1. Our commitments
Within CAST Group, we are dedicated to develop our products and provide our services in the most responsible way possible and we are committed to integrating environmental, social, ethical and governance considerations into our business practices. The purpose of this Corporate Social Responsibility Charter (the “Charter”) is to detail the commitments and actions that we are taking at the group level in this regard.
- We undertake to minimize our environmental footprint and foster responsible resource usage through efficient operations and waste management.
- We are striving to reduce our greenhouse gas emissions and promote the use of low-carbon energy sources. Since 2021, we are accompanied by an independent certified company to calculate the carbon footprint of CAST's activities in order to identify the most emitting activities and take actions to improve them. Concretely, we work toward the optimization and reduction of air travels, the transition of company vehicles to low-carbon vehicles, the reduction of the fleet and the optimization and reduction of the energy consumption of CAST offices.
- We are complying with all applicable environmental laws and regulations and we support environmental initiatives in the communities where we operate. At CAST, we are determined to help our clients to make their software greener. “Green Insights” capabilities newly developed and proposed as part of our CAST Highlight SaaS aim at finding and remediating green deficiencies, source code patterns that drive excessive use of resources and helping organizations reduce greenhouse gas emissions caused by their custom-built applications. CAST technology automatically understands our clients’ source code and provides first-of-a-kind green software insights as well as sustainability recommendations.
More details can be found at the URL: https://www.castsoftware.com/highlight/capabilities.
1.2 Human rights:
- We respect all applicable laws and regulations in relation with human rights and support the protection of internationally recognized human rights (such as the principles set forth in the UN Universal Declaration of Human Rights and the International Labor Organization (ILO) Conventions) and we expect from our suppliers that they respect them as well. In case when we may face requirements to comply with local laws which can conflict with international standards, we work to meet these international standards to the greatest extent possible given local law.
- We ensure fair treatment, diversity, inclusion and equal opportunities for all employees within our Group, irrespective of their race, gender, age, religion, nationality, or any other characteristic protected by law.
- As part of our human rights commitments, we reject any form of forced or compulsory labor, child labor, modern slavery or human trafficking, discrimination and workplace harassment and violence.
1.3 Health and safety:
- We prioritize the health and safety of our employees, contractors, visitors and other applicable stakeholders across the globe. We promote well-being and drive continual improvement in wellness and health and safety.
- We provide a safe working environment regardless of the country in which our offices are located and we adhere to applicable occupational health and safety laws and regulations. We implement when relevant robust safety procedures and training programs to protect people and workforce from hazards that may arise in the working environment.
- We monitor and assess risks to prevent accidents, injuries, and occupational health hazards. We foster a culture where accidents, incidents and near-misses are promptly reported and investigated and the lessons learned shared and acted upon throughout the business.
1.4 Data protection and privacy:
- At CAST, we make sure that the protection of personal data is and remains at all times a very high priority. We handle personal data belonging to our employees, suppliers and customers in accordance with applicable data protection and privacy laws and regulations - especially the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation”) as our headquarter is in France and we have affiliates located in Belgium, Spain, Germany and Italy- with the constant concern to keep them safe.
- We maintain strict confidentiality and security measures to protect personal information from unauthorized access, use, or disclosure.
- We continuously apply and promote the concepts of data transparency, data accuracy, data minimization, security, lawfulness of the processing, purpose limitation and storage limitation. Privacy by Design and Privacy by Default are key principles applied in any new project, where relevant. We are transparent about our data collection and processing practices, and we obtain appropriate consent when required. We notably have implemented:
- a Privacy Notice available to CAST customers on CAST Highlight website: https://doc.casthighlight.com/privacy-notice/, describing the personal data that CAST processes in the context of the use of CAST Highlight, the rights of the data subjects in this regard and the points of contact at CAST for questions or queries related to personal data.
- In the extensive growth of the IT sector, creating a secure computing environment and adequate trust and confidence in electronic transactions, software, services, devices, and networks, has become one of the main priority for CAST and we are taking security very seriously. Consequently, we have implemented robust cybersecurity measures to protect our systems, networks, and data as well as the information of our customers from cyber threats. Our Information Security Policy aims to ensure that risk is minimized. Central to the Policy is the fact that information is an asset that must be protected from unauthorized access, modification, disclosure, or destruction. Through our numerous ISO certifications (ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 and ISO/IEC 27701), we have built a strong Information Security Management System relying on clear security objectives approved and validated by CAST management.
- We regularly assess our cybersecurity controls (notably through penetration tests and vulnerability scans) and we review and monitor them to ensure the confidentiality, integrity, and availability of our information assets. In addition, the efficiency and performance of our security measures are annually audited by an official control and certification company.
- We provide cybersecurity awareness training to employees to promote a culture of security and vigilance.
1.6 Anti-money laundering:
- We do not engage in any money laundering or terrorist financing activities or assist any other party in doing so.
- For new customers who are not well-known, we do checks on their integrity, reliability and solvability. We monitor transactions for suspicious activities, we encourage our employees to escalate red flags and we will report suspicious activities to the appropriate authorities policy where required.
1.7 Anti-corruption and anti-bribery:
- We conduct our business with integrity, honesty, and fairness, and we do not tolerate any form of corruption or bribery whether in the public or private sector, directly or through an intermediary. This prohibition and the strict rules to respect notably with regard to gifts and entertainment are detailed in our “Code of Ethical Conduct and Confidential Information Management” applicable to our employees.
- We comply with all applicable anti-corruption laws and regulations enacted to fight corruption and bribery.
- We have zero tolerance for bribery, both within our organization and in our interactions with business partners, suppliers and public officials.
2. Our governance
2.1 Board and CSR committee:
- Our Board of Directors oversees the compliance of CAST Group with this Charter.
- We have established a CSR Committee comprised of Board members and executives responsible for driving our sustainability and CSR initiatives which aim to achieve the best ESG (Environment, Social, Governance) standards.
2.2 Code of ethical conduct and confidential information management:
- We have a comprehensive Code of Ethical Conduct and Confidential Information Management (the “Code”) applicable to our employees within the Group that outlines that our expectations for ethical behaviors are essential for sustainable business success. We are committed to upholding these principles throughout our organization and fostering a culture of integrity, accountability, and transparency.
- We expect our executive officers, managers and employees to conduct themselves in accordance with this Code and ask them to sign it to acknowledge they undertake to comply with it.
2.3 Annual review of risks and policies:
- We conduct an annual review of our risks, including environmental, social, governance, and ethical risks and of our policies and, if need be, we update our policies. This Charter and the Code may also be updated from time to time.
- We ensure that our policies, this Charter and the Code align with evolving regulatory requirements and industry best practices.
2.4 Whistleblowing and speak up:
- We encourage employees and stakeholders to report any concerns related to misconducts, breaches of our policies, this Charter or the Code or other unethical or unlawful behaviors to either their line manager, a member of HR or Legal department or a member of the Executive Team.
- We commit to ensuring that any such reported concerns are addressed promptly, fairly, safely and confidentiality and that, where applicable, investigations are conducted as quickly as possible in line with the nature and severity of the concern whilst maintaining the expected standard of quality.
- We prohibit retaliation against individuals who report concerns in good faith.