Supplier Code of Conduct

1. Introduction

1.1 Purpose

Thornhill Medical is committed to sourcing goods and services from Suppliers who respect ethics, labour and human rights, health and safety, and the environment, and who have responsible policies, practices, and management systems in place. Thornhill Medical expects Suppliers to act with honesty and integrity, and to operate in a manner that is consistent with these values and in compliance with applicable laws and regulations, serving as a foundation for mutually beneficial and responsible business relationships.

1.2 Application

Thornhill Medical’s Supplier Code of Conduct (“the Code”) sets out the principles, standards and expectations that Suppliers and service providers, including their owners, employees, workers, agents, distributors, partners, representatives, intermediaries, contractors, subcontractors, consultants and other similar entities (each, a “Supplier”) must comply with when conducting business with, or providing goods and services to, or acting on behalf of Thornhill Medical. This Code is in no way intended to conflict with or modify the terms and conditions of any existing contract. In the event of a conflict, Suppliers must first adhere to applicable laws and regulations, then any contract terms, followed by this Code. If local law is not as strict as this Code, we require Suppliers to comply with this Code.

1.3 Consequences for Violating this Code

In the event of a violation of any of the expectations in this Code, Thornhill Medical may pursue corrective action to remedy the situation. In the case of a violation of law or regulation, Thornhill Medical may be required to report those violations to the proper authorities. Thornhill Medical reserves the right to terminate its relationship with any Supplier under the terms of an existing relevant contract.

2. Ethical Business Practices

2.1 Integrity

Suppliers must act with integrity, honesty, and transparency in all their business activities. They should promote fair competition and avoid engaging in anti-competitive practices, collusion, or unethical business relationships. Suppliers should maintain timely, accurate and complete financial records and comply with relevant accounting and reporting standards.

2.2 Trade Regulation, Anti-Bribery and Anti-Corruption

Suppliers must comply with all applicable international trade export control, economic sanctions or embargo laws, and customs laws and regulations. Suppliers must not offer, give, or receive bribes, kickbacks, or any form of illegal payments to any individual or entity. They must also comply with applicable anti-corruption, anti-money laundering and anti-boycott laws and regulations of the countries in which they operate. Suppliers should establish internal controls and procedures to prevent and detect bribery and corruption, and provide regular and relevant training to their employees on these matters.

2.3 Government Contracting

Suppliers must comply with the specific rules that apply to contracting with the Canadian, U.S. and other governments. These include rules for: competing fairly; honouring restrictions applying to government employees and officials, including those related to gifts, hospitality and offers of employment; delivering products and services that conform to specifications, laws and regulations; adhering to government accounting and pricing requirements; ensuring the accuracy of data submitted; and promptly reporting any suspected violations of the Code, law, or regulations.

2.4 Conflicts of Interest

Suppliers must disclose any potential or actual conflicts of interest that may arise during their engagement with Thornhill Medical. They should avoid situations that compromise their objectivity or create a bias in decision-making. Suppliers should establish policies and procedures to identify and manage conflicts of interest and ensure fair and transparent decision-making processes.

2.5 Gifts and other benefits

Suppliers must not offer or provide gifts, favours, or benefits that are excessive, extravagant, or could be perceived as an attempt to improperly gain advantage, receive preferential treatment or influence business decisions. Suppliers may be required to disclose any gifts or benefits they intend to provide to company employees and should seek appropriate approval in advance. Suppliers must comply with all laws and regulations prohibiting or restricting illegal or improper payments, gifts, favours, or other benefits to domestic and foreign government officials.

3. Labour and Human Rights

3.1 Fair Treatment of Workers

Suppliers must treat their workers with dignity, respect, and fairness. They should provide a safe and healthy work environment, fair wages, reasonable working hours, and appropriate benefits in alignment with local laws and regulations. Suppliers should establish policies and practices that promote a positive work culture and prevent harassment, discrimination, and any form of abuse.

3.2 Prohibition of Child Labour, Forced Labour and Human Trafficking

Suppliers must not employ any person below the legal working age or engage in any form of forced labour, including slavery or human trafficking. They should verify the age of their workers and ensure they have freely chosen their employment. Suppliers should have strong recruitment processes and mechanisms in place to detect and prevent child labour and forced labour within their operations and supply chains.

3.3 Freedom of Association

Suppliers should respect the rights of their workers to associate freely, join or form trade unions, and engage in collective bargaining as permitted by local laws and regulations. They should not hinder or interfere with workers’ rights to unionize or engage in collective bargaining. Suppliers should establish mechanisms for effective communication and engagement with workers and their representatives.

3.4 Non-discrimination

Suppliers must not discriminate against workers based on factors such as race, color, gender, religion, age, disability, sexual orientation, or any other protected characteristic. Equal opportunities and fair treatment should be provided to all employees, including in areas of recruitment, hiring, promotions, training, and termination.

4. Health and Safety

4.1 Occupational Health and Safety

Suppliers must provide a safe and healthy work environment that complies with applicable health and safety laws and regulations. They should assess and manage occupational health and safety risks, implement control measures to prevent accidents and injuries, and regularly monitor and review their health and safety performance. Suppliers should provide workers with appropriate training, information, and supervision to ensure their health and safety.

4.2 Hazardous Substances

Suppliers should identify and manage hazardous substances used in their operations in compliance with relevant regulations. Proper handling, storage, transportation, and disposal methods must be followed to minimize environmental and health risks. Suppliers should provide workers with the necessary information, training, and protective measures to mitigate risks associated with hazardous substances. Suppliers should implement procedures to monitor and control exposure to and disposal of hazardous substances.

5. Environmental Sustainability

5.1 Environmental Compliance

Suppliers must comply with all applicable environmental laws, regulations, and standards. They should obtain necessary permits and licenses for their operations and ensure proper reporting to relevant authorities. Suppliers should monitor changes in environmental regulations and adjust their practices accordingly. They should establish environmental management systems to drive continuous improvement and to monitor and mitigate environmental impacts.

6. Supply Chain Management

6.1 Transparency and Traceability

Suppliers must provide accurate and transparent information about their business operations, including their supply chain structure, subcontracting practices, and sourcing of materials and components upon request. They should disclose any potential risks and social or environmental impacts associated with their supply chain. Suppliers should establish processes to identify and assess potential risks within their supply chain and take appropriate actions to address them. Thornhill Medical reserves the right to request that Suppliers disclose information pertaining to the geographical location of facilities that produce any component of an item purchased from a Supplier.

6.2 Counterfeits and Responsible Sourcing

Suppliers should strive to source materials, products, and services in a responsible and sustainable manner. They must implement adequate means to minimize the risk of using counterfeit or conflict parts or materials in their products. Suppliers are responsible for monitoring the source of raw materials used in their products. Suppliers must undertake not to use products that contain raw materials derived from human rights violations, bribery, and unethical activities.

6.3 Quality

Any goods supplied shall be without defects and of an appropriately high standard of design, quality, material and workmanship, and shall conform in all respects with all specifications provided to the Supplier. Any services supplied shall be provided by appropriately qualified and trained personnel, with due care and diligence, to such high standard of quality as is reasonable to expect in all the circumstances and shall conform in all respects with any order. Suppliers are expected to have effective processes in place to identify defects and implement corrective actions.

6.4 Subcontractors and Third-Party Suppliers

Suppliers are responsible for ensuring that their subcontractors and third-party Suppliers perform to the same standards outlined in this Code. They should communicate these expectations and monitor compliance accordingly. Suppliers should assess and manage risks associated with subcontractors and third-party Suppliers and establish processes to verify compliance through audits, assessments, and contractual agreements.

6.5 Publicity and Communications

Thornhill Medical does not allow Suppliers to use its name or logo in any public display, document, statement or media release without written approval in advance. Without such approval, Suppliers may not disclose their relationship with Thornhill Medical products, parts, designs or any non-public information in any public venues, including but not limited to press releases, websites, social media, trade shows and Suppliers’ facilities.

7. Legal and Regulatory Compliance

7.1 Compliance with Laws and Regulations

Suppliers must comply with all applicable laws, regulations, rules and industry standards in the countries where they operate. This includes, but is not limited to, compliance related to labour, health and safety, environment, product safety, data protection, competition and anti-trust, tax and duty, and financial crimes. Suppliers should stay updated on changes in relevant laws and regulations and adjust their practices accordingly. They should establish processes to ensure ongoing compliance and provide regular training to their employees on legal and regulatory requirements.

7.2 Intellectual and Physical Property Rights

Suppliers must respect intellectual property rights and should not use any unauthorized copyrighted materials, patents, trademarks, or trade secrets belonging to others without proper authorization. Suppliers should establish processes to identify and protect intellectual property rights and ensure that their products and services do not infringe upon the intellectual property rights of others. Suppliers are expected to protect any Thornhill Medical physical assets that have been entrusted to them against unauthorized access, loss, damage, theft and misuse, and to only use them in a mutually agreed upon manner.

7.3 Confidential Information

Suppliers in possession of confidential and/or undisclosed material non-public information about Thornhill Medical or its customers are expected to implement policies, procedures and measures to protect such information from inappropriate access and disclosure in a manner that meets applicable legal and regulatory requirements.

7.4 Privacy and Information Security

Suppliers must protect Thornhill Medical’s information, including but not limited to customer and personal information, in accordance with their contractual obligations and applicable laws and best practices. Information should be collected, used and disclosed strictly for the agreed to purposes and protected through all stages of the information lifecycle; information should only be used for the purposes defined in the contract with Thornhill Medical over the course of the relationship. Suppliers are expected to maintain information security programs designed to mitigate cybersecurity risks and adequately protect their information systems from unauthorized access, destruction, use, modification and disclosure.

7.5 Ethical Use of Artificial Intelligence

Thornhill Medical expects its Suppliers to use and interact with artificial intelligence in a responsible manner. Suppliers are expected to review and support the Government of Canada Artificial Intelligence Guiding Principles and the United States Department of Defense Ethical Artificial Intelligence Principles when developing or using artificial intelligence solutions on Thornhill Medical’s behalf.

8. Reporting and Auditing

8.1 Records and Documentation

Suppliers should maintain accurate records and documentation related to their operations, including but not limited to, financial and employment records, quality management, regulatory compliance, permits, licenses, and certifications. These records should be made available for review upon request. Suppliers should establish document control procedures to ensure the accuracy, integrity, and confidentiality of records.

8.2 Audits and Assessments

Suppliers may be subject to periodic audits or assessments to evaluate their compliance with this Code. These audits may be conducted by internal or external parties designated by Thornhill Medical. The purpose of these audits is to confirm compliance, address any concerns, and drive continuous improvement. Suppliers should cooperate with audit requests and provide access to relevant facilities, documents, and personnel.

8.3 Monitoring and Compliance

Suppliers are expected to adhere and comply with this Code and must maintain all information and management systems necessary to document such compliance with this Code, applicable laws, and their contractual obligations with Thornhill Medical, and provide such evidence to Thornhill Medical upon reasonable request. Suppliers are expected to report and promptly take corrective action to address identified deficiencies. Failure to comply with this Code may result in termination of a Supplier’s relationship with Thornhill Medical.

8.4 Reporting Violations or Concerns

Suppliers should establish mechanisms for their employees and stakeholders to report any violations of this Code or raise concerns and grievances regarding ethical, social, or environmental issues without fear of retaliation. Confidential protection should be ensured, and appropriate actions should be taken to address reported issues promptly and responsibly. Suppliers should establish procedures for investigating and addressing reported violations and complaints in a fair, confidential, and timely manner.

Last Updated: July 16, 2025