Code of Ethics and Conduct

Code of Ethics and Conduct

Document Version: XP.EN.34.02

Download PDF

Scope & Audience

This Code of Ethics and Conduct establishes a unified approach to how Xpand IT conducts its business. It applies to all employees, management, and representatives of Xpand IT, regardless of location, function, or seniority. It serves as a guide to making ethical decisions, fostering a responsible and inclusive work environment, and promoting trust with all stakeholders.

Purpose

This Code defines the fundamental principles, values, and standards that guide the actions and decisions of everyone at Xpand IT. It reflects our commitment to:


Integrity

Transparency

Respect

Responsibility

 

It aligns with the United Nations Global Compact (UNGC) principles, particularly those regarding human rights, labor, the environment, and anti-corruption.

Ethical principles

Integrity – Act with honesty and fairness in all internal and external interactions. Do not tolerate any form of fraud, corruption, or unethical behavior.


Respect and Inclusion – Promote diversity, equity, and mutual respect. Foster a safe, inclusive, and non-discriminatory environment.


Transparency – Communicate clearly, honestly, and responsibly. Information is shared truthfully, and confidential data is handled with care and according to applicable laws.


Responsibility – Be accountable for your actions and their impact on others, the environment, and the community. Strive for excellence, safety, and sustainability.

Human rights and labour standards

In alignment with UNGC Principles 3, 4, and 5, in Xpand IT:

  • We support freedom of association and collective bargaining, where appropriate;
  • We reject all forms of forced, compulsory, or child labor;
  • We ensure that no employee or potential employee Is directly or indirectly discriminated against based on color, beliefs, race, nationality, ethnic origin, minority status, marital status pregnancy, age, disability, religious or philosophical beliefs, sexual orientation, gender or gender reassignment;
  • We do not tolerate any type or form of harassment;
  • We expect the same commitment from all partners and suppliers.

Xpand IT’s approach to diversity is firmly grounded in the UNGC Principle 6, aiming to eliminate all forms of discrimination in the workplace and promote equal opportunity for all.


We are committed to protecting the dignity, rights, and well-being of every individual. Violations of this Code may lead to disciplinary measures.

Health, safety, and environment

Xpand IT ensures compliance with all applicable legal health and safety standards, and:

  • Maintains a healthy and safe workplace;
  • Promotes sustainable practices and environmental responsibility;
  • Aligns environmental policy with UNGC Principles 7, 8, and 9.

We support environmentally friendly technologies and promote responsible resource usage.

Conduct in business relationships

Our mission is to become the partner of innovation with more confidence, creating value in a sustainable way, using our local knowledge and our global talent.


With clients:

  • Act with integrity, transparency, and professionalism;
  • Deliver value through quality, secure, and reliable services;
  • Respect confidentiality and data privacy;
  • Refrain from engaging with entities that violate human rights.
    With shareholders and partners:
  • Communicate achievements, risks, and strategies in an honest and transparent manner;
  • Ensure strong governance and adopt best practices;
  • Deliver sustainable returns while ensuring ethical growth.

 

With suppliers:

  • Build relationships based on mutual trust, respect, and fairness;
  • Treat commercially sensitive information as confidential;
  • Avoid suppliers involved in unethical labor practices;
  • Do not keep, so aware, any business relationship with a supplier that makes use of child labor;
  • Do not accept or offer bribes, gifts, or undue advantages.

Personal and professional conduct

Under this Code, “all employees” means permanent employees, temporary workers, subcontractors or any person acting on behalf of Xpand IT. In all operations and/or activity, all employees should seek to act in accordance with the values of openness, commitment and innovation, maintaining high ethical standards. Each Xpand IT employee must meet the following rules:

 

  • Comply with all laws, regulations, and internal policies;
  • Avoid conflicts of interest and disclose potential risks;
  • Embrace diversity and reject harassment and discrimination;
  • Protect confidential and proprietary information;
  • Uphold intellectual property rights of all parties;
  • Commit to data protection and privacy obligations;
  • Refrain from discussing unreleased products or strategies.

 

Compliance with laws and regulations


Always act in compliance with applicable laws, regulations, and internal policies.


Act honestly: Act fairly in our markets, being honest and trustworthy in all businesses. The sale, rental, transfer, negotiation or disclosure of client/ supplier information to third parties is prohibited. Whenever possible best practices should be implemented to ensure common practices to clients regardless of their geographic location.

Conflict of interests

Whenever possible, avoid and inform your managers of any potential conflicts of interest that might be construed as bribes or improper payment. Aligned with the 10th principle of UNGC, Xpand IT and its suppliers should act against all forms of corruption, including extortion and bribery.

For more information, see Xpand IT´s Conflict of interest process.

Gifts and hospitality

Do not give or accept gifts, favors, or hospitality which may arise from any conflict of interest or potential issues of misconduct, which could be interpreted as a bribe.


The acceptance of favors of any kind by employees may be considered illegal or result in situations not recommended and can be seen as an act of undue enticement to get some kind of concession in return. Employees should not jeopardize Xpand IT name and reputation while representing the company. Therefore, you must comply with the provisions of Xpand’s Gifts and Hospitality Policy and act in accordance with the following principles:

 

  • Do not request any gift or favor;
  • Do not offer or accept money;
  • It is reasonable to accept some gifts, whether symbolic or hospitality, provided that its acceptance does not place the recipient under any obligation, does not violate any applicable law, not be misinterpreted or not involving a reciprocal exchange similar.

 

For more information, see Xpand IT´s Gift & Hospitality Policy and respective procedures.


Diversity


Make sure that no employee or potential employee is directly or indirectly discriminated against their color, beliefs, race, nationality, ethnic origin, compared with a minority, marital status, pregnancy, age, disability, religious or philosophical beliefs, sexual orientation, gender or gender reassignment and does not tolerate any type or form of harassment. Xpand IT’s approach in relation to diversity is based on the principle of UNGC 6, with a view to eliminating discrimination in the workplace.


Confidentiality


Handle appropriately confidential information belonging to Xpand IT, their suppliers and clients.
Property rights
Respect the property rights of Xpand IT, its suppliers and clients.

 

Environment


Defend the protection of a sustainable environment.
For more information, see Xpand IT´s Environmental Policy.


Data protection


Employees who work with personal data, or who have access to such data, must respect the privacy and integrity of the respective Holder, in accordance with the provisions of European Union legislation directly applicable in the legal systems of the States Members and with the provisions of national legislation in force, relating to the protection of any individual with regard to the processing of personal data and the free movement of such data, as well as applicable internal policies in terms of data protection and information security.


The collection of personal data must take place to the extent strictly necessary and for specific, explicit and legitimate purposes, and cannot be processed in a way that is incompatible with those purposes.


Employees cannot use personal data to which they have access within the scope of their professional role for illegal purposes or pass such data to unauthorized people, either internally or externally.


When a breach of personal data occurs, employees who have caused the incident or have knowledge that it has occurred or may occur, must report it immediately through Service Desk.


For more information, see Xpand IT´s policies, namely: Privacy Policy; Employee Privacy Statement; Background Verification Policy; Data Protection Policy.

 

Don’t discuss future offerings


As a general rule, don’t discuss product upgrades, future product releases, services prospects and opportunities. Because of potential revenue recognition issues and opportunity protection, it is especially important that we do not give pass information regarding possible deals to any external entity. Any exceptions must be approved by senior management.

Use of Social Media

As a company, we encourage communication among our employees, clients, partners, and others – and Web logs (blogs), social networks, discussion forums, wikis, video, and other social media can be a great way to stimulate conversation and discussion. They’re also an invaluable tool for experienced Xpand IT users who want to share information and tips on the use of Xpand IT solutions.


Social Media participation applies to:

  • All blogs, wikis, forums, and social networks hosted or sponsored by Xpand IT.
  • Employee personal blogs that contain postings about Xpand IT’s business, products, employees, clients, partners, or competitors.
  • Employee postings about Xpand IT’s business, products, employees, clients, partners, or competitors on external blogs, wikis, discussion forums, or social networking sites.
  • Employees participation in any video related to Xpand IT’s business, products, employees, clients, partners, or competitors, whether you create a video to post or link to on your blog, contribute content for a video, or you appear in a video created either by another Xpand IT employee or by a third party.

 

Even if the employee’s social media activities take place completely outside of work, as his/her personal activities should, what is said/posted can have an influence on your ability to conduct your job responsibilities, teammates’ abilities to do their jobs, and Xpand IT’s business interests.


Referring to clients or partners


Relationships with clients and partners are valuable assets that can be damaged through thoughtless comments. Even a positive reference could be picked up by a competitor and used to your company’s disadvantage. You should not post anything that references any clients or partners without obtaining the express permission by senior management.


Protect confidential information


You may not use your blog or other social media to disclose Xpand IT’s confidential information. This includes nonpublic financial information such as future revenue, earnings, and other financial forecasts, and anything related to Xpand IT strategy, products, policy, management, operating units, and potential acquisitions, that has not been made public.

Protecting confidential information from our employees, clients, partners, and suppliers is also important. Do not mention them, including Xpand IT executives, on social media without their permission, and make sure you don’t disclose items such as sensitive personal information of others or details related to Xpand IT’s business with its clients. Third party social media services use servers that are outside of Xpand IT’s control and may pose a security risk. Don’t use these services to conduct internal Xpand IT business.
In addition, you may not publish (nor should you possess) our competitors’ proprietary or confidential information. You may make observations about competitors’ products and activities if your observations are accurate and based on publicly available information. Take care not to disparage or denigrate competitors.

 

Refrain from objectionable or inflammatory posts


Do not post anything that is false, misleading, obscene, defamatory, profane, discriminatory, libelous, threatening, harassing, abusive, hateful, or embarrassing to another person or entity. Make sure to respect others’ privacy. Third party Web sites and blogs that you link to must meet our standards of propriety. Be aware that false or defamatory statements or the publication of an individual’s private details could result in legal liability for Xpand IT and you.

 

Don’t speak on behalf of Xpand IT


Remember that you are not an official spokesperson for Xpand IT. Make it clear that your opinions are your own and do not necessarily reflect the views of the corporation.
For this reason, Xpand IT employees with personal blogs that discuss Xpand IT’s business, products, employees, clients, or competitors should include the following disclaimer in a visually prominent place on their blog: “The views expressed on this blog are my own and do not necessarily reflect the views of Xpand IT.”
Similarly, if you appear in a video, you should preface your comments by making it clear that you are not an Xpand IT spokesperson and your opinion doesn’t necessarily reflect Xpand IT’s.


Don’t post anonymously


While you are not an official spokesperson, your status as an Xpand IT employee may still be relevant to the subject matter. You should identify yourself as an employee if failing to do so could be misleading to readers or viewers. Employees should not engage in covert advocacy for Xpand IT. Whenever you are blogging about Xpand IT-related topics or providing feedback relevant to Xpand IT to other blogs or forums, identify yourself as an Xpand IT employee.

 

Respect copyrights


You must recognize and respect others’ intellectual property rights, including copyrights. While certain limited use of third-party materials (for example, use of a short quotation that you are providing comment on) may not always require approval from the copyright owner, it is still advisable to get the owner’s permission whenever you use third-party materials. Never use more than a short excerpt from someone else’s work, and make sure to credit and, if possible, link to the original source.

 

Use video responsibly


Remember that you may be viewed as endorsing any Web video (whether hosted by YouTube or elsewhere) or other content you link to from your blog or posting, whether created by you, by other Xpand IT employees, or by third parties, and the Social Media Participation Policy applies to this content. Also, recognize that video is an area in which you need to be particularly sensitive to others’ copyright rights. You generally cannot include third party content such as film clips or songs in your video without obtaining the owner’s permission.

 

Stick to Xpand IT topics on Xpand IT sponsored blogs


Blogs that are hosted or run by Xpand IT should focus on topics that are related to Xpand IT’s business. Take care to avoid subject areas that are likely to be controversial, such as politics and religion.


Usage & productivity impact


Social media activities should be only used for business-related networking. Personal social media activities will not be accepted.

Compliance and reporting

Disciplinary measures


The breaking of the principles expressed in this Code by employees may lead to disciplinary action, including, if applicable, role dismissal and contract termination.


Reporting misconduct


Xpand IT aims to create a climate in which people can contribute when they consider that the conduct or decisions are unethical.

Any suspected breach of this Code must be reported via whistleblower channel. The whistleblower channel must be used exclusively to make breach reports in good faith and with a foundation.

Retaliation against anyone who reports misconduct or cooperates in an investigation is strictly prohibited.

The Company Secretary is responsible for initiating and supervising the investigation of all reports of violations of this Code and ensuring implementation of appropriate disciplinary measures.

Support and guidance

10.1. De acordo com as disposições do RGPD garantimos o exercício dos seguintes direitos como titular dos dados:

i) Direito de Acesso – tem o direito de nos solicitar, entre outros, informações sobre se seus dados estão ou não a ser tratados, quais os dados que tratamos e para quais finalidades.

Também pode solicitar uma cópia dos seus dados pessoais tratados por nós. Outras cópias podem estar sujeitas ao pagamento de uma taxa razoável, tendo em conta os custos administrativos. Se o pedido for apresentado em formato eletrónico, e salvo indicação em contrário, a informação será fornecida por nós num formato eletrónico comummente utilizado.

ii) Direito à retificação – tem o direito de ter dados pessoais imprecisos sobre si retificados e dados incompletos completados, sem atraso injustificado.

iii) Direito de Apagar – também referido como direito a ser esquecido – pode solicitar, sob certas circunstâncias, que seus dados pessoais sejam apagados de nossos registos, sem atraso indevido, quando qualquer uma das razões estabelecidas no RGPD se aplicar.

iv) Direito de objeção – tem o direito de objeção, por motivos relacionados com a sua situação particular, a certos tipos de tratamento de dados determinados no RGPD, como o tratamento para fins de marketing direto, caso em que cessamos o tratamento para esse fim.

v) Direito à Portabilidade – tem o direito de transferir os seus dados pessoais que mantemos para outra organização ou de os receber em um formato estruturado, comumente usado e legível por máquina.

vi) Direito à Restrição do Tratamento – o direito de obter a restrição do tratamento dos seus dados pessoais onde deseja, por exemplo, contestar a precisão dos seus dados pessoais por um período de tempo que nos permita verificar a sua precisão, onde o tratamento é ilegal ou onde você exerceu o seu direito de objeção.

vii) Reclamação – o titular dos dados também tem o direito de apresentar uma reclamação junto de uma autoridade de supervisão. A autoridade de supervisão portuguesa é a Comissão Nacional da Protecção de Dados (CNPD).

10.2 Para efeitos de exercício destes direitos, consulte o número 14 da presente Política de Privacidade, abaixo.

10.3 Dentro de 30 (trinta) dias receberá uma comunicação nossa devidamente fundamentada.

If an employee has any questions or concerns regarding these principles should:

Read the complementary internal policies and procedures, namely:

  • Governance
    • Privacy Policy
    • Employee Privacy Statement
    • Background Verification Policy
    • Data Protection Policy
    • Whistleblowing Policy
    • Conflict of Interest Management Process
    • Gift and Hospitality Policy
    • Anti-corruption & Bribery Policy
    • Anti-fraud Policy
  • Social
    • Labor and Human Rights Policy
    • Working Conditions Policy
  • Environmental
    • Sustainable Procurement Policy
    • Environmental Policy
  • Talk to the Team Leader / Project Manager or a Human Resources’ representative.


Xpand IT is committed to identify any unlawful conduct, improper or unethical that occurs in the workplace or related sites.

Search

    Most Popular

    Generative AI

    Cloud

    Job opportunities

    Success stories