covered Parties are prohibited from taking for themselves opportunities that are discovered through the use of corporate property, information or position without the consent of the Board of Directors of the Company. No Covered Party may use corporate property, information or position for improper personal gain, and no employee may compete with the Company directly or indirectly. Covered Parties owe a duty to the Company to advance its legitimate interests whenever possible.
Covered Parties shall behave honestly and ethically at all times and with all people. They shall act in good faith, with due care, and shall engage only in fair and open competition, by treating ethically competitors, suppliers, customers, and colleagues. Stealing proprietary information, possessing trade secret information that was obtained without the owner’s consent, or inducing such disclosures by past or present employees of other companies is prohibited. No Covered Party should take unfair advantage of anyone through manipulation, concealment, abuse of privileged information, misrepresentation of material facts, or any other unfair practice. The purpose of business entertainment and gifts in a commercial setting is to create good will and sound working relationships, not to gain unfair advantage with customers. No gift or entertainment should ever be offered or accepted by a Covered Party or any family member of a Covered Party unless it (1) is consistent with customary business practices, (2) is not excessive in value, (3) cannot be construed as a bribe or payoff and (4) does not violate any laws or regulations. The offer or acceptance of cash gifts by any Covered Party is prohibited. Covered Parties should discuss with their supervisors, managers or other appropriate personnel any gifts or proposed gifts which they think may be inappropriate.
Covered Parties who have access to confidential information are not permitted to use or share that information for securities trading purposes (“insider trading”) or for any other purpose except the conduct of the Company’s business. All non-public information about the Company should be considered confidential information. It is always illegal to trade in HolaTECH securities (if listed at any stage) while in possession of material, non-public information, and it is also illegal to communicate or “tip” such information to others. While all Covered Parties are prohibited from insider trading, HolaTECH has adopted specific “Insider Trading Policies and Procedures” applicable to the Company’s directors, executive officers and key employees (“Directors and Covered Employees”). This document will be posted on HolaTECH’s website and will be sent periodically to Directors and Covered Employees in connection with certification of compliance.
Covered Parties must maintain the confidentiality of confidential information entrusted to them, except when disclosure is authorized by an appropriate legal officer of the Company or required by laws or regulations. Confidential information includes all non-public information that might be of use to competitors or harmful to the Company or its customers if disclosed. It also includes information that suppliers and customers have entrusted to the Company. The obligation to preserve confidential information continues even after employment ends.
PROTECTION AND PROPER USE OF COMPANY ASSETS
All Covered Parties should endeavor to protect the Company’s assets and ensure their efficient use. Theft, carelessness, and waste have a direct impact on the Company’s profitability. Any suspected incident of fraud or theft should be immediately reported for investigation. The Company’s equipment should not be used for non-Company business, though incidental personal use is permitted. The obligation of Covered Parties to protect the Company’s assets includes its proprietary information. Proprietary information includes intellectual property such as trade secrets, patents, trademarks, and copyrights, as well as business, marketing and service plans, technical ideas, designs, databases, records, salary information and any unpublished financial data and reports. Unauthorized use or distribution of this information would violate Company policy. It could also be illegal and result in civil or criminal penalties.
COMPLIANCE WITH LAWS, RULES AND REGULATIONS
Obeying the law, both in letter and in spirit, is the foundation on which the Company’s ethical standards are built. In conducting the business of the Company, the Covered Parties shall comply with applicable governmental laws, rules and regulations at all levels of government in Europe (including Switzerland) and in any other jurisdiction in which the Company does business. Although not all Covered Parties are expected to know the details of these laws, it is important to know enough about the applicable local, state and national laws to determine when to seek advice from supervisors, managers or other appropriate personnel.
TIMELY AND TRUTHFUL PUBLIC DISCLOSURE
In reports and documents filed with or submitted to the Securities and Exchange Commission and other regulators by the Company, and in other public communications made by the Company, the Covered Parties involved in the preparation of such reports and documents (including those who are involved in the preparation of financial or other reports and the information included in such reports and documents) shall make disclosures that are full, fair, accurate, timely and understandable. Where applicable, these Covered Parties shall provide thorough and accurate financial and accounting data for inclusion in such disclosures. They shall not knowingly conceal or falsify information, misrepresent material facts or omit material facts necessary to avoid misleading the Company’s independent auditors or investors.
SIGNIFICANT ACCOUNTING DEFICIENCIES
The CEO and each senior financial officer shall promptly bring to the attention of the Audit Committee any information he or she may have concerning (a) significant deficiencies in the design or operation of internal control over financial reporting which could adversely affect the Company’s ability to record, process, summarise and report financial data or (b) any fraud, whether or not material, that involves management or other employees who have a significant role in the Company’s financial reporting, disclosures or internal control over financial reporting.
Any waiver of this Code for executive officers or directors may be made only by the Company’s Board of Directors or its Audit Committee and will be promptly disclosed as required by law or stock exchange regulation. Violations of Ethical Standards
REPORTING KNOWN OR SUSPECTED VIOLATIONS
The Company’s directors, CEO, senior financial officers shall promptly report any known or suspected violations of this Code to the Chairman of the Company. All other Covered Parties should talk to supervisors, managers or other appropriate personnel about known or suspected illegal or unethical behaviour. No retaliatory action of any kind will be permitted against anyone making such a report in good faith, and the Company’s Board will strictly enforce this prohibition.
ACCOUNTABILITY FOR VIOLATIONS
If the Company’s Board or its designee determines that this Code has been violated, either directly, by failure to report a violation, or by withholding information related to a violation, the offending Covered Party may be disciplined for non-compliance with penalties up to and including removal from office or dismissal. Such penalties may include written notices to the individual involved that a violation has been determined, censure by the Board, demotion or re-assignment of the individual involved and suspension with or without pay or benefits. Violations of this Code may also constitute violations of law and may result in criminal penalties and civil liabilities for the offending Covered Party and the Company. All Covered Parties are expected to cooperate in internal investigations of misconduct.
We must all work together to ensure prompt and consistent action against violations of this Code. In some situations, however, it is difficult to know if a violation has occurred. Because we cannot anticipate every situation that will arise, it is important that we have a way to approach a new question or problem. These are the steps to keep in mind:
• Make sure you have all the facts. In order to reach the right solutions, we must be as informed as possible.
• Ask yourself: What specifically am I being asked to do? Does it seem unethical or improper? Use your judgment and common sense. If something seems unethical or improper, it probably is.
• Clarify your responsibility and role. In most situations, there is shared
• Are your colleagues informed? It may help to get others involved and discuss the problem.
• Discuss the problem with your supervisor. This is the basic guidance for all situations. In many cases, your supervisor will be more knowledgeable about the questions, and he or she will appreciate being consulted as part of the decision-making process.
• Seek help from Company resources. In rare cases where it would be inappropriate or uncomfortable to discuss an issue with your supervisor, or where you believe your supervisor has given you an inappropriate answer, discuss it locally with your office manager or your human resources manager.
• You may report ethical violations in confidence without fear of retaliation. If your situation requires that your identity be kept secret, your anonymity will be protected to the maximum extent consistent with the Company’s legal obligations. The Company in all circumstances prohibits retaliation of any kind against those who report ethical violations in good faith.
• Ask first, act later. If you are unsure of what to do in any situation, seek guidance before you act.
SECURITY / VULNERABILITY REPORTING POLICY
HolaTECH appreciates the valuable role independent security researchers play in Internet security today. Keeping our customer’s data secure is our highest priority, and we encourage the responsible reporting of any vulnerability that may be found. By responsible disclosure HolaTECH expects to be provided information about potential security discoveries in a private and confidential manner such that it can be verified and responded to before being made public. Additionally, HolaTECH pledges not to initiate legal action against security researchers as long as they adhere to below conditions.
REPORTING A POTENTIAL SECURITY VULNERABILITY
Security researchers should confidentially and responsibly disclose full details of a suspected vulnerability so HolaTECH application and security teams may validate and reproduce the issue by sending an email to vulnerabilities@HolaTECH.com
HolaTECH does not permit the following types of security research:
Exploitation of a potential vulnerability – only the reporting of potential vulnerabilities Causing or attempting a Denial of Service(DoS) or Distributed (DDoS) condition Causing or trying to generate a service availability risk for production systems, applications or data Accessing or attempting to access data or information that does not belong to you or that you do not have the authority to be obtaining legally or contractually. Destroying or corrupting, or attempting to destroy or corrupt application data, systems or network data or information that does not belong to you – or that you do not have legal or contractual authority to access Phishing or social engineering of HolaTECH employees, affiliates, or HolaTECH customers Running automated scanning tools Current customer or potential new customer security research on community systems
THE HOLATECH SECURITY TEAM COMMITMENT:
To all security researchers who follow the above policy, the HolaTECH security team will make best efforts to:
Respond promptly, acknowledging receipt of your report
Handle your report with strict confidentiality and not pass on personal details to third parties without your permission
HolaTECH may at some time in the future give recognition to the discoverer of vulnerabilities – unless the security researcher chooses to remain anonymous which will be respected No compensation
HolaTECH does not compensate people for reporting security vulnerabilities. Any such requests for payment either directly – or externally in vulnerability marketplaces – will be considered a violation of the above policy conditions. In such an event, HolaTECH reserves all of its legal rights.