Delupe Code of Business Conduct & Ethics

Purpose and Core Values

Delupe is committed to bridging the gap between merchants and consumers through advanced technology. All employees and partners must act with:

• Integrity: Behaving ethically, honestly, and reliably in every interaction.
• Accountability: Taking full responsibility for actions and outcomes.
• Innovation: Utilizing “smart bidding” and advanced analytics to deliver high-quality traffic.

Code Summary (Executive Overview)

This Code establishes the standards expected of everyone working for or with Delupe. It is built on four core principles:

1. Integrity in Business
   • Operate honestly and lawfully.
   • Prohibit bribery, corruption, collusion, and unfair practices.
   • Avoid conflicts of interest and insider trading.
2. Responsible Technology, Privacy & Security
   • Protect personal and confidential data of individuals whose personal data we process, including users, merchants, clients, employees, contractors, and government agencies under GDPR, CCPA, and other laws.
   • Maintain secure systems with MFA, access controls, and encryption.
   • Ensure accessibility and responsible use of AI.
3. Respect for People & Human Rights
   • Prohibit forced labor, child labor, discrimination, and harassment.
   • Ensure fair working conditions and lawful wages.
4. Environmental Sustainability & Governance
   • Measure and reduce GHG emissions.
   • Maintain strong compliance systems, whistleblowing channels, training, and audit transparency.

Every employee must read, understand, and comply with this Code. Violations may result in disciplinary action, including termination.

A Message from Leadership

A strong ethical foundation is essential for Delupe’s long-term success. This Code establishes clear expectations for how we conduct business, protect data, treat people, and meet our regulatory, platform, and partner responsibilities. It reflects the standards required to operate as a reliable and trustworthy partner in the global technology and advertising ecosystem.

All employees, contractors, and business partners are expected to understand and follow this Code at all times.

1. Business Integrity and Fair Competition

Delupe operates with honesty and transparency. We compete based on the merits of our service. As a digital advertising and comparison shopping services provider, Delupe commits to fair and transparent participation in platform ecosystems. We do not manipulate auctions, bidding mechanisms, or product data feeds, and we ensure that pricing, availability, and merchant information are accurate and not misleading.

1.1 Anti-Corruption and Anti-Bribery

Delupe maintains zero tolerance for corruption and improper influence in any form, whether involving public officials, private entities, or platform partners.

• Zero tolerance for bribery or corruption.
• No offering, giving, requesting, or accepting anything of value to improperly influence a decision.
• No facilitating payments.
• Full compliance with anti-corruption laws (FCPA, UK Bribery Act, and all applicable local laws).

1.2 Fair Competition (Antitrust)

• Pricing, bidding, and commercial terms are determined independently.
• No collusion, price-fixing, bid rigging or market allocation.
• No manipulation of auctions, bidding systems, or platform mechanics.

1.3 Conflicts of Interest

Employees must avoid situations where personal interests interfere with Delupe’s interests. All potential conflicts must be disclosed immediately.

1.4 Insider Trading

Employees may not trade securities of Delupe or any partner company while possessing material, non-public information obtained through work.

2. Data Privacy, Security, and Technology

2.1 Data Protection and Privacy

Delupe protects the personal and confidential data of individuals whose personal data we process, including users, merchants, clients, employees, contractors, and government agencies in full compliance with GDPR, CCPA, and all applicable privacy regulations.

Key principles include:

• Lawful, fair, and transparent data processing
• Strict adherence to consent requirements where applicable
• Data minimization
• Use limitations and purpose restrictions
• Secure data handling and storage
• No collection of sensitive data categories for advertising purposes
• Respect for individual rights (access, deletion, correction, etc.)

2.2 Information Security

Delupe maintains a security program certified to ISO 27001 standards designed to protect confidentiality, integrity, and availability.

Measures include:

• Encrypted data transmission (TLS/HTTPS).
• Multi-Factor Authentication (MFA).
• Role-based access and least-privilege permissions.
• Timely revocation of access upon role changes or termination.

Data Breach Notification: Delupe will notify affected partners without undue delay, no later than 72 hours, if a data breach involves personal data or systems integrated with partner services.

2.3 Accessibility

Delupe designs all user-facing products and services to meet or exceed WCAG 2.1 Level AA accessibility standards.

2.4 Responsible AI

When developing or deploying AI, Delupe ensures:

• Fairness and absence of harmful bias.
• Human oversight and transparency about AI usage.
• Secure and ethically sourced data for model training.
• Monitoring and quality assurance of AI systems in production.

2.5 Protection of Client Proprietary Information

• We strictly protect the intellectual property, trade secrets, and technical data of our clients.
• Confidential information is strictly segregated and is never used for any purpose other than the agreed scope of work.

3. Labor, Human Rights, and Workplace Conduct

3.1 Freely Chosen Employment

• No forced, bonded, or involuntary labor.
• No withholding of passports or identity documents.

3.2 Child Labor

• No employment under the age of 15 or local minimum age (whichever is higher).
• Workers under 18 will not perform hazardous or night work.

3.3 Non-Discrimination and Diversity

• Equal opportunity in all employment practices.
• No discrimination based on protected characteristics.

3.4 Anti-Harassment

Delupe prohibits all forms of harassment: verbal, physical, visual, and digital.

3.5 Wages, Benefits, and Working Hours

• At least legal minimum wage and all mandated benefits.
• Work weeks not exceeding 60 hours (including overtime).
• At least one day off in every seven-day period.

3.6 Operational Safety & Security

Delupe maintains an Occupational Health and Safety Management System aligned with ISO 45001 to identify, assess, and mitigate health and safety risks associated with office-based, remote, and business-related activities. Employees and contractors are expected to act responsibly with regard to health and safety and are empowered to stop any activity they reasonably believe to be unsafe without fear of retaliation.

4. Environmental Sustainability

4.1 Greenhouse Gas (GHG) Emissions

Delupe commits to:

• Annual measurement and reporting of Scope 1, 2, and 3 emissions.
• Target of reducing absolute emissions by 55% by 2030.
• Transition to 100% carbon-free electricity for operations and cloud infrastructure
• Energy Management: We maintain an Energy Management System certified to ISO 50001 to continuously improve energy efficiency.

4.2 Resource Efficiency

Delupe minimizes waste and water consumption and prioritizes infrastructure providers committed to net-zero carbon, in accordance with our ISO 14001 Environmental Management System.

5. Governance, Management Systems, and Enforcement

5.1 Management System

Delupe maintains an Integrated Management System (IMS) certified to ISO 9001 (Quality) and aligned with OECD Due Diligence Guidelines:

• Risk identification and assessment.
• Documentation of audits, controls, and training.
• Corrective action processes.

5.2 Supplier and Partner Requirements

All Delupe vendors, contractors, and subcontractors must comply with this Code or demonstrate equivalent standards.

5.3 Training and Attestation

• Mandatory training for all employees at onboarding and annually.
• Annual attestation of full understanding and compliance.

5.4 Whistleblowing and Non-Retaliation

Delupe provides a confidential and anonymous reporting channel:

• Email: xxxxxxxxxxxx

No retaliation is tolerated against anyone reporting concerns in good faith. Delupe will not use NDAs or legal threats to silence whistleblowers.

5.5 Compliance Ownership

A designated Compliance Officer is responsible for:

• Oversight of the Code
• Investigations
• Training and awareness
• Reporting to senior leadership
• Ensuring implementation and continuous improvement

5.6 Audit Rights

Delupe acknowledges that partners may request audits of compliance with this Code and will cooperate fully.