About

This section contains the list of Policies that guide The IO Foundation as an organization in order to achieve its Mission and realize its Vision.

Guiding values

The IO Foundation’s policy framework is a tapestry woven with the threads of European Enlightenment, a period marked by the burgeoning of reason, individualism and a pursuit for knowledge. Our policies are constructed upon a foundation of timeless values that have been pivotal in shaping modern societies.

These cornerstone values underpin our commitment to devising solutions that are effective and human-centric as much as technically robust and anchored in the bedrock of objective reality.

Policies

The following is a list of the existing policies guiding The IO Foundation. Each policy is described in its own separate document.

Additional scopes

The IO Foundation operates as a global network, guided by a cohesive framework of policies designed to uphold our standards, mission and vision across all regions in which we operate. These policies serve as the backbone of our governance, ensuring consistency, accountability and integrity throughout the organization.

Taking into account that the international landscape is complex, with various jurisdictions imposing their own legal and regulatory requirements, there are circumstances where our policies might require adaptations with local regulations. As a result, specific policies may partially be overridden or modified in order to achieve compliance with the applicable laws and regulations.

The IO Foundation is dedicated to not only maintaining compliance but also to providing a clear understanding of how its policies apply within different legal contexts. Whenever such customizations may be necessary, they will be clearly documented. These exceptions will be noted directly within the text of the corresponding organization's policy documents.

Implementation

TIOF's Policies are implemented through corresponding Handbooks, which are referenced in their text.

Future improvements

The IO Foundation is committed to implement the following improvements on its policies:

• Optimizing them to be reusable by other organizations

• Expanding their documentation with process-driven diagrams

• Making them machine-readable

About

The DHATHAM v0.5 House Rule, which is an evolution from the CHATHAM House Rule in response to the new digital realities, stipulates:

In other words, be considerate and ask for permission before capturing a digital representation of others or posting about them on social media or any other digital medium.

Participate

The Dhatam House Rule is a live statement that is open for adaptation and improvements.

To participate in the next iteration of the rule, check the Dhatam House Rule live discussion.

Scope

This Code of Conduct applies to:

• All TIOF Members

• All TIOF Contributors

It also applies within all TIOF spaces, including (although not limited to) management activities, project contributions or events as well as when representing the TIOF in public spaces.

Examples of representing our community include (although not limited to) using an official e-mail address, posting via an official social media account or acting as an appointed representative at an event.

Our Personal Pledge

We as members and contributors, pledge to make the participation in our community a harassment-free experience for everyone, regardless of any personal characteristic dimension that essentially amplifies differences among people instead of embracing their similarities.

By participating in this activity, we pledge to act and interact in ways that contribute to an open, welcoming and healthy community.

We likewise pledge to strive to achieve TIOF's mission and vision by embracing its values, which will inform our decisions at all times. Finally, we will be observant of the Dhatham House Rule in all of our digital interactions.

The Organization's Pledge

As an international organization that heavily relies in the free exchange of ideas, we pledge that:

• We will never discipline or fire employees, dismiss volunteers or any other member associated with TIOF on the basis of pressure from online activism or other shapes of public & private pressure and/or shaming. We respect and adhere to both the principles of intent and of presumption of innocence and will always proceed with due diligence to investigate and resolve conflict under the framework provided by the Law.

• We have no interest in our members' political opinions and how they choose to express themselves outside the workplace is by no means up to TIOF to judge or act upon.

• We will not probe into our members' thoughts with “unconscious bias training” (or any such similar initiatives) or force them to undertake workshops that presuppose the existence of “systemic injustice” in any form or shape.

• TIOF will always circumscribe its statements and work strictly towards advancing its Data-Centric Digital Rights advocacy, unburdened by fealty to any other causes, political or ideological, or claims to promote certain “values”. Our sole aim is to make a positive impact to promote better and safer technology under the guidance of the DCDR Principles.

• While we won't engage and waste time and resources in such public debates, we will not tolerate the public shaming of either members or contributors should they cause offense (even perceived), either through a joke or poor phrasing, and will instead seek to resolve internally the disputes that naturally occur when human beings work together. We recognize that absolutely everyone is a person in constant evolution and change and therefore care about intentions just as much as consequences.

Our Standards

Examples of behavior that contributes to a positive environment for our community include:

• Acting rationally

• Demonstrating empathy and kindness towards other people

• Being respectful of differing opinions, viewpoints and experiences

• Giving and gracefully accepting constructive feedback

• Accepting responsibility and apologizing to those affected by our mistakes and learning from the experience

• Refusing to weaponize others' mistakes

• Focusing on what is best, not just for us as individuals but for the overall community and project

Examples of unacceptable behavior include:

• The use of sexualized language or imagery and sexual attention or advances of any kind

  Note: There is nothing wrong with the above, there are simply other places for it

• Trolling, insulting or otherwise derogatory comments and personal or political attacks

• Public or private harassment

• Publishing others' private information, such as (although not limited to) a physical or email address, without their explicit permission

  Please refer the Dhatham House Rule.

• Other conduct which could reasonably be considered inappropriate in a professional setting

Enforcement Responsibilities

TIOF leaders are responsible for clarifying and enforcing the standards of acceptable behavior described in this Code of Conduct and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive or otherwise harmful.

TIOF leaders have the right and responsibility to remove, edit or reject comments, commits, code, issues and other contributions that are not aligned to this Code of Conduct and will communicate reasons for those moderations when appropriate.

Enforcement

Instances of abusive, harassing or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at Contact@TheIOFoundation.org. All complaints will be reviewed and investigated promptly and fairly.

All members are obligated to respect the privacy and security of the all the parties involved in any incident.

Enforcement Guidelines

TIOF leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:

1. Correction

Impact: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.

Consequence: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested and/or required.

2. Warning

Impact: A violation through a single incident or series of actions.

Consequence: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in TIOF spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.

3. Temporary Ban

Impact: A serious violation of community standards, including sustained inappropriate behavior.

Consequence: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.

4. Permanent Ban

Impact: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.

Consequence: A permanent ban from any sort of public interaction within the community.

Attributions

This Code of Conduct is adapted from the Contributor Covenant, version 2.0.

Other sources of inspiration are:

• Suggested pledge for business owners by Andrew Doyle

Introduction

Definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.

For a structure of The IO Foundation, please visit

• The IO Foundation's Organizational Chart

• The IO Foundation's Organizational Taxonomy

About this document

This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-corruption and Anti-bribery that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.

Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.

Scope

This document directly applies to:

• All TIOF Members

This document indirectly applies to:

• All TIOF Contributors

The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.

This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.

Policy details

Anti corruption and Anti bribery statement

What is bribery?

"Bribe" means a financial or other inducement or reward for action which is illegal, unethical, a breach of trust or improper in any way. Bribes can take the form of (although not limited to) money, gifts, loans, fees, hospitality, services, discounts, the award of a contract or any other advantage or benefit.

"Bribery" includes offering, promising, giving, accepting or seeking a bribe.

If you are unsure about whether a particular act constitutes bribery, raise it with your corresponding Team Human Resources Coordinator.

Specifically, you must not:

• give or offer any payment, gift, hospitality or other benefit in the expectation that a transaction advantage will be received in return or to reward any support received;

• accept any offer from a third party that you know or suspect is made with the expectation that we will provide a transaction advantage for them or anyone else;

• give or offer any payment (sometimes called a facilitation payment) to a government official in any country to facilitate or speed up a routine or necessary procedure.

Gifts and hospitality

This Policy does not prohibit the giving or accepting of reasonable and appropriate hospitality for legitimate purposes such as building relationships, maintaining our image or reputation or marketing our advocacy, initiatives and services.

A gift or hospitality will not be appropriate if it is unduly lavish or extravagant, or could be seen as an inducement or reward for any preferential treatment (for example, during contractual negotiations or a tender process). All such tokens of appreciation are to be notified to your corresponding Team Human Resources Coordinator.

Gifts must be of an appropriate type and value depending on the circumstances and taking account of the reason for the gift. Gifts must not include cash or cash equivalent (such as vouchers) and in any case be given in secret.

Promotional gifts of low value such as branded stationery may be given to or accepted from existing contributors, suppliers and partners.

Record-keeping

You must declare and keep a written record of all hospitality or gifts given or received. You must also submit all expenses claims relating to hospitality, gifts or payments to third parties in accordance with our Financial procedures and record the reason for expenditure.

All accounts, invoices and other records relating to dealings with third parties including suppliers and customers should be prepared with strict accuracy and completeness.

How to raise a concern

If you are offered a bribe, or are asked to make one, or if you suspect that any bribery, corruption or other breach of this policy has occurred or may occur, you must report it in accordance with our Whistleblowing Policy as soon as possible.

Conduct outside of Work

We do not seek to interfere with the personal lives or conduct of our Members. However, some times certain conducts outside of work can interfere with our legitimate advocacy and/or initiatives' interests.

You are expected to conduct your personal affairs in a manner that doesn't adversely affect the integrity, reputation or credibility of yourself and/or The IO Foundation.

Illegal or immoral conduct outside of work by any Member that adversely affects our legitimate advocacy and/or business interests, or other TIOF Member's ability to perform their responsibilities, will not be tolerated.

Introduction

Definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.

For a structure of The IO Foundation, please visit

• The IO Foundation's Organizational Chart

• The IO Foundation's Organizational Taxonomy

About this document

This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Anti-harassment and Anti-bullying that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.

This Policy covers harassment or bullying which occurs in or out of TIOF Spaces, including at TIOF-related events or social functions. It covers bullying and harassment by TIOF Members and also by Contributors, such as customers, suppliers or visitors to our premises.

Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.

Scope

This document directly applies to:

• All TIOF Members

This document indirectly applies to:

• All TIOF Contributors

The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.

This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.

Policy details

Anti harassment and Anti bullying statement

What is harassment?

Harassment is any unwanted physical, verbal or non-verbal conduct that has the purpose of violating a person's dignity or creating an intimidating, hostile, degrading, humiliating or otherwise offensive environment for them. A single incident can amount to harassment.

Harassment also includes treating someone less favorably because they have submitted or refused to submit to such behavior in the past.

Unlawful harassment may involve conduct of a sexual nature (sexual harassment) or may be related to any given personal, immutable characteristic dimension.

Harassment may include, for example:

• Unwanted physical conduct or "horseplay", including assault, touching, pinching, pushing, grabbing and intentionally blocking normal movement or interfering with work;

• unwelcomed sexual advances, suggestive behavior or invitations;

• offensive e-mails, text messages or otherwise content;

• mocking, mimicking or belittling a person's disability;

• visual displays such as derogatory or sexually-oriented imagery, photography, cartoons, drawings or gestures.

What is bullying?

Bullying is purposely offensive, intimidating, malicious or insulting behavior involving the misuse of power that can make a person feel vulnerable, upset, humiliated, undermined or threatened. Power does not always mean being in a position of authority, it can include both personal strength and the power to coerce through fear or intimidation as well as the ability to reassign resources at will.

Bullying can take the form of physical, verbal and non-verbal conduct.

Bullying may include, by way of example:

• physical or psychological threats;

• overbearing and intimidating levels of supervision;

• inappropriate derogatory remarks about someone's performance.

If you are being harassed or bullied

If you are being harassed or bullied, consider whether you feel able to raise the problem informally with the person responsible. You should explain clearly to them that their behavior is not welcome or makes you uncomfortable. If this is too difficult or embarrassing, we encourage you to reach out to your respect Team Human Resources Manager, who can and will provide confidential advice and assistance in resolving the issue either formally or informally.

If informal steps are not possible or appropriate, or have not been successful, you should raise the matter formally under our Grievance Procedures. The complain will be investigated in a timely and confidential manner and will be conducted by someone with appropriate experience and no prior involvement in the complaint, where possible.

We will consider whether any steps are necessary to manage any ongoing relationship between you and the person accused during the investigation.

Once the investigation is complete, we will inform you of our decision. If we consider you have been harassed or bullied by an employee the matter will be dealt with under the Disciplinary Procedures as a case of possible misconduct or gross misconduct. If the perpetrator is a Contributor or any other third party, we will consider what action would be appropriate to deal with the problem.

Whether or not your complaint is upheld, we will consider how best to manage any ongoing working relationship between all the parties concerned.

Protection and support for those involved

Members who make complaints or who participate in good faith in any investigation must not suffer any form of retaliation or victimization as a result.

False accusations

Should the investigation conclude that the accusation was false, the matter will be dealt with under the Disciplinary Procedures as a case of possible misconduct or gross misconduct.

Record-keeping

Information about a complaint by or about a Member may be placed on the Member's personnel file, along with a record of the outcome and of any notes or other documents compiled during the process.

These will be processed in accordance with The IO Foundation's Personal Privacy and Data Protection Policy.

Introduction

Definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.

For a structure of The IO Foundation, please visit

• The IO Foundation's Organizational Chart

• The IO Foundation's Organizational Taxonomy

About this document

This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Antiterrorism that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.

Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.

Scope

This document directly applies to:

• All TIOF Members

This document indirectly applies to:

• All TIOF Contributors

The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.

This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.

Policy details

Definitions

• Terrorism: The unlawful use of violence and intimidation, especially against civilians, to achieve political or ideological objectives.

• Terrorist Activity: Any act that is intended to intimidate or coerce a civilian population or to influence the policy of a government.

Antiterrorism statement

Implementation process

The IO Foundation will actively observe this policy in all of its processes, with particular attention to funding sources. Among others, the organization will undertake:

• Risk Assessments: Regularly conducting assessments to identify potential risks related to terrorism and take appropriate actions to mitigate those risks.

• Due Diligence: Implement thorough vetting processes for funding sources, partners, contractors and beneficiaries to ensure they do not have ties to terrorist organizations or activities.

• Training and Awareness: Provide training for employees on recognizing and reporting suspicious activities related to terrorism.

• Reporting Obligations: Establish clear organizational procedures for reporting any suspected terrorist activities or associations to the appropriate authorities.

• Monitoring and Compliance: Regularly monitor operations and partnerships to ensure compliance with this policy and applicable regulations.

Additional considerations

The IO Foundation will carefully analyze, be mindful of and comply with:

• Specific funder's considerations, requirements or otherwise limitations

• All relevant antiterrorism laws and regulations specific to the jurisdictions in which it operates

Introduction

Definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.

For a structure of The IO Foundation, please visit

• The IO Foundation's Organizational Chart

• The IO Foundation's Organizational Taxonomy

About this document

This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Children Protection that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.

This Policy sets out TIOF's approach to the necessary steps to ensure proper and reliable protection of our most vulnerable citizens: children.

Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. In particular, failure to protect a whistleblower or interfere with any such related ongoing investigation will be treated as misconduct under our Disciplinary Procedures. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.

Scope

This document directly applies to:

• All TIOF Members

This document indirectly applies to:

• All TIOF Contributors

The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.

This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.

Policy details

Children Protection statement

Definitions

• Child: Any underage individual, in accordance with applicable laws.

• Child Protection: Measures taken to prevent and respond to abuse, exploitation, neglect and violence against children.

• Abuse: Physical, emotional, sexual harm or neglect that endangers a child’s well-being.

• Exploitation: The use of a child for someone else’s advantage or benefit in an unfair, unlawful or otherwise harmful manner.

• Neglect: The failure to provide for a child’s basic physical, emotional or educational needs.

Core Principles

The IO Foundation is committed to the following principles in the protection of children:

• Best Interests of the Child: All decisions and actions affecting a child shall prioritize their best interests.

• Zero Tolerance for Abuse: Any form of abuse, exploitation or neglect of children is prohibited and will be met with immediate action, including immediate termination.

• Do No Harm: The organization's programs, activities and technologies are expected to prevent any harm to children, ensuring their safety, well-being and privacy.

• Confidentiality: Any personal information related to a child is handled with the highest level of confidentiality, in accordance with The IO Foundation's Personal Privacy and Data Protection policy and other applicable privacy laws.

Legal and Regulatory Compliance

The IO Foundation observers the most protective international and national regulations, including:

• United Nations Convention on the Rights of the Child (UNCRC): Ensuring that all children are treated with dignity and respect and that their rights are protected.

• GDPR (General Data Protection Regulation): In accordance with Article 8 of the GDPR, ensuring that processing of personal data of children is lawful and that children under 16 require parental consent in relevant jurisdictions.

• COPPA (Children’s Online Privacy Protection Act): Ensuring that no personal information is collected from children under 13 in the U.S. without verifiable parental consent.

• Local Child Protection Laws: We ensure compliance with child protection laws in every country the organization operates, including those specific to Estonia, Malaysia and the United States.

Child Safety Measures

The IO Foundation takes proactive steps to ensure the safety of all children interacting with the organization:

Screening and Recruitment

• Background Checks: All TIOF Members and TIOF Collaborators who work directly with children undergo rigorous background checks to identify any prior offenses or behaviors that could pose a risk to children.

• Interviews and Reference Checks: TIOF Member candidates are carefully vetted through interviews and reference checks to ensure they possess the character and skills necessary for working with children whenever necessary.

Behavioral Guidelines

All TIOF Members and TIOF Collaborators working with children are required to adhere to the following conduct guidelines when interacting with children:

• Respect Boundaries: Avoid any form of physical punishment, inappropriate physical contact or behavior that may harm or exploit a child.

• No Unsupervised Contact: TIOF Member or TIOF Collaborator should be alone with a child without parental or guardian permission, unless it is part of a clearly defined and supervised activity (for which permission needs be equally provided).

• Reporting Suspicious Behavior: Any suspicion or evidence of child abuse or exploitation must be immediately reported to the appropriate authority in accordance with the reporting procedures set forth in this policy.

Online Safety

Given that technology is central to our operations, the organization takes special precautions to ensure the safety of children online:

• Parental Consent for Online Interaction: For children under the applicable age of consent, the organization requires verifiable parental consent before collecting any personal information.

• Age-Appropriate Content: The organization ensures that any technology or content provided through its platforms is appropriate for children, including filters and warnings for sensitive material whenever applicable.

• Data Protection for Children: The organization follows strict guidelines to protect children's privacy online, ensuring that personal data is only collected and processed with appropriate legal bases and data is never shared without parental or guardian consent. For more information, please refer to The IO Foundation's Personal Privacy and Data Protection policy

Training and Awareness

To ensure the effective implementation of this policy, The IO Foundation provides training and resources to all TIOF Members or TIOF Collaborators whenever necessary:

• Child Protection Training: All individuals who work directly with children must complete mandatory child protection training. This includes recognizing signs of abuse, reporting procedures set forth in this policy and understanding their legal obligations.

• Technology-Specific Training: TIOF Members involved in designing or implementing digital services that will be directed to children receive specific training on online safety and child data protection requirements.

• Regular Refresher Courses: Periodic refresher training is provided to keep relevant TIOF Members or TIOF Collaborators up-to-date with the latest child protection protocols and legal requirements.

Reporting and Response Procedures

The IO Foundation takes all allegations or concerns regarding child abuse or exploitation seriously and has established clear procedures for reporting and responding to such concerns:

• Immediate Reporting: Any suspicion, allegation or evidence of abuse must be reported immediately to the Child Protection Officer (CPO) or the relevant designated safeguarding officer.

• Confidentiality in Reporting: Reports of suspected abuse or exploitation will be handled with strict confidentiality, with information only shared on a need-to-know basis to protect the child and comply with legal obligations.

• Mandatory Reporting to Authorities: The organization will report incidents to local law enforcement or child protection agencies without delay in accordance to applicable laws.

• Investigation: Internal investigations will be conducted in a timely and impartial manner by trained personnel to assess the validity of the report and take appropriate action.

Partner Organizations

Any TIOF Collaborator that working with The IO Foundation must adhere to this Children Protection Policy or demonstrate that they follow equally protective standards that shall be enforced through the applicable instruments such as contractual obligations.

Review and Accountability

The IO Foundation is committed to regularly reviewing and updating this policy to ensure that it reflects the latest laws, regulations, and best practices. The Children Protection Officer (CPO) is responsible for the overall implementation and enforcement of this policy by following measures whenever considered pertinent:

• Reviews: The policy will be reviewed and updated as necessary to ensure its effectiveness.

• Monitoring Compliance: Audits and spot checks shall be conducted to ensure adherence to this policy by all TIOF Members or TIOF Collaborators whenever applicable.

• Reporting to Governance Bodies: Reports on child protection issues and incidents will be made to the organization’s governance board to ensure accountability and transparency if ever occurring.

Contact Information

For any questions, concerns, or requests related to this policy or the processing of personal data, please contact The IO Foundation via email to: ChildrenProtection@TheIOFoundation.org

Introduction

Definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.

For a structure of The IO Foundation, please visit

• The IO Foundation's Organizational Chart

• The IO Foundation's Organizational Taxonomy

About this document

This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Conflicts of Interest that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.

Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.

Scope

This document directly applies to:

• All TIOF Members

This document indirectly applies to:

• All TIOF Contributors

The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.

This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.

Policy details

Conflict of Interest statement

Definitions

Interested Person

Any director, principal officer, or member of a committee with the board of director’s delegated powers, who has a direct or indirect financial interest, as defined below, is an interested person.

Financial Interest

A person has a financial interest if the person has, directly or indirectly, through business, investment, or family:

1. An ownership or investment interest in any entity with which the Organization has a transaction or arrangement;

2. compensation arrangement with the Organization or with any entity or individual with which the Organization has a transaction or arrangement; or

3. A potential ownership or investment interest in, or compensation arrangement with, any entity or individual with which the Organization is negotiating a transaction or arrangement.

Compensation includes direct and indirect remuneration as well as gifts or favors that are not insubstantial.

A financial interest is not necessarily a conflict of interest. Under Article III, Section 2, a person who has a financial interest may have a conflict of interest only if the board of directors or the appropriate governing committee decides that a conflict of interest exists.

Duty to Disclose

In connection with any actual or possible conflict of interest, an interested person must disclose the existence of the financial interest and be given the opportunity to disclose all material facts to the directors and members of committees with board of directors delegated powers considering the proposed transaction or arrangement.

Determining Whether a Conflict of Interest Exists

After disclosure of the financial interest and all material facts, and after any discussion with the interested person, he/she shall leave the board of directors or committee meeting while the determination of a conflict of interest is discussed and voted upon. The remaining board or committee members shall decide if a conflict of interest exists.

Procedures for Addressing the Conflict of Interest

1. An interested person may make a presentation at the board of directors or committee meeting, but after the presentation, he/she shall leave the meeting during the discussion of, and the vote on, the transaction or arrangement involving the possible conflict of interest.

2. The chairperson of the board of directors or committee shall, if appropriate, appoint a disinterested person or committee to investigate alternatives to the proposed transaction or arrangement.

3. After exercising due diligence, the board of directors or committee shall determine whether the Organization can obtain with reasonable efforts a more advantageous transaction or arrangement from a person or entity that would not give rise to a conflict of interest.

4. If a more advantageous transaction or arrangement is not reasonably possible under circumstances not producing a conflict of interest, the board of directors or committee shall determine by a majority vote of the disinterested directors whether the transaction or arrangement is in the Organization’s best interest, for its own benefit, and whether it is fair and reasonable. In conformity with the above determination, it shall make its decision as to whether to enter into the transaction or arrangement.

Violations of the Conflict of Interest Policy

1. If the board of directors or committee has reasonable cause to believe a member has failed to disclose actual or possible conflicts of interest, it shall inform the member of the basis for such belief and afford the member an opportunity to explain the alleged failure to disclose.

2. If, after hearing the member’s response and after making further investigation as warranted by the circumstances, the board of directors or committee determines the member has failed to disclose an actual or possible conflict of interest, it shall take appropriate disciplinary and corrective action.

Records of Proceedings

The minutes of the board of directors and all committees with board delegated powers shall contain:

1. The names of the persons who disclosed or otherwise were found to have a financial interest in connection with an actual or possible conflict of interest, the nature of the financial interest, any action taken to determine whether a conflict of interest was present, and the board of directors’ or committee’s decision as to whether a conflict of interest in fact existed.

2. The names of the persons who were present for discussions and votes relating to the transaction or arrangement, the content of the discussion, including any alternatives to the proposed transaction or arrangement, and a record of any votes taken in connection with the proceedings.

Compensation

1. A voting member of the board of directors who receives compensation, directly or indirectly, from the Organization for services is precluded from voting on matters pertaining to that member’s compensation.

2. A voting member of any committee whose jurisdiction includes compensation matters and who receives compensation, directly or indirectly, from the Organization for services is precluded from voting on matters pertaining to that member’s compensation.

3. No voting member of the board of directors or any committee whose jurisdiction includes compensation matters and who receives compensation, directly or indirectly, from the Organization, either individually or collectively, is prohibited from providing information to any committee regarding compensation.

Annual statements

Each director, principal officer and member of a committee with board of directors’ delegated powers shall annually sign a statement which affirms such person:

1. Has received a copy of the conflicts of interest policy;

2. Has read and understands the policy;

3. Has agreed to comply with the policy; and

4. Understands the Organization is charitable and in order to maintain its federal tax exemption it must engage primarily in activities which accomplish one or more of its tax-exempt purposes.

Periodic reviews

To ensure the Organization operates in a manner consistent with charitable purposes and does not engage in activities that could jeopardize its tax-exempt status, periodic reviews shall be conducted. The periodic reviews shall, at a minimum, include the following subjects:

1. Whether compensation arrangements and benefits are reasonable, based on competent survey information and the result of arm’s length bargaining.

2. Whether partnerships, joint ventures, and arrangements with management organizations conform to the Organization’s written policies, are properly recorded, reflect reasonable investment or payments for goods and services, further charitable purposes and do not result in inurement, impermissible private benefit or in an excess benefit transaction.

Use of outside experts

When conducting the periodic reviews as provided for in Article VII, the Organization may, but need not, use outside advisors. If outside experts are used, their use shall not relieve the board of directors of its responsibility for ensuring periodic reviews are conducted.

Introduction

Definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.

For a structure of The IO Foundation, please visit

• The IO Foundation's Organizational Chart

• The IO Foundation's Organizational Taxonomy

About this document

This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of applicable Economic Sanctions that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.

Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.

Scope

This document directly applies to:

• All TIOF Members

This document indirectly applies to:

• All TIOF Contributors

The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.

This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.

Policy details

Definitions

• Sanctions: Measures imposed by governments or international organizations that restrict trade, investment and other economic activities with specific countries, individuals or entities.

• Sanctioned Entities: Individuals, organizations or countries that are subject to restrictions as specified by applicable regulations.

Economic Sanctions statement

Implementation process

The IO Foundation will actively observe this policy in all of its processes, with particular attention to its financial and programmatic activities. Among others, the organization will undertake:

• Risk Assessment: Assess potential risks related to sanctions compliance and implement measures to avoid those risks.

• Due Diligence: Conduct thorough vetting of all partners, contractors and beneficiaries to ensure they are not listed on applicable sanctions lists.

• Training and Awareness: Provide training to TIOF Members, TIOF Contributors and TIOF Beneficiaries regarding applicable sanctions laws and internal compliance procedures.

• Reporting Obligations: Establish procedures for reporting any suspected violations of this policy or sanctions laws to the appropriate authorities.

• Monitoring and Compliance: Monitor operations with TIOF Contributors and TIOF Beneficiaries to ensure compliance with this policy and applicable regulations.

Additional considerations

The IO Foundation will carefully analyze, be mindful of and comply with:

• Specific funder's considerations

• All relevant antiterrorism laws and regulations specific to the jurisdictions in which it operates

Introduction

Definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.

For a structure of The IO Foundation, please visit

• The IO Foundation's Organizational Chart

• The IO Foundation's Organizational Taxonomy

About this document

This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Equality of Opportunities that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.

This Policy sets out TIOF's approach to equal opportunities and the avoidance of discrimination at work. It applies to all aspects of employment with us, including (although not limited to) recruitment, pay and conditions, training, appraisals, promotion, conduct at work, disciplinary and grievance procedures and termination of employment.

Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.

Scope

This document directly applies to:

• All TIOF Members

This document indirectly applies to:

• All TIOF Contributors

The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.

This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.

Policy details

Equal opportunities statement

Discrimination

Members must not unlawfully discriminate against or harass other people including current and former TIOF Members or Contributors.

This applies in the workplace, outside the workplace (when dealing with customers, suppliers or other work-related contacts) and on work-related trips or events, including social events.

The following forms of discrimination are prohibited under this Policy and are unlawful:

• Direct discrimination: treating someone less favorably because of a given personal characteristic dimension.

• Indirect discrimination: a provision, criterion or practice that applies to everyone but adversely affects people with a particular personal characteristic dimension more than others and is not justified.

• Retaliation: treating someone that has complained or has supported someone else's complaint about discrimination or harassment less favorably. Harassment is dealt with further in our Anti-harassment and Anti-Bullying Policy.

Recruitment and selection

Recruitment, promotion and other selection exercises such as redundancy selection will be conducted exclusively on the basis of merit and strictly following objective criteria that avoid discrimination. Shortlisting should be done by more than one person if possible.

Applicants should not be asked questions which might suggest an intention to discriminate on the grounds of any given personal characteristic dimension. Should the question be unavoidable, it must be done on the grounds of examining options to overcome observed difficulties.

Applicants should not be asked about health or disability before a position offer is made, except in the very limited circumstances allowed by law: for example, to check that the applicant could perform an intrinsic part of the position (taking account of any reasonable adjustments) or to see if any adjustments might be needed at the interview because of a disability.

Disabilities

If you are disabled or become disabled, we encourage you to tell us about your condition so that we can consider what reasonable adjustments or support may be appropriate.

In any case, this is not mandatory unless the disability affects your ability to perform your responsibilities as described in your Engagement Document.

Part-time and fixed-term work

Part-time and fixed-term Members should be treated the same as comparable full-time or permanent Members and enjoy no less favorable terms and conditions (on a pro-rata basis where appropriate), unless different treatment is (and must be) justified.

Breaches of this Policy

Serious cases of deliberate discrimination may amount to gross misconduct resulting in dismissal.

If you believe that you have suffered discrimination you can raise the matter through our Grievance Procedures.

Introduction

Definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.

For a structure of The IO Foundation, please visit

• The IO Foundation's Organizational Chart

• The IO Foundation's Organizational Taxonomy

About this document

This document, hereinafter the Policy, sets out the necessary arrangements for ensuring The IO Foundation meets its health and safety obligations towards TIOF Members and anyone visiting its premises, or in any way involved with its advocacy and initiatives, that you will need to be aware of while being a Member for TIOF.

You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.

Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.

Scope

This document directly applies to:

• All TIOF Members

This document indirectly applies to:

• All TIOF Contributors

The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.

This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.

Policy details

Health and Safety statement

Health and Safety Officer

The position of Health and Safety Officer, or HSO, unless otherwise specified, falls on the [TIOF] Team Human Resources Manager.

You should report any health and safety concerns immediately to the HSO.

The HSO is expected to make himself/herself available to the Board of Directors and Management to report in matters of Health and Safety any time necessary.

Team Health and Safety

The organization will put in place a Health and Safety Team, or THS, to support the HSO in evaluating, designing, implementing and disseminating training for required Health and Safety protocols.

Information and consultation

The organization will inform and consult the Health and Safety Officer or directly with all staff regarding health and safety matters.

Health and Safety Status Meetings

The HST will convene at least once during the General Meeting to determine if specific steps are to be implemented in the coming Season.

Other Status Meetings as well as Emergency Meetings can be conveyed and initiated by:

• The Health and Safety Officer

• Management

• Board of Directors

Training

The organization will ensure that all TIOF Members are given adequate training and supervision to perform their responsibilities competently and safely. TIOF Members will be given a Health and Safety Induction during their Onboarding. Further training will be provided as needs arise.

Equipment

TIOF Members must use TIOF equipment in accordance with any instructions given by the organization. Any equipment fault or damage must immediately be reported to the Health and Safety Officer.

Accidents and first aid

Details of first aid facilities are listed in the Health & Safety Handbook.

The list of trained first aiders are made available on our TIOF Org Chart.

All accidents and injuries at work, however minor, should be reported to

• the Health and Safety Officer or,

• your corresponding Team Manager or,

• your corresponding Team Human Resources Manager.

All incidents are to be recorded in the Accident Book.

Fire safety

All TIOF Members should familiarize themselves with the fire safety instructions in their physical offices (when applicable), which are displayed on notice boards and near fire exits in the workplace.

This should also be considered should the Member perform duties remotely, for instance from a co-working space, an event they are attending or from their own residence.

At the hearing of a fire alarm, TIOF Members are to leave the building immediately by the nearest fire exit and go to the fire assembly point outside of the premises.

For physical offices, fire drills will be held at least every 12 months and must be taken seriously.

TIOF will also carry out regular fire risk assessments and regular checks of fire extinguishers, fire alarms, escape routes and emergency lighting whenever applicable.

Risk assessments and measures to control risk

The organization carries out general workplace risk assessments periodically, both in physical offices and remotely. The purpose of these assessments is to identify potential risks to health and safety of TIOF Members, visitors and other third parties as a result of TIOF's activities and to identify any measures that need to be taken to control those risks.

Introduction

Definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.

For a structure of The IO Foundation, please visit

• The IO Foundation's Organizational Chart

• The IO Foundation's Organizational Taxonomy

About this document

This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Data Privacy and Data Protection that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.

Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.

Scope

This document directly applies to:

• All TIOF Members

This document indirectly applies to:

• All TIOF Contributors

The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.

This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.

Policy details

Data Privacy and Personal Privacy Interest statement

Definitions

• Personal Data: Any information related to an identified or identifiable natural person.

• Processing: Any operation or set of operations performed on personal data, such as collection, storage, use or disclosure.

• Data Subject: A natural person whose personal data is processed by the organization.

• Data Controller: The entity that determines the purposes and means of the processing of personal data.

• Data User: An individual or entity, including TIOF Members, TIOF Collaborators or any other third parties, who is authorized by the organization to access, use or process personal data in line with the purposes defined by the Data Controller. Data Users must handle personal data in compliance with this policy, relevant laws and the instructions provided by the Data Controller to ensure the privacy and security of the data.

• Data Processor: The entity that processes personal data on behalf of the Data Controller.

Principles of Data Processing

The IO Foundation adheres to the following principles for the lawful, fair and transparent processing of personal data:

• Lawfulness, Fairness and Transparency: Personal data is processed lawfully, fairly and in a transparent manner with respect to the data subject.

• Purpose Limitation: Personal data is collected for specified, explicit and legitimate purposes, strictly for the advancement and achievement of its advocacy, and is not further processed in a manner incompatible with those purposes.

• Data Minimization: Only data that is necessary for the specified purposes is collected.

• Accuracy: The organization ensures personal data is accurate and kept up-to-date. Inaccurate data is erased or rectified without delay.

• Storage Limitation: Personal data is retained only for as long as necessary for the purposes for which it was collected. The data subjects are entitled to access and deletion of their data at any given time upon request.

• Integrity and Confidentiality: Personal data is processed securely, ensuring protection against unauthorized or unlawful processing and accidental loss, destruction or damage.

• Accountability: The organization is responsible for demonstrating compliance with data protection laws and this policy.

Lawful Bases for Processing

The IO Foundation will only be process Personal data if at least one of the following legal bases applies:

• Consent: The data subject has given explicit consent for the processing of their personal data for one or more specific purposes.

• Contractual Necessity: Processing is necessary for the performance of a process to which the data subject is a party or to take pre-contractual steps at the request of the data subject.

• Legal Obligation: Processing is necessary to comply with a legal obligation to which the the organization is subject.

• Vital Interests: Processing is necessary to protect the vital interests of the data subject or another person.

• Public Interest: Processing is necessary for the performance of a task carried out in the public interest.

• Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by the organization or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Rights of Data Subjects

Data subjects have the following rights regarding their personal data:

• Right to Access: Data subjects have the right to request and obtain confirmation as to whether personal data concerning them is being processed, and if so, to access the data and information about the processing.

• Right to Rectification: Data subjects have the right to request the correction of inaccurate personal data or completion of incomplete data.

• Right to Erasure (Right to be Forgotten): Data subjects can request the deletion of their personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

• Right to Restrict Processing: Data subjects can request the restriction of processing under specific conditions.

• Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller.

• Right to Object: Data subjects have the right to object to the processing of their personal data based on legitimate interests or public interest, including profiling.

• Right to Withdraw Consent: If personal data is processed based on consent, the data subject has the right to withdraw consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.

Data Collection and Processing

The IO Foundation collects personal data in the following ways:

• Directly from the Data Subject: Through registration forms, surveys, applications, email or other direct interactions.

• Automatically: Through the use of cookies or other tracking technologies on our website and other platforms.

• Third Parties: Where lawful, personal data may be obtained from third-party sources for specific purposes (e.g., partnerships, publicly available data).

The data collected may include:

• Personal Identification Information:

  • Full name, address, phone number, email address, date of birth and sex.

  • Identification numbers such as passport number, national identification card or driver’s license.

• Professional Information:

  • Employment details such as job title, employer, work address and work contact information.

  • Professional qualifications, resumes or work experience where relevant (e.g., for volunteers or job applicants).

• Financial Information:

  • Bank account details, payment card numbers or other financial information where necessary for processing donations, grants or disbursements.

  • Tax identification numbers for regulatory or reporting purposes.

• Demographic Information:

  • Information related to nationality and language preferences when relevant for the organization’s operations or for delivering culturally appropriate services and information.

• Sensitive Personal Data:

  • Data such as health information, disability status, religious or philosophical beliefs or other sensitive categories of data when necessary for providing specific services (for example when organizing events), complying with legal requirements or safeguarding individual rights.

• Location Data:

  • IP addresses or geographic location data collected through interactions with our website or other platforms to improve service delivery, analytics relevant to the organization's advancement and achievement of its advocacy and provide region-specific content.

• Technical Information:

  • Device type, operating system, browser type and browsing behavior (e.g., pages visited, links clicked among others) gathered automatically through cookies and other appropriate tracking technologies.

• Communication Data:

  • Records of communications with our organization, including emails, phone calls and any other interaction or correspondence made via our website, social media or other official communication channels.

• Survey or Feedback Data:

  • Responses to surveys, questionnaires, feedback forms or program evaluations conducted to assess the impact of our activities or improve future operations.

• Volunteer and Event Data:

  • Information provided by individuals who register for the organization's events, participate in programs or offer volunteer services, including availability, skillsets and preferences for activities.

• Photographs, Audio, and Video Data:

  • Media files such as photographs, video recordings or audio files, which may be collected during events, workshops or other activities, with explicit consent for specific purposes.

Data Retention

The IO Foundation retains personal data only for as long as necessary to fulfill the purposes for which it was collected, in line with legal, regulatory or contractual obligations and observing at all times the provisions detailed in this policy. Upon expiration of the retention period, personal data will be securely deleted, anonymized or archived in compliance with applicable laws.

Data Security

The IO Foundation implements appropriate technical and organizational measures to protect personal data from unauthorized access, misuse, alteration or destruction. These measures include:

• Encryption of personal data whenever technically possible

• Access controls to limit data access to authorized TIOF Members only

• Regular security audits and reviews

• Employee training on data privacy and security best practices

Data Transfers

Personal data may be transferred to countries outside the European Economic Area (EEA), the United States and Malaysia. Where such transfers occur, the organization ensures that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or other lawful mechanisms, to protect the data in accordance with applicable laws.

Data Breach Notification

In the event of a data breach, on the part of the organization or one of its applicable data controllers, data users or data processors, that poses a risk to the rights and freedoms of data subjects as detailed in this policy, the organization will notify the relevant supervisory authorities without undue delay and, where required, the affected individuals. Data breach notifications will be made in accordance with applicable data protection laws, including GDPR, U.S. law, Malaysia’s PDPA and any other applicable jurisdiction.

Data Processors

When engaging third-party data processors to process personal data on its behalf, the organization will ensure that these processors comply with applicable data protection laws and adhere to this policy.

Children’s Privacy

The IO Foundation does not knowingly collect personal data from children under the age of 13 (in the U.S.) or under the relevant age of consent as defined by applicable local laws without verifiable parental consent. Should the organization discover that it has inadvertently collected data from a child without consent, it will take steps to delete such data promptly.

Changes to this Policy

The IO Foundation reserves the right to amend this policy at any time to ensure continued compliance with applicable laws. Any significant changes to this policy will be communicated to data subjects through appropriate means, including website updates or direct communication where applicable.

Contact Information

For any questions, concerns, or requests related to this policy or the processing of personal data, please contact The IO Foundation via email to: Privacy@TheIOFoundation.org

Introduction

Global definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.

For a structure of The IO Foundation, please visit

• The IO Foundation's Organizational Chart

• The IO Foundation's Organizational Taxonomy

About this document

This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of the organization's Funding that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.

Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.

Scope

This document directly applies to:

• All TIOF Members

This document indirectly applies to:

• All TIOF Contributors

The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.

This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.

Policy details

Funding statement

Relevant definitions

• Resources: In the context of this policy, "Resources" refers to all forms of financial, material support, including but not limited to funds, assets and equipment, that are mobilized and allocated to achieve the organization's objectives and sustain its operations.

• Mobilization: The process of securing and gathering resources, such as funds, assets or other type of support, from various sources to sustain the organization's operations and pursue its advocacy.

• Allocation: The distribution or assignment of resources to specific programs. initiatives, projects or other operational needs based on organizational priorities, donor requirements or strategic goals.

• Source: The origin from which a resource is obtained, such as a donor, grant provider, crowdfunding campaign, revenue from products or services or any other entity contributing financial or material support to the organization.

Purpose

This policy outlines the processes and principles that govern the mobilization and allocation of financial resources for The IO Foundation.

It ensures that all resources align with the organization's Mission and Vision while both maintaining its independence and complying with applicable legal requirements, including TIOF's Economic Sanctions Policy. This policy also establishes the framework for allocating resources of unrestricted and restricted funds in an accountable and transparent manner. It applies to all TIOF Members and TIOF Collaborators involved in fundraising, financial management and program operations.

Additional considerations

• Currencies: The IO Foundation will accept only currencies listed in its Financial Policy.

• No Political, Religious or Ideological Strings: The IO Foundation will not accept resources that require promoting or supporting specific political, religious or ideological agendas.

• Transparency: In accordance to its commitment to transparency and accountability, all resources mobilized by The IO Foundation will be disclosed in the corresponding annual reports as viable.

• No Strings Attached: All donations and grants are received on the basis that they come without strings attached.

• Background Checks: TIOF reserves the right to conduct due diligence and background checks on the sources of funding to ensure alignment with our values and to prevent reputational risk.

• Compliance with Laws: All donations and funding arrangements are subject to the strict respect of applicable local and international laws.

Funding streams

The IO Foundation accepts resources from a variety of sources, categorized into streams, consistent with its Mission, Vision and values. The following are the recognized types of resource mobilization streams:

Unrestricted and Restricted resources

In accordance to its Finance Policy, The IO Foundation categorizes all mobilized resources into two distinct categories:

Unrestricted resources

These resources can be used at the discretion of the organization for any project, program, or operational need. Unrestricted resources offer flexibility in their allocation and are vital for the proper functioning of the organization. These resources are typically sourced from general donations, revenue from products or services or grants that do not specify usage.

Restricted resources

Restricted resources are those designated for specific purposes, as defined by the donor, crowdfunding project deliverables or grantor. These resources must be used strictly for the projects, programs or activities outlined in by the source's requirements.

Resource Allocation Framework

The organization ensures that all resources are allocated in an efficient, transparent and accountable manner:

• For Unrestricted Resources: These resources are allocated based on the organization's annual Strategic Plan and budget. The budget is approved by the organization’s leadership and is designed to support strategic goals, operations and initiatives that align with the its Mission.

• For Restricted Resources: These resources are allocated directly to the programs, initiatives or projects specified by the donor or grant provider. The organization shall follow the applicable terms of resources to ensure proper usage and reporting. These conditions shall be closely monitored to ensure compliance with the terms of said applicable terms.

Flexibility in Fund Allocation

Unless a source explicitly instructs that the resources are to be used for a specific project or purpose, The IO Foundation reserves the right to allocate resources to the programs, initiatives, projects or operations it deems most critical. This ensures that the organization can respond to emerging needs and maintain operational efficiency.

Monitoring, Reporting and Accountability

To ensure responsible use of mobilized resources and maintain transparency, The IO Foundation implements a robust system for monitoring, reporting and accountability across all mobilization streams.

• Financial Oversight: The finance department ensures that resources are allocated and used in compliance with this policy and applicable laws.

• Audits: The organization shall conduct audits of both unrestricted and restricted resources to ensure adherence to the source's requirements and resource allocation integrity.

• Reporting to Sources: For restricted funds, the organization shall provide timely and detailed reports on how the resources have been allocated and used to meet the specific goals outlined by the sourcing terms.

Introduction

Definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.

For a structure of The IO Foundation, please visit

• The IO Foundation's Organizational Chart

• The IO Foundation's Organizational Taxonomy

About this document

This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Sickness Absence that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.

This Policy sets out TIOF's approach to the necessary arrangements for sick pay and for reporting and managing sickness absence.

Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. In particular, abuse of sickness absence, including failing to report absence or falsely claiming sick pay will be treated as misconduct under our Disciplinary Procedures. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.

Scope

This document directly applies to:

• All TIOF Members

This document indirectly applies to:

• All TIOF Contributors

The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.

This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.

Policy details

Sickness Absence statement

Reporting when you are sick

If you cannot attend work because you are sick or injured you should communicate it as early as possible and no later than 30 minutes after the time when you are normally expected to start work to:

• your corresponding Team Manager, or

• your corresponding Team Human Resources Manager, or

• a fellow TIOF Member who will be able to forward the communication to any of the above.

The Channels to communicate must be:

• Telephone

• Email

• TIOF's Slack workspace

Evidence of incapacity

You must complete a self-certification form for sickness absence of up to seven calendar days.

For any absence of more than a week you must obtain a certificate from your doctor stating that you are not fit for work; said certificate will have to clearly indicate the reason for such decision. You must also complete a self-certification form to cover the first seven days. If absence continues beyond the expiry of a certificate, a further certificate must be provided.

If your doctor provides a certificate stating that you "may be fit for work" you must inform us immediately. We will hold a discussion with you about how to facilitate your return to work, taking into account of your doctor's advice. If appropriate measures cannot be taken, you will remain on sick leave and we will set a date for a review.

Statutory sick pay

UK Members

You may be entitled to Statutory Sick Pay (SSP) if you satisfy the relevant statutory requirements. Qualifying days for SSP are Monday to Friday, or as set out in your Engagement Document. The rate of SSP is set by the government in April each year. No SSP is payable for the first three consecutive days of absence, it starts on the fourth day of absence and may be payable for up to 28 weeks.

Other jurisdictions

This section will be updated as we gather the necessary information for missing jurisdictions.

Return-to-work interviews

After a period of sick leave we may hold a return-to-work interview with you. The purposes may include:

• ensuring you are fit for work and agreeing any actions necessary to facilitate your return;

• confirming you have submitted the necessary certificates;

• updating you on anything that may have happened during your absence;

• raising any other concerns regarding your absence record or your return to work.

Managing long-term or persistent absence

The following paragraphs set out our procedure for dealing with long-term absence or where your level or frequency of short-term absence has given us cause for concern. The purpose of the procedure is to investigate and discuss the reasons for your absence, whether it is likely to continue or recur, and whether there are any measures that could improve your health and/or attendance. We may decide that medical evidence, or further medical evidence, is required before deciding on a course of action.

We will notify you in writing of the time, date and place of any meeting, and why it is being held. We will usually give you a week's notice of the meeting.

You may bring a companion to any meeting or appeal meeting under this procedure. Your companion may be either a trade union representative or a colleague, who will be allowed reasonable paid time off from duties to act as your companion.

If you or your companion cannot attend at the time specified you should let us know as soon as possible and we will try, within reason, to agree an alternative time.

If you have a disability, we will consider whether reasonable adjustments may need to be made to the sickness absence meetings procedure, or to your role or working arrangements.

Medical examinations

We may ask you to consent to a medical examination by a doctor or occupational health professional or other specialist nominated by us (at the organization's expense).

You will be asked to agree that any medical report produced may be disclosed to us and that we may discuss the contents of the report with the specialist and with our advisers. All medical reports will be kept confidential and held in accordance with our Data Protection Policy.

Initial sickness absence meeting

The purposes of a sickness absence meeting (or meetings, should it be deemed necessary) will be to

• discuss the reasons for your absence,

• how long it is likely to continue,

• whether it is likely to recur,

• whether to obtain a medical report and

• whether there are any measures that could improve your health and/or attendance.

In cases of long-term absence, we may seek to agree a return-to-work programme, possibly on a phased basis.

In cases of short-term, intermittent absence, we may set a target for improved attendance within a certain timescale.

If matters do not improve

If, after a reasonable time, you have not been able to return to work or if your attendance has not improved within the agreed timescale, we will hold a further meeting (or meetings, should it be deemed necessary). The organization will seek to establish whether the situation is likely to change, and may consider redeployment opportunities at that stage. If it is considered unlikely that you will return to work or that your attendance will improve within a short time, we may give you a written warning that you are at risk of dismissal. We may also set a further date for review.

Final sickness absence meeting

Where you have been warned that you are at risk of dismissal, and the situation has not changed significantly, we will hold a meeting to consider the possible termination of your employment.

Appeals

You may appeal against the outcome of any stage of this procedure. If you wish to appeal you should set out your appeal in writing to your corresponding Team Human Resources Manager, stating your grounds of appeal, within one week of the date on which the decision was sent or given to you.

If you are appealing against a decision to dismiss you, we will hold an appeal meeting, normally within two weeks of receiving the appeal. This will be dealt with impartially and, where possible, by someone who has not previously been involved in the case.

We will confirm our final decision in writing, usually within one week of the appeal hearing.

The date that any dismissal takes effect will not be delayed pending the outcome of an appeal. However, if the appeal is successful, the decision to dismiss will be revoked with no loss of continuity or pay.

Introduction

Definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.

For a structure of The IO Foundation, please visit

• The IO Foundation's Organizational Chart

• The IO Foundation's Organizational Taxonomy

About this document

This document, hereinafter the Policy, sets out the position maintained by TIOF in matters of Whistleblowing that you will need to be aware of while being a TIOF Member. You should familiarize yourself with it and comply with it at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team Human Resources Manager.

This Policy sets out TIOF's approach to the necessary arrangements for sick pay and for reporting and managing sickness absence.

Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. In particular, failure to protect a whistleblower or interfere with any such related ongoing investigation will be treated as misconduct under our Disciplinary Procedures. Any non-employee who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.

Scope

This document directly applies to:

• All TIOF Members

This document indirectly applies to:

• All TIOF Contributors

The policies set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Members of the Boards (Directors, Advisers, Consultants), Employees, Volunteers and Interns; this is irrespective of their engagement type. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.

This Policy applies within all TIOF Spaces, including (although not limited to) management activities, contributions or events; it and also applies when an individual is officially representing the organization in public spaces. Examples of representing the organization include (although not limited to) using an official e-mail address, posting via any official channel or acting as an appointed representative at an event.

Policy details

Whistleblowing statement

What is whistleblowing?

Whistleblowing is the reporting of suspected wrongdoing or dangers in relation to our activities. This includes, although not limited to, bribery, facilitation of tax evasion, fraud or other criminal activity, miscarriages of justice, health and safety risks, damage to the environment and any breach of legal or professional obligations.

How to raise a concern

If you have any whistleblowing concerns, you should contact your corresponding Team Human Resources Manager.

We will arrange a meeting with you as soon as possible to discuss your concern. You may bring a colleague or union representative to any meetings under this Policy.

Confidentiality

We hope that Members will feel able to voice whistleblowing concerns openly under this Policy. Completely anonymous disclosures are difficult to investigate. If you want to raise your concern confidentially, we will make every effort to keep your identity secret and only reveal it where necessary to those involved in investigating your concern.

External disclosures

The aim of this Policy is to provide an internal mechanism for reporting, investigating and remedying any wrongdoing in the workplace. In most cases you should not find it necessary to alert anyone externally.

The law recognizes however that in some circumstances it may be appropriate for you to report your concerns to an external body such as a regulator. We strongly encourage you to seek advice before reporting a concern to anyone external. Some organizations specialize in such advice. You can find some Contacts at the end of this Policy.

Protection and support for whistleblowers

We aim to encourage openness and will support whistleblowers who raise genuine concerns under this policy, even if they turn out to be mistaken.

Whistleblowers must not suffer any detrimental treatment as a result of raising a genuine concern. If you believe that you have suffered any such treatment, you should inform your corresponding Team Human Resources Manager immediately. If the matter is not remedied you should raise it formally using as stated in the Grievances section under TIOF's Human Resources Policy.

Retaliation

You, or any other TIOF Member or Contributor, must not threaten or retaliate against whistleblowers in any way. If you are involved in such conduct you may be subject to disciplinary action. We wish to note that in some cases the whistleblower could have a right to sue personally for compensation in an employment tribunal.

False allegations

Should we conclude that a whistleblower has made false allegations or acted in an otherwise malicious intention, the whistleblower may be subject to disciplinary action according to our Disciplinary Measures section under TIOF's Human Resources Policy.

Contacts

The following is a non exhaustive list of external organizations to which you could reach out to seek advise on whistleblowing.

UK Members

• Protect Helpline: 0203 117 2520 | E-mail: whistle@pcaw.co.uk | Website: www.pcaw.co.uk

Other jurisdictions

This section will be updated as we gather the necessary information for missing jurisdictions.