Commitments

Ethics and business responsibility The success of our business is dependent on the trust and confidence we earn from our employees, customers and shareholders. We gain credibility by adhering to our commitments, displaying honesty and integrity and reaching company goals solely through honorable conduct.

Adherence to laws It is the Company’s policy to be a good “corporate citizen.” Wherever we do business, employees and directors of the Company are required to comply with all applicable laws, rules and regulations. Employees are also responsible for honoring and abiding by the contracts that we have entered into with other parties, including intellectual property, confidentiality agreements, contracts with our customers and suppliers, and undertakings and other commitments we may have with government authorities.

Fair competition Car Tech is committed to compliance with applicable antitrust and fair competition laws. Company personnel are strictly prohibited from engaging in any behavior, either independently or through discussions or agreements with others, that is aimed at, or could be construed as, causing an unreasonable restraint or limitation on competition.

Avoidance of Conflicts of interests Employees are obligated to avoid and disclose ethical, legal, financial, or other conflicts of interests involving Car Tech, and remove themselves from a position of decision-making authority with respect to any conflict situation involving the company.

Safeguarding of Trade Secrets All current and former employees, and business partners are expected to conduct themselves in a manner which protects and preserves the Company’s proprietary, confidential, and trade secret information.

Observance of Human Rights Car Tech is committed to a work environmental that is free from human trafficking and slavery. Business partners through whom Car Tech conducts business must avoid complicity in any practice that constitutes trafficking persons or slavery.

Free Choice of Employment Employment relationships are entered into on a voluntary basis and may be terminated by employees at their own discretion and within a reasonable notice period.

Ostracism of Child Labor Car Tech’s Statement of Principles on Child Labor and Forced Labor is based on International Labor Organization (ILO) conventions and national laws, and recognizes regional and cultural differences. It reaffirms Car Tech’s continued worldwide commitment to restrict employment to those age 15 or older, or the local minimum employment age, or the mandatory school age, whichever is higher.

Equal Opportunities/Ban on Discrimination Car Tech is an equal opportunity employer and does not unlawfully discriminate against employees or applicants for employment on the basis of an individual’s race, color, religion, creed, sex, national origin, age, physical or mental disability, marital status, veteran status, pregnancy, citizenship status, veteran status, or any other status protected by applicable law.

Freedom of Association and the Right to Collective Bargaining Car Tech preserves freedom of association and actively acknowledges the right to collective bargaining. We will ensure our employees can discuss working conditions openly with management without fear of punishment. The right of employees to assemble, join a union, appoint representatives and be elected to the union must be respected.

Fairness in Pay, Working Hours, and Social Benefits It is our policy and practice to compensate employees for all time worked and to do so in compliance with all applicable state and federal laws. Work hours and time off must, as a minimum, be in conformity with applicable laws.

Health and Safety at the Workplace Car Tech takes every reasonable precaution to ensure that employees have a safe working environment. Safety measures and rules are in place for the protection of all employees.

Environmental Responsibility Car Tech is committed to the health and safety of our employees, customers, clients, and other third parties who play a part in our operations, live in the communities in which we operate, or use or products. We strive to promote sustainable growth and minimize our environmental footprint by improving our operational efficiencies.

Environmentally Friendly Production and Products Car Tech strives to conserve energy, water, and natural resources, commit to purchase environmentally friendly products, and dispose of waste responsibility to reduce impact on the local ecology. Also, reuse, recycle, and reduce wherever possible and practicable.

Product Safety and Quality Upon delivery, all products and services must meet the contractually agreed quality and safety criteria and must be safe for their intended use.

Suppliers are required to communicate the contents of this documents to their suppliers, obligate them to observe the same requirements and verify that these Sustainability Standards are adhered to throughout the supply chain.

Section 1 –Scope

This policy applies to all Contracts & Strategic Procurement and Procurement & Support Services employees and includes those who, in some way, are involved in the procurement and contracting process.

Section 2 – General Policy Statement

In line with the Purchasing Duties and Responsibility, the Company upholds fairness in business dealing with all Car Tech LLC (“Car Tech” or “Company”) Suppliers and values honesty and upholds legal conduct in all business relationships. The company expects that all purchasing activities shall be conducted in a highly ethical manner.

Employees engaged by Car Tech in the procurement of materials and services have significant influence over Car Tech’s reputation.  Employees’ actions in dealing with suppliers will influence how the company is viewed by suppliers.    Every employee of the Contracts & Strategic Procurement Department and the Procurement & Support Services Department is therefore expected to:

1. Comply fully with all applicable laws or government regulations.
2. Demonstrate and encourage co-employees with an affirmative attitude concerning Car Tech’s business ethics policies.
3. Conduct business with only reputable suppliers who maintain a sound financial and high ethical standing that meet Car Tech’s expectations.
4. Demand that relationships with Car Tech’s suppliers be based on mutual respect, honesty, and integrity.
5. No staff member is permitted to derive, directly or indirectly, any personal advantage from Car Tech purchases. The highest ethical standards must always be observed, and the buyers should not put themselves in situations whereby it may construed that their objectivity is compromised.
6. Employees engaged in the procurement of materials and services must act fairly and objectively and in the best interests of Car Tech in conducting business with suppliers.
7. Staff involved in purchasing decisions that have outside interests which are in actual or apparent conflict with the interests of the Company, or who have close family members with such interests, must withdraw from participation in purchasing decisions so affected and must declare their interests to their manager in writing and, as appropriate, under the Code of Conduct.
8. Report any business ethics violation to the appropriate Section Head and/or Manager.

Section 3 -Gift & Entertainment

1. Car Tech’s Purchasing Policy is to award business solely based on the best total value. Car Tech Employees are expected to decline any gift offered by suppliers or by individuals representing the interest of a supplier in exchange for favors. Employees should not solicit donations, gifts of any kind or other financial favors from suppliers or their agents or representatives.  The only exceptions are gifts of nominal value that are readily viewed as advertising or promotional items and will not influence or interfere with decisions to award orders or performance of duties.
2. Any employee or supplier engaging in such activities or reasonably suspected as such must be reported to a manager or Human Resources.

Section 4 – Conflict of Interest

An employee having procurement authority or in a position to influence the selection and/or management of a supplier as mentioned above shall:

1. Avoid or recuse oneself from participating in buying activities with any supplier in which the employee or a member of employee’s family or close relative has a management or financial interest.

1. Avoid and do not conduct personal business with a supplier. It shall be made known to Car Tech’s Suppliers to take all necessary steps and precautions to prevent their employees or representative from   making, offering   gifts or any other consideration or advantage of any nature to any employee or representative of Car Tech, which could in any way, influence the award of business and results into conflict of interest.

Section 5 -Confidential Information

1. Confidential information includes pricing and cost data, bid or quotation. information, formulas or process design information, supply sources, customer information and computer software programs. Employees should consult with their supervisor or manager prior to releasing confidential information to suppliers or other third parties.
2. Employees with buying functions are expected to develop and execute    appropriate Non-Disclosure Agreements with suppliers when dealing with confidential information and should be part of the order documentation.

Section 6 – Competitive Bidding

Competitive bidding is utilized to obtain the best and competitive offers. It must be applied to promote fair and objective buying decisions.  Information obtained from a competitive bidding must be safeguarded from unauthorized use and should not be shared nor revealed to other party except for the purpose of evaluating the technical acceptability of the offers. It is Car Tech Policy to:

1. Invite bids only from vendors that meet or exceed the technical and commercial requirements of the Company.
2. Award contracts to the bidder offering the best total value.
3. Keep information provided by suppliers confidential and do not share it with competitors or third parties.

Section 7- Employees’ Obligations

It is the responsibility of each employee of Car Tech to familiarize themselves with this policy.   Any doubt about issues involving business conduct or any provision of this policy, an employee should consult his immediate supervisor or manager for additional guidance.

Policy Guidelines

Diversity, Equity & Inclusion Definition:

Our definition of Diversity, Equity & Inclusion is “We All Belong.” Car Tech is a place where all of us have a responsibility to accelerate our progress, and where we all are accountable and empowered to drive change—here and in the world at large.

DEI Vision:

Be yourself, Change the world. Our vision at Car Tech is for every person to use their unique experiences, backgrounds, and abilities together—to spark solutions that create a better, technical world.

 

DEI Mission: Make DEI how we work every day.

Our mission is to make DEI our way of doing business. We will advance our culture of belonging where open hearts and minds combine to unleash the potential of a brilliant mix of people, in every corner of Car Tech. We will create equity by tailoring tools and resources to meet individual needs, and by continuously improving our systems and processes so everyone can reach their full potential.

 

Employee Responsibilities:

DEI is everyone’s responsibility at Car Tech. It requires purposeful action every day. Every employee is trained on DEI and is responsible for:

• Respecting the dignity and diversity of all people.
• Creating an inclusive environment that is free from discrimination, harassment, and bullying.
• Enhancing their awareness of potential unconscious bias and how that might hinder our ability to be more inclusive and collaborative with one another.
• Focusing on conscious inclusion to be more intentional with their actions to drive diversity,   equity and belonging. People Leader Responsibilities: Additionally, people leaders are   accountable for specific DEI responsibilities and for achieving DEI outcomes as part of their job   performance. These responsibilities include but are not limited to:
• Ensuring that employment-related decisions are free from discrimination.
• Setting individual DEI goals to foster diverse representation and an inclusive environment within their teams.
• Engaging in conscious inclusion and other behaviors that promote equity.
• Committing to an individual goal as part of annual goals- and objectives-setting to Car Tech meet our DEI responsibilities.
• Mitigating potential unconscious bias in employment decisions and talent practices (including performance and development, compensation, hiring).
• Drawing from a broad pool of talent to inclusively reach talent, create diverse slates and, ultimately, a workforce that reflects the communities we serve.
• Providing reasonable accommodations for qualified individuals with a disability and for those with needs related to their religious observance or practices of personal religious expression in accordance with applicable laws. Reasonable accommodation depends on the facts and circumstances and is addressed on a case-by-case basis.
• Creating an inclusive and safe work environment that supports DEI and behaviors that reinforce Car Tech values. This includes:
• Ensuring a work environment that is free from discrimination, harassment, and bullying.
• Consistently displaying inclusive leadership behaviors, valuing all perspectives, and listening to diverse points of view.
• Role modeling inclusive and respectful behavior in the work environment and all work-related activities.
• Encouraging employees to collaborate, make suggestions, and respect and listen to diverse opinions.
• Cultivating a culture that inspires respect for all employees, customers, vendors, contractors, and others in the work environment.
• Contacting Global Services – Human Resources (HR), and local HR when becoming aware of an employee who may be subject to discrimination, harassment or bullying.
• Appropriately addressing any other behavior not consistent with this or other policies, or with applicable laws relating to equal opportunity, diversity, equity, or inclusion.

DEI Network Member Responsibilities:

• Ensuring a consistent employee experience through execution of the Global DEI strategy.
• Following appropriate internal procedures and policies for DEI communications and programs.
• Assisting in communicating and championing the importance of DEI and the Global DEI strategy.

Discrimination, Harassment and Bullying:

Car Tech provides equal opportunities for employment. We base employment decisions on merit, considering qualifications, skills, performance and achievements, and we do not tolerate discrimination against any employee or applicant for employment based on non-work-related personal characteristics, such as race, color, religious beliefs, pregnancy (including childbirth or related medical conditions, as well as breastfeeding needs), gender, sexual orientation, gender identity or expression, transgender status, national origin, ethnic origin or background, social origin, family or marital status, age, disability (physical or mental), medical condition, genetic information, veteran’s status or military service, or based on union membership or union activity.

We provide reasonable accommodation to qualified individuals with a disability as well as individuals with needs related to their religious observance or practice.

All of us have a right to work in an environment free from the demoralizing effects of harassment or unwelcome offensive or improper conduct. Our Company will not tolerate harassment, bullying or conduct that could lead or contribute to harassment of employees by managers, supervisors, or co-workers. We also will actively seek to protect employees from harassment or bullying by non-employees in the workplace. Similarly, Car Tech will not tolerate harassment or bullying by its employees or non-employees with whom our employees have a business, service, or professional relationship. This also extends to conduct that takes place off Company premises (including on social media) that could reasonably impact employees or others within our workplace. See our Position on Providing a Discrimination-Free Workplace and our Position on Providing a Safe and Harassment Free Workplace.

 

Reporting Inappropriate Conduct:

If an employee believes that they or another individual has been subjected to conduct prohibited by this Policy, the employee is urged and expected to report the relevant facts promptly. An employee may make a report either orally or in writing. Concerns can be raised to any member of Car Tech management – HR via phone through the contact number for the employee’s location, any other HR employee, or through the grievance/dispute resolution process available in the employee’s location.

We take allegations of discrimination, harassment and bullying seriously and ensure they are appropriately investigated. All reported incidents will be investigated with an effort to keep the source of the report confidential, with the disclosure of information as appropriate to facilitate the investigation or resolution of the matter.

Car Tech encourages employees to report in good faith any possible violation of this Policy.

Prohibition of Retaliation:

We will not tolerate threats or acts of retaliation of any kind against any individual because they report conduct reasonably believed to violate this Policy, or in good faith provide information in connection with a report or investigation of any such conduct.

Consequences:

Employees who do not comply with this Policy and/or are found to have engaged in discrimination, harassment or bullying, will be subject to appropriate disciplinary action, up to and including termination of employment.

Considerations:

The Company shall comply with the laws of the jurisdiction in which we do business. It is the responsibility of each company’s management and employees to be familiar with and comply with the local equal opportunity laws and regulations which govern the business activities that they engage in. Accordingly, to the extent that following local law would conflict with this Policy, local law must be adhered to.

Right to Terminate or Amend Policy:

The Company reserves the right to modify, suspend, change, or terminate this Policy at any time, in accordance with local law. This Policy does not create any contractual rights or obligations, whether expressed or implied.

No Child Labor.

The Company does not tolerate, engage in, or support child labor of any kind and believes that a child’s development must not be hampered by any work that keeps them receiving an education.

It is the responsibility of employees of the Company to ensure compliance with this policy, including verification of the age of an applicant for any type of employment at the Company.

The Company expects its suppliers and contractors, including temporary staffing agencies, to uphold the same standards and shall discontinue the business relationship should a violation of such standards become known.

No Forced Labor

The Company does not tolerate, engage in, or support forced labor of any kind. In accordance with ILO (International Labor Organization) Core Labor Standards, the Company opposes the use of forced or unlawful compulsory labor of any kind in its business activities.

Equal Opportunity Employment and Protection from Unlawful Discrimination

Equal treatment of all employees is a fundamental principle of our corporate policy. The Company is an equal opportunity employer and does not unlawfully discriminate against employees or applicants for employment on the basis of an individual’s race, color, religion, creed, sex, national origin, age, physical or mental disability, marital status, veteran status, pregnancy, citizenship status, gender identity, sexual orientation, or any other status protected by applicable law. This policy applies to all terms, conditions and privileges of employment, including recruitment, hiring, placement, compensation, promotion, discipline and termination.

Working Hours.

The Company complies with federal and state wage and hour law as a minimum requirement. Working hours and break times take into account not only business but also person needs. The Company supports employees’ efforts to balance their professional and personal lives with a range of different working time models and flexible scheduling.

Equal Pay for Equal Work

The Company complies with all applicable laws that require equal pay for equal work. The Company prohibits sex-based wage discrimination between men and women who perform jobs that require substantially equal skill, effort and responsibility under similar working conditions.

Duty to Report & Non-Retaliation Policy

The Company takes these policies very seriously, and violations may lead to disciplinary action up to, and including termination of employment. If you have a concern about any issue that you believe may violate any law or Company policy, you are required to report such concerns through a supervisor, Human Resources, or any other manager or officer of the Company. The Company prohibits retaliation against any employee or worker who reports potential violations of this policy in good faith.

A whistleblower is an employee of Car Tech LLC (“Car Tech” or “Company”) who reports an activity that the employee considers to be illegal or dishonest to the Company or its shareholders, customers, or suppliers, or constitutes misconduct (e.g., fraud, negligence, breach of duty, embezzlement, etc.).

A whistleblower can make a disclosure to the Company by contacting management or HR. Whistleblowers may also communicate a reportable matter to a government agency or law enforcement agency in accordance with applicable laws.

Upon receipt of such reportable matter, the Company will promptly conduct an investigation as to the information provided and take appropriate action to remediate the situation and monitor the implementation of any remedial measures.

The Company will not retaliate against a whistleblower. This includes, but is not limited to, protection from retaliation in the form of an adverse employment action such as termination, demotion, reduction in compensation or hours, and threats of physical harm. Any whistleblower who believes he or she is being retaliated against must contact the HR director immediately. The right of a whistleblower for protection against retaliation does not include immunity for any personal wrongdoing that is alleged and investigated.

Insofar as possible, the confidentiality of the whistleblower will be maintained. However, a whistle-blower’s identity may have to be disclosed to conduct an internal investigation, to comply with the law, or to seek legal advice on the matter.

Overarching Policy.

It is the policy of Car Tech LLC (“Car Tech”) to conduct all business activities in compliance with the rules and regulations applicable to our industry. In all cases, these business activities are conducted to the highest ethical standards. Car Tech’s reputation is built on the integrity of our employees and their commitment to maintaining the highest standard of business practice.

Counterfeit Products.

“Counterfeit products” means any material, component, assembly, sub-assembly, product, or any other item forming part of the product in which there is an indication by visual inspection, testing, or other information that it may be a copy or substitute made without legal right or authority or one whose material, performance, identity, origins, quality or characteristics have been misrepresented.

Prevention Policy.

The goal of Car Tech’s Counterfeit Part Prevention Policy is to secure our supply chain. This method prevents counterfeit parts from entering the industry. Counterfeit parts contain material whose origin, age, composition, configuration, certification status or other characteristic (including whether the material has been used previously) has been falsely represented by:

• misleading marking of the material, labelling or packaging.
• misleading documentation; or
• any other means, including failing to disclose information, except where it has been demonstrated that the misrepresentation was not the result of dishonesty by the supplier or external provider within the supply chain.

Car Tech works to control the integrity of parts used in its manufacturing processes by maximizing the availability of authentic part, procuring parts from reliable sources, assuring authenticity and conformity of procured parts, and controlling parts identified as counterfeit.

Car Tech only uses approved suppliers for purchases of raw materials and components. These materials are verified on receipt and held in our secure warehouse; the company maintains a quality system with ISO9001 accreditation.

Batch Traceability.

Car Tech’s products contain batch codes on the packaging. The batch code enables the original component and any sub-component to be traced back to their origin.

Gray (or Grey) Market.

The grey market is where goods are traded outside of the manufacturers’ authorized trading channels. Buying from this gray market, although not illegal, does carry risk. This is when counterfeit products are most likely to enter the supply chain with potentially catastrophic results.

Encountering Counterfeit Products.

In the event that Car Tech discovers counterfeit products, it will quarantine such products and conduct an investigation to discover the source. Car Tech may notify its customers and relevant governmental authorities for investigation.

Purchasing of Goods.

To guard against receiving counterfeit components, customers are advised to only buy direct from Car Tech for our own branded products.

COMPLIANCE AND VERIFICATION

Suppliers must maintain documentation necessary to demonstrate compliance with the requirements of this Code. The documentation must be made available to Car Tech on written request. Car Tech will conduct on-site assessments of our suppliers and their supply chain including with external third-party assessors.
Should a supplier fail to comply with the requirements of the Code, Car Tech will through dialogue and cooperation try to solve the situation or as a last resort terminate the relationship.

Legal compliance: Suppliers shall operate in compliance with applicable national and local legal requirements.

Fair competition: Suppliers shall comply strictly with all antitrust and competition law.

Human rights: Suppliers shall support and respect the protection of internationally proclaimed human rights and ensure that they are not complicit in human rights abuse.

Freedom of association: Suppliers shall respect freedom of association and the right to collective bargaining.

Forced labor: Suppliers shall not accept any form of forced labor such as bonded labor, prison labor, slavery, human trafficking or retention of important personal documents of employees.

Child labor and young workers: Suppliers shall not accept the employment of children. The minimum age of employment shall not be less than the age of completion of compulsory schooling and in any case not less than 15 years. Where national law permits it, children between the age of 12 and 15 may perform a few hours of light work per day. The work must not interfere with children’s education.For young workers below the age of 18, special precautions shall be taken to protect them against accidents and damage to their health.

Discrimination: Suppliers shall not engage in or support any form of discrimination such as discriminating practices for employment, benefits, promotions or training. Employee related decisions shall be based on relevant and objective criteria.

Working hours: Suppliers shall comply with all applicable national and legal standards on working hours and overtime.

Wages and benefits: Suppliers shall comply at least with international legal minimum standards concerning wages and benefits including compensation for overtime. The size of wages shall enable workers to meet basic needs and shall be paid on time.

Working environment: Suppliers shall offer a safe working environment for all employees. Adequate health and safety procedures and the use of relevant protective equipment shall be implemented. Employees shall have access to drinking water and appropriate sanitation facilities.

Workplace violence: Suppliers shall protect employees in the working place against physical, verbal, sexual or psychological harassment, abuse or threats.

Anti-corruption: Car Tech is committed to zero tolerance for corruption in all its forms, including bribery and extortion. Any evidence of corruption will be addressed with immediate effect. Suppliers shall actively work against corruption in all its forms.

Environment: Suppliers shall strive to minimize the environmental impact of their activities through responsible management, widespread environmental awareness and the use of technologies with low environmental impact.

Traceability: Car Tech’s objective is to ensure traceability in our raw material supply chains, sufficient to ensure that we achieve transparency of raw material origins, as the basis for assuring compliance with these policy requirements.

Section 1. Purpose

CAR TECH LLC (“CAR TECH” or “Company”) is committed to complying fully with U.S.  laws and regulations related to export controls and trade sanctions, including but not limited to, International Traffic in Arms Regulations (ITAR), the Export Administration Regulations (EAR), and the Office of Foreign Assets Control’s Sanctions Regulations (collectively, “Trade Laws”). Sanctions and export control laws are an integral part of safeguarding U.S. national security and furthering U.S. foreign policy interests and objectives.

Export control and economic sanctions regulations address the export of proprietary, confidential, or restricted items, information, services, and software, as well as interactions with embargoed or sanctioned countries, organizations, and individuals. They exist to protect the national security, foreign policy, and economic interests of the United States. The purpose of the CAR TECH policy is to ensure compliance with federal export control and economic sanctions regulations.

Section 2. Policy Statement and Company Policies

Company personnel are the first line of defense in identifying and preventing potential sanctions or export control violations. Protecting the Company against such violations is the responsibility of all Company personnel, and those who engage in the Company’s international business activities. Accordingly, this Policy applies to all directors, officers, employees, and consultants of the Company or any of its subsidiaries worldwide (collectively “Employees”). All Employees must comply with all applicable Trade Laws and are prohibited from: (1) manipulating any transaction, service arrangement, relationship, or document to circumvent this Policy, or (2) facilitating or advising anyone regarding the circumvention of Trade Laws or this Policy.

CAR TECH and its Employees will comply with all U.S. export control and economic sanctions laws and regulations, including obtaining any required export licenses, for the transfer of export – controlled materials, data, technology, or equipment to a foreign national, either in the U.S. or abroad.

Below are prohibited activities:

2.1.  Purchasing or receiving ITAR-controlled items, materials, software, or Technical Data that are listed on the U.S. Munitions List (USML) (collectively, “ITAR Technology”) for use at the Company, unless approved in writing in advance of purchase or receipt by the HR Director or the export control officer (ECO). Purchase of ITAR-controlled items using the Company’s credit cards is expressly prohibited.

2.2.  Shipping or hand-carrying (exporting) technology, including items and technology listed on the Commerce Control List (CCL) or classified as EAR99, to embargoed, sanctioned, or otherwise restricted countries or end users, unless approved in writing in advance of purchase or receipt by the HR Director or the export control officer (ECO).

2.3.  International financial transactions with Restricted Parties, Specially Designated Nationals (SDN), or individuals in comprehensively embargoed countries or regions, unless approved in writing in advance of purchase or receipt by the HR Director or the export control officer (ECO).

2.4.  The anti-boycott provisions of the EAR prohibit U.S. Persons or businesses from participating in any non-U.S. sanctioned foreign government boycott. Employees who

Each CAR TECH facility may in its discretion adopt or modify the Procedures for compliance with federal regulations. The CEO has authority to supplement or revise the CAR TECH Export Control and Economic Sanctions Policy.

Failure to comply with this Policy and any applicable Trade Laws could lead to business disruptions, harm to the Company’s reputation, loss of export privileges, and/or significant civil and criminal penalties for the Company and individual Employees . Employees who violate this Policy are subject to appropriate disciplinary action, including, but not limited to, demotion, reassignment, additional training, probation, suspension, or termination.

Section 3. Federal Agency Regulation and Enforcement

The three main agencies that regulate and enforce most of the federal export control and economic sanctions regulations are:

3.1 U.S. Department of Commerce – enforces the Export Administration Regulations (EAR) which regulate the export and re-export of most commercial items including “dual-use” items that have both commercial and military or proliferation applications.

3.2 U.S. Department of State – enforces the International Traffic in Arms Regulations (ITAR), which regulate defense articles and defense services; and

3.3 U.S. Department of the Treasury – oversees U.S. economic sanctions and embargoes through its Office of Foreign Assets Control (OFAC) and prohibits the provision of anything of value, either tangible or intangible, to sanctioned countries, organizations, or individuals.

Section 4. Controlling Law, Jurisdiction, Exclusions and Exemptions

4.1 Federal regulations supersede any conflicting contractual requirements, state laws or regulations and any company policies or procedures that conflict with federal regulations. Only the federal agencies responsible for the export control and economic sanctions regulations have the authority to make determinations and issue licenses.

Neither the company nor a sponsoring entity has such authority.

• The Company’s products are controlled under the U.S. Export Administration Regulations (EAR) and are designated EAR99. Products which are designated EAR99 may be freely exported outside of the United States subject to the end-use, end-user, and embargoed country restrictions discussed in Sections 3, 4, and 5 herein. Should the Company develop new products, the Compliance Officer will work with relevant Company personnel and/or outside counsel to determine the export classification of such new products, including the applicable Export Control Classification Number or ECCN, destination controls, and any associated licensing, classification, or reporting requirements.
• Products or technology destined for certain end-uses or end-users may be subject to restrictions and/or licensing requirements under the EAR, even if the product or technology would not otherwise be subject to licensing requirements. The primary reasons for these requirements are to support U.S. policies of nonproliferation of nuclear, missile, chemical, and biological weapons, and U.S. antiterrorism policy. In addition, the EAR restricts certain activities of U.S. persons, such as contracting, financing, and freight forwarding, that could be considered as assisting the proliferation of nuclear, missile, chemical, and biological weapons activities. Employees must be alert to any circumstances or red flags indicating that an export may be destined for prohibited end-use.

If you have reason to know or suspect that a transaction may involve prohibited end-use, you must stop all activity and consult with the Human Resources Department (HR). No Employees is permitted to complete any transaction, shipment, or release of technology that has been identified as a suspect transaction until after it is reviewed and approved by HR or its ECO.

Section 5. Trade Sanctions

The U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) administers several different types of trade sanctions. The sanctions can either be comprehensive or selective, using the blocking of assets and trade restrictions to accomplish foreign policy and national security goals. Prohibited transactions are trade or financial transactions and other dealings, such as providing services, in which U.S. persons may not engage unless authorized by OFAC or expressly exempted by statute.  The following are different type of trade sanctions:

• Country-specific sanctions or economic embargoes that generally prohibit all direct or indirect (through third parties) transactions and business activities involving certain countries and all government and non-government entities, and individuals located or resident therein. The United States maintains comprehensive economic sanctions against various countries, including but not limited to, Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk People’s Republic, and Luhansk People’s Republic regions of Ukraine (collectively, the “Sanctioned Countries”).
• List-based sanctions that prohibit or restrict direct or indirect (through third parties) transactions with certain entities and individuals that appear on certain restricted party lists, including the Specially Designated Nationals and Blocked Persons List, the Foreign Sanctions Evaders List, and the Sectoral Sanctions Identifications List (collectively, the “OFAC Lists”).
• Sectoral sanctions are types of list-based sanctions that prohibit certain forms of direct or indirect (through third parties) transactions with entities and individuals that appear on the Sectoral Sanctions Identifications List. The sectoral sanctions target certain sectors of the Russian economy, including the financial services, energy, defense, and related material sectors. In most cases, only certain types of transactions involving a designated entity (e.g., the purchase of new debt or equity), are prohibited. In addition, OFAC administers limited sanctions against the Government of Venezuela and Petróleos de Venezuela, S.A., the Venezuelan state-owned oil and natural gas company.

The lists of prohibited parties are subject to change and should be checked for any newly added or deleted countries or parties.

The lists are published by and can be found visiting https://www.bis.doc.gov/index.php/policy-guidance/lists-of-parties-of-concern and/or https://home.treasury.gov/policy-issues/financial-sanctions/specially-designated-nationals-and-blockedpersons-list-sdn-human-readable-lists.

All U.S. persons are required to comply with OFAC trade sanctions, including all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities, their foreign branches and foreign subsidiaries owned or controlled by U.S. companies.

The Company prohibits all transactions or dealings with Sanctioned Countries and all government and non-government entities and individuals located or resident therein, or with persons on OFAC Lists, unless otherwise authorized by the U.S. Government. If you believe that any transaction potentially involves, directly or indirectly, a Sanctioned Country or any entity/individual on an OFAC List, please cease such actions and contact the Compliance Officer immediately.

Section 6. Recordkeeping

U.S. export control laws require that records of export transactions be maintained for a period of five (5) years from the latter of the date of export, the exhaustion of the export license authorizing the transaction, or the expiration of the export license or authorization.

The Company shall keep and maintain internal records pertaining to its export transactions and compliance efforts regarding Trade Laws for at least five (5) years or such other period as may be required by applicable law. Records that must be retained include but are not limited to: (i) books of account, (ii) contracts, (iii) letters, (iv) email, (v) memoranda, or (vi) other papers connected with a transaction.

Section 7. Training and Updates

The Company’s products, as well as the Trade Laws applicable to the Company’s business, may change over time. The only way to ensure that the Company remains compliant with such laws is to update and comply with this Policy. Human Resources (HR) and/or outside counsel will review this Policy on an annual basis and update it, as appropriate, to reflect such changes.

To ensure that all Employees are familiar with applicable Trade Laws and the Company’s internal procedures, training will be provided to relevant Company people identified by HR.

7.1 Information in the Public Domain/Publicly Available.

Information that is published and generally available to the public, as well as publicly available technology and some encryption software, is outside the scope of the export control regulations. This exclusion does not apply to information if there is reason to believe it may be used for weapons of mass destruction, or where the U.S. government has imposed access or dissemination controls as a condition of funding.

Public Domain is defined as information that is published and generally accessible to the public:

(1) through sales at newsstands and bookstores.

(2) through subscriptions available without restriction to anyone who may want to purchase the published information.

(3) through second-class mailing privileges granted by the U.S. Government.

(4) at libraries open to the public or from which the public can obtain documents.

(5) through patents available at any patent office.

(6) through unlimited distribution at a conference, meeting, seminar, trade show or exhibition that is generally accessible to the public and is in the United States.

(7) through public release (i.e., unlimited distribution) in any form (not necessarily published) after approval by the cognizant U.S. government department or agency

(8) through fundamental research, or

(9) websites accessible to the public.

Section 8. Explanation of Terms

EAR99. EAR99 is a designation for items that fall under U.S. Department of Commerce jurisdiction and are subject to the Export Administration Regulations (EAR) but are not listed on the Commerce Control List (CCL).

Export. Definitions of exports differ slightly between the ITAR and EAR. The ITAR definition includes sending or taking a defense article out of the United States; disclosing (including oral or visual disclosure) or transferring technological data to a foreign person, whether in the United States or abroad; and performing a defense service on behalf of, or for the benefit of, a foreign person, whether in the United States or abroad.)

The EAR definition includes an actual shipment or transmission of items subject to the EAR out of the United States, and any release of technology or software subject to the EAR to a foreign national.

Employee. All facility employees, full‐time and part‐time; including student employees, consultants, visitors, and others using facility resources.

Empowered Official (EO). A U.S. citizen who is legally empowered in writing by an facility to sign export license applications or other requests for approval on behalf of the facility. The EO must understand the provisions and requirements of the various export control statues and regulations, and the criminal liability, civil liability and administrative penalties for violating the laws and regulations. The EO has the independent authority to inquire into any aspect of a proposed export, verify the legality of the transaction and the accuracy of the information to be submitted, and refuse to sign a license application or other request for approval without prejudice or other adverse recourse.

Export Control Officer (ECO). A person who is identified formally at an facility for purposes of company compliance with export control regulations. It is not the role of the ECO to determine what research or activities academic and facility research personnel may engage in. Such a determination will fall to the individual’s college, department or unit, and the Office of the VP for Research.

Embargo. An embargo is the complete or partial limitation of trade and commerce with a particular country or group of countries. Under OFAC regulations, a sanction or embargo may include prohibitions on imports and exports of items, as well as services.

International Traffic in Arms Regulations (ITAR). The ITAR (22 CFR §§ 120-130) are U.S. regulations that control the export of defense-related articles and services that are listed on the U.S. Munitions List (USML). The ITAR are administered by the Directorate of Defense Trade Controls at the U.S Department of State.

Restricted Party. A Restricted Party is an individual, company, organization, or vessel with which US persons/entities (including their subsidiaries and agents in other countries) may not engage without a specific license.

Sanction. An economic sanction is a ban on certain types of trade. Under OFAC regulations, a sanction or embargo may include prohibitions on imports and exports of items, as well as services.

Specially Designated National (SDN). OFAC publishes a list of individuals, research organizations, and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists non-country-specific individuals, groups and entities, such as terrorists and narcotics traffickers targeted under the different sanction’s programs. Designated individuals, research organizations, and companies are called “Specially Designated Nationals” or “SDNs.” Their assets are blocked, and U.S. persons are generally prohibited from dealing with them. The SDN List is frequently updated.

Definitions and Abbreviations

Confidential Information (Sensitive Information) – Any Car Tech information that is not publicly known and includes tangible and intangible information in all forms. This includes information that is observed or orally delivered, electronic, written, or is in some other tangible form.  Confidential Information may include, but is not limited to, source code, product designs and plans, beta and benchmarking results, patent applications, production methods, product roadmaps, customer lists and information, prospect lists and information, promotional plans, competitive information, names, salaries, skills, positions, pre-public financial results, product costs, and pricing, and employee information and lists including organizational charts. Confidential Information also includes any confidential information received by Car Tech from a Third Party under a non-disclosure agreement.

Mobile Computing Devices – Mobile computing assets include, but are not limited to laptop, notebooks, tablets, desktop computers, all personal wireless-enabled devices (pagers, cellular phones, mobile email devices, PDAs, and other hybrid devices), and all portable storage media (flash drives, smart cards, tokens, etc.).

Third-Party – Any non-employee of Car Tech who is contractually bound to provide some form of service to Car Tech. 

User – Any Car Tech employee or Third Party who has been authorized to access any Car Tech electronic information resource.

Policy

Disclosure Restrictions 

External Information Requests – All requests from a Third Party for internal information that is not classified as PUBLIC must be approved by the Information Owner, who must be given five business days to evaluate the merits of the request.

Information Transfer To Third Parties – Car Tech software, documentation, and all other types of internal information must not be sold or otherwise transferred to any Third Party for any purposes other than those expressly authorized by management.

Disclosure of Information System Controls – Workers must not disclose to any persons outside Car Tech either the information system controls that are in use or the way in which these controls are implemented without the permission of the Information Security Manager.

Nature and Location of Organization Information – Information about the nature and location of Car Tech information, such as that found in a data dictionary, is confidential and must only be disclosed to those with a demonstrable need to know.

Financial Information Disclosure – Every disclosure of information about the financial condition of Car Tech, anticipated changes in financial position, and business developments that could reasonably be expected to materially alter the way investors view the company must be cleared in advance with the CEO. Furthermore, this disclosure must be made publicly available to all investors and interested parties at the same time.

Future Earnings or Products – Workers must not make any public statements or depictions, verbal or otherwise, regarding Car Tech future earnings or the prospects for new products.

Sharing Marketing Information – Marketing information including, but not limited to, prices, sales policies, strategies, plans, market share status, and other marketing information must never be disclosed to competitors.

Legal Action Information – Third party requests for information related to a current legal case must not be granted unless the request is made by an authorized government agency or court of law.

Public Information Disclosures 

Public Representation Approval – All public representations, such as media advertisements, Internet home pages, electronic bulletin board postings, and voice mail broadcast messages, must be issued or approved by HR Manager.

Release of Organization Information – Permission to disclose any internal Car Tech information to the news media or to other Third Parties must be obtained from HR Manager to release.

Information Released to The Public — Authorization – All internal Car Tech information to be released to the public must have first been reviewed by HR Manager according to an established and documented process.

Exchange Agreements 

Software and Data Exchange Agreements – Exchanges of in-house software or internal information between Car Tech and any Third Party must be accompanied by a written agreement that specifies the terms of the exchange, and the manner in which the software or information is to be handled and protected.

Online Contracts by Exchange of Paper and Signatures – Whenever Third Parties accept an online offer made by Car Tech, they must provide a scanned signed copy.

Identity Validation of External Parties – Before workers release any internal Car Tech information, enter any contracts, or order any products through public networks, the identity of the individuals and organizations contacted must be confirmed through digital certificates, letters of credit, Third Party references, or telephone conversations.

Physical Transit Controls 

No physical holdings, all business is handled digitally.

Confidential Information Removal 

Confidential Information Leaving Offices – Confidential Car Tech information, no matter what form it happens to take, must not leave Car Tech offices unless Information owner approval has first been obtained.

Sensitive Information Removal Log – No sensitive information is handled directly; all data is transferred via cloud services.

Delivery of Confidential Information – All deliveries of confidential information must be conducted in such a way that the recipient formally acknowledges that the information has been received.

Electronic Transmission

Transferring Sensitive Information – Before any Car Tech Confidential information may be transferred from one computer to another, the worker making the transfer must ensure that access controls on the destination computer are commensurate with access controls on the originating computer.

Wireless Transmissions of Confidential Information – Wireless technology must never be used for the transmission of unencrypted confidential information.

Third-Party Delivery of Confidential Information – Unencrypted confidential information must not be sent through any Third Parties including, but not limited to, couriers, postal services, telephone companies, and Internet service providers.

Public Network Data Transmission – Strong cryptography and security protocols such as SSL/TLS or IPSEC must be implemented to safeguard confidential Car Tech information during transmission over open, public networks.

Confidential Data Electronic Transmission – All Car Tech confidential data transmitted over any communication network must be protected.

Confidential Information Encryption – All computerized confidential information must be encrypted, with tools approved by the Information Security Department, when not in active use for authorized business purposes.

Electronic Mail

Electronic Mail Encryption – All sensitive information, such as electronic health information (EPHI) must be encrypted when transmitted through electronic mail.

Electronic Mail Approval – Unencrypted sensitive or confidential information must not be sent by electronic mail unless a formal agreement with the exchanger is in place.

Electronic Mail Addresses – Workers must not employ any electronic mail addresses other than IT Department approved electronic mail addresses for all company business matters.

Travel Considerations

Traveling with Confidential Information – All laptop must be passworded for access and always locked when using public transit.

Faxing Information

No confidential information is allowed through fax machine. Receiving documents information should be classified based on Information Classification Policy.

Customer Communications

Electronic Mail Distributions – Car Tech must receive a positive confirmation through an opt-in process for any external email placed on an electronic mail distribution list.

Customer Status Notifications Sent Via Electronic Mail – Car Tech must not use electronic mail as the sole source of notification for changes or updates to customer account features. Any customer notifications sent via electronic mail will include instructions for validating the authenticity of the message.

Electronic Marketing Material Source – All marketing materials sent through electronic mail must include an accurate return address and must provide clear and explicit instructions permitting recipients to quickly be removed from the distribution list.

Business Information Systems

Intermediate Products Containing Sensitive Information – If a copy machine jams or malfunctions when workers are making copies of confidential information, they must not leave the machine until all copies of the information are removed from the machine or destroyed beyond recognition.

Distribution of Marketing Materials – Workers must not use facsimile machines, electronic mail, auto-dialer robot voice systems, or any other electronic communications systems for the distribution of unsolicited advertising material.

Recording Video Conferences - Car Tech video conferencing sessions must not be recorded unless this recording is approved in advance by the manager of information security and communicated in advance to all video conference participants.

Logically Separate Voice and Data on IP Networks – In every instance where voice over IP (VOIP) technology is deployed at Car Tech facilities, this technology must use a completely logically separate network other than the network used for data transmission.

Critical Telephone Services Must Not Be Supported via VOIP - Car Tech business-critical telephone services — such as over-the-phone order-taking with sales representatives — must not be supported by voice over IP (VOIP) systems, until the Information Security Manager deems these systems sufficiently reliable and stable to support these services.

VOIP Remote Management or Auditing Requires Encrypted Channel – Whenever either remote management or remote auditing is performed on a voice over IP (VOIP) network, these connections must employ a fully encrypted channel.

Direct Inward System Access Implementation - Car Tech sites must not enable the direct inward system access features on private branch exchange telephone systems unless they are accompanied by a fraud detection and limitation system approved by the manager of the IT Department.

Conference Bridge Activation – Conference bridges must be specifically activated only when needed. They must not be left in an activated state when not in use.

Verbal and Written Communication

Public Exposure of Sensitive Information - Secret, or confidential Car Tech information must not be read, discussed, or otherwise exposed on airplanes, restaurants, elevators, public transportation, or in other public places.

Confidential Information in Meetings - If confidential information is discussed verbally in a meeting, seminar, lecture, or related presentation, then the speaker must clearly communicate the sensitivity of the information and remind the audience to use discretion when disclosing it to others.

Erasable Surfaces – After each meeting is over, all erasable surfaces containing confidential information in conference rooms must be erased. Such surfaces could be black boards, white boards, windows, or other similar objects.

Audio and Video Recording - Workers must not record sensitive information with any type of audio recording device unless the proper sensitivity classification is specified at the beginning and end of each segment of sensitive information, the recording media is labeled with the most stringent data classification found on the media, the media is protected in accordance with the most stringent classification found on the media, and the media is erased as soon as possible.

Internet and Intranet

Internet Transmission of Sensitive Information – Unencrypted information that is sensitive or confidential must not be sent over the Internet.

Publicly Modifiable Directories – All publicly modifiable directories on Car Tech Internet-connected computers must be reviewed and cleared each evening.

Internet News Sources – News feeds, electronic mail mailing lists, push data updates, and other mechanisms for receiving information over the Internet must be restricted to material that is clearly related to Car Tech business and the duties of the receiving workers.

Intranet Content- Company does not utilize an intranet.

Web Site Security

Confidential Information on Web – Car Tech Confidential information must not be resident on either Internet or intranet servers.

Anonymous FTP Server Information – All user-provided files that have not been explicitly approved for public release must be encrypted.

Public Information

Publicly Posting Only Generic Information - Except for top management, all publicly posted contact points must use generic job titles rather than individual names. For example, web sites, Internet public databases, and help wanted advertising would refer to “systems administrator” rather than “Mary Smith.” Likewise, direct dial telephone numbers and individual email accounts must not be publicly posted.

Permissible Ways to Obtain Competitive Information - Car Tech workers must obtain information about competitors from public domain sources, or legally purchase such information from its rightful owner (such as a market research firm). Competitor information gathered by any other means, whether intentionally or unintentionally obtained must be reported immediately to the Car Tech senior management.

Third-Party Use of Organization Name – No Third Party may use the Car Tech name in its advertising or marketing materials unless the written permission of corporate legal counsel has first been obtained.

Presentation of Public Image - Car Tech must always present a low-profile and secure image to both the public and Third-Parties. This means that information about the existence and nature of significant assets must be accessible only to those persons with a demonstrable need to know.

IP and Copyright Compliance Policy

What is intellectual property?

Intellectual property is commonly understood to be “creations of the mind”, put simply, property that has involved some intellect in its creation. Because such intellect was required to create it, the owner of the IP retains some degree of control over its use. In many countries this control and ownership is defined in law.

Intellectual property can exist in many forms including:

·      Books ·      Documents ·      Software ·      Designs

·      Logos ·      Music ·      Recordings ·      Digital media

·      Photographs ·      Films/Movies and videos ·      Plays

It is important that intellectual property is protected by law otherwise individuals and organizations may not create anything new because there would be little benefit to the creator in doing so.

Protection of intellectual property

Protection of intellectual property is provided by the following main mechanisms:

• Patent: It provides protection for an invention and is generally granted for 20 years. It must be applied for and granted in individual countries and can be sold or licensed to others.
• Trademark: A trademark is a sign or symbol that is associated with a particular individual or organization and has been registered as such. When registered, the organization can claim the exclusive right to use that symbol and can prevent others from doing so through the courts.
• Industrial Design: It refers to the aesthetics of an article as opposed to its functionality (which would be registered as a patent). This can be registered and protected although it can be difficult to define.
• Geographical Indication: It refers to the place of origin of an article and usually derives some benefit from that association e.g. many food products or wine. It is generally protected by national laws and in some cases by regional legislation e.g. in the European Union.
• Copyright laws: They provide protection for artistic “works”, are obtained automatically without registration and generally apply for 50 years after the creator’s death.

The Law

IP protection is provided via a national and international legal framework and at a high level is included in Article 27 of the Universal Declaration of Human Rights.

Internationally the World Intellectual Property Organization (WIPO) in Switzerland (part of the United Nations) provides guidance and administration of many of the applicable international treaties that have been agreed between countries to enforce the protection of IP worldwide.

Penalties for infringement of copyright

A copyright owner can involve the court in cases of infringement. The owner may be awarded damages from the person or organization who infringed. They may also take out a court injunction to prevent the infringer from using the copyright material and possibly to have it destroyed. Employees responsibility for knowingly infringing copyright will be subject to disciplinary action by the organization.

Software license compliance

Computer software is considered to be “literary works” for the purposes of the law. An individual or organization must be granted a license to make use of the computer software. There are various types of licenses, and it is important to know the differences to avoid infringing copyright.

Proprietary software license

Under this type of license, the user is granted permission to use the software under an End User Licensing Agreement (EULA). This will usually involve some form of payment to the copyright holder either directly or via a third party such as an authorized reseller. EULAs are often very long documents and will contain a list of the activities that are, and are not, permitted under the license. It is important to ensure that all activities about the software carried out by Car Tech fall within the terms of this agreement.

Free or open-source license

The permissions granted under a free or open-source license are usually much wider than with a proprietary license and will often involve no payment. However, a license is still defined, and the use of the software is dependent upon complying with its terms.

Obtaining software

All software used within Car Tech must comply with the Software Policy and be on the list of approved software. This is the case whichever type of license is involved and regardless of payment status. Software must always be obtained from a source authorized by the copyright holder and evidence of purchase kept, including:

• Receipt of purchase
• License agreement
• Number of licenses
• License keys
• Physical media e.g. CD/DVDs
• Software manuals

Installation and use of software on Car Tech systems will be subject to regular monitoring to ensure this policy is complied with.

Reusing licenses

If a license is no longer required by a user, the terms of the software license must be reviewed to understand if and how it may be reused.

If permitted by the license, the software may be redeployed to another user.

Software licensing compliance reviews

On a regular basis a review of installed software against recorded licenses must be carried out to ensure that all software in use within the organization is correctly licensed. This may highlight opportunities for license re-use and identify any cases where additional licenses need to be purchased.

Other types of IP

The organization makes use of a variety of types of IP other than computer software, and it is important that copyright considerations are considered with respect to these assets too.

These may include:

• Training videos
• Music played in works locations e.g. factories and offices
• Books
• Courses
• Procedural and Product documentation
• Presentations
• Photographs used on websites
• Customer logos on marketing materials

Care must be taken to ensure that copyright is understood, and no infringement occurs. The license provided may allow certain types of use without permission being obtained and this should be checked first. Where it is desired to make use of copyrighted materials outside of the terms of the license, clearance must be obtained from the copyright holder.

Assuming the copyright has not expired the holder of the copyright must be contacted, and specific permission obtained for the use requested, including the format of the medium involved and the distribution intended (e.g., will it be public or internally within the organization). The permission must be obtained in writing and kept in a safe place.

Protecting our intellectual property

Copyright issues only apply when our organization makes use of other people’s work. Original materials of Car Tech are subject to the same levels of protection set out within this policy. For creative works being generated the following are considerations to protect our IP:

• Ensure that a claim to copyright is included on all works that are intended for outside distribution.
• Remain vigilant for instances where our copyrights, patents, trademarks or industrial designs are being used without permission.
• Report all suspected infringements to the HR Department.
• Consider licensing terms when sending items that might be termed IP to others outside the organization.
• Make sure that everyone understands the law and what is and isn’t permitted with respect to our IP.

Conclusion

The protection provided by copyright and other types of legal mechanism ensure that it is viable and worthwhile to invent and create new concepts and ideas, safe in the knowledge that they can’t be stolen or misused by others. This is essential in today’s world to give our customers confidence that the goods and services they buy are of high quality and can be trusted to deliver.