Last Updated: January 14, 2020
Partner Code of Conduct
KnowBe4, Inc., and its affiliates, (“KnowBe4”) are committed to conducting business in an ethical, legal, and socially responsible manner. KnowBe4 strives to maintain the highest level of honesty and integrity when conducting business. As a company with global operations, KnowBe4 is committed to ensuring compliance with all applicable laws in all countries in which it, and parties operating on its behalf, conduct business.
This KnowBe4 Partner Code of Conduct (the “Code of Conduct” or “Code”) applies to all businesses, suppliers, vendors, contractors, consultants, partners, and other third-party providers that provide goods or services to, or on behalf of, KnowBe4 (collectively, "Partners"). This Code of Conduct sets forth KnowBe4’s standards and expectations of its Partners with respect to corporate responsibility, compliance, and ethical conduct. KnowBe4 requires its Partners to comply with this Code of Conduct in all aspects of its business operations and/or activities that are related to its business with KnowBe4.
Compliance with Applicable Law
Partner must maintain awareness of and comply with applicable laws, regulations, rules, controls, and orders in all jurisdictions where Partner conducts business including, but not limited to, the following (as applicable):
• Trade controls, as well as all applicable export, re-export, and import laws and regulations;
• Antitrust and fair competition;
• Insider Trading;
• Marketing and advertising;
• Bribery, corruption, money laundering, terrorist financing, and prohibited business practices, including but not limited to: (i) the Foreign Corrupt Practices Act, the United Kingdom Bribery Act, and other anti-corruption laws; (ii) laws governing lobbying, gifts, and payments to public officials; and (iii) political campaign contribution laws;
• Labor, immigration, health and safety, hiring and employment practices;
• Environmental practices, as applicable; and
• Data protection and information security.
Anti-Bribery & Anti-Corruption
Partners must conduct business in a way that ensures compliance with the Foreign Corrupt Practices Act (U.S.), UK Bribery Act, and all other applicable bribery and anti-corruption laws. Partners shall not offer or promise payments or gifts of anything of value, directly or indirectly, to any private person, government official, political candidates or its agent or relatives, which are intended to obtain new business, retain existing business, or obtain any improper advantage for Partner. Partner must maintain detailed records of transactions involving KnowBe4.
Bribes or other means of obtaining undue or improper advantage (such as gifts or entertainment) shall not be offered or accepted by Partner. Partner shall not offer any KnowBe4 employee any gifts, payments, fees, services, discounts, valued privileges or other favors where these would, or might appear to, improperly influence the employee in performing his or her duties for KnowBe4.
KnowBe4 employees may, with proper documentation and approvals, accept common courtesies usually associated with accepted business practices (e.g., dining invitations, tickets to sporting events or the theater) so long as these are offered openly and not in a form that could be construed as a bribe, payoff, or secret compensation (“Business Courtesies”). Prior to providing any such Business Courtesies, Partner must first request permission from a KnowBe4 representative to determine whether or not such Business Courtesies would violate KnowBe4’s then current Gifts, Meals, and Entertainment Policy.
KnowBe4 is committed to ethical and lawful business practices and expects its Partners to also maintain the highest standards of integrity in all interactions with, or on behalf of, KnowBe4. Any and all forms of corruption, extortion and embezzlement are strictly prohibited. Partner shall not take unfair advantage of KnowBe4 through abuse of privileged or proprietary information, misrepresentation of material facts, or any other unfair or dishonest practices.
KnowBe4 must comply with various economic sanctions programs and export control requirements administered by the United States, and other jurisdictions where it conducts business. Such laws prohibit KnowBe4 from participating in certain transactions involving restricted countries or parties, be it directly or indirectly through KnowBe4’s Partners.
With these restrictions in mind, Partner hereby confirms that it will not provide, sell, ship, or otherwise transfer any KnowBe4 products, services, technology, or technical data to any of the following:
• Parties targeted for boycotts, embargoes, sanctions, or other similar measures by the United Nations Security Council;
• Parties appearing on the European Union’s Consolidated Sanctions List; the United Kingdom’s List of Consolidated Financial Sanctions Targets;
• Parties appearing on the Denied Parties List, Entity List, and Unverified List administered by the U.S. Commerce Department;
• Parties appearing on the sanctions lists administered by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) and the U.S. State Department;
• Countries or regions subject to U.S. embargoes or sanctions including, but not limited to, Cuba, Iran, North Korea, Syria, and the disputed Crimea Region; or
• Parties that are at least 50 percent owned or controlled by parties subject to sanctions programs administered by OFAC, whether individually or in the aggregate.
Partner acknowledges that the products,services, technology, and any associated technical data received from KnowBe4 or provided to KnowBe4 in the course of business dealings may be subject to economic sanctions, export controls, and other restrictive trade measures enforced by the United States and other applicable jurisdictions. Partner shall at all times strictly comply with all laws, regulations and orders, and agrees to commit no act which, directly or indirectly, would violate any such laws, regulations or orders, including, without limitation, (i) the Export Administration Act of 1979, as amended (50 U.S.C. app. 2401-2420) and the Export Administration Regulations, 15 C.F.R. §§ 730-774 (“EAR”); (ii) the Arms Export Control Act, 22 U.S.C. § 2778, and the corresponding International Traffic in Arms Regulations (“ITAR”); (iii) the economic sanctions laws and regulations enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), 31 C.F.R. Part 500 et seq., and the U.S. Department of State; and (iii) the anti-boycott regulations, guidelines, and reporting requirements under the Export Administration Regulations and Section 999 of the Internal Revenue Service Code.
Additionally, Partner shall not, and shall cause its representatives not to (a) export, re-export, divert or transfer KnowBe4 Products, products, services or any direct product thereof to any destination, company or person restricted or prohibited by the ITAR, EAR, or other applicable export controls, or (b) disclose any data derived from KnowBe4 products, services or any direct product thereof to any national of any country when such disclosure is restricted or prohibited by the ITAR, EAR, or other applicable export controls.
Additionally, Partner agrees that none of the products, services, technology, or associated technical data, or any direct product thereof is or will be shipped, transferred, or re-exported, directly or indirectly, to proscribed or embargoed countries or their nationals, to any entity or individual subject to U.S. and other applicable economic sanction or export controls, or for use in nuclear activities, chemical/biological weapons, or missile projects unless explicitly authorized in writing by the U.S. Government. Partner agrees to comply strictly with all U.S. export laws and assume sole responsibility for obtaining licenses to export or re-export as may be required. Certain product with encryption functions may be subject to additional restrictions, including restrictions on distribution to government end-users outside the EU license free zone. Additionally, Partner is solely responsible for compliance with any import or use restrictions in Partner’s countries of operation. This provision shall survive the expiration or termination of any agreements or business dealings with KnowBe4.
KnowBe4’s Partners are prohibited from engaging in, or otherwise facilitating, any activity that directly or indirectly contributes to the Arab League Boycott or other unsanctioned boycotts during the course of its business dealings with, or on behalf of, KnowBe4. Partner shall not put any language in any agreement it has with KnowBe4 that obligates or restricts KnowBe4’s business and other activities in this manner. Any agreement with language pertaining to such boycotts hereby are and shall be considered null and void.
Charitable and Political Contributions
KnowBe4’s Partners are evaluated on price, quality, ability and availability to do the work, and previous performance (where applicable). These choices are not influenced by a Partner’s giving or not giving to any particular charity.
KnowBe4 employees are strictly prohibited from soliciting Partner for a charitable donation or suggesting that a Partner’s charitable donation may affect their business or future with KnowBe4. Partner shall refuse any requests for donations of this nature.
US federal law prohibits KnowBe4 from making contributions or expenditures in connection with federal elections. Each U.S. state has additional laws, rules, and regulations governing political contributions in state and local elections. These state and local laws may or may not allow corporate contributions to candidates for state and local office. Because the application of these laws varies from one location to the next, it is KnowBe4's usual practice to make no political contributions or use any of KnowBe4's funds, assets, or other resources to benefit any political candidates, parties, or related organizations. This includes campaign committees and Political Action Committees (“PACs”) using separate, segregated funds, as well as special interest groups or other organizations engaged in political fundraising or lobbying activities, including those organized under Section 527 of the U.S. Internal Revenue Code (“527 Organizations”). Partner agrees to not make any contributions or expenditures in connection with federal elections not any other U.S. state elections on behalf of KnowBe4.
In addition to U.S. laws, regulations and orders, Partner agrees not to violate laws, regulations, and orders applicable to other jurisdictions outside of the U.S. prohibiting similar activity.
Conflicts of Interest
This section addresses situations in which a KnowBe4 representative is faced with personal interests that might interfere with the interests of KnowBe4 or its representative’s duties to KnowBe4. This is an unwanted circumstance as it may impact such representative’s judgment and commitment to KnowBe4. KnowBe4 expects its representatives to always act in the best interest of KnowBe4 and not permit outside interests to interfere with their duties or obligations to KnowBe4. KnowBe4 prohibits all of its representatives from using their position or relationship with KnowBe4's current or potential customers, partners, vendors, suppliers, consultants, or any other party that has a relationship with KnowBe4 for personal gain or to obtain benefits for themselves or members of their family. Partner must immediately notify KnowBe4 if it becomes aware of any potential conflict of interest during the course of its business dealings with KnowBe4 or one of its representatives acting on its behalf. Partner agrees to avoid situations in which could cause a conflict of interest.
If any KnowBe4 employees, or their family members, serve as officers, directors, employees, agents, or consultants of Partner’s business, Partner shall immediately disclose that relationship to KnowBe4.
“Confidential Information” means all information or material which: (i) would give a party some competitive business advantage, or the opportunity of obtaining some competitive business advantage, or the disclosure of which could be detrimental to the interests of KnowBe4; and (ii) which is either (a) marked “Confidential,” “Restricted,” or “Proprietary Information” or other similar marking, (b) known by Partner to be considered confidential and proprietary; or (c) from all relevant circumstances should reasonably be assumed to be confidential and proprietary.
Partner agrees that it shall take reasonable measures to protect the secrecy of and avoid disclosure and unauthorized use of the Confidential Information of KnowBe4. Partner shall take at least those measures that it takes to protect its own Confidential Information of a similar nature, but in no case less than reasonable care. Partner shall ensure that its representatives who have access to KnowBe4's Confidential Information have signed a non-use and non-disclosure agreement or are otherwise legally obligated not to disclose such Confidential Information, prior to any disclosure of Confidential Information to such representatives. Partner shall reproduce KnowBe4's proprietary rights notices on any such authorized copies, in the same manner in which such notices were set forth in or on the original. Partner shall promptly notify KnowBe4 of any use or disclosure of Confidential Information in violation of this Code of Conduct of which Partner becomes aware. Partner will cooperate with KnowBe4 in every reasonable way to help KnowBe4 regain possession of such Confidential Information and prevent its further unauthorized use. Partner agrees not to publish or publicly circulate Confidential Information of KnowBe4 received in the course of doing business.
KnowBe4 values its intellectual property rights and wishes to respect the intellectual property rights of others. Partner shall maintain procedures that ensure that KnowBe4’s intellectual property will not be improperly used or disclosed. Partner is required to sign a non-disclosure agreement prior to the transfer of any confidential or proprietary information between Partner and KnowBe4. Partner also represents and warrants that any such intellectual property it provides to KnowBe4 does not violate any laws governing intellectual property rights including, but not limited to, the protection of trade secrets, patents, copyrights, and trademarks. Partner is not permitted to use KnowBe4’s logo on business cards, websites, or other Partner printed materials without advanced, written approval from an authorized representative of KnowBe4.
Marketing and Advertising
If Partner is marketing products, services, or other offerings on behalf of KnowBe4, Partner represents and warrants that Partner will comply with all applicable advertising and marketing laws, orders, rules, and regulations. Specifically, but not exhaustively, this provision shall include the Lanham Act, the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), the Telephone Consumer Protection Act, and other such laws, rules, orders, and regulations in all jurisdictions in which Partner conducts business for, and on behalf, of KnowBe4.
Antitrust & Fair Competition
Partner shall comply with antitrust laws applicable to its business activities in all jurisdictions where it operates and shall comply with all applicable antitrust/fair competition laws and shall not disturb or hinder legitimate competition in any anti-competitive or otherwise unlawful manner. Accordingly, with regard to any business with KnowBe4, Partner shall not: (i) enter into any agreement with any of its competitors with regard to price, terms or conditions of sale, production, distribution, territories, or customers; or (ii) exchange or discuss with any of its competitors pricing, marketing plans, manufacturing costs, or other competitive information. Partners that violate these laws may face immediate termination and/or legal prosecution. Partner agrees to make efforts to be knowledgeable of antitrust laws in the territories in which it operates.
Partner may have access to material, non-public information about KnowBe4. Information is material if a reasonable investor would consider it important in deciding whether to buy, sell, or hold a company’s securities. Partner must never buy or sell securities while in possession of material, non-public information or provide that information to others who might trade on it. Providing material, non-public information to another person who may trade, or advise others to trade, on the basis of that information is illegal.
Immigration, Hiring and Employment Practices
All KnowBe4 business operations and its Partners must comply with all applicable national, state, and local laws forbidding discrimination in employment on the basis of sex, race, color, religion, age, disability, sexual orientation, nationality, genetic information, political opinion, or social or ethnic origin. Partner shall not discriminate based on race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, sexual orientation, marital status, military/veteran status, mental or physical disability, genetic information, citizenship status, political affiliation or membership in any other group protected by federal, state, or local law.
• Implement and maintain a reliable system to verify the identity and employment eligibility of all workers including, but not limited to, verification of age eligibility and legal status of foreign workers;
• Implement and maintain a reliable system to verify its workers are not a known risk to KnowBe4 in light of access such workers will have to confidential or proprietary information, facilities, network and systems, financial data and other data protected by privacy law or applicable agreements between Partner and KnowBe4 including, but not limited to, standard background checks or other such verifications that are common and lawful in Partner’s industry and jurisdiction;
All KnowBe4 business operations and its Partners shall comply with national, state and local minimum working age laws and requirements. All labor must be voluntary. Partner shall not support or engage in child labor or forced labor. Without limiting Partner’s obligations hereunder, Partner shall not, and shall ensure that its partners do not support or engage in any: prison labor, indentured labor, bonded labor, or otherwise.
Partner must adhere to the regulations prohibiting human trafficking and comply with all applicable local laws in the countries in which it operates. This includes preventing employees and/or representatives from engaging in any human trafficking-related activities such as procuring commercial sex acts, using child labor, and using forced labor. Partner shall also avoid partaking in misleading or fraudulent employment practices.
Partner must ensure that its employees are paid at least the minimum wage required by national, state and local laws, including overtime compensation at the rate applicable in their country, and shall be provided legally mandated benefits.
Health and Safety
All KnowBe4 Partners must provide a safe and healthy working environment to its employees to prevent accidents and injuries in accordance with national, state, and local laws. Proactive measures must be taken to prevent workplace hazards.
Partner shall conduct its business in compliance with all applicable national and international environmental, health, and safety regulations.
Data Protection and Information Security
Partner shall take and implement all appropriate technical and organizational security and confidentiality measures and regularly update them to ensure a level of security appropriate to the risk to KnowBe4 data. Partner shall protect KnowBe4 data against any actual or threatened unauthorized use, modification, loss, compromise, destruction, or disclosure of, or access to, KnowBe4 data (“Security Incident”). Partner shall implement and maintain policies and procedures to detect and respond to Security Incidents. Such measures shall require Partner to have regard to industry standards and costs of implementation as well as taking into account the nature, scope, context, and purposes of the Processing as well as the risk of varying likelihood and severity for the rights and freedoms of individuals.
Partner acknowledges that KnowBe4 is relying upon Partner’s skill and knowledge in order to assess what is “appropriate” to protect KnowBe4 data against unauthorized or unlawful processing and against including, but not limited to, accidental loss, destruction, damage, alteration, or disclosure. Partner shall undertake regular reviews of the technical and organizational measures and the data processing operations connected with its operations to ensure compliance with all applicable data protection laws and to consider improving the technical and organizational measures such that they meet or exceed industry best practices.
Partner shall protect all KnowBe4 data that is likely to be transferred via the internet by encryption measures reasonably designed to ensure confidentiality. In the event Partner stores any KnowBe4 data on any mobile device (including, but not limited to, laptop computers, compact discs, tablet computers, external hard drives, backup tapes and/or removable diskettes), such KnowBe4 data shall be stored in an encrypted form.
Partner shall adopt and maintain a comprehensive written information security policy that describes its policies and procedures to comply with this Code of Conduct and shall provide a copy of such policy to KnowBe4 upon request.
In some countries, including the United States, it may be a violation of law if a company fails to maintain accurate books and records. Therefore, all KnowBe4 Partners are required to fully and accurately record all business transactions and maintain those records per applicable retention guidelines. This is particularly important with regards to financial and operational reporting, business related transactions including timecard and expenses, and quality, safety, and procurement records.
Compliance with This Policy
We seek relationships with suppliers that are committed to supplying products under fair and safe working conditions and sound practices. All Partners are required to take reasonable steps to ensure compliance with this Code of Conduct. Upon learning of any failure to comply with this Code of Conduct, Partner must report the non-compliance to KnowBe4 immediately. A Partner’s failure to adhere to this Code of Conduct may be grounds for KnowBe4 to terminate its relationship. It is our expectation that all Partners perform the necessary self-audits to ensure they are in compliance with this Code of Conduct at all times. KnowBe4 shall have the right to audit Partner including, but not limited to, Partner’s books and records for the purpose of verifying compliance under this Code of Conduct. Partner shall provide reasonable assistance in cooperating with all such audits. KnowBe4 may immediately terminate its business relationship (including any purchase order(s) and purchase contracts) with Partner without recourse if Partner or its representatives fail to meet the standards set forth in this Code of Conduct. KnowBe4 may, in its sole discretion, require recertification of its Partner Code of Conduct by Partner throughout the term of any business dealings with Partner.
This Code of Conduct is in no way intended to conflict with or modify the terms and conditions of any existing contract. Instead, this Code of Conduct is intended to supplement any such contract terms. In the event of a conflict, Partners must first comply with all applicable laws and regulations, then the contract terms, followed by this Code of Conduct.