Supplier code of conduct
ESG and ethical requirements that all Corp-Merch.IT Italy suppliers must meet — labour, environment, anti-corruption, transparency.
Pillars of the code
Our code rests on four pillars: (1) Labour — no forced labour, no child labour, freedom of association, working-time compliance, fair wages at least at local statutory minimum. (2) Health and safety — building safety, PPE, accident reporting, training. (3) Environment — permits, water and energy efficiency, hazardous chemicals management, REACH compliance. (4) Ethics — anti-corruption, conflict-of-interest, fair competition, accurate record-keeping, conflict-minerals avoidance.
Audit, escalation and termination
All tier-1 suppliers sign the code. Within 12 months of onboarding they must hold a Sedex SMETA 4-pillar, BSCI, SA8000 or equivalent third-party social audit. Non-conformances are categorised: minor (90-day remediation), major (30-day plus management review), critical (immediate suspension; pattern of critical means termination). We conduct unannounced audits via certified auditors on 5-10% of partners per year, weighted by spend and risk.
National-law anchors
The code references the ILO Core Conventions, the OECD Guidelines for Multinational Enterprises, and the UN Guiding Principles on Business and Human Rights. National anchors include the Italy labour code, REACH (EC 1907/2006), the EU Conflict Minerals Regulation 2017/821 and the German LkSG / EU CSDDD where our group entities trigger scope. The Garante per la protezione dei dati personali (Italian DPA) oversees personal-data aspects of audits performed in Italy.
FAQ
Does the code apply to tier-2?
Tier-1 must cascade the relevant requirements to their own suppliers and remain accountable. We audit tier-2 only on risk-flagged categories (e.g., dyeing, electronics assembly).
Who pays for the social audit?
The supplier pays for their first audit (industry standard). We share audit databases (Sedex) to avoid duplication where the supplier already has a current report.
What is the conflict-minerals policy?
We require RMI-compliant smelter lists for any 3TG-containing electronics or hardware. No tantalum from CAHRA-listed origins.
How do I report a violation?
Confidential email to [email protected] or via our SpeakUp portal in 22 languages. Retaliation is prohibited and itself a critical non-conformance.
Do you publish the code?
Yes — full text and translations are on our trust page; we share signed copies with customers under NDA.