Skip to main content

Supplier Code of Conduct

This Supplier Code of Conduct describes what we expect from our suppliers, service providers, and business partners. It applies to all companies and individuals that deliver goods or services to Zation AG.

We expect our suppliers to be aware of these expectations and to reflect them in their own work. We do not require formal acknowledgement. If we see signs of material deviation, we seek a conversation and reserve the right to reconsider the business relationship.

What this is about

Our own values and rules of conduct are described in our Code of Conduct. What we live internally, we also expect along our supply chain. This is not only a compliance matter. It is part of how we understand responsible business.

Law and compliance

We expect our suppliers to:

  • comply with all laws and regulations applicable in their country
  • respect international sanctions and export controls
  • pay taxes correctly and transparently
  • hold all required permits and licences

Human rights and working conditions

We expect our suppliers to:

  • respect internationally recognised human rights
  • not tolerate forced labour, child labour, or modern slavery, neither in their own operations nor in their own supply chain
  • pay fair wages, at minimum at legal level
  • grant reasonable working hours and rest periods
  • respect employees' right to freedom of association and collective bargaining
  • provide safe and healthy working conditions
  • prevent discrimination and harassment of any kind

Environment

We expect our suppliers to:

  • comply with environmental regulations and exceed them where possible
  • know their carbon footprint, or be working to capture it
  • use resources, energy, and materials consciously
  • avoid waste and dispose of it responsibly
  • consider environmental criteria when selecting their own suppliers

Integrity and anti-corruption

We expect our suppliers to:

  • not give or accept undue advantages, neither from us nor from third parties
  • keep gifts and invitations within a reasonable scope
  • disclose conflicts of interest
  • not enter into anti-competitive agreements
  • actively prevent money laundering and fraud

Information security and data protection

We expect our suppliers to:

  • protect confidential information that we share with them
  • process personal data in line with applicable law, in particular revDSG and GDPR
  • implement adequate technical and organisational security measures
  • report security incidents that may affect us without undue delay
  • sign a data processing agreement (DPA) with us where they process our data as a processor

Intellectual property

We expect our suppliers to:

  • respect third-party intellectual property
  • protect our intellectual property and use it only within the agreed scope
  • not disclose confidential information without authorisation

Responsible AI

Where suppliers use AI in services delivered to us, we expect:

  • transparency about where and how AI is used
  • no processing of our data in AI models without our explicit consent
  • compliance with relevant regulation (EU AI Act, Swiss practice)
  • responsible handling of AI outputs, including a human in the loop for important decisions

Sub-suppliers

Suppliers that pass on substantial parts of their service to third parties make sure that these sub-suppliers meet equivalent standards. On request, they disclose their substantial sub-suppliers.

Audit and review

We reserve the right to verify compliance with this Code by our suppliers. In practice, this can mean:

  • requesting self-declarations, certifications, or third-party audit reports (for example ISO 27001, SOC 2, EcoVadis)
  • where there is reasonable suspicion: written enquiries on specific topics
  • for critical suppliers and with reasonable cause: on-site audits conducted by us or commissioned third parties, with appropriate prior notice

We use this audit right reasonably and proportionately. Our goal is not to control suppliers, but to create clarity where there are legitimate concerns.

Reporting violations

Anyone in our supply chain who notices a violation of this Code can report it:

  • through their direct business contacts at Zation
  • by email to info@zation.io
  • confidentially to the management

We take all reports seriously, examine them, and treat reporters confidentially. We do not accept any disadvantages for those who report in good faith.

Consequences of violations

In the case of identified violations, we first seek a conversation and agree on corrective measures with a reasonable deadline. In the case of serious or repeated violations, we reserve the right to terminate the business relationship. In the case of criminally relevant incidents, we consider legal steps.

Changes to this Code

We update this Code as needed, at least every two years. The current version is always available at this URL.

Last updated: June 27, 2026