GitLab People Policy Directory

1. You are here:
2. Handbook
3. People Group
4. GitLab People Policy Directory

On this page

• GitLab People Policy Directory
  • Workers' Compensation
  • Military Leave
  • Hiring Significant Others or Family Members
  • Employee Safety
  • Mental Health Awareness
  • Background Checks
    • Disclosure and Authorization
    • Review Criteria
    • US Citizens only:
    • Fair Credit Reporting Act (FCRA) and Related State Law Compliance
    • Record Retention
    • Equal Employment Laws
    • Financial Checks
  • Job Abandonment
  • Other People Policies
  • Partner Due Diligence
  • Partner Code of Ethics
  • Commitment to Non-Retaliation
  • Open Door Policy
  • Discrimination
  • Harassment
  • Personal Hygiene
  • Social Responsibility
  • Substance Abuse
  • Employee Information Privacy
  • Proprietary and Confidential Information

GitLab People Policy Directory

All of the policies listed below are important for GitLab team members to read and understand as they deal with people benefits, procedures, and requirements of the company. If you have any questions around the internal policies, please reach out to People Operations.

Workers' Compensation

If you have been injured at work, please contact Total Rewards Analysts to determine what your benefits are.

Military Leave

GitLab is committed to protecting the rights of team members absent on military leave. No team member or prospective team member will be subjected to any form of discrimination on the basis of membership in or obligation to perform service for any of the uniformed services of their country of residency. If any team member believes that he or she has been subjected to discrimination in violation of this policy, immediately contact People Business Partners for assistance. For any questions about how to initiate a military leave, please contact People Operations.

Hiring Significant Others or Family Members

GitLab is committed to a policy of employment and advancement based on qualifications and merit and does not discriminate in favor of or in opposition to the employment of significant others or family members. Due to the potential for perceived or actual conflicts, such as favoritism or personal conflicts from outside the work environment, which can be carried into the daily working relationship, GitLab will hire or consider other employment actions concerning significant others and/or family members of persons currently employed or contracted only if all points below are true:

• Candidates for employment or current team members will not be working directly for or supervising a significant other or family member.
• Candidates for employment or current team members will not occupy a position in the same line of authority in which team members can initiate or participate in decisions involving a direct benefit to the significant other or family member. Such decisions include hiring, retention, transfer, promotion, wages, and leave requests.
• The team member does not have access to sensitive company and/or personal information including payroll, compensation, personnel reviews/files, job performance, etc., unless the team member's job duties require access to such information. If the position in question requires access to such information, the team member in that position shall comply with the duty to maintain confidentiality as governed by applicable law and policy, and must seek approval from the team member's direct manager for any decisions affecting the significant other or family member's personnel information.

This policy applies to all current employees and candidates for employment. In the spirit of our Transparency value, we ask the team member and the candidate to disclose the family relationship to the recruiter at the beginning of the hiring process. For purposes of this policy, a significant other or family member is any person who has a relation by blood, marriage, adoption, or domestic partnership within the third degree of our team member. If the candidate progresses through the process as a final candidate, and prior to any offer, the recruiter should notify the hiring manager and the People Business Partner of the family relationship to ensure there is not a conflict of interest. In addition, the GitLab team member should not be part of their family member's interview process. If there is a concern that either the team member or the candidate may progress to a position that would trigger one of the conditions above a waiver will be signed by both parties acknowledging that future work assignments, promotions, etc may be impacted by enforcement of this policy. Please report any relationship with a significant other or family member to your People Business Partner, if you find yourself in a reporting relationship with the significant other or family member. Furthermore, if two team members who are in a reporting relationship become significant others or family members in the course of their employment, they should also report the relationship to the People Business Partner. Transfers, promotions, and future work assignments will be made in accordance with all applicable anti-discrimination laws and policies.

Employee Safety

Preventing Unsafe Situations

While GitLab is 100% remote, there may be times when employees travel for work related functions or co-working events. GitLab is committed to the value of a safe, violence-free work environment and ensuring and exhibiting equal commitment to the safety and health of employees.

In general, please consider the following recommendations to ensure safety when traveling or coworking:

1. Do the research. Have some familiarity with the destination before you arrive. Check with your country's government department that provides advice for traveling overseas:
   • United States citizens: check the State Department's website for country updates and enroll in a Traveler Program such as Smart Traveler Enrollment Program (STEP) https://step.state.gov/step/.
   • New Zealand citizens: https://safetravel.govt.nz/.
2. Try not to draw attention. People who appear to be from out of town are more vulnerable to crimes. Try to respect the culture you are visiting by blending in. Consider protective clothing to avoid pickpockets or other theft. Do not flash money or credit cards unnecessarily.
3. Make copies of important documents. Consider carrying hard copies of important documents (passport, driver's license) in a separate location in the event your documents are misplaced or stolen.
4. Keep friends and family updated. No matter whether you’re going on an overnight jaunt or a week-long international journey, it’s always a good idea to let friends or family know your plans. Before you leave, send a copy of your itinerary to a few trusted people who can keep tabs on your whereabouts. Check in regularly with your contacts so they know you’re where you’re supposed to be.
5. Be wary of public Wi-Fi. Be aware that hackers can steal sensitive information in the public forum. Use a VPN or other secure access if you plan to access sensitive data. More information on VPN usage in GitLab
6. Safeguard your hotel. Lock and deadbolt the door while you are in the room. Ensure the door is locked when you leave. Keep the windows closed. Try to give the impression that you’re in your room even when you’re away, such as placing the Do Not Disturb sign on the outside of your door and keeping the blinds or windows closed. Don’t let any strangers into your room, even if they say they work for the hotel. You can always call the front desk to check whether someone was ordered by hotel staff to come to your room.
7. Be aware of your surroundings. Always keep an eye on your personal belongings and use good judgment when talking to strangers. A big part of the joy of traveling is the opportunities it affords to meet new people and learn about their cultures. But if someone near you is acting suspiciously, or if you feel uncomfortable, leave the area immediately. Trust your instincts.
8. Adhere to any recommended safety recommendations made by the GitLab group. For all large self-hosted events we (jointly completed by our internal security team and our contracted security agency) will do a full risk assessment before we converge. It will be up to employees to read said risk assessment and adhere to recommendations outlined.
9. If you are sick please do not come or participate in person workplace activities. This is for your safety and for others. We recommend GitLabbers not travel while sick.

Measures GitLab Takes to Aid Employee Health and Safety

1. Hand sanitizers placed around venue of live events or attendees given hand sanitizer.
2. Employees can expense masks for travelling if suggested in risk assessment outlined above.
3. Sick employees should expense mask if flying.
4. If health risk is considered high, all food to be served by food health professionals rather than team.
5. Fist bumps over handshakes.
6. Sick/ Contagious employees may not participate in team food preparation activities.

Responding to Unsafe Situations:

The following are GitLab’s procedures in the event an employee feels threatened or unsafe:

1. If at any point, an employee feels that they are in danger of physical harm, please contact the local authorities immediately. Local law enforcement can act quickly to protect the individual and neutralize any threats.
2. If at any point an employee feels like they or another employee may require immediate medical assistance, please contact the local authorities.
3. Once the immediate threat is controlled, employees should report any safety concerns to People Ops.
4. If you believe that a certain location, event or area presents greater risk or exposure to individuals, please notify People Ops. People Ops can proactively communicate the concerns to other [potentially] affected employees.
5. If at any point you believe you, personally, may commit an unsafe act, People Ops can assist in providing information about available Employee Assistance Options.

Mental Health Awareness

The World Health Organization (WHO) defines health as:

• "a state of complete physical, mental and social well-being and not merely the absence of disease or infirmity. The enjoyment of the highest attainable standard of health is one of the fundamental rights of every human being without distinction of race, religion, political belief, economic or social condition."

The WHO defines mental health as:

• “a state of well-being in which the individual realizes his or her own abilities, can cope with the normal stresses of life, can work productively and fruitfully, and is able to make a contribution to his or her community.”

Defining the terms from the sentence above:

• "A state of well-being" is a self-reported measure of 'wellness'.
• "The individual realizes his or her own abilities" requires feedback, positive or negative.
• "Can cope with the normal stresses of life" i.e. does not find normal life overwhelming too much of the time.
• "Can work productively and fruitfully" here GitLab clearly has a role to play as it can provide an opportunity for productive and fruitful work.
• "Is able to make a contribution to his or her community" versus the inverse, which is only being able to draw from that community.

1. Why is awareness of Mental Health important at GitLab?

   • It can affect any and all of us. The statistics from the WHO are that 1 in 4 of us will be affected by mental or neurological disorders at some point in our life. That said, we are all subject to periods where we or those around us find the "the normal stresses of life" harder than usual to deal with.
   • The more we are aware of mental health, the more inclusive we are. That will help encourage any colleagues currently experiencing mental health issues to talk about it.
   • Our business at its core is a group of people working together towards a common goal. With awareness of what might affect our colleagues, we are better equipped to help them if they do discuss it with us and therefore help our business.
   • Mental health has so much emotional baggage as a topic that it can initially seem scary to talk about. Promoting mental health awareness helps to remove the stigma and taboos associated with it.
   • GitLab can offer "productive and fruitful" work for all of our employees. That should not be underestimated.
   • In the cold-light of business metrics, the healthier we are, the more productive we are.

2. At GitLab we strive to create a stigma-free workplace. In accordance with the National Mental Health Association and the National Council for Behavioral Health we would like to:

   • Educate employees about the signs and symptoms of mental health disorders.
   • Encourage employees to talk about stress, workload, family commitments, and other issues.
   • Communicate that mental illnesses are real, common, and treatable.
   • Discourage stigmatizing language, including hurtful labels such as “crazy,” “loony” or “nuts.”
   • Help employees transition back to work after they take leave.
   • Encourage consultation with our employee assistance programs.

3. What are we doing to get there?

   • People Operations Learning and Development team will be developing training for managers on this topic.
   • Talk about mental health issues and ideas in the #mental_health_aware Slack channel. Examples of what we discuss and share in there:
     • Imposter Syndrome
   • GitLab would also like to encourage GitLab team-members to take their time off to properly take care of themselves. We encourage the team to go to yoga, take a long lunch, or anything else in their day to day life that assists in their mental and emotional well-being.
   • In addition to our current EAP programs available for employees, we encourage GitLab team-members to take a look at Working Through It for insight into reclaiming well-being at work, off work, and return to work.
   • We believe that our values and culture lends itself to being able to discuss mental health open and honestly without being stigmatized, but let's work together to make it even more inclusive. For example, Finding the right words:
     • "How can we help you do your job?"
     • "You’re not your usual self."
     • "Do you want to talk about it?"
     • "It's always OK to ask for help."
     • "It’s hard for me to understand exactly what you’re going through, but I can see that it’s distressing for you."

Any questions or concerns? Please feel free to speak with anyone in People Ops.

Background Checks

GitLab uses appropriate controls to ensure that assets of GitLab and its customer relationships and information are protected. To reduce these risks, GitLab will obtain and review background information of covered prospective, and, as applicable, current team members, as allowed by local law.

GitLab currently contracts with Sterling Talent Solutions to perform these background checks. These checks will cover criminal records in those jurisdictions where GitLab can request this information. For all candidates being considered for a position at GitLab, an employment history for the last 5 years and/or the three most recent employers will be conducted. GitLab may use the returned background check information to make decisions regarding employment. For certain positions where the candidate's financial history is relevant to the position, we may also run a check for any financial related offenses.

All candidates who make it to the reference stage with GitLab will undergo a background screening according to this policy and in compliance with applicable local law. Contracts will state that employment is subject to obtaining results from an approved background screening that are satisfactory to GitLab. If a candidate is unwilling to follow this process we are unable to proceed with their candidacy for any position at GitLab. In the event the background check is not available on the scheduled hire date due to delays in processing, GitLab will run the background check as soon as possible. The same adjudication guidelines will apply to current employees as they do with prospective employees.

The Candidate Experience Specialists will initiate all background screenings and employment verifications for candidates.

Disclosure and Authorization

Candidates (and, as applicable, employees) will receive an email to fill out the background check application. The application will ask for personal and professional information. The application process includes signing a disclosure and a consent form which explains the rights of an individual undergoing a background examination. The application process is designed to take less than fifteen minutes to complete.

To prepare for the employment verification for those candidates being considered for Director level positions or higher, candidates should gather each previous employer's name and address, position title held, employment start and end dates, manager’s name and title, their phone number, and email address. Details for a Human Resources contact can be entered instead of a manager's contact details. Occasionally, and where permitted by law, Sterling will reach out to the candidate to retrieve additional information, such as backup documentation to act as proof of previous employment or picture IDs. Proof of employment can typically be provided in various ways, such as tax returns (e.g. W2s), pay stubs, LLC documentation, official company registrations, etc.

Background checks will act as an additional mechanism of transparency and will help to build trust with our clients.

Review Criteria

Once the background check is completed, Candidate Experience Specialists will review the report and determine if any criminal convictions have a direct connection with an applicant’s ability to fulfill the job duties with competence and integrity. Criminal convictions that would raise a concern are job-related offenses, including but not limited to: embezzlement, extortion, computer/internet crime, fraud, tax evasion, and violent crimes. In addition, the report should be reviewed for omissions or inaccuracies contained in the employment application or made during the interview process. If the report shows any omissions, inaccuracies, or discrepencies with employment, or includes in it any criminal convictions, the Candidate Experience Specialist will reach out to the aligned People Business Partner and share the report. The PBP will review the report and initiate a background check adjudication process in consultation with Legal - Employment, and, only to the extent necessary to ensure the requisite requirements of the job, the hiring manager, VP of department and VP of recruiting:

• The PBP will gather the background information and make a recommendation on potential next steps to Legal - Employment
• Legal - Employment will review the information to ensure that the adjudication process complies with applicable law in the jurisdiction
• In consultation with Legal - Employment, the PBP will determine whether to move forward with the candidate
• If the decision is not to move forward with the candidate the PBP will inform the recruiter and hiring manager of the decision
• If the decision is that the hiring process can continue the PBP will present the recommendation to the hiring manager and VP of the department for review
• The hiring manager and the department VP will make the final decision on whether to proceed with the hire
• The hiring manager will inform the PBP and recruiter of their final decision on whether to proceed with the hire

US Citizens only:

Fair Credit Reporting Act (FCRA) and Related State Law Compliance

Step 1: Disclosure and Authorization

The applicant must give the employer consent to have a third party service conduct a background check. The Disclosure and Authorization form can be presented to the applicant at the time they complete the employment application form. The form should grant the employer permission to conduct an initial background check (and, subject to state law, subsequent background checks if the applicant is hired) utilizing a third party service. Also, a “Summary Of Your Rights Under The Fair Credit Reporting Act” should be enclosed with the consent and disclosure form. For New York applicants, a copy of Article 23-A of the Correctional Law also should be enclosed and any other relevant state summary of rights.

The background investigation cannot be lawfully conducted without a signed Disclosure and Authorization form. Applicants can be advised that they will not be considered for employment without submitting the signed form. Equally for current team members, they can be advised that their employment may be impacted if they do not consent to the background check.

Step 2: Pre-Adverse Action: Notify the Applicant of Negative Report BEFORE Adverse Action is taken

If the consumer reporting agency reports information which may be used, in whole or in part, as a basis for an adverse employment action (e.g., rescinding a conditional offer of employment), the applicant must receive notification before a final decision is made to deny employment. As a result, the employer must provide a copy of the consumer report, a pre-adverse action letter, and another copy of the FCRA notice of rights (and for New York applicants, the Article 23-A notice). The applicant shall also receive any applicable state rights as required.

If the disqualification decision is not based on a misrepresentation or omission in the employment application, it is a best practice to discuss the potentially disqualifying information with the individual prior to issuing the pre-adverse action notice. This practice supports the individual job-related nature of any disqualification decision.

Step 3: Wait for a Reasonable Period of Time to Find Out What, if Any, Explanation is Offered by the Applicant

If the applicant does not respond at all to the notification within a reasonable period of time (5 days), the employer may proceed with its decision to rescind the conditional offer. If the applicant responds, the employer should carefully consider the information submitted and then make a decision. If the explanation is reasonable under the circumstances, then it may still be possible to go forward with the new hire (for example, a case of mistaken identity). However, if the applicant's explanation is determined to be insufficient, then the employer should proceed to the next step.

Step 4: Notify Applicant of Adverse Action

The employer must provide the applicant with written notice of the adverse action and the name, address, and telephone number of the consumer reporting agency. The Adverse Action Notice form should be sent along with the federal summary of rights and any applicable state summary of rights. The notice includes a statutorily required statement that the consumer reporting agency did not make the decision and does not know why the decision was made should be included as well as a notice of the applicant's right to obtain the report and dispute the information.

Step 5: Maintain Documentation

For all adverse decisions, document each step taken. Keep copies of all consent and disclosure forms and other documentation sent to the applicant in the event the company has to defend its decision at some later point.

Record Retention

All documents related to the background check process must be retained for the greater of five years or the minimum required by applicable law.

Equal Employment Laws

GitLab will adhere to all equal employment laws. When reviewing any criminal record information that appears on a background check, the company shall factor in any known factors relating to:

1. The facts and circumstances surrounding the offense.
2. The number of offenses for which the individual was convicted.
3. The age of the individual at the time of conviction or release from prison.
4. Evidence that the individual has performed the same type of work, post-conviction, with the same or a different employer, without incidents of criminal conduct.
5. The length and consistency of employment history before and after the offense.
6. Any efforts of the applicant towards rehabilitation.
7. Employment or character references obtained regarding the individual’s fitness for the particular position.
8. Whether the individual will be bonded for the position.

Financial Checks

Finance team members only will be required to participate in a federal check through Sterling, which searches for any tax-related or financial offenses. See this page for process details.

Job Abandonment

When a team member is absent from work for three consecutive workdays, there is no entry on the availability calendar for time off, and fails to contact his or her supervisor, they can be terminated for job abandonment unless otherwise required by law.

If a manager is unable to reach a team member via email or slack within a 24 hour period they should contact their People Business Partner. The People Business partner will access the team member's information to obtain additional contact methods and numbers. The manager and People Business Partner will create an action plan to make all attempts to contact the team member.

Other People Policies

• United States Employment Status
• PIAA Agreements
• 360 Feedback
• Return of Property
• Promotions and Transfers
• General Benefits
• Entity Specific Benefits
• Parental Leave
• Paid Time Off
• Probation Period

Partner Due Diligence

GitLab’s Anti-Bribery Policy prohibit giving illegal or improper payments to, or receiving such payments from, any person or organization, including government officials (U.S. and foreign) and persons in the private sector. Such payments also are prohibited by the U.S. Foreign Corrupt Practices Act ("FCPA") and anti-bribery laws and regulations in foreign jurisdictions, including but not limited to the U.K. Bribery Act 2010 and the European Commission on Anti-Corruption (collectively, “Anti-Bribery Laws”).

GitLab’s export policy requires that we ensure compliance with applicable export laws including the Export Administration Regulations (EAR), the International Traffic in Arms Regulations (ITAR) (if and to the extent they become applicable to GitLab’s products), general prohibitions and country control lists (collectively “Export Laws”).

It is an offense under Anti-Bribery Laws for a company to engage a third party who pays bribes in connection with the company’s business. Additionally, it is an offense under US Export Laws for a company to engage a third party who violates export laws. In short, GitLab can be held criminally and civilly liable for the bad acts of its partners.

Therefore, the Anti-Bribery, Anti-Corruption and Export Policy applies not only to GitLab’s employees, but also to all resellers, agents, consultants, joint venture partners or other representatives who provide services directly related to obtaining, retaining or facilitating businesses or business opportunities for GitLab (“Partners”).

In order to minimize the risk relating to Anti-Bribery Law and Export Law violations from such third parties, due diligence will be conducted on GitLab Partners. Due diligence is the process of taking reasonable steps to satisfy legal requirements and ensure that there are no red flags associated with the respective Partner ("Due Diligence"). The manager of the relationship is responsible for ensuring that the Due Diligence is conducted.

For GitLab, Due Diligence is verification that the proper contract terms are in play with the appropriate parties and verification that no Red Flags are present prior to moving forward in a relationship. If a red flag is present, the matter should be escalated to Legal. Legal will make a recommendation on whether or not to pursue the relationship based on the circumstances. Legal, at its sole discretion, will document justification for its final disposition.

Red Flags include: A poor credit check; Presence of media reports or rumours relating to illegal payments, bribes, export violations, corruption or other criminal activity; Requesting an unusually high commission if an agent or if a reseller is requesting to be paid money; Partner requesting a cash payment or payment to a secret account; Partner requesting third parties to be added to a contract; Partner refuses to disclose owners or principals for purposes of a credit check; Partner attempts to negotiate around (or refuses to agree to) terms around penalties around corruption or violation of law; and/or A negative hit on Denied Party Screen. (Denied Party Screens are conducted by Legal or Compliance.)

Please contact Legal or Compliance with questions or concerns about this section.

Partner Code of Ethics

GitLab, Inc. and its respective affiliates, subsidiaries and divisions (“GitLab”) operate business in a responsible manner. At GitLab, the way we conduct business is as important as the relationships we have and the products and services we provide. Accordingly, GitLab will only do business with suppliers, contractors, resellers, agents and consultants (collectively herein referenced as “Partners”) that comply with applicable and controlling laws, rules, and regulations (collectively herein referenced as “applicable laws”) and at a minimum, with standards of business conduct consistent with those set forth in this Partner Code of Ethics (“Code”).

It is GitLab’s expectation that Partners, their employees, sub-suppliers and any other parties involved with the execution of GitLab work, similarly comply with the applicable laws and the standards set forth in this Code. GitLab expects the following, without limitation, including respecting the human rights of employees from all its Partners:

HUMAN RIGHTS AND LABOR STANDARDS

Forced Labor, Human Trafficking and Slavery Partner shall not use any form of forced labor including prison, indentured, bonded, military, slave or any other forms of forced labor. Partner shall not participate in the recruitment, transportation, transfer, harboring or receipt of any persons by means of threat, use of force, or any other forms of coercion, abduction, fraud, deception, abuse of power or position of vulnerability, or the giving or receiving of payments or benefits to achieve the consent of a person having control over another person for the purpose of exploitation. Partners shall not retain an employees’ government-issued identification, passports or work permits as a condition of employment and shall allow employees to resign from their positions at any time.

Child Labor Partner shall ensure that no underage labor has been used in the production or distribution of their goods or services. Employees must not be younger than the minimum employment age established by the respective country or local jurisdiction. In the event no minimum employment age is established, employees must not be younger than the age of compulsory education; or if no minimum age for compulsory education is established, employees should not be younger than age 14.

Working Hours Partner’s employee working hours must be in compliance with all applicable laws and regulations. Partners should encourage employees to receive at least one day off every seven days in compliance with all applicable laws.

Wages and Benefits Partners must have a system in place to verify and accurately record payroll, deductions and the hours worked by legally authorized employees. Partners must comply with all applicable wage and compensation requirements as defined under applicable labor laws for regular work, overtime, maximum hours, piece rates, and other elements of compensation and employee benefits.

Freedom of Association and Collective Bargaining Partner must adhere to applicable laws regarding the right to affiliate with lawful organizations without interference.

Nondiscrimination Employment by Partner shall be based solely on an individual’s ability and not personal characteristics. Partner shall maintain a workplace free of unlawful discrimination, which includes, but is not limited to, race, gender, sexual orientation, age, pregnancy, caste, disability, union membership, ethnicity, religious belief or any other factors protected by applicable law. Employees shall not be subject to verbal, physical, sexual or psychological abuse or any other form of mental or physical coercion and shall be treated with respect and dignity.

Conflict Minerals Partner shall abide by all regulations and laws relating to conflicts minerals and legal and sustainable sourcing.

HEALTH AND SAFETY

Partners shall provide safe and healthy working and housing environments (if Partner provides housing) to prevent accidents and injury to health. Partners shall minimize employee exposure to potential safety hazards by identifying, assessing and minimizing risks by developing and implementing plans and procedures.

ENVIRONMENT

Partners shall be sensitive to its impact on the environment (including but not limited to air emissions, water discharge, toxic substances and hazardous waste disposal) and local communities. Partner shall comply with the environmental laws and standards within its facilities. Partners must use care in handling hazardous materials or operating processes or equipment that use hazardous materials to prevent unplanned releases into the workplace or the environment.

ANTI-BRIBERY AND ANTI-CORRUPTION

Partners shall not engage in any form of corrupt practices including without limitation to, extortion, fraud, impersonation, false declarations, bribery, money laundering, supporting or involved with terrorist or organized crime organizations or activities. Partners shall not offer bribes, kickbacks, illegal political contributions or other improper payments to GitLab representative or agency, any customer, government official or third party, with the intention of obtaining or retaining a business or other improper advantage. Partners must have a written anti-corruption / anti-bribery policy that includes an annual review with its employees of such policy.

PRIVACY AND SECURITY

Partners shall ensure that there are appropriate administrative, technological, physical and technical controls in place to ensure the protection and security of any data subject subject to laws and regulations. Partners will execute any necessary agreement relating to the handling of data and will notify GitLab of any known or suspected vulnerabilities that may compromise individuals subject to the relationship with GitLab.

COMPLIANCE

If a Partner’s efforts to comply with this Code have been deficient and Partner fails to cooperate in developing and implementing reasonable remedial steps, GitLab reserves the right to take appropriate actions up to, and including, discontinuing the relationship with Partner. Nothing in this Code is intended to, in any way, grant any additional rights or expectations to a GitLab Partner or, in any way, modify or otherwise limit any of GitLab’s contractual or legal rights.

No matter where we operate around the world, we are steadfast in our dedication to service and integrity. Strong partnerships are a cornerstone of GitLab’s business and a vital link in setting and achieving expectations for ethical sourcing and corporate social responsibility. At GitLab, the way we conduct business is as important as the people with whom we conduct business. services we provide.

Commitment to Non-Retaliation

Any employee or contractor who reports a violation will be treated with dignity and respect and will not be subjected to any form of discipline or retaliation for reporting in good faith. Retaliation against anyone who provides information or otherwise assists in an investigation or proceeding will be treated as a violation of this Code.

Open Door Policy

We encourage maximum communication between team members at all levels of the organization. This is an important part of our culture. Whenever problems or concerns arise, it is expected that they will be addressed as quickly as possible. Your immediate manager is the person on the management team who is closest to you and your work. When you need help or have questions, complaints, problems or suggestions, please contact your manager first. It is your manager's responsibility to assist you - so please ask, and be willing to work the issue out with your manager. They are interested in your success, the success of every team member in their department, and the overall success of GitLab.

If your manager cannot help you or answer your questions, your questions will be referred to someone who can. If you feel your particular question, concern or suggestion cannot be discussed with your manager, you are encouraged to contact your manager's manager, your assigned People Business Partner, the Chief People Officer or the CEO. It is important to remember that a team member who takes these steps will not be reproached. You can expect to be treated fairly and with respect.

Discrimination

Having a diverse workforce, made up of team members who bring a wide variety of skills, abilities, experiences and perspectives, is essential to our success. We are committed to the principles of equal opportunity, inclusion, and respect. All employment-related decisions must be based on company needs, job requirements, and individual qualifications. Always take full advantage of what our team members have to offer; listen and be inclusive.

• We do not tolerate discrimination against anyone, including team members, customers, business partners, or other stakeholders, on the basis of race, color, religion, national origin, sex (including pregnancy), age, disability, HIV status, sexual orientation, gender identity, marital status, past or present military service, or any other status protected by the laws or regulations in the locations where we operate.
• We comply with laws regarding employment of immigrants and non-citizens and provide equal employment opportunity to everyone who is legally authorized to work in the applicable country.
• We provide reasonable accommodations to individuals with disabilities and remove any artificial barriers to success.

Report suspected discrimination right away and never retaliate against anyone who raises a good faith belief that unlawful discrimination has occurred. Employees and contractors should refer to the GitLab Anti-Harassment Policy for more information.

Harassment

Every employee or contractor has a right to a work environment free from harassment, regardless of whether the harasser is a co-worker, supervisor, manager, customer, vendor, or visitor. Please refer to the GitLab Anti-Harassment Policy for more information. As is the case with any violation of the Code, you have a responsibility to report any harassing behavior or condition, whether you are directly involved or just a witness.

Personal Hygiene

When attending Contribute or any conference, public meeting, customer meeting or meet-up, kindly keep in mind you are representing GitLab. Personal hygiene and hygiene in general helps to maintain health and prevent the spread of diseases and various other illnesses. We motivate everyone to maintain cleanliness. For more information about our Contribute Code of Conduct, read more here.

Social Responsibility

We pride ourselves on being a company that operates with integrity, makes good choices, and does the right thing in every aspect of our business. We will continually challenge ourselves to define what being a responsible company means to us, and work to translate our definition into behavior and improvements at GitLab. We seek to align our social and environmental efforts with our business goals and continue to develop both qualitative and quantitative metrics to assess our progress.

Substance Abuse

GitLab strives to maintain a workplace that is free from illegal use, possession, sale, or distribution of alcohol or controlled substances. Legal or illegal substances shall not be used in a manner that impairs a person’s performance of assigned tasks. This will help to maintain the efficient and effective operation of the business, and to ensure customers receive the proper service. GitLab team members must also adhere to the local laws of where they reside and where they travel to, including the GitLab Contribute.

Employee Information Privacy

GitLab respects the confidentiality of the personal information of employees and contractors. This includes employee and contractor medical and personnel records. All team member records are kept in BambooHR. Team members have self service access to their profile. Where available, documents and information are shared with the team member within the platform. If a team member would like to view their entire profile from the admin view, please schedule a call with People Operations Specialists to walk through a screen share or request screenshots to be sent to your personal email address. Access to personal information is only authorized when there is a legitimate and lawful reason, and access is only granted to appropriate personnel. Requests for confidential employee or contractor information from anyone outside our company under any circumstances must be approved in accordance with applicable laws. It is important to remember, however, that employees and contractors should have no expectation of privacy with regard to normal workplace communication on any personal property used for GitLab business.

If there is no requirement within someone's job description to be public-facing, then team members can opt-out of any public exposure. Team members can opt-out of being added to the team page or what content about them is shown on the team page and can use either only their initials or an alias if desired. Since GitLab publishes much of our content, including video calls and meetings, the only way to ensure no unwanted exposure from these videos is to have video turned off and initials or an alias added to the Zoom profile name whenever a call is being recorded. Zoom shows whether a call is being recorded at the top right of the video screen, and team members are always encouraged to ask if a video will be shared or not. For any GitLab livestreams through YouTube, a team member can watch and comment through YouTube instead of through the internal video call. Any questions can be sent directly to our People Business Partners or CPO.

Proprietary and Confidential Information

In carrying out GitLab’s business, team members often learn confidential or proprietary information about our company, its customers, prospective customers, or other third parties. Team members must maintain the confidentiality of all information entrusted to them, except when disclosure is authorized or legally mandated.

Confidential or proprietary information includes:

• Any non-public information concerning GitLab, including its businesses, team members, financial performance, results or prospects
• Any non-public information of a third party in GitLab's possession and under GitLab's protection
  • With the expectation that the information will be kept confidential and used solely for the business purpose for which it was conveyed and accessed solely by those who have a need to access the information in fulfilling that purpose

GitLab’s confidentiality provisions can be found in the employee and contractor templates, but these may vary from what you agreed to at the time of your contract. For specific information about your obligations regarding confidentiality, please reference your contract.

In addition to confidentiality obligations owed to third parties, we also have obligations to protect the personal and sensitive information of our fellow team members. Therefore, you may not access and/or disseminate any team member's personal information (i.e. address, personal phone number, salary, etc.) that the team member has not made publicly available, unless the team member has provided written permission to share the information. An exception to this restriction would be when access is a necessary function of your job duties. A violation of this obligation is considered severe and could result in disciplinary action, up to and including termination.