Supplier Code of Conduct

Version: 1.0

November 2025

Policy Owner: Chief Technology Officer

Scroll down

1. Purpose of this Code

At three rocks, doing the right thing is central to how we work, for our people, our partners, and the communities we impact.

This Code sets out the ethical, social, environmental, and business standards we expect from every organisation that provides goods or services to us.

Our commitment is simple: work only with suppliers who act responsibly, ethically, and in line with UK law and international standards designed to protect people, data, and the environment.

2. Scope

This Code applies to:

  • All suppliers working with three rocks
  • Contractors, consultants, and agencies
  • Subcontractors and third parties acting on behalf of suppliers

Suppliers covered by this Code must ensure that their own workers, subcontractors, and representatives also meet these expectations.

3. What we mean by Supplier

When we say Supplier, we mean any organisation or individual providing products, services, or support to three rocks.

A Subcontractor is any third party engaged by a supplier to deliver part of their service or obligations.

When we refer to this Code, we mean the standards and responsibilities outlined in this Supplier Code of Conduct.

4. Our Commitment

As a values-driven organisation, three rocks is committed to building fair, transparent, and responsible supplier relationships.

We are committed to engage only with suppliers which:

  • Act lawfully and ethically
  • Protect human rights and provide safe working conditions
  • Operate fairly and without corruption
  • Protect confidential and personal data
  • Deliver high-quality, reliable goods and services
  • Minimise environmental impact wherever possible

No supplier working with or for three rocks may engage in, enable, or benefit from activities that harm people, misuse data, or damage the environment.

5. Supplier Standards

We expect our suppliers to abide by the following standards:

5.1 Ethical Business Conduct

  • Never engage in bribery, corruption, fraud, or dishonest practices
  • Declare actual or potential conflicts of interest with three rocks
  • Provide information that is accurate, transparent, and not misleading

5.2 Human Rights and Labour Standards

  • Prohibit forced labour, modern slavery, child labour, discrimination, and harassment
  • Provide safe, fair, and legally compliant working conditions
  • Follow all applicable equality, employment, and modern slavery laws

5.3 Information Security and Data Protection

  • Apply appropriate measures to protect systems and data
  • Comply with UK GDPR (or the equivalent) and all relevant data protection laws
  • Report any data breach affecting three rocks immediately
  • Use data only for agreed and lawful business purposes

5.4 Service Quality and Reliability

  • Deliver goods and services that meet contractual, technical, and professional standards
  • Provide accurate documentation and information when required
  • Support quality checks, monitoring, and audits where reasonable

5.5 Environmental Responsibility

  • Reduce waste and minimise environmental impact where possible
  • Comply with environmental laws and sustainability expectations
  • Support responsible, environmentally conscious practices in their operations

6. Reporting Concerns

If you believe a breach of this Code may be taking place, you must report it immediately.

Concerns may relate to unethical conduct, unsafe labour practices, data misuse, or environmental harm.

Reports can be made to:

  • [email protected]
  • Chief Technology Officer (CTO)
  • Your line manager (three rocks workers)

All reports are handled sensitively and confidentially. Concerns will always be taken seriously and followed up.

7. Training and Awareness

To support responsible relationships, three rocks may provide training or awareness resources where needed.

Suppliers are responsible for ensuring that their own workers and subcontractors understand and comply with the standards in this Code.

8. Compliance and Consequences

Everyone working with or for three rocks must uphold this Code.

If a supplier does not comply, three rocks may:

  • Request corrective action
  • Suspend work or engagement
  • Remove the supplier from our approved list
  • End the business relationship
  • Take legal action, where appropriate

three rocks reserve the right to assess supplier compliance at any time.

9. Review of this Code

This Code will be reviewed annually, or sooner if laws, risks, or operational needs change.

We will continue to strengthen our approach to ensure it reflects best practice, our values, and our ESG commitments.

10. Related Policies

  • Modern Slavery Policy
  • Procurement Policy
  • IT Management Policy
  • Environmental Policy
  • Privacy Policy