Sustainability principles

Introduction

1.1 The Supplier warrants, represents and undertakes to Adday that: 

1.1.1 It has adopted and maintains policies which commit it to the principles equivalent to those set out in Paragraphs 2, 3 and 4 (the “Sustainability Principles”); 

1.1.2 it shall, and shall ensure that its employees, agents, suppliers and sub-contractors comply with principles no less onerous than the Sustainability Principles throughout all stages of production and supply, during its commercial relationship with Adday. 

1.1.3 it shall strive continuously to implement the principles laid down in the Paragraph Sustainability Principles. 

1.2 To enable the Supplier to better follow up the implementation of the Sustainability Principles within its organisation, the Supplier shall register all of its production sites supplying to Adday on a specialised internet platform recommended by Adday. 

1.3 The parties agree that Adday or its authorised external body shall have the right at any time to audit and monitor the Supplier’s compliance with and implementation of the Sustainability Principles. Adday shall have free access to audit at any time the manufacturing and/or warehousing sites of the Supplier, including without limitation, the premises, the plants, company records, and the complete process of production. 

1.4 If any Sustainability Principle is breached, the parties shall meet at Adday’s request and discuss the reasons leading to the breach and the steps required to remedy the breach. The Supplier shall make proposals for corrective actions and a timetable to completion of such corrective actions (to be approved by Adday, acting reasonably). 

1.5 If the corrective actions are not implemented to Adday’s satisfaction within the agreed timescale or if the breach by the Supplier of any of the Sustainability Principles recurs, this shall be regarded as a material breach which is not capable of remedy entitling Adday to terminate the Contract in accordance with Clause 11.2.1 of the Conditions. 

 

Fundamental social principles

2.

2.1 CHILD LABOUR The Supplier does not employ children aged under 18.If the law sets a higher minimum working age or compulsory schooling is to a higher age, it is this limit that applies. 

Educational programs and training are not included in this limitation. 

2.2 FORCED LABOUR The Supplier does not use forced or compulsory labour, meaning any work or service performed under threat or that is not consented to by the person concerned. 

2.3 DISCRIMINATION With due regard for applicable law, the Supplier refuses to engage in any discriminatory practices. Discrimination means any distinction, exclusion or preference limiting equality of opportunity or treatment. It may be based on race, colour, sex, sexual orientation, religion, political opinion, age, nationality, family obligations or other considerations. 

2.4 FREEDOM OF ASSOCIATION AND RIGHT TO COLLECTIVE BARGAINING The Supplier recognises and respects employees’ freedom of association and their right to freely choose their representatives. The Supplier also recognises employees’ right to collective bargaining. The Supplier ensures that employee representatives do not suffer any discrimination. 

2.5 HEALTH CARE AND SAFETY AT WORK The Supplier ensures that the workplace and its environment do not endanger the physical integrity or health of employees. Action to reduce the causes of accidents and improve working conditions is the object of ongoing programs. Sanitary equipment, canteens and housing provided to employees are built and maintained in accordance with applicable legal requirements. As a minimum, the Supplier must provide employees with drinking water, clean toilets in adequate number, adequate ventilation, emergency exits, proper lighting and access to medical care. 

2.6 WORKING HOURS The Supplier must ensure that national applicable legal restrictions on working hours, including overtime, are complied with. Employees have at least one day off each week, apart from exceptional circumstances and for a limited period. 

2.7 PAYMENT The Supplier ensures that: 

2.7.1 No wage is lower than the applicable legal minimum; 

2.7.1 All employees receive a pay slip; 

2.7.3 Employees receive a decent wage, as compared to standard pay practices in their country; and 

2.7.4 Wage rates for overtime are in all cases higher than for normal hours.

Fundamental environmental principles

3.

3.1 PRESERVATION OF RESOURCES The Supplier does not employ children aged under 18.If the law sets a higher minimum working age or compulsory schooling is to a higher age, it is this limit that applies. 

3.1.1 PRODUCTION The Supplier shall work on minimising the consumption of energy coming from all the sources. It will develop the use of renewable energy. 

3.1.2 PACKAGING The Supplier shall work on minimising product’s packaging for optimising the product service (Eco-conception). To do so, the Supplier shall privilege the recycled raw materials, contribute to developing recycling and recycling fields. 

3.1.3 LOGISTICS The Supplier shall optimise transportation to reduce fuel consumption. 

3.1.4 WATER The Supplier shall minimise the water consumption. 

3.2 CHEMICALS The Supplier shall reduce the use of chemicals and fertilisers and exclude the use of chemicals and fertilisers which are hazardous to the health of consumers. 

3.3 CLIMATE CHANGE & GREENHOUSE GASES EMISSIONS The Supplier shall work at measuring direct and indirect greenhouse gases emissions of its different activities. The Supplier shall work at minimising its overall greenhouse gases emissions. 

3.4 ENVIRONMENTAL MANAGEMENT The Supplier shall work at measuring and controlling its environmental risks. The Supplier shall work at measuring its transported, imported and hazardous wastes according to the Basel Convention. The Supplier shall aim to put in place the environmental management system recognised by national/international authorities. 

3.5 ANIMAL TESTING Suppliers who provide either milk or its derivates to Adday should incorporate measures to protect the welfare of their livestock. Animal testing should not be performed if another scientifically satisfactory method of obtaining the result sought, not entailing the use of an animal, is reasonably and practically available. 

  1. BUSINESS ETHICS PRINCIPLES The highest standards of ethical, moral and lawful conduct are expected from our suppliers. In particular, we expect our suppliers, their agents and their contractors, to be familiar with and comply with all legal and contractual obligations relating to their business activities, and we will not accept any conduct (including by omission) that is unlawful or that violates such obligations. Further, we prohibit the offer or receipt of gifts, hospitality or expenses whenever such arrangements could affect the outcome of business transactions and are not reasonable.

 

Data protection 

1. Both parties shall comply with all applicable requirements of the Data Protection Legislation. This Paragraph 1 is in addition to, and does not relieve, remove or replace, either party's obligations under the Data Protection Laws. 

2. To the extent that the either party acts as a Controller in respect of any Personal Data shared by it with the other party acting as a Processor, or generated by or for it in the performance of its obligations under the Contract, the Controller shall: 

2.1.1 Prevent or restrict it from disclosing or transferring the Personal Data to the other as required under the Contract; or 

2.1.2 Prevent or restrict it from Processing the Personal Data as contemplated under the Contract; 

2.2 In relation to Personal Data which the Controller has collected and subsequently transferred to the Processor, ensure that all fair processing notices have been given (and, as applicable, consents obtained from Data Subjects) and are sufficient in scope to enable the Processor to process the Personal Data as required in order to obtain the benefit of its rights and to fulfil its obligations under the Contract in accordance with the Data Protection Laws; 

2.3 Only send Personal Data which is required by the Processor under the Contract; 

2.4 Ensure that any Personal Data transferred to the Processor is accurate in all respects; 

2.5 Only provide Personal Data to the Processor by using secure methods; 

2.6 Comply with its obligations to report a Data Security Incident to the ICO and (where applicable) Data Subjects under Article 33 of the GDPR and shall inform the Processor of any Data Security Incident irrespective of whether there is a requirement to notify any Supervisory Authority or any Data Subjects; 

2.7 Not cause the Processor to breach any Data Protection Laws; 

2.8 Provide all such assistance to the Processor as is reasonably required to enable it to comply with requests from Data Subjects to exercise their rights under the Data Protection Legislation or in relation to any Data Security Incident within the time limits imposed by the Data Protection Laws; 

2.9 Implement and maintain, at its cost and expense, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, appropriate technical and organisational measures to ensure a level of security appropriate to the risk; 

2.10 Only use Controller Data during the term of the Contract for the purposes of performing its obligations or exercising its rights under the Contract; and 

2.11 Undertake any privacy impact assessments that are required by the Data Protection Laws (and, where required by the Data Protection Laws, it shall consult with the ICO in respect of any such privacy impact assessments). 

3. Without prejudice to the generality of Paragraph 2, in relation to the processing by the Processor of any Personal Data of which the other party is the Controller in connection with the performance by the Processor of its obligations, or the exercise by it of its rights under, the Contract, the Processor shall: 

3.1 Process such Personal Data solely in accordance with the Controller’s documented instructions (unless otherwise required to do so by law, in which case the Processor shall promptly notify the Controller of this before performing the processing, unless those laws specifically prohibit the Processor from doing so); 

3.2 Ensure that all personnel who have access to or process Personal Data are under binding obligations of confidentiality with the Processor to keep the Personal Data confidential and to maintain the levels of security and protection as required under the Contract, and the Processor shall remain liable to the Controller for any failure of any such personnel to act in accordance with the duties and obligations of the Processor under this Paragraph 3; 

3.3 The written direction of the Controller, delete or return to the Processor any Personal Data stored and all copies thereof on termination of the Contract, unless otherwise required by law to store the Personal Data (in which case the Processor shall promptly notify the Controller of this and shall only store the Personal Data to the extent required by the law in question); and 

3.4 Maintain complete and accurate records of all processing activities carried out under the Contract and all information necessary to demonstrate its compliance with this Paragraph 3. 

4. The Processor shall ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected. 

5. In complying with Paragraph 5, the Processor shall have regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring the confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). 

6. The Processor shall: 

6.1 Provide all assistance reasonably required by the Controller in responding to any request from a Data Subject and ensuring compliance with the Controller’s obligations under the Data Protection Laws with respect to security, Security Incident and breach notifications, impact assessments and consultations with supervisory authorities or regulators; and 

6.2 Immediately notify the Controller on becoming aware of a Security Incident, any access request or complaint received from a Data Subject, or request for disclosure of Personal Data to any law enforcement authority (unless otherwise prohibited by law). 

7. The Processor shall not: 

7.1 Transfer the Personal Data to any other person (including any third-party processor of Personal Data or sub-processor) without the express prior written consent of the Controller; and 

7.2 Transfer any Personal Data outside of the European Economic Area unless the prior express written consent of the Controller has been obtained and the following conditions are fulfilled: 

7.2.1 The Controller or the Processor has provided appropriate safeguards permitted by the Data Protection Legislation in relation to the transfer; 

7.2.2 The Data Subject has enforceable rights and effective legal remedies; 

7.2.3 the Processor complies with its obligations under the Data Protection Laws by providing an adequate level of protection to any Personal Data that is transferred; and 

7.2.4 The Processor complies with reasonable instructions notified to it in advance by the Controller with respect to the processing of the Personal Data. 

8. Any authorised sub-processors or intended transferees of Personal Data under the Contract outside the European Economic Area, which are authorised by the Controller as at the date of the Contract shall be kept up to date and accurate at all times by the Processor pursuant to and in accordance with the terms of the Contract. 

9. The Processor shall not attempt to exclude or otherwise limit its liability with respect to rights of Data Subjects under the Data Protection Laws, the Contract or otherwise. 

10. The Processor shall fully indemnify the Controller and keep the Controller fully indemnified from and against any actions, claims, demands, costs (including reasonable legal costs), expenses, loss, damage, regulatory penalties or other liability suffered or incurred by the Controller that arise as a result of, or in connection with, the processing of any Personal Data by the Processor under the terms of or in connection with the Contract or otherwise on behalf of the Controller. 

11. Without prejudice to the generality of the foregoing, the Processor shall ensure that its personnel only take instructions from the Controller in relation to the processing of Personal Data for the purpose of and under the terms of the Contract or otherwise on behalf of the Controller. 

Contact us 

For any questions, please contact: accountspayable@aymes.com