Code of Conduct.
I. Introduction:
This Code of Conduct ("Code") highlights the standards of our business ethics and practices which are required to be observed in all business transactions. Ethics and Compliance are critical to everyone’s business and all Employees of Coforge ("Employees") & Board of Directors shall respect and adhere to the Code, in case of any possible violation, report such violation to the Legal Service Organization (LSO) of the Company.
We believe our most important strength is our employees. We seek to provide a work environment where all employees have the opportunity to reach their full potential and contribute to the Company’s success. We emphasize personal integrity and believe long- term results are the best measure of an employee’s performance.
The Company respects the human rights and dignity of all employees. We endeavor to treat our employees fairly and honestly. We strive to maintain a safe, secure and healthy workplace and it is against our policy to use forced or child labor. We also strive to follow all applicable laws and regulations.
Every employee shall be responsible for the implementation of and compliance with this Code and failure to adhere to the Code could attract the penal consequences including termination of employment.
In case any employee notices or is informed of violation of any Law or this Code, Company’s policy or any fraudulent act w.r.t. shareholders, government or financial market or any act of mismanagement of Company’s resources and business, such employee must promptly report to (in the order of the gravity of the act and independence of such person being reported to):
- Immediate supervisor; or
- Company’s Legal Counsel; or
- Audit Committee of the Board of Directors.
This Code may be updated from time to time.
II. Corporate Mission
Coforge Limited including its affiliates ("Coforge") is poised to enable individuals and enterprises worldwide, achieve greater success by providing knowledge, skills, solutions and services through pioneering efforts and usage of appropriate technology. Coforge remains committed in all its actions to benefit the economic development of the countries in which it operates. Coforge shall conduct its business affairs in accordance with the economic development and foreign policies, objectives and priorities of the nation's government, and shall strive to make a positive contribution to the achievement of such goals across the various jurisdictions that it operates.
III. Responsibilities towards the Company and stakeholders Corporate Citizenship
Coforge is committed to be a good corporate citizen, not only in relation to the compliance with all relevant laws and regulations, but also by actively assisting its affiliates in the improvement of the quality of life of the people in the communities in which it operates.
Financial Reporting and Records
Coforge shall prepare and maintain its accounts fairly and accurately in accordance with the accounting and financial reporting standards which represent the generally accepted guidelines, principles, standards, laws and regulations of the country in which the company conducts its business affairs.
Shareholders
Coforge shall be committed to enhance shareholders’ value and comply with all regulations and laws that govern shareholders' rights. The Board shall duly and fairly inform its shareholders about all relevant aspects of the company's business, and disclose all such information in accordance with the respective regulations and laws.
Regulatory Compliance
Every employee of Coforge shall, in his or her business conduct, comply with all applicable laws and regulations, both in letter and in spirit, in all the territories in which he or she operates. If the ethical and professional standards set out in the applicable laws and regulations are below that of the Code, then the standards of the Code shall prevail.
Regulatory Compliance
Every employee of Coforge shall, in his or her business conduct, comply with all applicable laws and regulations, both in letter and in spirit, in all the territories in which he or she operates. If the ethical and professional standards set out in the applicable laws and regulations are below that of the Code, then the standards of the Code shall prevail.
Equal Opportunities Employer
Coforge shall provide equal opportunities to all its employees and all qualified applicants for employment, without regard or bias to their race, caste, religion, color, ancestry, marital status, sex, age, nationality, disability and veteran status. All employees shall be treated with dignity and in accordance with its policy to maintain a safe work environment free of any sort of harassment, whether physical, verbal or psychological. All employees shall be governed by policies and practices that ensure that in all matters equal opportunity is provided to those eligible and the decisions are merit-based.
Ethical Conduct
All employees of Coforge, including whole-time directors and the managing director shall, deal in a professional and honest manner with high moral and ethical standards. Such conduct shall be fair and transparent.
The Directors shall adhere to the duties as specified in the Companies Act, 2013 and other relevant laws and regulations.
Concurrent Employment
In consideration of employment with the Company, all employees of Coforge are expected to devote full attention to the business interests of the Company. An employee shall not, without the prior approval of the managing director of the company, accept employment or a position of responsibility (such as a consultant or a director) with any other company, nor provide ‘freelance’ services to anyone or similar position which may be prejudicial to the interest of the Company . In case of a whole-time director or the managing director, such prior approval must be obtained from the Board.
Conflict of Interest
An employee of Coforge shall not engage in any business, relationship or activity which might detrimentally conflict with the interest of his or her company or the group. A conflict of interest, actual or potential, may arise where, directly or indirectly:
- An employee engages in a business, relationship or activity with anyone who is party to a transaction with his or her company;
- An employee is in a position to derive a personal benefit or a benefit to any of his or her relatives by making or influencing decisions relating to any transaction;
- An independent judgment of the company's or group's best interest cannot be exercised.
Notwithstanding that such or other instances of conflict of interest exist due to any reason, adequate and full disclosure by the interested employees should be made to the company's management. It is also incumbent upon every such employee to make a full disclosure of any interest which the employee, may
have in a company or firm which is a supplier, customer, distributor of or has other business dealings with his company.
Securities Transactions and Confidential Information
An employee of Coforge and his or her immediate family shall not derive any benefit, or assist others to derive any benefit from the access to and possession of information about the company or the group, which is not in the public domain and thus constitutes insider information.
An Employee shall not use or proliferate information which is not available to the investing public and which therefore constitutes insider information for making or giving advice on investment decisions on the securities of the respective Coforge Group Company on which such insider information has been obtained.
Such insider information might include the following:
- Acquisition and divestiture of businesses or business units;
- Financial information such as profits, earnings and dividends;
- Announcement of new product introductions or developments;
- Asset revaluations;
- Investment decisions/plans;
- Restructuring plans
- Major supply and delivery agreements;
- Raising finances.
The Employees shall always protect and hold confidential Company’s proprietary information, trade secret, products, architectures, source codes, project plans, names and list of customers and including but not limited to financial information, shall not take information of competitors in an unethical manner.
Protecting Company Assets
The assets of Coforge should not be misused but employed for the purpose for which they are duly authorized. These include tangible assets such as equipment and machinery, systems, facilities, materials, resources as well as intangible assets such as proprietary information, relationships with customers and suppliers, etc.
Integrity of Data Furnished
Employees shall ensure, at all times, the integrity of data or information furnished by him or her to the company.
Political Contribution
Coforge shall be committed to and support a functioning democratic constitution and system with a transparent and fair electoral system in India. It will fully comply with all local, state and federal or foreign laws and regulations regarding political contribution.
IV. Responsibilities to the Employees, Customers and Vendors Employee Privacy
Coforge and entities respects the personal information of employees. Coforge and its authorized entities / individuals collect and maintain personal information about employees, such as employment, medical, educational, family, travel, financial data, and other personal history. Coforge will maintain the confidentiality of such information about its former and existing employees; access to such information
will be restricted to people who need to know that information. Employees who have access to personal information have the added responsibility of ensuring the confidentiality of all such information. The disclosure of such information is to be made only in accordance with Coforge policies, and where there is a genuine business or legal requirement to do so. Personal information of employees is secured with high degree of controls, including technical and organizational security measures.
However, this privacy protection does not apply to an employee’s own personal information stored by self on Coforge devices or in office files. Coforge also has the right to monitor an employee’s use of his / her equipment and systems – telephones, emails, internet, computers, fax machines, etc. This applies to all Coforge-owned devices in the workplace and other locations. Mobile devices like – iPad, Tablets etc. Coforge understand its responsibility to appraise and acquaint all individuals working for Coforge anywhere in the world and at all levels and grades, including but not limited to officers, directors, employees, consultants, or any other persons associated with Coforge or any of its subsidiaries or their employees. Proper data protection awareness training programs are provided to keep them abreast of relevant legislation and guidance regarding the processing of personal data / information.
Quality of Products and Service
Company and Employees shall be committed to supply goods and services of the highest quality & international standards, backed by efficient after-sales service consistent with the requirements of the customers to ensure their total satisfaction.
Customer Relationships
Employees shall conduct business in such a manner that it creates value for the customers and builds a relationship based upon trust and goodwill. All employees, agents and contractors must act to preserve such goodwill and enhance Company’s as well as the Group’s reputation.
Competition
Company and Employees shall fully make every effort for the establishment and support of a competitive, open market economy in India and abroad and shall cooperate in the efforts to promote liberalization of trade and investment.
Government Relations
Company and employees shall comply fully with all applicable laws and regulations and to adhere to high ethical and legal standards of business practices.The Company will ensure that the disclosures we make in reports and documents that we submit to various Government / Statutory authorities and in other public communications are full, fair, accurate, timely and understandable.
Gifts and Donations
Under no circumstances, the Employees, agents or contractors offer, make, directly or indirectly, any illegal payments, promise to pay, remuneration, gifts, donations or comparable benefits which are intended to or perceived to influence any business decision or uncompetitive favors for the conduct of its business or any act or failure to act or any commitment of fraud, or opportunity for the commitment of any fraud. However, Coforge and its employees may accept and offer inexpensive gifts, infrequent business meals or celebratory events, which are customarily given and are of a commemorative nature, for special events.
V. Commitment towards Data Protection Regulation Compliance with Data Protection Laws
Coforge ensures that
- Proper procedures for the processing and management of personal data are in place and reviewed on regular intervals (Twice in a year).
- Data collectors within the organization have specific knowledge about data protection, compliance, and data subjects have right to information, which is precise, concise and easy to comprehend.
- A better and supportive environment is in place and personal data processing best practices are adopted in which purpose, period and category of processing is defined.
- Employees understand the process of managing personal data and the responsibilities associated with it
- Personal data is processed in accordance with data protection principles to keep data secure and safe from unauthorized access, alteration, use, or loss
- Other organizations with whom personal data needs to be shared or transferred meet compliance are traceable and auditable.
Coforge’s Rights and Obligations
Coforge reserves the right to collect, process, store, transfer, and retain the personal information of employees in the following manner:
- Collection: Coforge collects employees’ personal information at the time of joining and during their employment with the organization. The information includes personal identifiable information (such as name, middle name, last name, email address, family data, educational data, financial data, employment data, and health data and travel documents) that Coforge collects for its legitimate business purpose.
- Processing: Coforge processes employees’ personal and family information for the purpose of facilitating employment benefits (processing salaries, salary slips, appraisal letters, investment declaration, tax deduction benefits, health & insurance benefits, and other payroll activities) as well as for other administrative purposes. The data will be processed in accordance with the terms agreed under the employment contract or informed during employment and as required by law.
- Monitoring: Coforge reserves the right to monitor email communication, internet usage, telephone calls, and security checks within the organization to ensure compliance with personal data protection laws.
- Sharing / Transfer: Employees’ personal data shall be shared between Coforge entities and / or with third parties having contractual relationships with Coforge for the purpose of providing employment benefits, performing background checks, legal & statutory requirements and other administrative activities.
- Retention of records: Coforge shall retain the personal data of employees during their employment and after the cessation of the employment contract for a defined period as mentioned in retention policy and as per applicable laws of the jurisdictions where Coforge entities are located.
Coforge’s Responsibility and Commitment as a Data controller and Processor
Fair and transparent data processing: Coforge has set out rules for handling and processing personal information in accordance with data protection laws. Employees’ personal information shall be processed for specified explicit and legitimate business purpose and may not be processed further in a way incompatible with law. Employee personal data shall be processed lawfully, fairly, and in a transparent manner
Purpose of processing: Coforge understands and accepts its obligation to ensure that personal data is collected for specified, explicit, and legitimate purposes and that the data is not further processed in a manner incompatible with the defined purposes. Every reasonable step must be taken to ensure that any inaccurate personal data, with regard to the purposes for which it is processed, is erased or rectified without delay. Coforge collects minimum personal information from employees for facilitating employment-related benefits.
Storage of personal information: Coforge keeps personal information in a form that permits identification of employees for no longer than is necessary for the purposes for which the personal information is processed, subject to the contract entered into with employees or consent obtained.
Security of personal information: Coforge processes personal information in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
Coforge has adopted the required possible technical, organizational, and administrative security measures to ensure that the data is kept secured and is not disclosed – whether electronically, verbally, or in writing – to any unauthorized person, taking into account the type of information, the risk of breach associated, and the harm that may result from such a breach.
Information about the technical measures adopted to safeguard employees’ personal data is given in Coforge’s "Data Protection Policy"
Communication with employees: Coforge apprises all employees and acquaints them with the intended use of their personal data. Coforge ensures that employees are informed and aware of the following details with the help of employment contract, policies, handbooks, etc.
- The identity and the contact details of the controller or its representative
- The contact details of the data protection officer
- The purposes of the processing/updating/correcting/rectifying inaccurate datasets.
- The legal basis for the processing
- Where the processing is based on a legitimate interest, details must be provided
- The recipients or categories of recipients of the personal data
- Details of third country transfers (if any)
- Retention of personal data
- Portability/Erasure of data based on data subject legitimate rights
- Information about notification of breach / violation of data protection laws
Protection of Children’s Personal Data
Coforge ensures that (where applicable) when services are offered directly to a child, the privacy notice is written in a clear, plain manner that the child will understand it.
Appointment of Data Protection Officer
Coforge has appointed a data protection officer (DPO) to act as a central person, advising the company on compliance with the General Data Protection Regulation (GDPR). Details of the DPO are available on the Coforge website. Coforge’s DPO is responsible for overseeing the data protection strategy as well as its implementation to ensure compliance with the data protection requirements. The DPO is also a contact person for Supervisory Authorities (SAs) for communication and notification of personal data breaches, audit reports, results of privacy impact assessments, etc.
Data Protection Impact Assessment
All high-risk processes at Coforge are subject to a privacy impact assessment, which is conducted within the organization, group entities, etc., to identify and reduce risks.
Data protection audit and compliance verification: Coforge conducts internal audits on a regular basis or whenever required by law. Coforge agrees to provide a right of external audit to data protection authorities upon their request to verify compliance with applicable data protection legislation
ISO 27001 internal audits: Coforge conducts regular internal audits across the organization as well as in specific departments to ensure physical, logical, and information security standards are being followed as per ISO27001: 2013 standards.
External audits: Coforge undergoes external audits on an annual basis, as part of its continued compliance to ISO 27001 certification requirements.
Personal Data Breach Notification
A personal data breach refers to a security breach that leads to loss, altercation, unauthorized disclosure, or access to personal data. Any breach of data protection laws will be considered an offence. Violation / Any suspected breach with respect to these laws should be reported to the DPO via email at (privacy@coforge.com) or through the incident reporting mechanism available on iCoforgian portal. Wherever applicable, under breach notification laws and regulations, Coforge may notify the Data Protection Authority/Supervisory Authority and/or Data Subjects about the Privacy Breach, unless exempted.
Employee Rights
With regard to applicable data protection laws, data subjects (employees) are entitled to the below mentioned rights at Coforge:
- Right to be informed: Employees whose personal data is obtained, processed, stored, and shared are entitled to know that Coforge holds their personal data as well as the purpose for which such data will be processed.
- Right to Access, Rectify, Erase, and Freeze: Employees have the right to access their personal information that the company holds and can ask Coforge to "delete, freeze, or correct" such data. Employees can get their personal data deleted when it is no longer necessary to be processed or when it has been unlawfully processed. They can also require it to be frozen (i.e., prevent further processing of their data) where the processing is unlawful or when the employee contests the accuracy of the data.
- Right to Object to Data Processing: Right to Object to Data Processing: Employees have the right to object to / restrict the processing of their personal data, including profiling of personal data for any purpose considered to be illicit or about which they have not been informed at the time the information was collected from them. Coforge reserves the right to reject such requests if they affect Coforge’s business purposes. Also, employees shall note that the request raised for objection / restriction processing shall in no manner obstruct the day-to-day business activities or disrupt the disciplinary procedures of Coforge.
- Right to Object to Data Sharing: Employees have the right to object to the sharing of their personal data with cross-border Coforge entities or a third party having contractual relationships with Coforge for any purpose not defined or consented to. Employees can obtain their data when required or provide it to a third party, or they can ask Coforge to transfer it to a third party.
- Right to Lodge Complaint and Obtain Redressal: Violation with respect to these laws should be reported to the company’s DPO via an email (privacy@coforge.com) or through the incident reporting mechanism available on iCoforgian portal. Further, employees have a right to lodge a complaint to the relevant supervisory authority in case of any breach of data protection laws and claim compensation if they suffer as a result of the breach.
Reporting Violation of Code
Every employee and representative has a duty to adhere to this Code and all existing policies and procedures of Coforge, and to report any suspected violations in accordance with the procedure stated in the Whistleblower Policy. Employees and representatives must adhere to the letter and spirit of the Code. It is reiterated that this Code is not intended to be totally comprehensive, and Coforge relies on its employees and representatives to exercise discretion and engage in ethical conduct consistent with this Code.
Violation of / Non-compliance with this Code may subject the violator to individual criminal or civil liability (including penalties, fines, etc.), as well as to strict disciplinary action by Coforge (including dismissal). Disciplinary action may also be taken for authorizing or participating in a violation, knowingly failing to report a violation or suspected violation, refusing to cooperate with the investigation of a suspected violation, and retaliating against an individual who reported a suspected violation in good faith.
Any complaint / concern / incident / violation / non-compliance should be reported to the Disciplinary Committee
Coforge has established global privacy standards known as Binding Corporate Rules (BCRs). They are its commitment to protect Data Subject’s personal information and honor its privacy obligations regardless of where its personal information is collected, processed or retained within Coforge.
Coforge BCRs are in place to assure Data subjects that its personal information everywhere in the Coforge will be treated according to International Privacy standards.