1. Our Principles

• Integrity first: We act honestly, keep promises, and avoid misleading conduct.
• Respect & dignity: We treat everyone fairly and professionally.
• Accountability: We own our decisions and outcomes.
• Compliance: We follow applicable laws, contracts, and internal policies.
• Transparency: We disclose material risks, conflicts, and errors promptly.

2. Respect, Inclusion & Human Rights

• Zero tolerance for harassment, bullying, or discrimination based on protected characteristics.
• Support equal opportunity, inclusive hiring, and accessible workplaces.
• Prohibit child/forced labor and human trafficking; expect partners to uphold equivalent standards.
• Respect lawful employee representation and freedom of association where applicable.

3. Integrity: Anti-Bribery, Gifts & Conflicts

3.1 Anti-Bribery & Improper Advantages

• No bribes, kickbacks, facilitation payments, or improper inducements to/from any party, including public officials.
• Reasonable, bona fide hospitality is allowed only if lawful, proportionate, and transparent.

3.2 Gifts, Hospitality & Sponsorships

• Must be modest, infrequent, and never to influence or reward a decision.
• Cash or cash-equivalents (e.g., gift cards) are prohibited.
• Follow local thresholds/approvals defined in the detailed Anti-Bribery Procedure (refer to internal policy).

3.3 Conflicts of Interest

• Disclose any personal, financial, or family interest that could affect impartiality.
• Do not use your role for personal gain; recuse where appropriate.

4. Confidentiality, Privacy & Data Protection

• Protect SAF confidential information and trade secrets; use only for legitimate business purposes.
• Handle customer and employee personal data in line with UAE PDPL, DIFC/ADGM laws, Brazil LGPD, and other applicable regimes.
• Apply data minimization, purpose limitation, secure storage, and lawful transfer mechanisms.
• Report suspected data breaches immediately via incident channels.

5. Cybersecurity & Use of Company Assets

• Follow security policies, MFA, strong passwords, and clean-desk practices.
• Use company devices, networks, and software responsibly; install only authorized tools.
• Do not bypass security controls; promptly report phishing or suspicious activity.
• Respect software licenses; no unauthorized copying or circumvention.

6. Fair Competition, IP & Information Handling

• Compete fairly; never collude on pricing, market allocation, or bid-rigging.
• Respect third-party IP; use open-source per SAF’s OSS policy and license terms.
• Gather competitive intelligence lawfully; do not solicit confidential information.
• Keep accurate records and retain documents per policy and law.

7. Trade Controls, Sanctions & AML/CFT

• Screen customers/partners against applicable UAE, UN, US, EU, Brazilian and other relevant lists.
• Comply with export/import controls and licensing requirements.
• Apply risk-based KYC/AML where relevant; escalate red flags (unusual payments, shell entities, opaque ownership).

8. Accurate Records, Marketing & Social Media

• Maintain accurate, complete, and timely financial and operational records.
• Marketing must be truthful, substantiated, and compliant with local rules.
• Public statements on behalf of SAF require authorization; avoid speaking on behalf of SAF in personal posts.
• Disclose sponsorships or material connections where legally required.

9. Health, Safety & Environment

• Provide and maintain a safe, healthy workplace and event environments.
• Follow HSE procedures and report hazards, injuries, or near-misses immediately.
• Strive to reduce environmental impact and comply with applicable environmental laws.

10. Speak-Up, Non-Retaliation & Investigations

• Report concerns about misconduct, violations of law, this Code, or policies through designated channels (manager, Compliance, hotline/email).
• SAF prohibits retaliation against anyone who reports in good faith or participates in an investigation.
• All investigations are handled promptly, fairly, and confidentially to the extent possible.

11. Regional Notes (UAE, DIFC/ADGM, Brazil)

• UAE (Federal): Follow PDPL, anti-corruption and AML/CFT laws, and relevant ICT/cybersecurity regulations.
• DIFC/ADGM: Observe their data protection regimes and regulator guidance.
• Brazil (LGPD): Respect lawful bases, data subject rights, DPO responsibilities, and ANPD guidance.
• Conflicts of law: Apply the stricter standard or the specific free-zone/jurisdiction rule, as applicable.

12. Acknowledgment

All employees and business partners must read, understand, and follow this Code. Managers are responsible for promoting a culture of ethics and ensuring that teams receive regular training.