At Thomas Leach Colour, our reputation is built on trust and a commitment to excellence. We are dedicated to maintaining the highest standards across every aspect of our operations. This page provides public access to our key policy documents, detailing our formal commitments to Quality Management, Environmental Sustainability, Data Security Compliance, and Ethical Sourcing via our Chain of Custody.

Please use the navigation buttons below to view each specific policy statement in detail.

Thomas Leach Ltd. recognises that the disciplines of quality, health and safety and environmental management are an integral part of its management function. Along with its clients, TLC attaches the highest priority to delivery of print and communications solutions which, as a minimum, meet client expectations. Balanced with commercial and environmental requirements, TLC and its team are committed to providing quality of service and product; first time and every time.

To support these aims, TLC will conduct its operations in line with the internationally recognised quality management standard.

It is our policy to:

• Comply with all applicable laws, regulations and other requirements.
• Continually improve the effectiveness of our quality management system and make best use of our management resources in all quality matters.
• Communicate our quality objectives and our performance against these objectives throughout the company.
• Set and monitor quality performance indicators including client feedback.
• Work closely with our employees, clients and suppliers to establish the highest Quality standards.
• Ensure employees and workers act in accordance with this policy and TLC’s Quality Management System and have the relevant competences to fulfil their responsibilities.

The Board shall be responsible for this policy and ensuring that it remains relevant and suitable. This will be achieved through formal annual review. However, it is the responsibility of every employee to ensure we adhere to the principles and aims set out in this policy statement.

Signed

N. Stratford
Managing Director
31st March 2026

Safeguarding the environment, the health and safety of its employees, customers, neighbours and others who may come into contact with, or be affected by, our operations and products is a responsibility to which Thomas Leach Colour attaches the highest priority.

• All waste paper is recycled, as are printing plates. We use vegetable based inks and all paper comes from sustainable sources.
• We have installed 117 rooftop solar panels, covering 280m², producing 58.7 kWp of electricity. Enough to power 17 three-bedroom homes.
• Our air conditioning is by evaporative water cooling, which uses 20% of the power that a conventional system would, the lights in the machine room are self adjusting, according to the levels of natural daylight and much of the lighting elsewhere in the building is triggered by motion sensors.

As part of our commitment to environmental performance, Thomas Leach Colour will conduct its operations in line with the internationally recognised environmental standard.

---

Environmental Policy Statement

Thomas Leach Ltd. t/a Thomas Leach Colour attaches the highest priority to the protection of the environment and the health and safety of its employees, customers, neighbours and others who may come into contact with, or be affected by, our operations and products. As part of our commitment to environmental performance Thomas Leach Colour will conduct its operations in line with internationally recognised environmental standards.

It is our policy to:

• Ensure employees and workers act in accordance with this policy and Thomas Leach Colour’s Environmental Management System and have the relevant competences to fulfil their environmental responsibilities.
• Ensure that pollution through accidental emissions or effluent discharges are prevented.
• Where possible avoid or reduce waste and material usage ensuring unavoidable waste is reused, recycled or recovered or disposed of responsibly.
• Monitor and seek to reduce resource usage including electricity, water, gas and fuel consumption.
• Ensure the environment performance of our suppliers is assessed and that buying decisions take into consideration environmental impacts.
• Ensure compliance with relevant legislation and guidelines.
• Set and monitor environmental objectives and targets.
• Foster a sense of responsibility for the environment amongst our employees and workers, with consideration for all stakeholders including the local community.
• Continually strive to improve Thomas Leach Colour’s environmental performance.

The Board shall be responsible for this policy and for ensuring that it remains relevant. This will be achieved through formal annual review. However, it is the responsibility of every employee to ensure we adhere to the principles and aims set out in this policy statement.

Signed

N. Stratford
Managing Director
31st March 2026

Information Security Awareness Program

All employees authorised to accept payment cards (debit and credit cards) securely process, store and dispose of payment card data (paper and electronic media) in order to adhere to the Payment Card Industry Data Security Standards (PCI DSS).

In order to protect cardholder data and ensure PCI DSS compliance at Thomas Leach Colour, the following procedures are followed:

• Authorised employees comply with the PCI DSS.
• All e-commerce transactions use PayPal’s secure online site. Manual transactions use PayPal’s secure virtual terminal.
• Payment card data is not transmitted or stored in any other system, server, personal computer or e-mail account. Under no circumstance is credit card information obtained, or transmitted, by e-mail.
• Physical (paper) cardholder data is locked in a safe with access limited to only authorised employees. These printed materials may include, but are not limited to, customer order forms and paper receipts.
• All media used for credit cards is destroyed once the transaction is completed. All hardcopy (paper) is crosscut shred prior to disposal.

PCI DSS Compliance Guidelines

• It is against Thomas Leach Colour Policy to store credit card numbers on any computer, server, database or spreadsheet.
• Restrict access to card data by business need to know.
• Paper documents containing cardholder data must be locked in a safe.
• Restrict physical access to cardholder data.
• Email is not an approved way to transmit credit card numbers.
• Paper receipts must be destroyed so that account information is unreadable and cannot be reconstructed.
• Any new systems/software that process payment cards are required to be approved by the Directors prior to being purchased.
• Maintain a firewall and router configuration to protect cardholder data.
• Use and regularly update anti-virus software.
• Do not use vendor-supplied defaults for systems passwords and other security parameters.
• Computer systems using “Virtual Terminal” must be connected to the proprietary sub-domain with no network access.
• Report all suspected or known security breaches to Management.

Payment Card Industry Data Security Standards (PCI DSS) for Accepting Credit Cards

PCI compliance is required of all merchants and service providers that store, process, or transmit cardholder data. The requirements apply to all payment channels, including retail (in person), mail/telephone order, and e-commerce.

Thomas Leach Colour is required by the payment card associations to be compliant with the Payment Card Industry (PCI) Data Security Standards, and is committed to providing a secure environment for our customers to protect against both loss and fraud. Thomas Leach Colour must comply with Payment Card Industry (PCI) requirements for securely processing, storing, transmitting and disposing of cardholder data.

The PCI DSS is a result of collaboration among the major payment card companies to create common industry security requirements, aiming to protect against both cardholder data exposure and compromise. The following programs incorporate PCI DSS:

• VISA: Cardholder Information Security Program (CISP)
• MasterCard: Site Data Protection (SDP) Program
• American Express: Data Security Requirements
• Discover: Discover Information Security and Compliance (DISC) Program

The PCI DSS offers a single approach to safeguarding sensitive data for all payment card companies. Other card companies have also endorsed the PCI DSS within their respective programs.

The PCI DSS consists of twelve basic requirements:

Build and Maintain a Secure Network and Systems

1. Install and Maintain Network Security Controls
2. Apply Secure Configurations to All System Components

Protect Account Data

1. Protect Stored Account Data
2. Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks

Maintain a Vulnerability Management Program

1. Protect All Systems and Networks from Malicious Software
2. Develop and Maintain Secure Systems and Software

Implement Strong Access Control Measures

1. Restrict Access to System Components and Cardholder Data by Business Need to Know
2. Identify Users and Authenticate Access to System Components
3. Restrict Physical Access to Cardholder Data

Regularly Monitor and Test Networks

1. Log and Monitor All Access to System Components and Cardholder Data
2. Test Security of Systems and Networks Regularly

Maintain an Information Security Policy

1. Support Information Security with Organizational Policies and Programs

For More Information – Please visit https://www.pcisecuritystandards.org/

Date of this Last Policy Update: March 2026

Organisational Policy Statement – Corporate Social Responsibility in Relation to Chain of Custody

Thomas Leach Ltd, trading as Thomas Leach Colour (‘the company”) is committed to compliance with the social and health & safety values. The company commits to ensuring the effective implementation and maintenance of its quality and environmental systems in accordance with the relevant standards.

As such the following commitments and declarations are made:

The company declares that it will not be directly or indirectly involved in the following activities: * Illegal logging or the trade in illegal wood or forest products; * Violation of traditional and human rights in forestry operations; * Destruction of high conservation values in forestry operations; * Significant conversion of forests to plantations or non-forest use; * Introduction of genetically modified organisms in forestry operations; * Violation of any of the ILO Core Conventions, as defined in the ILO Declaration on Fundamental Principles and Rights at Work, 1998.

The company also declares that it will ensure:

• Workers are not prevented from associating freely, choosing their representatives, and bargaining collectively with their employer;
• Forced labour is not used;
• Workers, who are under the minimum legal age, the age of 15, or the compulsory school attendance age, whichever is higher, are not used;
• Workers are not denied equal employment opportunities and treatment.

The company confirms its commitment to occupational health and safety through its Health & Safety Policy and through its actions to ensure working conditions do not endanger safety or health.

The above Policy statement shall periodically be reviewed by the senior management of the company and shall be available to key stakeholders including employees, suppliers and customers through this publicly available policy statement.

Signed

Neil Stratford
Managing Director
8th September 2025