Scope

This policy applies to all employees of Go Auto Corporation and its affiliates (collectively, “Go Auto” or the “Company)

Purpose

Go Auto is committed to promoting and protecting the health of our employees. Accordingly, we promote and maintain a smoke- and vape-free workplace in accordance with federal and provincial legislation.

Policy

In order to comply with local health bylaws (to meet insurance and safety standards) and in the interest of employee, customer and vendor health - we have designated our buildings as “non-smoking.” This policy applies to smoking or holding lighted tobacco or cannabis and use of an electronic cigarette or other vaping device.

Employees are asked to smoke only in designated smoking areas and must ensure that they are fully respecting local smoking bylaws and refrain from smoking within the bylaw specified distance from entrances and windows (which will be posted at each location).

This policy will also be enforced with any employee operating a Company vehicle, including (but not limited to):

• Shuttle vans
• Parts trucks
• Customer vehicles
• Any demonstration (demo) vehicles

Scope

This policy applies to all employees of Go Auto Corporation and its affiliates (collectively, “Go Auto” or the “Company”).

Purpose

Go Auto respects everyone’s right to represent themselves on social media. It’s a great medium for self-expression. In fact, when used appropriately, social media can actually help build Go Auto’s reputation! The goal is certainly not to hamper anyone’s ability to speak positively about where they work. We simply encourage all employees to use common sense and good judgment when spreading the word. And when you do, don’t position yourself as a representative of Go Auto.

Comments on social media are extremely public. These comments are visible not just to your friends and family, but employees, suppliers, current and potential customers - literally anyone with internet access. This policy is intended to help employees use social media platforms responsibly in a way that’s consistent with Company policies and values and any applicable laws.

Policy

For the purpose of this policy - "Social Media" means any digital platform, application, website, or service - whether public or private - that enables users to create, share, view, or exchange content, information, or messages with others. This includes, but is not limited to, social networking sites (e.g., Facebook, LinkedIn), media-sharing platforms (e.g., Instagram, TikTok, YouTube), messaging and group communication tools (e.g., WhatsApp, Slack, Discord), and online forums, blogs, comment sections, and review sites (e.g., Reddit). This applies regardless of device, account type, anonymity, or privacy settings.

Unless specifically authorized or instructed to do so, employees are not authorized to speak or issue statements on behalf of Go Auto on any social media. Employees cannot create or control any Go Auto related social media accounts without the express authorization of the Go Auto Management Team. If an employee creates or operates a social account using Go Auto’s name, trademarks, or taglines, they will be in violation of the policy.

Inappropriate Uses of Social Media

Employees will be considered in violation of the social media policy if they:

a) Represent themselves as speaking on behalf of the company without prior authorization by management;

b) Disclose any confidential information of the company, its clients, or suppliers;

c) Use social media to harass, gossip or make negative, critical or disparaging comments about the company or its employees, customers, or suppliers;

d) Disclose personal information of any other employee or customer;

e) Post company logos, trademarks or copyrighted material (however, retweeting/sharing posts created by Go Auto is encouraged); or

f) Post photographs, video or audio recordings of employees, company facilities, or individuals receiving services from or through the company that are not in line with the business practices of Go Auto.

Go Auto will not be responsible for any social media posts made by employees.

Consequences for Non-Compliance with Policy

Anyone suspected of violating the social media policy with be subject to possible legal or disciplinary action by Go Auto, up to and including termination of employment. Additionally, employees may be held liable to third parties for unlawful statements, harassments, copyright violations, etc.

Scope

This policy applies to all employees of Go Auto Corporation and its affiliates (collectively, “Go Auto” or the “Company”).

Purpose

The employees of Go Auto are our most valuable resource, and employee health and safety are of paramount concern. The Company has adopted this Drug & Alcohol Policy to communicate our expectations and guidelines surrounding drug and alcohol use and impairment in the workplace.

Employee Requirements

During working hours and/or during the course or conduct of business, employees are expected to:

• Refrain from the use of drugs and/or alcohol;
• Refrain from the manufacture, distribution, possession, transfer, storage, concealment, transportation, promotion or sale of drug and/or alcohol or related paraphernalia at the workplace or in/on Company property;
• Arrive to work fit-for-duty and remain fit-for-duty;
• Inform supervision immediately if they are unable to safely, efficiently or diligently perform their duties to the acceptable standard due to the consumption or after-effects of drugs and/or alcohol;
• Report any suspected instances of non-compliance with this policy to management; and
• Abide by all applicable laws pertaining to drugs and alcohol.

There may be periodic exceptions specific only to alcohol for business-related social events, hosting and training and travel situations. Employees are always expected to exercise moderation and professionalism during such occasions.

Medication

Use or possession of prescription or over-the-counter medication by an employee does not necessarily contravene this policy, provided that the employee: i) is taking the medication in the manner prescribed by the physician, pharmacist or manufacturer of the medication (as applicable), ii) informs management of any safety concerns associated with the use of the medication, and iii) is fit for duty. Further information may be required from the prescribing source in order to assesses safety considerations and determine fitness-for-duty. The intentional misuse of medication (e.g. using the medication not as it has been prescribed, using someone else’s prescription medication, combining medications and/or alcohol against direction) is considered a violation of this policy.

Substance Dependency – Self Disclosure

Employees who believe they may be unable to comply with this policy are encouraged to seek support or treatment, including through the Company-sponsored employee assistance program. Employees who believe they have a drug or alcohol dependency are encouraged to voluntarily disclose the dependency to management prior to any instance of non-compliance with any Company policy or other misconduct. Employees who disclose a dependency in this manner will not be subject to discipline for such disclosure. Employees who fail to disclose a drug or alcohol dependency prior to an instance of non-compliance with any Company policy or other misconduct may be subject to discipline, up to and including termination of employment for just cause, as a result of such non-compliance or misconduct even when a dependency may have contributed to the non-compliance or misconduct.

Management Responsibilities

Go Auto will:

• Take reasonable steps to inform all employees of the existence of this policy, including maintaining a copy of this policy on the Company’s employee intranet site; and
• Ensure that any employee who voluntarily discloses a drug or alcohol dependency, before any non-compliance with Company policy or condition of employment, is provided with reasonable support and is not disciplined as a result of such disclosure.

Alcohol and Drug Testing

Go Auto may require an employee to submit to drug and/or alcohol testing in the following circumstances:

• Reasonable Cause – When an employee’s appearance, behaviour or other factors give rise to a reasonable belief that the employee may be consuming, or impaired by, drugs and/or alcohol;
• Post-Incident - When an employee’s actions contribute to an incident involving significant property damage or personal injury. For clarity, post-incident testing is only applicable to employees who work in safety-sensitive roles or safety-sensitive workplaces or who are performing safety-sensitive tasks; or
• As part of a post-rehabilitation return-to-work/reinstatement program.

An employee will be considered non-compliant with this policy if the employee:

• Refuses to comply with a request to submit to an alcohol or drug test;
• Refuses to provide a sample for an alcohol or drug test; or
• Tampers with or attempts to tamper with a sample for an alcohol or drug test.

Confidentiality & Privacy

Go Auto will only collect, use and disclose employee personal information in accordance with applicable laws. As a condition of ongoing employment with Go Auto, each employee consents to, and agrees to provide any required written or verbal consent to, the collection, use and disclosure of any personal information reasonably required to administer and enforce this policy.

Go Auto may, if it has reasonable grounds to suspect non-compliance with this policy, conduct unannounced searches for drugs or alcohol at any Company workplace. Accordingly, employees should not have any expectation of privacy with respect to the use of Company lockers, offices, storage facilities, vehicles or any other Company property.

Consequences of Non-Compliance with Policy

Subject to applicable legislation, any violation of this policy may result in disciplinary action up to and including termination of employment for cause.

Scope

This policy applies to all employees of Go Auto Corporation and its affiliates (collectively, “Go Auto” or the “Company”).

Purpose

At Go Auto, we are trying to accomplish a business casual look, which includes proper attire. Although we want our employees to be comfortable at work and have room for self-expression - we still need to project a professional image for our customers, fellow employees, potential employees, and community visitors.

Policy

Clothing that works well for the beach, yard work, dance clubs, gyms, and sports contests is not appropriate for a professional appearance at Go Auto. Employees are also asked to refrain from wearing any clothing in a state of disrepair, clothing with inappropriate or offensive slogans/artwork, and/or revealing, suggestive or extremely tight clothing.

Some departments may have specific guidelines for dress – as deemed necessary for branding, safety or practicality. Such guidelines will be provided to you by your manager, if applicable.

Scope

This policy applies to all employees of Go Auto Corporation and its affiliates (collectively, “Go Auto” or the “Company”).

Purpose

Go Auto is committed to providing a safe, healthy, respectful, rewarding, and harassment and violence-free work environment for its employees.

Policy

Go Auto does not condone, and will not tolerate, harassment or workplace violence by or against any of our employees or contractors. All reported incidents of workplace violence or harassment will be investigated and, if deemed appropriate, corrective action will be taken. For more details on investigation procedures, refer to the Workplace Violence & Harassment Prevention Plans.

All employees are responsible for reporting workplace violence, harassment, bullying, and/or discrimination. This policy is not intended to discourage workers from filing complaints or exercising rights pursuant to applicable law, including provincial human rights legislation.

This policy will be reviewed by the Company on an annual basis or more often if required.

Definitions:

Harassment is any single incident, or repeated incidents, of objectionable or unwelcome conduct by a person that the person knows or reasonably ought to know would cause offense or humiliation to another person or adversely affects that person’s health and safety, including (without limitation):

1. Conduct, comment, bullying or action because of race, religious beliefs, colour, physical disability, mental disability, age, ancestry, place of origin, marital status, source of income, family status, gender, gender identity, gender expression, and sexual orientation; or
2. A sexual solicitation or advance.

Harassment is not:

1. Consensual, agreeable banter between two or more people
2. Normal physical contact that is necessary for the purpose of performing work duties
3. An employee in a supervisory capacity engaging in day-to-day workforce management actions, such as:

• Work assignments and allocations
• Enforcing rules, polices, procedures, legislation, processes, etc. 
• Progressive discipline
• Performance management

Harassment does not include every workplace conflict or interaction that an employee may find unpleasant.

Workplace Violence is the exercise of physical force, an attempt to exercise physical force, or a threat to exercise physical force against an employee or other individual in a workplace that causes, or could cause, physical injury to the employee or other individual.

Frivolous or Vexatious Complaints

• An investigation may determine that a complaint is not supported, is not presented in good faith or that there is no breach of this policy. Such a finding does not automatically mean that the complaint was frivolous or vexatious.
• Frivolous or vexatious complaints are those where the complainant or others know there is no foundation that would suggest a breach of this policy and where the complaint is filed with false information or for the purpose of bringing an adverse consequence to the respondent or another employee of the Company. These complaints are a breach of this policy and any employee engaged in the filing of such a complaint may be subject to disciplinary action up to and including termination.

Confidentiality:

All information gathered through investigation will be kept confidential. The name of the complainant and the details of the complaint will not normally be disclosed to any person except when necessary for the investigation of the complaint, reporting on the outcome of the investigation, taking disciplinary measures, dealing with the Joint Work Site Health and Safety Committee, where necessary to inform workers of a threat of violence or harassment, or other management of the workplace. Investigation information will be secured in Human Resources (separate from employee personnel files unless the subject of discipline). Exceptions may need to be made where necessary to inform workers of a specific or general threat of violence or potential violence or as required by law.

Consequences of Non-Compliance with Policy

An employee who subjects another individual to harassment, bullying, discrimination, or workplace violence will be subject to disciplinary action, up to and including termination.

Overview

Go Auto Corporation’s (“Company”) Employee Code of Conduct (“Code”) applies to all employees of the Company across all jurisdictions. Our independent contractors, consultants, agents, and other representatives will also be required to meet the standards set out in this Code. Employees are expected to proactively promote ethical behaviour as a responsible partner amongst peers in the work environment and community.

Fairness, Integrity and Respect in Business Conduct

Employees must always follow applicable jurisdictional laws, rules, and regulations. Employees must not engage in any professional conduct involving dishonesty, fraud, or deceit or commit any act that reflects adversely on their professional reputation, integrity, or competence with customers, vendors, or financial institutions.

Our employees will not, directly, or indirectly, offer or receive bribes, kickbacks, or other similar payments, nor promise any other improper benefit for the purpose of influencing any employees, competitors, clients, suppliers, customers, and vendors, financial institutions, or any other person.

Employees must be open and transparent with our lenders. Information collected for the purpose of securing lending (leasing, financing, credit, etc.) from our lending partners must be fully disclosed. Any alterations, inflations, and/or omissions to information provided by the end-user/beneficiary of such lending is against Company policy.

Diversity and Respect in the Workplace

The Company is committed to a unique and inclusive culture and wants to foster a safe, welcoming, and respectful work environment. The Company will endeavor to create a workforce that reflects the diverse population of the communities in which we operate. The Company will provide employees with a work environment free of discrimination, harassment, violence, intimidation, or coercion and respects all protections afforded to employees, potential employees, clients, suppliers, customers, and vendors under Human Rights legislation. Employees are expected to act and conduct themselves accordingly.

Conflict of Interest

Advancing the Company’s legitimate interests is a duty expected from all employees. A “conflict of interest” occurs when an employee's personal interest interferes with the best interests of the Company. While carrying out this duty, employees need to ensure that their outside business or personal interests do not conflict with the interests of the Company and critically consider actions which may be perceived as or give rise to any potential conflicts of interest. For employment-related matters, all employees must act for the benefit of the Company and not deprive their employer of the advantage of their skills, and abilities, divulge confidential information or otherwise cause harm to the Company.

Examples of conflict of interest:

• Use of Company property or information to take advantage of a business opportunity discovered through an employee’s position
• Use of Company property, facilities, holdings, or assets for personal gain
• Disclosure of sensitive or proprietary Company information for personal gain
• Direct competition with the Company
• Receiving money (cash or cash equivalent), gifts, discounts, entertainment, quid-pro-quo (this-for-that) consideration, favours, or any other benefits from a competitor, supplier, client, customer, vendor, lender, etc. which may create a sense of obligation or perceived sense or obligation from the employee to the initiating party
• Holding a financial interest in an outside Company (investments, shares, ownership, dividends, etc.) where the employee can impact our business with that Company
• Secondary employment (including consulting services) which directly conflicts with the interests of the Company
• Directing Company business to the business of a family member or friend

Disclosure requirement:

Employees are expected to be honest and ethnical in the handling of actual, apparent or possible conflicts of interest. Any applicable situations should be disclosed by the employee to his or her Vice President/General Manger for review

Protection of Personal Information and Data Privacy

We take the privacy of the information that employees, clients, suppliers, customers, and vendors entrust to us very seriously and we are committed to protecting this information. Such information will only be collected, used, and disclosed for legitimate business purposes and in administering the working or business relationship, for discipline purposes or as otherwise required by applicable law. We will comply with all applicable privacy and data protection legislation, as required. Employees are limited to using the CRM/Database for their assigned business only. Any use of these systems for unauthorized businesses in not permitted.

Intellectual Property

Our intellectual property - including copyrights, trade secrets, know-how, patents, technical inventions, design standards, guidelines and trademarks and related licenses are critical property. We will take appropriate actions to defend our intellectual property. We are also committed to respecting intellectual property that belongs our business partners, vendors, clients, our competitors, and our industry. Employees are expected to act and conduct themselves accordingly.

Company Policies

In addition to the general corporate guidance provided in this Code, we maintain a variety of policies, procedures and guidelines specifically addressing various matters. These can be found on the Company’s intranet site at https://www.goauto.ca/policies. All employees are expected to be familiar and compliant with these policies.

Responsibilities of Employees

Employees are responsible for adhering to this code, acting in good faith, with due care, competence and diligence without misrepresenting material facts or allowing their independent judgment to be subordinated. Employees are encouraged to report any violations confidentially to their Vice President, General Manager or Go Auto Employee Support at employeesupport@goauto.ca

Business Office/Sales Guidelines

Employees will uphold all Dealer Agreements held with financial institutions in accordance with the specific rules and regulations. Proper disclosure to the banks via the credit application and input into the portals must be in accordance with these agreements. Employees must not knowingly make any misrepresentations relating to the improper disclosure to all financial institutions of any criteria that would affect and or impede the lending source’s decision making. Employees must ensure that all down payments obtained from the customer under the loan agreement are exactly as specified in the final agreement and in the form, as stated.

All products are to be presented. This must be done in an ethical and professional manner. All Business Office personnel must act in compliance with section 459.1 of the Bank Act (regarding the practice of coercive-tied selling). More specifically, it is against the law to impose undue pressure on, or coerce, a person to obtain a product or service from a particular person, including the bank and any of its affiliates, as a condition for obtaining another product or service to obtain another bank product or service.

Proper disclosure of all facets of the deal must also be provided to the customer (i.e. Carfax reports/inspection reports) in compliance with provincial guidelines.

Purpose

Go Auto’s information technology (“IT”) resources are strategic business assets that enable efficient operations and support organizational objectives. The purpose of this Acceptable Use Policy is to define the appropriate use of Go Auto’s information systems, networks, and IT assets, and to establish minimum expectations for users.

These requirements are intended to protect Go Auto, its employees, and its subsidiaries from illegal, costly, or damaging actions—whether intentional or unintentional. Inappropriate use of IT resources may expose Go Auto to compromises of the confidentiality, integrity, and availability of information and information systems, and may result in operational disruption, financial loss, legal liability, or reputational harm.

Scope

This policy applies to all individuals who access, use, or manage Go Auto information technology (“IT”) resources, including employees, contractors, consultants, temporary staff, vendors, and other authorized third parties conducting business on behalf of Go Auto or its subsidiaries. Where applicable, compliance with this policy may also be required by contractual agreement.

This policy applies to all Go Auto IT assets and resources, whether owned, leased, or provided by Go Auto, including those hosted on-premises or in the cloud. IT assets include, but are not limited to:

• End-user devices: desktops, laptops, printers, tablets, mobile phones, handheld devices, and other endpoints (including wireless/cellular devices).
• Accounts and access credentials: usernames, passwords, tokens, multi-factor authentication, and access to email, financial systems, network resources, directory services (e.g., Active Directory), collaboration tools, and vendor platforms (e.g., UKG/ADP/CDK), where applicable.
• Software and applications: custom-developed applications, commercial software, SaaS applications, shareware, and open-source software.
• IT services and infrastructure: networks, internet and ISP services, cloud services, infrastructure services, telephony/voice systems, wiring, IT facilities, support contracts, and service providers.
• Information and digital resources: electronic documents, files, records, and other data created, stored, processed, or transmitted using Go Auto IT resources.

This policy and supporting guidelines shall be made available to users, communicated as appropriate, and understood by all individuals who access Go Auto IT assets.

General Use and Ownership

All uses of information and information technology resources must comply with organizational policies, standards, procedures, and guidelines, as well as any applicable license agreements and laws including Federal, State, Provincial, local and intellectual property laws.

• While the security administration of Go Auto desires to provide a reasonable level of privacy, users should be aware that the data they create and/or store on corporate systems remains the property of Go Auto. Because of the need to protect IT assets, management cannot guarantee the confidentiality of personal information stored on any IT asset belonging to Go Auto.
• Users are responsible for exercising their good judgment regarding the reasonableness of personal use.
• Users shall be responsible for the security of their password and accounts
• It is required that any information that is considered confidential, sensitive or private under policy to be protected.
• For IT system security and network maintenance purposes, only authorized individuals within Go Auto shall monitor equipment, systems, and network traffic at any time.
• Go Auto reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.
• Any theft, loss, or unauthorized disclosure of Go Auto proprietary information, or any other security incident must be promptly reported.

Appropriate Use

• Performing duties as required by the specific job and role descriptions.
• Communicating with fellow employees, business partners of Go Auto, and clients within the context of an individual’s assigned responsibilities.
• Acquiring or sharing information necessary or related to the performance of an individual’s assigned responsibilities.
• Participating in educational or professional development activities.
• Using the internet for work-related activities and communicating with clients.
• Use technology devices, systems, and services with care and responsibility.

User IDs and Passwords

• Users are responsible for all activity performed with their personal user IDs. They must not permit others to perform any activity with their user IDs, and they must not perform any activity with IDs belonging to other users.
• Go Auto accounts, user IDs, network passwords, voice mailbox personal identification numbers, credit card numbers, and other access codes must not be used by, or shared with anyone other than the person to whom they were originally issued.
• Regardless of the circumstances, passwords assigned to individuals must never be shared or revealed to anyone else besides the authorized user. Information Technology Department staff must never ask users to reveal their passwords.
• Passwords must only be stored in secured password storage systems such as password vaults. Users must never write down or otherwise record a readable password and store it near the access device to which it pertains. Examples of password vaults can include browsers password manager such as Microsoft Edge Password Manager, or Google Password Manager
• Each user must immediately change his or her password if the password is suspected of being disclosed, or known to have been disclosed to an unauthorized party

E-mail Security

• Apply your professional discretion when using email, for example abiding by the generally accepted rules of email etiquette. Review emails carefully before sending, especially formal communications with external parties.
• Do not unnecessarily disclose potentially sensitive information in “out of office” messages.
• Report all potentially malicious or fraudulent emails directly to Information Security and delete all such emails immediately.
• Except when specifically authorized by management or where necessary for IT system administration purposes, users must not intercept, divert, modify, delete, save or disclose emails without the consent of the original user.
• Limited personal use of the corporate email systems is permitted at the discretion of local management provided that it is incidental and occasional and does not interfere with business. You should have no expectations of privacy: all emails traversing the corporate systems and networks are subject to automated scanning and may be quarantined and/or reviewed by authorized users.
• Do not use private personal accounts or personal external/third party email services for business purposes. Do not forward or auto-forward corporate email to external/third party email systems. You may access your own email via corporate IT facilities at local management discretion provided that such personal use is strictly limited and is not considered private.

Physical Equipment

• Users may be assigned IT equipment in connection with their official duties. This equipment belongs solely to the organization and must be immediately returned upon request or upon termination of contract/employment. Users may be financially responsible for the value of equipment assigned to their care if it is not returned to the organization. Furthermore, Go Auto reserves the right to not issue or reissue IT devices and equipment to users who repeatedly lose or damage IT equipment.
• All IT equipment being transported to another location must be hidden from plain view and secured when unattended.
• IT Assets must never be left in public spaces without the assigned user present.
• Always take your IT assets with you when walking away, even if briefly.

Clean Desk

• All physical documents containing confidential information must be hidden in a locked location when not in use or unattended.
• Passwords must never be posted in a physically accessible location, such as on a sticky note or notepad.
• All computer screens must be locked, or laptops closed, when unattended.
• This applies even if the user is only walking away for a few moments.
• All physical documents must be destroyed when no longer needed.

Inappropriate Use

Users of Go Auto IT assets are expected to exercise good judgment and use resources responsibly, securely, and for authorized business purposes. The activities below are prohibited. This list is illustrative and not exhaustive.

Illegal, Unethical, or Policy-Violating Use

Users must not:

• Engage in any activity that violates applicable civil or criminal laws or regulations.
• Access, create, store, transmit, or distribute content that is illegal, fraudulent, intentionally false, or deceptive.
• Reproduce, download, distribute, or use copyrighted, patented, or licensed materials (e.g., software, music, movies, images) without authorization or legal right.

Harassment, Discrimination, or Offensive Content

Users must not:

• Harass, threaten, intimidate, abuse, or discriminate against others.
• Access, store, or share material that is pornographic, obscene, hateful, violent, discriminatory, or otherwise inconsistent with Go Auto values or Human Resources policies.

Security Circumvention and Unauthorized Access

Users must not:

• Attempt to bypass, disable, or circumvent security controls (e.g., MFA, antivirus/EDR, encryption, filtering, logging, monitoring).
• Access, attempt to access, or use systems, accounts, or data without explicit authorization or without a legitimate business need.
• Use another person’s credentials, share credentials, or allow others (including family/friends) to access Go Auto systems, devices, data, or facilities.
• Misrepresent, obscure, suppress, or replace another user’s identity in transmitted or stored messages, logs, or records.

Misuse or Misappropriation of Physical Assets

Users must not:

• Remove, swap, or transfer Go Auto equipment without IT approval or inventory tracking.
• Retain equipment beyond the required employment/assignment period or fail to return equipment when requested.
• Carelessly store, transport, or handle equipment in ways that increase risk of loss, theft, or damage (e.g., leaving devices visible in vehicles or unsecured public places).
• Install, download, copy, or use unlicensed, illegal, or unauthorized software.
• Install “free” software, shareware, open-source tools, browser extensions, or utilities without IT approval, where licensing, security, or support risks may exist.
• Make unauthorized changes to Go Auto devices or systems, including upgrades, configuration changes, or removal of required software, without IT direction or assistance.

Inappropriate Use of Company Resources

Users must not:

• Intentionally degrade system or network performance or disrupt business operations.
• Stream high-bandwidth video/music or engage in other non-business use that materially impacts network performance or productivity, particularly during peak business hours.
• Use Go Auto resources to circulate unauthorized solicitations, chain messages, advertisements, or fundraising for non-business purposes (including political, religious, charitable, or personal causes), unless explicitly approved.

Confidentiality and Data Protection Violations

Users must not:

• Disclose Go Auto confidential or sensitive information to unauthorized persons or third parties.
• Share customer, employee, or business information outside Go Auto except as required for legitimate business purposes and approved processes.

Inappropriate use of digital assets

• Communication of confidential company information to personal or business acquaintances.
• Using or attempting to use user accounts not designated for your use.
• Accessing data or systems without consent or as part of your duties.
• Mass emailing for personal use.
• Installing or upgrading software without the direction or assistance of IT personnel.
• Online streaming of video or music during peak office hours as this impacts network performance and could negatively impact business operations.

Purpose

The purpose of this policy is to establish clear standards governing the conduct of all Business Office activities within Go Auto dealerships.

Go Auto is committed to conducting all vehicle financing, lending submissions, and product presentations in an ethical, transparent, and compliant manner. This policy supports compliance with applicable regulatory requirements and reinforces Go Auto’s commitment to fair dealings with customers, lenders, and regulators.

Scope

This policy applies to all Go Auto employees involved in vehicle sales transactions, financing arrangements, and the presentation or sale of aftermarket products including:

• Finance Managers
• Business Managers
• Finance Directors
• Sales Managers
• General Managers
• Any employee involved in deal structuring, financing, or product presentation

All employees must comply with this policy in addition to Go Auto’s Employee Code of Conduct.

Regulatory Compliance

Go Auto operates across multiple jurisdictions and must comply with applicable consumer protection, automotive retail, and financial services legislation.

Canada

• AMVIC Alberta Motor Vehicle Industry Council
• VSA Vehicle Sales Authority of British Columbia
• Saskatchewan Consumer Protection Division under The Consumer Protection and Business Practices Act
• Manitoba Consumer Protection Office under The Consumer Protection Act
• Northwest Territories Consumer Affairs Office under the Consumer Protection Act
• Financial Consumer Agency of Canada
• Section 459.1 of the Bank Act relating to coercive tied selling

United States

• Washington State Department of Licensing Vehicle Dealer Licensing Division
• California Department of Motor Vehicles Occupational Licensing Division
• California Department of Financial Protection and Innovation
• Federal Trade Commission consumer protection standards

Where regulatory standards differ between jurisdictions, the most stringent requirement will apply.

Core Conduct Expectations

All Business Office transactions must be conducted with integrity, professionalism, and transparency.

Employees must not engage in any conduct that could reasonably be considered misleading, deceptive, coercive, or unfair to customers, lenders, or regulators.

Optional Product Presentation

All aftermarket products offered in the Business Office must be presented as optional.

Optional products may include:

• Extended warranties
• Maintenance plans
• Tire and rim protection
• Appearance protection
• Theft protection products
• Credit insurance
• Key and FOB insurance
• Other aftermarket protection products

Customers must be free to choose which products they wish to purchase and must not be pressured or led to believe that products are required to complete a transaction or to obtain financing

Prohibition on Tied Selling

Tied selling is strictly prohibited.

Examples include:

• Telling a customer they must purchase a warranty or protection product to obtain financing
• Telling a customer they must purchase a warranty or protection product to obtain a better financing or lease rate
• Suggesting that financing approval depends on purchasing optional products
• Implying that a lender requires a product when that is not accurate
• Indicating that a deal cannot proceed if optional products are declined
• Delaying or jeopardizing a transaction because a customer declines optional products

Accurate Representation of Lenders

Business Office personnel must accurately represent lender requirements.

Employees must not:

• State or imply that a lender requires optional products when this is not accurate
• Misrepresent interest rates or approval conditions
• Provide misleading information regarding lender requirements

Deal Submission and Accuracy of Information

All information submitted to lenders must be accurate and complete.

Employees must not:

• Inflate or alter customer income
• Alter employment information
• Misrepresent down payments or trade values
• Modify credit applications without the customer’s knowledge
• Submit false or altered documentation
• Structure deals in a way that misrepresents a customer’s financial position

Identity Verification and Fraud Prevention

Employees must take reasonable steps to verify the identity of customers and review identification documents to ensure they appear valid and consistent with transaction information.

Any concerns regarding potential fraud must be escalated to dealership leadership immediately.

Customer Consent and Credit Authorization

Customer authorization must be obtained prior to accessing credit information or submitting credit applications to lenders. Customers must consent to credit bureau inquiries and lender submissions.

Customer Disclosure

Customers must receive clear disclosure regarding all aspects of their transaction including:

• Products purchased
• Optional versus required charges
• Financing terms and payment obligations
• Vehicle inspection reports where required
• Vehicle history reports where required by law

Customer Documentation and Delivery

Customers must receive copies of their transaction documentation at the time of vehicle delivery.

This includes:

• Bill of sale or purchase agreement
• Financing or lease agreement
• Lender disclosure documents
• Aftermarket product contracts
• Warranty agreements
• Inspection reports where applicable
• Vehicle history reports where applicable

Customer Documentation Acknowledgement

Customers will acknowledge receipt of their transaction documents at delivery through a signed delivery checklist, receipt acknowledgement, or electronic confirmation retained in the deal file.

Privacy and Protection of Personal Information

Employees must ensure all customer information is collected, used, and stored in accordance with applicable privacy legislation and Go Auto policies. Customer information may only be used for legitimate business purposes.

Lender Agreement Compliance

Employees must comply with all dealer agreements and program requirements established with financial institutions and follow lender specific rules and disclosure requirements.

Record Retention

Dealerships must maintain complete and accurate deal files for each transaction. Documentation must be retained in accordance with regulatory requirements and Go Auto policies.

Leadership Responsibility

General Managers and Finance Directors are responsible for ensuring Business Office staff are trained on compliance requirements and that all deals and product presentations follow this policy.

Reporting Concerns

Employees who become aware of conduct that may violate this policy must report concerns to their General Manager, Vice President, or Go Auto Employee Support.

Training

Business Office personnel may be required to complete compliance and regulatory training as directed by Go Auto.

Consequences for Non Compliance

Failure to comply with this policy may result in disciplinary action up to and including termination of employment and may expose the dealership and the Company to regulatory enforcement.