Third Party Code of Conduct

LAST UPDATED: June 2024    

Introduction

HEADCHECK Health, Inc., together with its subsidiaries and partners (collectively referred to as “HEADCHECK”), is dedicated to maintaining the highest ethical standards and compliance with all relevant laws and regulations in Canada and other regions where HEADCHECK operates or conducts business. In line with this commitment, HEADCHECK requires that all businesses and individuals it engages with also comply with applicable laws. HEADCHECK relies on its business partners—including, but not limited to, suppliers, vendors, distributors, subcontractors, brokers, agents, wholesalers, consultants, third-party administrators, and any other entities acting on HEADCHECK’s behalf (collectively referred to as “Third Parties”)—to uphold the same core values and principles as HEADCHECK. This Third Party Code of Conduct outlines HEADCHECK’s expectations for all Third Parties engaged by HEADCHECK.

 

Scope

This Third Party Code of Conduct applies to all Third Parties engaged by HEADCHECK. A copy of this Third Party Code of Conduct shall be provided to all Third Parties engaged by HEADCHECK at the time of the engagement or within a reasonable time thereafter.

The Code does not cover every issue that may arise but sets out basic principles that must be adhered to in carrying out third party activities on behalf of HEADCHECK.

 

Standards and Expectations

HEADCHECK expects Third Parties to conduct business with honesty, integrity and in full compliance with all applicable laws and regulations in which they operate. In addition to the obligations that Third Parties assume when acting on HEADCHECK’s behalf in contractual agreements with HEADCHECK, HEADCHECK expects all Third Parties to meet the obligations described below. To the extent more specific terms and conditions are contained in a contractual agreement, the more specific terms and conditions govern. HEADCHECK reserves the right to seek information and documentation from Third Parties to assess compliance with this Third Party Code of Conduct.

 

1.    Conflicts of Interest:

  • Third parties shall exercise due care and diligence to avoid situations where the third party’s interests may conflict, or be perceived to conflict, with the interests of HEADCHECK. The third party must immediately report to HEADCHECK any instance of actual or perceived conflict of interest. If a conflict of interest exists, the third party must not attempt to gain advantage or preferential treatment as a result of the conflict situation.

 

2.      Antitrust and Competition Law:

  • Third parties shall conduct business on HEADCHECK’s behalf in full compliance with anti‐trust and fair competition laws and regulations applicable in the jurisdictions in which they operate.

 

3.    Anti-Money Laundering:

  • Third parties must not directly or indirectly engage in any money laundering activities, or conduct that violates anti‐money laundering laws by accepting, transferring, converting or concealing money obtained from criminal activities or related to terrorist financing.

 

4.    Anti-Corruption and Anti-Bribery:

  • HEADCHECK will not tolerate bribery, corruption, extortion, or otherwise inappropriately influence or attempt to influence public officials or others in order to obtain a business advantage or preferential treatments. Third parties must comply with HEADCHECK’s guidelines in their dealings with, or on behalf of, HEADCHECK, and all applicable legislation pertaining to anti‐corruption and anti‐bribery, and must not directly or indirectly engage in any activities that would violate anti‐bribery laws.

 

5.    Gifts and Entertainment:

  • Third parties must not offer or receive gifts, entertainment or anything of value to gain an improper advantage or preferential treatment vis‐à‐vis, or on behalf of, HEADCHECK. Gifts, entertainment and any advantages either given or received in connection with our business must not influence an upcoming decision, must be for a valid business purpose and appropriate to the circumstances under which they are offered, including being legal, unsolicited, considered an accepted business practice and reasonable and modest in terms of value, frequency and quantity.

6.    Data Privacy and Security:

  • Third parties must comply with all applicable Canadian, U.S. and international data privacy, data protection, information security and cybersecurity laws and regulations, including laws and regulations regarding the cross-border transfer of personal information. This includes the maintenance of appropriate procedures, safeguards and controls to secure and protect the confidentiality, integrity and availability of all Confidential Information received from, or processed on behalf of, HEADCHECK.
  • Third parties must notify HEADCHECK immediately of any compromise or increased risk of compromise of any personal information received from, or processed on behalf of, HEADCHECK. They must also notify HEADCHECK immediately of any complaints or requests received from individuals relating to personal information received from, or processed on behalf of, HEADCHECK.

 

  1. Confidential Information: HEADCHECK expects its Third Parties to protect the privacy, confidentiality and security of all non-public information, including non-public personal information, received from, processed on behalf of, or disclosed by, HEADCHECK. Third parties must implement appropriate administrative, technical, and physical security controls to safeguard such information including by ensuring that employees of Third Parties are subject to appropriate confidentiality obligations and adequately trained. No disclosure of such Confidential Information is permitted except as required by law or with the express written consent of HEADCHECK, or in accordance with written agreements between Third Parties and HEADCHECK. Where more specific confidentiality terms are included in a Third-Party agreement, the terms of the agreement govern. Third parties must report promptly to HEADCHECK any actual or suspected disclosure or loss of any personal or confidential information of HEADCHECK, its employees, advisors, or other third parties.
  2. Conflicts of Interest: HEADCHECK expects Third Parties to avoid actual or potential conflicts between their personal interests and the interests of HEADCHECK. Third Parties shall not knowingly deal directly with an HEADCHECK employee whose family member or relative, including spouse or domestic partner, has a financial interest in the Third Party.
  3. Protection and Use of Corporate Assets and Information: 
    • Intellectual Property: HEADCHECK requires its Third Parties to protect the intellectual property of HEADCHECK and its business partners and suppliers (including other Third Parties). Third Parties must consult with HEADCHECK or the applicable IP owner in advance of using or disclosing HEADCHECK’s or another party’s intellectual property to other third parties without the express written consent of HEADCHECK or the applicable owner. HEADCHECK or the applicable owner shall remain the owner of such intellectual property and no rights or interests are transferred to Third Parties.
    • Corporate Property: Third parties must use corporate property (as defined below) responsibly and solely for authorized business purposes and must ensure that corporate property is returned to HEADCHECK upon termination of contract as appropriate or upon request. Corporate property includes HEADCHECK’s equipment, supplies, intellectual property (including HEADCHECK’s name), records, documents, and other assets. Third parties who are using HEADCHECK’s hardware, software, website, e‐mail, telecommunications, internet access or other systems that support and host the network of HEADCHECK are expected to abide by HEADCHECK’s guidelines with respect to the proper use of those facilities.
    • External Communications: Third parties must obtain prior written permission from HEADCHECK before publicly discussing, reviewing, referencing or otherwise commenting on HEADCHECK’s business, relationships, programs or brand publicly.
    • Business Continuity: Third parties shall have in place procedures, adapted to their particular circumstances, to maintain their business continuity in accordance with applicable laws, industry standards and contractual requirements.
  4. Records Retention and Management: HEADCHECK expects Third Parties that create or maintain on behalf of HEADCHECK records, regardless of whether in electronic, hardcopy or other form, that contain information relating to HEADCHECK operations and administration and/or are subject to legal or regulatory retention requirements (“HEADCHECK Records”) to retain such HEADCHECK Records in accordance with all applicable legal and regulatory retention or disposal requirements, as well as any specific retention or disposal provisions that are included in a Third Party Agreement.

 

Monitoring and Enforcement

HEADCHECK reserves the right to assess and monitor third party practices with respect to this Code, including self‐assessment questionnaires. Third parties must be able to demonstrate compliance with the Code upon request.

In the case of a violation or potential violation to the Code, the third party shall take all reasonable measures to meet the requirements set out in the Code in a diligent manner. Failure to comply with the Code may result in the termination of the business relationship.

 

Reporting Violations

  1. Reporting Illegal or Unethical Behaviour: Third parties are expected to provide their employees with mechanisms to report violations or potential violations of this Code or any law, rule or regulation, without fear of reprisal. Any violation or potential violation relating to work performed for, or on behalf of, HEADCHECK must be reported to HEADCHECK’s General Counsel.
  2. Contact Information: Any questions regarding the Code and its application or interpretation should be directed to the Office of the Chief Privacy Officer, as appropriate.