Supplier Code of Conduct

Draft only. Requires legal review before publication. This software provides compliance tooling, but does not provide legal advice.

Supplier Code of Conduct

Purpose

Set baseline privacy, security, ethical, and legal expectations for vendors and suppliers.

Source model

This slot follows mature SaaS and security-software legal-center patterns: Zapier-style customer terms, DPA, subprocessors, security, and data-transfer material; Avast-style license, acceptable-use, privacy, IP, transparency, and accessibility material.

Jurisdiction focus

Prepare this for EU users and Czech-market operation. Complete operator details, Czech consumer wording, cookie consent behavior, GDPR roles, and cross-border transfer safeguards before publication.

Compliance

Suppliers must comply with applicable law, sanctions, anti-bribery, anti-corruption, tax, labor, consumer, security, and data-protection obligations.

Privacy and security

Suppliers that process personal data or access BAAM AI systems must sign appropriate data-processing and confidentiality terms and maintain suitable technical and organizational measures.

Subcontractors

Suppliers should not use subcontractors for BAAM AI data or services without required approval and flow-down obligations.

Conflicts and ethics

Suppliers must avoid conflicts of interest, deceptive conduct, and misuse of confidential information.

Reporting

Provide a channel for reporting security, privacy, ethics, or compliance concerns.

Completion checklist

• Use for vendors with access to data or infrastructure.
• Align with procurement and DPA processes.
• Review if selling to enterprise customers.