THIS POLICY WAS APPROVED BY THE BOARD OF DIRECTORS OF THE COMPANY ON SEPTEMBER 14, 2021. THIS POLICY IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. AN EXECUTABLE COPY OF THIS POLICY, INCLUDING THE TEAM MEMBERS CERTIFICATION REGARDING COMPLIANCE AND UNDERSTANDING, WILL BE REQUIRED TO BE SIGNED BY GITLAB TEAM MEMBERS.
GitLab Inc., including any of its subsidiaries or affiliates (“GitLab'', “we”, “our” or the “Company”) is committed to promoting the highest standards of ethical business conduct and to compliance with all applicable laws, rules, and regulations. As part of this commitment, all GitLab team members, including individuals employed by or acting on behalf of Company, its officers and member of its board of directors, consultants, agents, other representatives and channel partners (“Team Members and Partners”) are required to comply with the Foreign Corrupt Practices Act (“FCPA”), and anti-bribery laws and regulation in foreign jurisdictions, including but not limited to the UK Bribery Act 2010 and the European Commission on Anti-Corruption, other anti-bribery laws, and local laws designed to prevent improper bribes (collectively, all of these laws are referred to as the “Anti-Corruption Laws”). The policies set forth in this document are referred to as the Company’s “Anti-Corruption Policy.” In addition to compliance with the Anti-Corruption Laws, all Team Members and Partners are required to comply with the Anti-Corruption Policy and any procedures adopted by the Company to implement this Policy.
GitLab and Team Members and Partners are prohibited from authorizing, making, offering, promising, requesting, receiving or accepting bribes or accepting kickbacks in any form. This prohibition applies to all forms of bribery, including commercial bribery as well as bribery of government employees or officials.
The Anti-Corruption Laws prohibiting bribery are very broad, so that many kinds of gifts or entertainment provided to government employees or officials might be considered improper. For that reason, Team Members and Partners may not give anything of value to any government employee or official in order to wrongfully influence the government employee or official, obtain or retain business or receive any improper advantage. This prohibition applies regardless of whether the payment or offer of payment is made directly to the government employee or official or indirectly through a third party. As discussed in more detail below, it is critical to understand that, for purposes of the Anti-Corruption Laws, the terms “government official” generally includes any employee of a company that is owned or controlled by a government or governmental agency. By way of example, this means that someone working for a telecom, energy company, internet company or hospital in another country that is owned or controlled by that country’s government is a “government official.” In other words, for purposes of the Anti-Corruption Laws, this term is much broader than how we think about “government officials” in the United States.
Examples of prohibited conduct include:
It is important to avoid even the appearance of impropriety. If you have any questions about whether a payment may be improper or violate this Policy, consult the Company’s Chief Legal Officer before any payment or offer is made.
Who is a “government official”? “Government official” includes:
Any doubts about whether a particular person is a government official should be resolved by assuming that the individual involved is a government official for purposes of the FCPA or the Anti-Corruption Laws.
What does “anything of value” mean? “Anything of value” includes money and monetary equivalents (such as gambling chips and gift cards), entertainment, accommodations, and any other benefit. There is no “minimum” required under the FCPA – any amount can be sufficient to trigger a violation.
What is an “improper advantage”? An “improper advantage” includes payments intended to wrongfully:
In addition to obtaining or retaining business, “improper advantage” includes reducing taxes, or duties, “looking the other way” at minor code or rule violations, and any form of preferential treatment.
Gifts in the business context can be an appropriate way for businesspeople to display respect for each other. GitLab expects the use of good judgment and moderation when giving or receiving entertainment or gifts. No gift or entertainment should ever be offered, given, provided or accepted by Team Members and Partners unless it:
It is essential that Team Members and Partners accurately report expenditures for gifts or entertainment so that the purpose, amount, and recipient of the gift are obvious (i.e., transparent) to personnel in the Company’s Finance Team and other personnel who have responsibility for ensuring that our financial books and records are accurate and reviewing these books and records. Expense reports should accurately state the purpose of the expenditures and the identities of the individuals receiving the gifts or entertainment and state whether the gift or entertainment was given to a government employee or official.
Team Members and Partners should avoid even the appearance of impropriety. Any gift or expense that is lavish or might otherwise prove embarrassing for the Company is prohibited. If Team Members and Partners have any question regarding the appropriateness of any gift or expense, they should consult the CLO prior to giving the gift or incurring the expense.
The FCPA and other anti-bribery laws may provide limited exceptions for certain minor payments for the purpose of facilitating or expediting routine, lawful services or non-discretionary administrative actions, such as telephone installation. However, other anti-corruption laws prohibit such payments. Any and all facilitating payments require prior written approval from the CLO.
Before initiating a relationship with a representative, partner, consultant, distributor, agent, or other third party, Team Members and Partners must conduct appropriate due diligence to assure that the representative will not engage in any improper conduct. This is for several important reasons, including that the Company can be held responsible for a third party’s conduct in certain circumstances under the Anti-Corruption Laws. Due diligence typically will include considering such factors as:
the third party’s qualifications for the position or task at issue;
whether the third party has personal or professional ties to the government or any government official;
the number and reputation of the third party’s clientele and the representative’s reputation with the United States Embassy or Consulate, local bankers, clients, and other business associates; and
the reasonableness of the compensation.
Consult the CLO regarding the appropriate due diligence procedure for your situation.
The Company must terminate contracts with any third party who is unwilling or unable to represent the Company in a manner consistent with this Anti-Corruption Policy.
While conducting due diligence and throughout any subsequent relationship with third parties, Team Members and Partners must monitor for any “red flags.” A “red flag” is a fact or circumstance that requires additional consideration and extra caution. Red flags must be considered in context rather than in isolation. Red flags may appear in many forms and can include:
Team Members and Partners are responsible for monitoring their email and other communications and documents for red flags. Any red flags should be brought promptly to the attention of your supervisor or the CLO. Failure to do so is considered a violation of this Anti-Corruption Policy.
The Company reserves the right to communicate its position on important issues to elected representatives and other government officials. It is, however, always the Company’s policy to comply fully with all applicable laws regarding political contributions. Donations to political campaigns or causes could violate campaign finance laws and Anti-Corruption Laws, especially if contributions are made to a campaign at the request or suggestion of a government official.
To mitigate the risk of an improper payment or the appearance of an improper payment, no Company funds, facilities, or services of any kind may be provided to any government official, including any candidate or prospective candidate for public office, to any political party, or to any political initiative, referendum, or other form of political campaign unless pre-approved in writing by the CLO.
The Company is committed to improving and promoting the interests of the communities where it operates. Donations to charitable organizations, however, can, like political contributions, present a risk under the Anti-Corruption Laws, particularly if they are made at the request or suggestion of a government official. Therefore, Team Members and Partners must obtain prior written approval from the CLO before making any charitable donation on behalf of the Company or using Company funds, directly or indirectly.
All Team Members must maintain accurate records of all transactions and assist in ensuring that the Company’s books and records accurately and fairly reflect, with appropriate detail, all transactions, expenses, or other dispositions of assets. To that end, all Team Members are prohibited from falsifying any business or accounting record and must truthfully report and record all dispositions of assets. Undisclosed or unrecorded funds or assets—for any purpose—are prohibited.
Any questions on how to record transactions should be referred to the CLO.
In addition to the guidelines set forth above, all Team Members and Partners must comply with the Company’s Code of Business Conduct and Ethics.
Compliance with this Anti-Corruption Policy is, first and foremost, the individual responsibility of each and every Team Member and Partner. All Team Members and Partners must report, in person or in writing, any known or suspected violations of this Policy to the CLO or in a manner consistent with the Company’s Whistleblower Policy. Per the Company’s Whistleblower Policy, concerns regarding improper or illegal conduct can be reported in several ways, including by: (i) reporting the known or suspected violation to your manager and/or supervisor; (ii) reporting your concerns to the CLO, Robin Schulman, at CLO@gitlab.com (iii) calling the Company’s Whistleblower Reporting Hotline at 1-833-756-0853 or online at http://gitlab.ethicspoint.com/ and/or by email addressed to the Company’s Audit Committee or Legal Team, sent to the Company’s Corporate Secretary, Robin Schulman, CLO@gitlab.com marked Attention: “Audit Committee” or “Chief Legal Officer”.
You can also submit any questions you may have regarding the Anti-Corruption Policy to the Company’s Whistleblower Reporting Hotline number or email address. Any questions or reports of concerns regarding improper or illegal conduct will be addressed promptly and can be made anonymously.
GitLab will not allow any retaliation against any Team Members and Partners who act in good faith in reporting any violation of this Policy. The Company encourages and highly values reporting of conduct that may violate the Anti-Corruption Laws. Per the Company’s Whistleblower Policy, the Company will investigate reported violations and will determine an appropriate response, including corrective action and preventive measures as appropriate. For further information regarding the manner in which the Company handles reports related to concerns of improper or illegal conduct, please review the Company’s Whistleblower Policy.
The CLO or a designee will conduct a periodic review to confirm the adequacy and effective implementation of this Anti-Corruption Policy.
From time to time, Gitlab’s Team Members and Partners may be required to complete training regarding the FCPA and, more broadly, the Anti-Corruption Laws and sign a certification acknowledging commitment to, full understanding of, and compliance with this Anti-Corruption Policy. The acknowledgment statement shall be included in the personnel file of each Team Member and Partner. Any Team Member or Partners who violate this Policy or who fail to make or falsify any certification required under this Policy may be subject to disciplinary action, up to and including termination of employment or of the business relationship.
I have read and understand the Anti-Corruption Policy (the “Anti-Corruption Policy”) of GitLab Inc. (“GitLab” or “Company”). I undertake to comply with the provisions of the Anti-Corruption Policy. I hereby represent that:
I have engaged in or observed the following incidents of potential non-compliance:
I understand that a false, misleading or incomplete statement in this certification of compliance or other violation of the Anti-Corruption Policy may be grounds for termination of employment or of the business relationship.