Code of Conduct

Albireo Energy Standards of Business Conduct and Ethics for Third Parties

Introduction

All business activities at Albireo Energy stand firmly on the foundation of our commitment to ethics, integrity and compliance with all applicable laws, regulations, guidelines and industry codes. We are also dedicated to the highest standards of ethical behavior and to economic, social and environmental sustainability.

The Standards of Business Conduct and Ethics for Third Parties (Code of Conduct) apply to all third-party companies with whom Albireo Energy has agreements, such as suppliers, consultants, service providers, co-promotion and development partners. Albireo Energy recognizes that Third Parties have an important role in our success, and we strive to conduct business only with Third Parties who share its commitments.

Albireo Energy offers an Ethics & Integrity Line for employees and Third Parties to report concerns related to potential violations of the Code of Conduct. Third Parties who choose to identify themselves are assured that Albireo Energy will not retaliate in any manner against individuals who make reports in good faith. Albireo Energy will review / investigate reported concerns.

Compliance and Ethics

Third Parties should conduct their business in compliance with applicable laws, regulations, guidelines and industry codes, and in an ethical manner. The Code of Conduct is not a substitute for, nor should it be considered to replace or override, applicable laws and regulations but sets the minimum standards of behavior that are to be followed.

1. Anti-Bribery and Corruption
All forms of bribery, corruption, extortion and embezzlement are prohibited. Third Parties should not pay or accept bribes or participate in other illegal inducements in business or government relationships, or through the use of intermediaries. Third Parties should ensure they have adequate systems in place to prevent bribery and comply with applicable laws.

Albireo Energy employees are not permitted to accept gifts, corporate hospitality or other benefits from any Third Party who is involved in any ongoing or imminent tender or contract negotiations with Albireo Energy, or if the employee is in a position to influence the choice of Third Party. All corporate hospitality events should run through the normal compliance process at Albireo Energy to ensure 100% integrity.

2. Fair Competition and Confidentiality
Third Parties should conduct their business in compliance with applicable fair competition and anti-trust laws, and fair business practices. Third Parties should not communicate externally about Albireo Energy’s prospects, performance or policies, or disclose publicly any confidential or proprietary information related to any aspect of Albireo Energy’s business.

3. Conflicts of Interest
Third Parties must disclose to Albireo Energy all conflicts of interest or situations giving the appearance of a conflict of interest in its relationship with Albireo Energy. The supplier must inform Albireo Energy if an Albireo Energy employee, former acquisition owner or direct family member owns a financial or other interest in the Third Party or works at the Third Party in an influential position.

4. Data Privacy and Security
Third Parties should safeguard and make only proper use of confidential information to ensure that company, worker, and patient privacy rights are protected. Third Parties should comply with applicable privacy and data protection laws and ensure the protection, security and lawful use of personal data.

5. Accuracy of business records
Third Parties should create and maintain accurate and complete business records in accordance with international accounting principles. Third Parties are required to provide Albireo Energy, upon request, with information about the manufacturing location of products, and information required by local, state or government audits, and provide proof of origin.

6. Trade
Third Parties should comply with all applicable import and export controls, sanctions, and other trade compliance laws of the country(ies) where the transaction(s) occur(s).

Human Rights and Labor

Third Parties are expected to comply with all labor and human rights policies and governance in the U.S. This includes complying with all US labor laws, and human rights.

1. Voluntary Employment
Third Parties should not under any circumstances use forced, bonded, enslaved, indentured or involuntary prison labor, or contract with subcontractors or suppliers using these practices. Mental and physical coercion, slavery and human trafficking are prohibited.

2. Child Labor and Young Workers
Third Parties should not under any circumstances use workers under the age of 15 or under the local legal minimum age for work or mandatory schooling age, whichever is highe No young worker should do work that is mentally, physically, socially or morally dangerous or harmful or interferes with their schooling by depriving them of the opportunity to attend school.

3. Non-discrimination and Fair Treatment
Third Parties should provide a workplace that is free of harassment and discrimination. Discrimination for reasons such as gender, race, color, religion, national origin, age, physical or mental disability, pregnancy, citizenship, status as a covered veteran, marital status, sexual orientation, gender identity and expression, or any other characteristic protected by law is not permitted. Third Parties should provide a workplace that is free of human rights abuses, including sexual harassment, sexual abuse, corporal punishment, excessive force, mental or physical coercion, and verbal abuse, or threats of such actions.

Health, Safety, Environmental

Third Parties should provide a safe and healthy working conditions for all employees, and operate in a manner that is responsible to the environment.

1. Safe Conditions
Third Parties must ensure that its employees have a safe and healthy working environment in compliance with all applicable laws and regulations. All Third Parties should have the appropriate health and safety information published and available to its employees as required by OSHA. Third Parties are responsible and must have controls in place to ensure that all supplier employees working for Albireo Energy are not under the influence of alcohol or drugs while working indirectly or directly for Albireo Energy.

2. Emergency Preparedness and Response
Third Parties should identify and assess emergency situations in the workplace and minimize their impact by implementing emergency plans and response procedures.

3. Environmental Compliance
Third Parties must comply with all applicable environmental laws and regulations and have policies and controls in place to prohibit the use of or dispose of hazardous materials. Third Parties are responsible for obtaining, complying and maintaining all environmental permits, licenses and registrations necessary to comply with all local, state and national governmental regulations.

4. Environmental Responsibility
Third Parties should conserve natural resources, avoid the use of hazardous materials where possible, and reuse or recycle appropriate materials. Third Parties should take measures and be prepared to share performance data related to operational efficiency improvements, consumption of natural resources, and sustainable sourcing.

Data Protection and Cybersecurity

Data protection and cybersecurity are extremely important to Albireo Energy. Third Parties are required to take best practice approaches to the protection and security of data.

1. Information Protection
Third Parties must implement encryption protocols (e.g., AES, TLS) for the storage and transmission of sensitive information to protect against unauthorized access. Strict access controls measures must be in place, ensuring that only authorized users have access to sensitive data. This includes implementing role-based access controls and multi-factor authentication. Sensitive data, such as personally identifiable information or proprietary business information, should be masked or anonymized when possible, to minimize exposure risk. Third parties should employ Data Loss Prevention solutions to detect and prevent potential data breaches, ensuring that sensitive information is not accidentally or maliciously leaked.

2. Cybersecurity Measures
Third Parties must secure networks using firewalls, intrusion detection/prevention systems, and regular vulnerability assessments to protect against cyber threats. All devices accessing or storing Albireo Energy data must have up-to-date security software, including antivirus, anti-malware, and endpoint detection and response tools. Third Parties are required to maintain an incident response plan that outlines the procedures for detecting, responding to, and recovering from cybersecurity incidents. This plan should include timely notification to the company in case of a breach affecting their data.

3. Data Privacy Compliance
Third Parties must comply with applicable data protection regulations such as the General Data Protection Regulation in Europe or the California Consumer Privacy Act in the U.S. This includes respecting data subjects’ rights, such as the right to access, correct, or delete their personal information. Third Parties should only collect and retain the minimum amount of data necessary for the purpose of their contract. Unnecessary data should be securely deleted or anonymized. If Third Parties sub-contract work to third parties that handle Albireo Energy’s data, they must ensure that these third parties adhere to equivalent data protection standards. This includes conducting due diligence and regular audits of third-party practices.

4. Secure Communication
Third Parties must use secure communication channels when sharing confidential or sensitive information with Albireo Energy or other approved parties. The use of digital certificates and public key infrastructure (PKI) is encouraged for securing communications and verifying the identities of parties involved in digital transactions.

5. Breach Notification
Third Parties must immediately report any suspected or actual data breaches or security incidents involving Albireo Energy data. This report should include details of the breach, the data affected, and the steps being taken to mitigate the impact. After a breach, Third Parties are required to conduct a thorough root cause analysis and share the findings with Albireo Energy, along with the remediation steps taken to prevent future incidents.

Monitoring and Reporting

Third Parties should have a policy and procedure in place to regularly monitor the requirements provided in this Code of Conduct. Third Parties will upon request provide Albireo Energy access to all relevant information and documents needed to verify the compliance with the Code of Conduct. If the Third Party becomes aware of a breach of any of the requirements of the Code of Conduct by its own employees or Albireo Energy employees, the Third Party will inform Albireo Energy as soon as possible.

Applicability

By agreeing to work with Albireo Energy the Third Party confirms that it and its affiliates comply with the Code of Conduct. The Third Party will ensure that its suppliers, sub- contractors, consultants and partners comply with the principles of the Code of Conduct.

Cookie	Duration	Description
cf_ob_info	past	This cookie is set by the provider Cloudflare. The cookie provides informations on HTTP Status Code returned by the origin web server, the Ray ID of the original failed request and the data center serving the traffic.
cf_use_ob	past	This cookie is set by the provider Cloudflare content delivery network. This cookie is used for determining whether it should continue serving "Always Online" until the cookie expires.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.