Skip to Main Content
Zoonou Get in touch

Our policies

Website privacy policy

1. Who we are

Zoonou Limited (“Zoonou”, “we”, “us”, “our”) is a specialist software testing and quality assurance services business, helping organisations to create better software products.

  • Company registration number: 05966654
  • VAT registration number: 901907246
  • ICO registration number: ZA752094

We act as a Data Controller for personal data processed in the course of our business.

Our registered office is:

Suite 1,
The Workshop,
10–12 St Leonards Road,
Eastbourne,
BN21 3UH.

Zoonou Limited works with both private and public sector clients and is committed to responsible, transparent and ethical data practices, consistent with our B Corp certification and applicable data protection law.

2. How to contact us

If you have questions about this Privacy Notice or how we use personal data, you can contact us at:

  • Email: info@zoonou.com
  • Post: Suite 1, The Workshop, 10–12 St Leonards Road, Eastbourne, BN21 3UH

You also have the right to raise concerns with the UK Information Commissioner’s Office (ICO).

3. The personal data we collect

We may collect and process the following types of personal data:

  • Full name
  • Email address
  • Telephone number
  • Job title
  • Organisation or company name
  • Recruitment-related information (for job applicants)
  • Business communications and correspondence

We do not intentionally collect special category data (as defined under UK GDPR), and our services are not directed at children.

4. How we collect personal data

We collect personal data when:

  • You contact us to request information about our services.
  • You complete an enquiry or contact form on our website.
  • You download content or register interest via a third-party platform.
  • You sign up to receive marketing communications.
  • You apply for a role at Zoonou.
  • You engage with us as a client, supplier, or professional contact.
  • You interact with our website (subject to cookie preferences).
  • We obtain business contact details from publicly available sources (e.g. LinkedIn or company websites).

5. How we use personal data and our legal bases

We may use your personal data for the following purposes:

Purpose Legal Basis for Processing
Responding to enquiries and providing services. Contract or steps prior to entering a contract.
Managing client, supplier and business relationships. Legitimate interests.
Recruitment and assessment of job applicants. Consent and legitimate interests.
Sending marketing communications to existing business contacts. Legitimate interests (B2B marketing).
Sending marketing communications where you have opted in. Consent.
Website analytics and service improvement. Legitimate interests and consent (via cookies).
Compliance with legal and regulatory obligations. Legal obligation.

Where we rely on legitimate interests, we balance those interests against your rights and expectations.

6. Marketing communications

We may send marketing communications where:

  • You have explicitly opted in, or
  • You are an existing or prospective business contact and marketing is permitted under PECR and ICO B2B guidance

All marketing emails include a clear unsubscribe option. You may also opt out at any time by contacting info@zoonou.com.

We use HubSpot to manage marketing communications and analyse engagement. For more information, please see HubSpot’s privacy notice.

7. Your data protection rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request erasure of your data
  • Restrict processing
  • Object to processing (including direct marketing)
  • Request data portability
  • Withdraw consent at any time (where consent applies)

To exercise any of these rights, please contact us using the details above.

8. How we share personal data

We do not sell personal data.

We may share personal data with:

  • Trusted service providers acting on our instructions
  • Professional advisers (e.g. legal or accounting)
  • Public authorities where legally required

All third-party processors are subject to appropriate contractual safeguards.

9. International data transfers

Where personal data is transferred outside the UK or EEA (including to the United States), we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreements (IDTAs)
  • UK Addendum to EU Standard Contractual Clauses

10. Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure.

11. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, contractual and regulatory requirements.

12. Cookies and website analytics

Our website uses cookies and similar technologies. You can manage your preferences via our cookie banner.

We use Google Analytics (with IP anonymisation enabled) and Google Tag Manager to understand website usage and improve our services. These tools do not allow us to identify you directly.

For more information, please see our separate Cookie Notice.

13. Recruitment

If you apply for a role at Zoonou, we will process your data for recruitment purposes only. If your application is unsuccessful, we will retain your data only for a limited period unless you consent to longer retention.

14. External links

Our website may contain links to third-party websites. We are not responsible for their privacy practices and encourage you to review their policies before providing personal data.

15. LinkedIn

Zoonou maintains a presence on LinkedIn for professional and business engagement. Any interaction with LinkedIn is subject to LinkedIn’s own privacy policy. We do not control how LinkedIn processes your data.

16. Updates to this notice

We may update this Privacy Notice from time to time to reflect changes in law, guidance or our practices. The latest version will always be available on our website.

Last updated: 17/03/2026

Data protection

1. Introduction and purpose

Zoonou is committed to protecting the privacy, confidentiality, and security of personal data processed in the delivery of software services, including services provided to the UK public sector. This policy defines how the Company protects, processes, stores, and disposes of personal data relating to employees, contractors, signatories, customers, and other individuals, and how it complies with applicable data protection legislation.

This policy is aligned with:

  • UK General Data Protection Regulation (UK GDPR.
  • Data Protection Act 2018.
  • Relevant EU GDPR principles (used as a benchmark for global processing.
  • Cabinet Office and Crown Commercial Service (CCS) requirements.
  • National Cyber Security Centre (NCSC) guidance

2. Scope

This policy applies to:

  • All personal data processed by Zoonou.
  • All employees, contractors, consultants, and third parties acting on behalf of Zoonou.
  • All systems, applications, infrastructure, and services operated by Zoonou.

The policy applies where Zoonou acts as:

  • a Data Processor, or
  • a Data Controller, where explicitly agreed.

3. Definitions

Personal Data means any information relating to an identified or identifiable living individual, including but not limited to:

  • Names
  • Postal addresses
  • Email addresses
  • Telephone numbers
  • Photographs
  • Online identifiers
  • Any other information relating to an individual

Special Category Personal Data includes data requiring enhanced protection, such as:

  • Race or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric identification data
  • Health data
  • Sexual life or sexual orientation
  • Criminal convictions and offences

Anonymised data that cannot be reverse-engineered to identify an individual is not considered personal data for the purposes of this policy.

4. Responsibilities

4.1. ISMS Manager

The ISMS Manager is responsible for the overall ownership, implementation, maintenance, and enforcement of this policy, including:

  • Ensuring compliance with data protection legislation.
  • Maintaining supporting procedures and records.
  • Coordinating audits and reviews.
  • Overseeing incident and breach management.

4.2. Data protection officer

Where required, the Company has appointed a Data Protection Officer who:

  • Monitors compliance with data protection law.
  • Advises on Data Protection Impact Assessments (DPIAs).
  • Acts as a contact point for the Information Commissioner’s Office (ICO) and public sector clients.

4.3. Employee and contractors

All personnel must:

  • Complete mandatory data protection training.
  • Access personal data only where required for their role.
  • Protect data in accordance with Company procedures.
  • Promptly report suspected or actual data protection incidents.

5. Data protection principles

Zoonou processes personal data in accordance with the principles set out in Article 5 of the UK GDPR. Personal data must be:

  1. Processed lawfully, fairly, and transparently.
  2. Collected for specified, explicit, and legitimate purposes.
  3. Adequate, relevant, and limited to what is necessary (data minimisation).
  4. Accurate and kept up to date.
  5. Retained only for as long as necessary.
  6. Processed securely to protect against unauthorised or unlawful processing, loss, destruction, or damage.

The Company demonstrates accountability for these principles through governance, documentation, and technical and organisational controls.

6. Lawful, fair and transparent processing

  • All processing activities are documented in a Record of Processing Activities (ROPA) / Register of Systems.
  • The register is reviewed at least annually and whenever processing changes.
  • Privacy information is made available to individuals in a clear and transparent manner.
  • Individuals may exercise their data protection rights, including the right of access, and requests are handled within statutory time frames.

7. Lawful basis for processing

All personal data processed by the Company must have a valid lawful basis, including:

  • Consent
  • Contract
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interests

The lawful basis for each processing activity is recorded.

Where consent is relied upon:

  • Explicit opt in consent is obtained and recorded.
  • Individuals can withdraw consent easily.
  • Systems ensure consent withdrawal is accurately reflected.

8. Data minimisation and accuracy

  • Personal data collected and processed is limited to what is necessary for defined purposes.
  • Reasonable steps are taken to ensure personal data is accurate and, where required, kept up to date.
  • Inaccurate or outdated data is rectified or erased without undue delay.

9. Data retention, archiving and disposal

  • Personal data is retained only in accordance with documented retention and archiving schedules.
  • Retention periods are reviewed at least annually.
  • Archiving considers what data must be retained, for how long, and for what purpose.
  • At the end of life, data is securely deleted, anonymised, or destroyed so it cannot be recovered.

10. Privacy by design and default

Data protection is embedded into systems and services through:

  • Data Protection Impact Assessments (DPIAs) where required.
  • Secure by default system configurations.
  • Role-based access control (RBAC).
  • Least privilege access.
  • Pseudonymisation and anonymisation where appropriate

No system or feature involving personal data may go live without an appropriate data protection review.

11. Data security

The Company implements appropriate technical and organisational measures, including:

11.1. Technical measures

  • Encryption of data at rest and in transit.
  • Multi-factor authentication (MFA) for privileged access.
  • Secure backups and disaster recovery arrangements.
  • Regular vulnerability scanning and patch management.
  • Logging and monitoring of access to systems.

11.2. Organisational measures

  • ISO/IEC 27001 aligned Information Security Management System (ISMS).
  • Access restricted to authorised personnel only.
  • Background checks for staff in sensitive roles.

12. Data sharing, sub-processors, and transfers

  • Personal data is shared only where contractually required and authorised.
  • All sub-processors are subject to due diligence and contractual data protection obligations.
  • An up-to-date list of sub-processors is maintained.
  • Personal data is not transferred outside the UK unless appropriate safeguards are in place and client approval is obtained.

13. Data subject rights

The Company supports all data subject rights under UK GDPR, including:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Data portability
  • Objection

Requests are logged, tracked, and responded to within statutory timescales.

14. Personal data breaches

A personal data breach is any incident leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

In the event of a suspected or actual breach, employees or contractors must promptly:

  1. Report the incident to the security team (security@zoonou.com)
  2. Notify their line manager
  3.  Notify the Information Security / ISMS Manager

The Company will:

  • Assess the risk to individuals’ rights and freedoms.
  • Notify affected clients without undue delay.
  • Notify the ICO within 72 hours where required.
  • Document the incident, root cause, and corrective actions.

15. Training and awareness

All personnel receive:

  • Data protection training during induction.
  • Annual refresher training.
  • Role-specific training where required.

Training completion is monitored and enforced.

16. Audit and compliance

Compliance with this policy is assured through:

  • Internal audits
  • Management review
  • External audits where applicable
  • Client audits in accordance with contractual terms.

17. Breaches of policy

Failure to comply with this policy may result in disciplinary action, contractual remedies, or other corrective measures as appropriate.

18. Review and maintenance

This policy is reviewed at least annually, or sooner if:

  • Legislation changes.
  • Processing activities change.
  • A significant security or data protection incident occurs.

Last updated: 28/01/2026

Energy, environmental and sustainability policy

1. Policy statement

Zoonou is committed to delivering public and private sector contracts in a manner that minimises environmental impact, uses energy efficiently, supports the transition to a low-carbon economy, and delivers positive social and environmental outcomes for our communities. 

We recognise our responsibility to protect the environment, prevent pollution, and continually improve our environmental and energy performance while meeting the expectations of our public and private sector clients and stakeholders.

This policy supports the UK Government’s Net Zero by 2050 commitment and aligns with public sector procurement requirements, including social value, environmental stewardship, and sustainable supply chain management. 

Environmental and sustainability considerations are embedded into our organisational strategy, risk management processes, and decision-making frameworks, ensuring that long-term environmental and social value is considered alongside financial performance.

We are committed to our B Corp and ISO 14001 certifications with the aim of measuring, understanding and minimising our impact on the environment both ourselves and throughout our supply chain.

2. Scope

This policy applies to:

  • All employee-owners, workers, agency staff, and contractors acting on behalf of Zoonou Limited.
  • All operations, offices, sites, and activities.
  •  All private and public sector contracts and associated supply chains.

3. Governance and accountability

  • The Board/Executive Team has overall accountability for this policy.
  • The Workplace and Compliance Lead is responsible for implementation, monitoring, and reporting.
  • Line managers are responsible for embedding this policy within their teams and contracts.
  • All employee-owners are expected to act responsibly and in accordance with this policy.

4. Legal and regulatory compliance and integrated decision-making

We integrate environmental considerations into business decision-making at all levels and across all activities. We will:

  • Comply with all applicable UK environmental legislation and regulations, including (but not limited to) the Environmental Protection Act 1990, Climate Change Act 2008, and Environment Act 2021.
  • Meet public sector contractual requirements relating to environmental management, reporting, and performance.
  • Maintain awareness of legislative and regulatory changes and reflect these within our controls, procedures, and risk assessments.
  • We are committed to meeting and exceeding expectations as part of both ISO 14001 and B Corp certifications. 

5. Energy, water and resource management

We are committed to conserving natural resources and reducing consumption by:

  • Measuring, monitoring, and understanding our energy, water, and resource use.
  • Minimising energy and water consumption within our buildings, remote-working arrangements, and operational processes.
  • Using 100% renewable electricity wherever feasible.
  • Improving efficiency through building management, equipment selection, and operational controls.
  • Encouraging energy- and water-conscious behaviours among employees and contractors.

6. Climate change and carbon management

We will:

  • Measure and report greenhouse gas emissions in line with recognised standards.
  • Set and review carbon reduction targets aligned to Carbon Neutral 2030 and Net Zero 2050.
  • Implement our Carbon Reduction Plan.
  • Prioritise emissions reduction before offsetting.
  • Work with clients and suppliers to reduce contract-related carbon impacts

7. Environmental protection, waste and pollution prevention

We will protect the environment and prevent pollution by:

  • Preventing pollution to land, air, and water arising from our activities.
  • Applying environmental risk assessments to projects and public sector contracts where practical and proportionate.
  • Minimising waste generation and prioritising waste reduction.
  • Reusing materials wherever practicable and recycling waste where reuse is not possible.
  • Managing hazardous materials and electronic waste responsibly.
  • Protecting biodiversity and ecosystems where our activities may have an impact.

8. Sustainable procurement and product responsibility

We consider the environmental impact of the products and services we purchase and will:

  • Integrate environmental and sustainability criteria into procurement decisions.
  • Seek lower-impact and more sustainable alternatives where feasible.
  • Encourage suppliers to adopt equivalent environmental and energy standards.
  • Assess and manage environmental risks within our supply chain.
  • Offset technology purchases by donating one device for every device purchased by Zoonou Limited, to support digital inclusion and reuse.

We will assess environmental and social risks within our supply chain and work collaboratively with suppliers to improve sustainability performance over time, including emissions reduction, responsible sourcing, and ethical labour practices.

9. Social value and public sector outcomes

In support of public sector priorities, we will:

  • Deliver environmental and social value beyond contractual minimums where possible.
  • Support local communities, skills development, and fair employment practices.
  • Reduce environmental impacts that affect communities and service users.
  • Align with the UK Government Social Value Model where applicable.
  • Where appropriate and practical, we will collaborate with clients, industry peers, and community partners to support wider environmental outcomes, share best practices, and contribute to the transition to a more sustainable and inclusive economy.

10. Training, awareness and employee engagement

We recognise that our team are critical to delivering positive environmental outcomes. We will:

  • Provide appropriate environmental and energy awareness training relevant to roles and responsibilities.
  • Outline our environmental commitments to all employees during onboarding.
  • Promote environmental awareness and encourage environmentally responsible working practices.
  • Encourage employees to raise environmental concerns, incidents, or ideas for improvement with the Workplace and Compliance Lead.
  • Foster a culture of shared responsibility and continual improvement.
  • Employees are encouraged to contribute ideas, initiatives, and feedback to improve environmental performance, and to raise concerns without fear of disadvantage or reprisal.

11. Monitoring, measurement and reporting

We will:

Define and monitor key environmental and energy performance indicators.

Conduct internal audits and reviews.

Report performance transparently to clients and stakeholders as required.

Use performance data to drive continual improvement.

We are committed to transparency and will communicate our environmental performance, targets, and progress openly with stakeholders, including employees, clients, and partners, through appropriate public or client-facing reporting, including our B Corp Impact Report.

We are committed to adhering to the principles outlined in ISO 14001 and a process of continual improvement as part of the PDCA cycle.

12. Continual improvement

We are committed to continual improvement of our environmental and energy performance by:

  • Setting objectives and targets.
  • Reviewing progress regularly.
  • Implementing corrective and preventive actions.
  • Sharing lessons learned across our company.

13. Commutation and stakeholder engagement

This policy is:

  • Available to all employees and relevant stakeholders
  • Communicated to suppliers and subcontractors as appropriate
  • Shared with public sector clients and customers upon request
  • Used to raise awareness of environmental considerations through our approach, policies, and contract delivery.

14. Sustainable working from home

We are committed to reducing our overall greenhouse gas emissions and recognise the role that flexible and remote working can play in achieving this.

Employees who work from home are encouraged to adopt the same environmental standards and responsibilities outlined in this policy as those working from company offices, including:

  • Minimising energy and water use
  • Using equipment efficiently and responsibly
  • Reducing waste and maximising reuse and recycling where possible

15. Policy review

This policy will be reviewed at least annually, or sooner if required due to legislative, contractual, or organisational changes.

Last updated: 19/01/2026

Corporate responsibility and sustainability policy

1. Policy statement

Zoonou is an employee-owned, B Corp-certified SME committed to high-quality service delivery in a responsible, ethical, and sustainable manner. We’re employee-owned, ensuring long-term value creation, fairness, and responsible decision-making remain embedded at the heart of our business.

We recognise the responsibilities we have to our people, clients, communities, and the environment, and we’re committed to creating positive social, economic, and environmental outcomes, particularly through the delivery of our public sector contracts.

This policy aligns with and supports:

  • The Ten Principles of the United Nations Global Compact (UNGC).
  • The UK Public Services (Social Value) Act 2012.
  • The UK Government Social Value Model, including its Themes, Outcomes and Measures.
  • The principles of the B Corp movement, with a commitment to achieving and maintaining B Corp certification.

1.1. Our approach to sustainability

Zoonou defines sustainability as the responsible management of environmental, social and economic impacts to meet present needs without compromising the ability of future generations to meet their own.

As an employee-owned SME, sustainability is integral to how we govern our business, how we make decisions, and deliver our services. Employee ownership promotes long-term thinking, accountability, and responsible stewardship of resources.

We embed sustainability across our operations, private and public sector contract delivery through:

  • Environmental sustainability: actively reducing carbon emissions, minimising waste, improving energy and resource efficiency, and supporting climate change mitigation and adaptation.
  • Social sustainability: providing fair, safe, and inclusive employment; promoting wellbeing and employee engagement; supporting local communities; and upholding human rights across our operations and supply chain.
  • Economic sustainability: supporting resilient local economies through fair pay, skills development and training, SME supply chains, ethical procurement, and long-term value creation.

Sustainability performance is overseen by our Board and employee representatives, supported by measurable objectives, and continuously improved to reflect legislative change, public and private sector expectations, and best practice.

2. Scope

This policy applies to all team members (including employee-owners), directors, contractors, agency workers, and suppliers engaged by Zoonou, including those delivering public sector contracts.

3. Employee ownership and responsible business

As an employee-owned business:

  • Employees have a meaningful voice in how the business is run.
  • Decisions are made with long-term sustainability and employee well-being in mind.
  • Profits are reinvested into people, innovation, community and charity benefits, alongside business resilience.
  • High standards of transparency, fairness, and accountability are embedded in our governance.

Employee ownership strengthens and supports our commitment to responsible business, ethical conduct, and social value creation.

4. Alignment with the UN Global Compact

Zoonou supports the United Nations Global Compact and is committed to aligning its operations with its Ten Principles.

4.1. Human rights (principles 1-2)

We commit to:

  • Respecting internationally recognised human rights.
  • Preventing discrimination, harassment, or unfair treatment.
  • Providing safe, healthy, and respectful working environments.
  • Ensuring these standards are upheld throughout our supply chain.

4.2. Labour standards (principles 3-6)

We commit to:

  • Freedom of association and employee representation.
  • Fair pay, fair working hours, and secure working practices.
  • Eliminating forced labour, child labour, and exploitation.
  • Promoting equality, diversity, and inclusion at all levels.

4.3. Environment (principles 7-9)

We adopt a precautionary and proactive approach to environmental management by:

  • Actively reducing carbon emissions and environmental impact.
  • Improving our energy efficiency and resource use.
  • Minimising waste, promoting reuse and recycling.
  • Supporting innovation that delivers environmental benefits.

4.4. Anti-corruption (principles 10)

We operate zero tolerance for bribery, corruption, or unethical behaviour and comply fully with the UK Bribery Act 2010. Robust policies, training, and reporting mechanisms are in place.

5. Commitment to B Corp

We are proud to be a B Corp-certified company, committed to operating in line with the principles of the B Corp movement and framework, balancing profit with purpose.

We commit to:

  • Achieving and maintaining our B Corp certification status.
  • Measuring and improving our impact across governance, workers, community, customers and the environment.
  • Using our business as a force for good.
  • Embedding social and environmental considerations into our decision-making processes.

Progress toward B Corp certification and our goals for improvement are reviewed regularly by our Board and published in a public Impact Report document available from our website.

6. Social Value and the Public Services (Social Value) Act 2012

In line with the Public Services (Social Value) Act 2012, we actively consider how our activities can improve economic, social, and environmental well-being when delivering private and public sector contracts.

Our approach is aligned with the UK Government Social Value Model and its award criteria.

7. UK social value and the Public Services (Social Value) Act 2012

When bidding for and delivering public sector contracts, Zoonou aligns social value activity to the following Social Value Model Themes:

Theme one: COVID-19 Recovery (where applicable)

7.1. Theme one: COVID-19 Recovery (where applicable)

Outcomes supported include:

  • Helping local communities recover and thrive.
  • Supporting workforce wellbeing and resilience.

7.2. Theme two: tackling economic inequality

We deliver social value by:

  • Creating local employment and placement opportunities.
  • Supporting SMEs, voluntary, and social enterprise suppliers.
  • Providing skills development and training opportunities.
  • Our commitment to operating as a Living Wage employer.
  • Being a Disability Confident Level 2 organisation, actively recruiting, retaining, and developing disabled colleagues.
  • Running a work experience programme for girls aged 14-16.
  • Offering support to Women in Tech Sussex, they host meetups in our office, supporting women and non-binary people in tech.
  • Supporting the work of Tech Resort CIC, helping people in our local community who face social disadvantage to access digital skills and improve digital inclusion.

Relevant outcomes include:

  • Increased local employment and skills
  • Reduced economic and social inequality

7.3. Theme three: fighting climate change

We commit to:

  • Reducing carbon emissions associated with service delivery.
  • Actioning our carbon reduction plan targeting carbon neutrality by 2030 and net zero by 2050.
  • Supporting net zero and climate resilience objectives.
  • Promoting sustainable travel, procurement, and waste reduction.
  • Upholding ISO 14001 environmental standards.
  • Using 100% renewable energy.
  • Reducing energy use wherever possible, and repurposing older technology and hardware to cut waste.
  • Fundraising donated yearly to a charity with an environmental focus chosen by our team.
  • Supporting local initiatives focused on positive environmental impact, participating in events such as beach cleans with Plastic Free Eastbourne and projects rejuvenating local natural spaces with Treebourne.

Relevant outcomes include:

  • Reduced carbon footprint.
  • Improved environmental sustainability.
  •  Increased local engagement with projects positively impacting the environment.

7.4. Theme four: equal opportunity

We support equal opportunity by:

  • Promoting inclusive recruitment and progression.
  • Supporting under-represented and disadvantaged groups.
  • Providing fair access to training and development.
  • Being a Disability Confident Level 2 organisation, actively recruiting, retaining, and developing disabled colleagues.
  • Running a work experience programme for girls aged 14-16.
  • Offering support to Women in Tech Sussex, they host meetups in our office, supporting women and non-binary people in tech.
  • Supporting the work of Tech Resort CIC, helping people in our local community who face social disadvantage to access digital skills and improve digital inclusion.

Relevant outcomes include:

  • Increased access to training and skills for disadvantaged groups.
  • Reduced inequality in employment and progression opportunities.
  • Improved workforce diversity and inclusion metrics.

7.5. Theme five:well-being

We promote well-being through:

  • Strong health and safety management.
  • Mental health and wellbeing initiatives.
  • Flexible and supportive working practices.
  • Employee ownership engagement and voice.

Relevant outcomes include:

  • Improved employee health and well-being.
  • Increased workforce resilience and engagement.
  • Reduced absenteeism and improved productivity.
  • Positive social impact on communities through employee volunteering/engagement.

Supply chain and SME responsibility

As an employee-owned SME ourselves, we actively support:

  • Local and regional SMEs.
  • Ethical, responsible suppliers.
  • Other employee-owned companies.
  • Fair payment practices.
  • Proportionate social value requirements within the supply chain

Our B Corp certification reflects our commitment to sustainability, ethics, and social value.

Governance, measurement and reporting

Our Board, Workplace and Compliance Lead oversee sustainability and social value performance.

  • Social value commitments are measured, proportionate, and contract-specific.
  • KPIs are aligned to the UK Social Value Model measures where applicable.
  • Performance is reviewed regularly and reported to stakeholders.

Continuous improvement

We are committed to continuous improvement and regularly review this policy to ensure alignment with:

  • Legislative changes.
  • Public sector procurement expectations.
  • Best practice guidance.
  • Stakeholder and employee feedback.

Policy review

This policy is reviewed annually or earlier if required by changes in legislation, procurement guidance, or organisational strategy.

Last updated: 16/01/2026

Justice, equity, diversity and inclusion (JEDI) Policy

1. Policy statement

Zoonou is committed to Justice, Equity, Diversity, and Inclusion (JEDI) across all areas of our organisation and in all work we undertake.
 
We believe that fair, ethical, and effective companies are built on fair systems, equitable access to opportunity, respect for difference, and inclusive cultures where everyone can contribute and thrive. We are committed to preventing discrimination, actively identifying and addressing structural inequalities and barriers that affect people differently.

We will treat all individuals with dignity and respect, value diversity in all its forms, and promote inclusive behaviours in our workplace, service delivery, and relationships with clients, partners, suppliers, and the wider community.

As an employee-owned business and B Corp-certified company, we recognise our shared responsibility to uphold these commitments collectively. We are accountable to our own team members and wider stakeholders. We’re committed to delivering positive social impact through our operations and decision-making processes.

2. Purpose

This policy aims to:

  • Embed Justice, Equity, Diversity and Inclusion as a core part of our culture, governance, and decision-making process.
  • Ensure compliance with the Equality Act 2010, Public Sector Equality Duty (PSED), and related legislation.
  • Promote fairness, transparency, and inclusion across employment practices and service delivery.
  • Support and promote ethical, inclusive, and socially responsible business in line with B Corp standards.
  • Provide clear expectations and accountability for everyone working with or on behalf of Zoonou.

3. Scope

This policy applies to:

  • All employee-owners.
  • Temporary staff, agency workers, contractors, and consultants.
  • Recruitment, pay, progression, performance management, and learning and development.
  • Service design, delivery, and evaluation.
  • Client, supplier, partner, and community relationships.

4. Our JEDI commitments

4.1. Justice

We commit to acting fairly, transparently, and ethically, and to challenging discrimination, harassment, victimisation, and unfair treatment wherever they occur. We recognise that injustice can be systemic as well as individual, and we will take steps to address both.

4.2. Equity

We recognise that people have different needs, experiences, and starting points. We will take proportionate action to remove barriers and provide fair access to opportunities, resources, and outcomes, including making reasonable adjustments.

4.3. Diversity

We value difference in all its forms, including background, identity, experience, perspective, and thought. Diversity strengthens our organisation, our services, and our impact.

4.4 Inclusion

We are committed to creating an inclusive environment where people feel respected, safe, and able to contribute fully. Inclusion means ensuring voices are heard, participation is encouraged, and decisions reflect diverse perspectives.

5. Protected characteristics and intersectionality

In line with the Equality Act 2010, we will not discriminate on the basis of:

  • Age (or perceived age)
  • Disability (past or present)
  • Gender reassignment
  • Marriage or civil partnership status
  • Race, colour, nationality, ethnic or national origins
  • Religion or belief
  • Sex
  • Sexual orientation
  • Maternity, pregnancy or family leave
  • Trade union membership (or non-membership)
  • Part-time or fixed-term status.

We also recognise intersectionality and how multiple factors, including socio-economic disadvantage, can combine to create unequal experiences and outcomes.

6. Responsibilites

6.1. Board / Senior Leadership

  • Provide visible leadership and oversight of JEDI commitments.
  • Ensure appropriate governance, resources, and accountability.
  • Monitor progress and support continuous improvement.

6.2. Line managers

  • Implement this policy consistently and fairly.
  • Encourage inclusive team culture.
  • Ensure equitable access to development and progression.
  • Address concerns promptly and appropriately.

6.3. Employee-owners

  • Uphold this policy in behaviour and decision-making.
  • Treat others with dignity and respect.
  • Challenge inappropriate behaviour and raise concerns.

6.4. Workplace and Compliance Lead

  • Provide advice, training, and guidance in relation to JEDI.
  • Monitor equality data proportionately.
  • Support reporting, investigation, and continuous improvement.

6.5. Suppliers and partners

  • Are expected to meet equivalent JEDI standards when working with us.
  • Compliance may form part of contractual requirements.

7. Implementation

7.1. Recruitment and employment

  • Our recruitment and interview process will be fair, transparent, and based on merit.
  • Barriers to participation will be identified and addressed.
  • Reasonable adjustments will be made for disabled candidates and employees.

7.2. Learning and development

  • JEDI awareness and inclusion training will be provided as appropriate.
  • Leaders will be supported to manage inclusively and equitably.

7.3. Service delivery

  • Services will be designed and delivered with consideration of diverse needs.
  • Equality impacts will be considered in planning and evaluation.

7.4. Supply chain

  • We will encourage inclusive and ethical practices across our supply chain.
  • Suppliers may be asked to demonstrate alignment with our JEDI values.

7.5. Monitoring .and improvement

  • Equality data will be collected and reviewed proportionately and lawfully.
  • Insights will inform action planning and continuous improvement.

8. Reporting concerns

Discrimination, harassment, bullying, or victimisation will not be tolerated.

Anyone who experiences or witnesses behaviour that breaches this policy is encouraged to raise concerns via their line manager, the Workplace and Compliance Lead, or whistleblowing arrangements.

All concerns will be:

  • Taken seriously.
  • Handled confidentially and with care.
  • Investigated fairly and promptly.
  • Addressed without retaliation.

9. Legal and standards alignment

This policy aligns with:

  • Equality Act 2010
  • Public Sector Equality Duty (PSED)
  • Human Rights Act 1998
  • B Corp social and governance standards
  • Relevant public sector procurement and contract requirements.

10. Review

This policy will be reviewed at least annually, or sooner if required due to changes in legislation, guidance, or organisational priorities. Employee-owners and wider stakeholders will be engaged where appropriate.

Last updated: 19/01/2026

Anti bribery and corruption policy

1. Purpose

This Anti Bribery and Corruption (ABC) Policy sets out the standards and procedures by which Zoonou Limited prevents, detects and responds to bribery and corruption in all its activities, with particular emphasis on the delivery of IT and professional services contracts.

This includes digital transformation, software development, managed services, consultancy, systems integration, cloud services, data and cyber-related services provided to both private and public sector clients. The policy reflects our zero-tolerance approach to bribery and corruption in any form.

2. Scope

This policy applies to:

  • All directors, employee owners, officers, agency staff, and interns.
  • All third parties acting for or on behalf of the Company, including agents, consultants, intermediaries, suppliers, subcontractors, any joint venture partners or consortium members.
  • All business activities, in all jurisdictions, including bidding, contract delivery, contract management, variations, extensions and close out of public sector contracts.

3. Legal and regulatory framework

The Company is committed to compliance with all applicable anti-bribery and anti-corruption laws, including but not limited to:

  • The UK Bribery Act 2010.
  • Relevant public procurement regulations and guidance.
  • Applicable local laws in jurisdictions where Zoonou operates.

Where local law is less stringent than this policy, this policy shall apply.

4. Definitions

  • Bribery: Offering, promising, giving, requesting or accepting an advantage to induce or reward improper performance of a function or activity.
  • Corruption: Abuse of entrusted power for private gain.
  • Public Official: Any officer or employee of a public authority, government department, agency, state-owned enterprise, or anyone acting in an official capacity for or on behalf of a public body.
  • Facilitation Payments: Small unofficial payments made to secure or expedite routine governmental actions.

5. Policy statement

The Company prohibits:

  • Bribes of any kind, whether direct or indirect.
  • Facilitation payments, regardless of size.
  • Kickbacks, secret commissions or improper inducements.
  • Using third parties to circumvent this policy.

No one may offer or accept a bribe, even if refusal may result in the loss of business or a contract.

6. Roles and responsibilities

Board of Directors

  • Holds ultimate responsibility for oversight of this policy.

Senior Management

  • Ensure effective implementation, resourcing and enforcement of this policy.

Workplace and Compliance Lead

  • Maintains this policy and related procedures.
  • Provides support and training where applicable.
  • Oversees risk assessments, due diligence and investigations.

All employee owners and all permanent or temporary staff members or contractors

  • Must comply with this policy.
  • Must complete training.
  • Must promptly report any concerns or suspected breaches.

7. Risk assessment

The Company shall conduct periodic bribery and corruption risk assessments, with enhanced focus on IT and professional services specific risk areas, including:

  • Public sector procurement and framework call-offs.
  • Pre-sales activity, demonstrations, pilots and proofs of concept.
  • Contract variations, change controls, extensions and renewals.
  • Access to sensitive or confidential public sector information, data or systems.
  • Use of agents, resellers, implementation partners or specialist subcontractors.
  • High-risk jurisdictions, offshore delivery or remote service provision.

Risk assessments will be documented and used to inform controls and mitigation measures.

8. Gifts, hospitality and expenses

  • Gifts and hospitality must be reasonable, proportionate, transparent and for legitimate business purposes only.
  • In the context of IT and professional services, particular care must be taken around events, conferences, training, site visits, demonstrations and hospitality linked to procurement or contract renewal decisions.
  • No gifts or hospitality may be offered to or accepted from Public Officials without prior written approval from a Compliance Officer.
  • Cash or cash equivalents (e.g. vouchers, prepaid cards, software licences for personal use) are strictly prohibited.
  • All gifts, hospitality and expenses must be accurately recorded in the Company’s Gifts and Hospitality Register.

9. Political and charitable contributions

  • The Company does not make political donations.
  • Charitable donations and sponsorships must not be used as a means of influencing Public Officials or procurement decisions and require prior approval.

10. Conflicts of interest

Staff must declare any actual, potential or perceived conflicts of interest, particularly where they involve Public Officials or public sector decision‑makers. Declared conflicts will be reviewed by a Board member and managed appropriately.

11. Third-party due diligence

  • Proportionate due diligence shall be conducted on all Associated Persons prior to engagement and periodically thereafter, with enhanced scrutiny of resellers, referral partners, consultants, and subcontractors used in IT and professional services delivery.
  • Contracts with Associated Persons must include appropriate anti bribery, audit and termination clauses.
  • Payments to third parties must be reasonable, commercially justified, aligned to documented services, and made only against valid invoices and through approved channels.

12. Procurement and tendering controls

  • All bids, framework submissions and call off competitions must be conducted fairly, transparently and in accordance with applicable procurement rules.
  • Staff involved in pre-sales, solution design, pricing or bid management must not seek or accept confidential or non-public information improperly.
  • Any contact with Public Officials, evaluators or technical assessors during procurement must be appropriate, documented and compliant with the contracting authority’s rules.
  • The use of demonstrations, trials, pilots or proofs of concept must be formally approved and documented to ensure they are not used as improper inducements.

13. Books, records and internal controls

  • All financial transactions must be accurately recorded in reasonable detail.
  • Off-book accounts, false entries or misleading records are prohibited.
  • Internal controls shall be maintained to prevent and detect bribery and corruption.

14. Reporting concerns (speak up)

The Company encourages all team members and any Associated Persons to raise concerns in good faith.

  • Reports may be made to line management, the Workplace and Compliance Lead, or via a confidential whistle-blowing channels.
  • All reports will be investigated in good faith.
  • Retaliation against anyone who raises a concern in good faith is strictly prohibited.

15. Investigations and disciplinary actions

  • All suspected breaches will be promptly and fairly investigated.
  • Breaches of this policy may result in disciplinary action, up to and including dismissal, termination of contracts, and reporting to authorities where required.

16. Training and communication

  • Mandatory anti-bribery and corruption training will be provided to all Staff, with enhanced and role-specific training for those involved in sales, pre-sales, bid management, solution architecture, account management, project delivery and supplier management.
  • Training will address practical IT and professional services scenarios, focused on interactions with both Private Business and Public Officials.
  • This policy will be communicated internally and made available to any Associated Persons.

17. Monitoring, review and continuous improvement

  • Compliance with this policy will be monitored through audits and reviews.
  • The policy will be reviewed at least annually, or sooner if there are changes in law, regulation or risk profile.

18. Policy ownership and approval

This policy is owned by the Workplace and Compliance Lead. It is approved and supported by the Board of Directors.

Last updated: 19/01/2026

Modern slavery policy

1. Policy statement

Zoonou Limited is committed to preventing modern slavery, forced labour, child labour, and human trafficking in all aspects of its business operations and supply chains. This commitment applies to all services we deliver, across our client base, including our work for UK public sector clients.

We recognise that modern slavery risks may arise within IT and digital services through global hardware supply chains, outsourced or offshore delivery models, and the use of agency or contingent labour. We therefore adopt a zero-tolerance, risk-based, and proportionate approach to identifying, preventing, and addressing modern slavery risks.

We are committed to fully complying with the Modern Slavery Act 2015, relevant UK employment legislation, and applicable government procurement policy, including PPN 02/23 (Tackling Modern Slavery in Government Supply Chains).

Zoonou Limited will not knowingly support, engage with, or conduct business with any organisation involved in slavery or human trafficking. Where concerns are identified, appropriate action will be taken, including remediation, suspension, or termination of contractual arrangements.

2.Scope

This policy applies to:

  • All employee-owners, directors, and officers of Zoonou Limited.
  • Contractors, consultants, agency workers, and contingent labour.
  • All suppliers, subcontractors, and business partners.
  • All delivery models, including any onshore, near-shore, and offshore services.
  • All private sector engagements.
  • All public sector engagements, including framework agreements and call-off contracts.

3. Definitions

Modern slavery includes slavery, servitude, forced or compulsory labour, and human trafficking, as defined in the Modern Slavery Act 2015. This includes practices involving coercion, abuse of power, restriction of movement, debt bondage, or exploitation of vulnerability.

4. Governance and accountablity

  • Ultimate accountability for this policy rests with the Board of Directors of Zoonou Limited.
  • Operational responsibility is assigned to the Workplace and Compliance Lead.
  • Modern slavery risks are reviewed at least annually and when entering new markets, delivery models, or new supplier relationships.
  • This policy is reviewed annually or following changes to legislation, government guidance, or organisational structure.

5. IT and digital services - modern slavery risk areas

Zoonou Limited recognises that modern slavery risks within IT and digital services may arise in (but are not restricted to) the following areas:

  • IT hardware manufacturing, assembly, and logistics.
  • Software development, testing, and support services, including outsourced or offshore teams.
  • Cloud hosting, managed services, and data centre operations.
  • Systems integrators, resellers, and multi-tier technology supply chains.
  • Recruitment and agency labour, including developers, engineers, testers, and service desk personnel.
  • Facilities and support services associated with IT delivery (e.g. cabling, installation, maintenance).

These risk areas inform our due diligence, supplier selection, and monitoring activities.

6. Risk assessment

Zoonou Limited adopts a risk-based approach to assessing modern slavery risks, considering factors such as:

  • Geographic location of suppliers and service delivery.
  • Nature of services (labour-intensive vs automated).
  • Use of subcontractors or offshore resources.
  • Scale and duration of public sector contracts.
  • Supplier maturity, transparency, and governance.
  • Where higher risks are identified, enhanced due diligence and monitoring measures are applied.

7. Supplier, sub-contractor and business partner commitments

The Modern Slavery Act 2015 applies not only to Zoonou’s own employees, but also to all suppliers, sub-contractors, and other business partners involved in the delivery of our services.

Zoonou Limited is committed to legal compliance, high ethical standards, and the protection of fundamental human rights across all tiers of its supply chain. To satisfy these commitments, all suppliers and subcontractors are required to demonstrate compliance with our modern slavery requirements. As part of our due diligence and ongoing supplier management processes, suppliers must formally agree to the following statement:

Supplier Modern Slavery Warranty

“The contractor warrants that it has thoroughly investigated its labour practices and those of its direct suppliers to ensure that there is no slavery or forced labour used anywhere in its organisation or within any of its direct suppliers’ or subcontractors’ organisations.

The contractor further warrants that it has in place all necessary processes, procedures, investigations, and compliance systems to ensure that the warranties made above will continue to be the case at all times. Zoonou Limited reserves the right to audit the contractor’s supply chain at any time, with prior notice, where it has reason to suspect that the above requirements have not been met.”

8. Recruitment and employment practices

Zoonou Limited ensures that:

  • All employment is freely chosen and voluntary.
  • Workers are free to leave employment in accordance with applicable laws.
  • No recruitment or placement fees are charged to workers.
  • Identity documents are not retained as a condition of employment.
  • Right-to-work checks are carried out in line with UK legislation.
  • Pay, working hours, and conditions meet or exceed legal minimum standards.

Where third-party or offshore labour is used, we require assurance that equivalent standards are applied.

9. Training and awareness

Zoonou Limited provides proportionate training and awareness for:

  • Board members.
  • Employee-owners involved in procurement and supplier management.
  • Team members handling or agreeing to contracts.
  • Management and recruitment personnel.

Training covers identifying indicators of modern slavery in IT and digital delivery contexts and understanding escalation and reporting procedures.

10. Reporting concerns (whistleblowing)

Zoonou Limited encourages employees, suppliers, and other stakeholders to report concerns related to modern slavery without fear of retaliation.

Concerns may be raised through:

  • Line management.
  • Workplace and Compliance Lead.
  • Confidential whistleblowing process.

All reports are taken seriously and investigated appropriately.

11. Incident management and remediation

Where actual or suspected modern slavery is identified:

  • Immediate steps are taken to safeguard affected individuals.
  • Relevant authorities and public sector contracting authorities are informed where appropriate.
  • Zoonou Limited works with suppliers to implement corrective actions.
  • Where remediation is no achievable, contracts may be suspended or terminated.

12. Public sector commitments

In delivering public sector contracts, Zoonou Limited commits to:

  • Complying with all applicable procurement policies and PPNs.
  • Maintaining transparency and cooperation with contracting authorities.
  • Providing accurate information during tenders, audits, and contract reviews.
  • Supporting ethical, responsible, and sustainable public procurement objectives.

13. Continuous improvements

Zoonou Limited is committed to continuous improvement by:

  • Reviewing the effectiveness of this policy and related controls
  • Learning from incidents, audits, and supplier engagement
  • Monitoring changes in legislation and government guidance
  • Publishing and reviewing a Modern Slavery Statement annually where required

14. Approval and review

This policy is approved by the Board of Directors of Zoonou Limited.

Last updated: 19/01/2026

ISO 9001:2015 Quality Policy

The continuing Policy of Zoonou Limited is to provide professional, high quality and efficient software and digital testing services to ensure the satisfaction of the requirements of our clients. The Board of Directors is committed to ensuring that our services provide our clients with the support they require to deliver high quality digital products to their customers and users.

In recognition of its responsibility for managing quality within the company, the Board of Directors  Senior Team Members at Zoonou Limited has established a Quality Management System which complies with the requirements of ISO 9001: 2015. 

The Board of Directors and Senior Team Members will show leadership and commitment, and bear the responsibility for establishing, implementing, integrating and maintaining the Quality Management System by leading on the following:

  • Maintaining a system that recognises the needs and requirements of our clients and committing to deliver
    services that satisfy these.
  • Ensuring the appropriate resources are available and infrastructure is in place to effectively deliver all services and processes, including people, IT, tools, documentation and test environments.
  • Every employee is responsible for and will be trained to perform the duties required by their specific role.
  • Through direction and support, each employee will have an understanding of the importance of the Quality Management System, their responsibility to contribute to its effectiveness, and its direct relevance to the success of the organisation. Provide a framework for setting quality objectives for the delivery of test and QA services to our clients.
  • Monitoring, measuring and reviewing the performance of the Quality Management System and its associated processes based on our quality objectives.
  • Commit to continual improvement of the Quality Management System, based on assessment of reviews,
    audits, client feedback and valued input from the wider Zoonou team.

It is Zoonou Limited’s intent to continue to improve the effectiveness of the Quality Management System and satisfy all requirements relevant to the organisation. This Quality Policy is reviewed annually, as part of Zoonou’s quality management review programme, or as required to recognise the changing needs and expectations of relevant interested parties.

This Quality Policy is made available to all members of the Zoonou team as well as interested parties, clients and customers. 

Last updated: 07/01/2025