1. Introduction

According to section 301 of the Sarbanes Oxley Act 2002, the Audit Committee of DANAOS Corporation (the "Company") “shall establish procedures for the receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters" and "the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters.”

2. Scope

The Ethics & Compliance Policy relates to concerns or complaints relating to any accounting issues that may raise concern.  A list of such issues, but not limited are the following:

• Malpractice and misappropriation of resources or use of company's resources for personal gain or advantage.
• Intentional misinterpretation or falsification of accounting records and financial statements.
• Override of internal controls.
• Non-Compliance with laws and regulatory schemes.
• Theft or improper use of Company's assets and resources by people who are not employed by the Company.

The above types of management, employee and external fraud is not exhaustive, but it presents an indication of the potential issues, that if they are reported in good faith, should be evaluated and investigated appropriately.

3. Addressing Complaints

The Audit Committee is ultimately responsible to receive, retain, examine, and act on complaints submitted by employees related but not limited to:

• Employment of accounting policies that raise concerns over their accuracy, consistence, and effectiveness.
• Misappropriation of assets.
• Falsification of accounting records and financial reports.
• Non-compliance to applicable laws and regulations.
• Harassment against those who raise the above concerns.

The complaints are submitted via the Ethics & Compliance Policy link, which is available to all employees on the web site of the Company.  The complaints regarding accounting and auditing matters, internal controls and financial statements and disclosures are ultimately received by the Audit Committee.

4. Retaliation

The Audit Committee shall not retaliate, and shall not tolerate any retaliation by management or any other person or group, directly or indirectly, against anyone who, in good faith, makes an Accounting Allegation or Legal Allegation, reports a Retaliatory Act or provides assistance to the Audit Committee, management or any other person or group, including any governmental, regulatory or law enforcement body, investigating a Report.

5. Treatment of Complaints

According to section 301 of the Sarbanes Oxley Act 2002, the Audit Committee of the DANAOS Corporation (the "Company") "shall have the authority to engage independent counsel and other advisers, as it determines necessary to carry out its duties.  The Company shall provide for appropriate funding, as determined by the audit committee, in its capacity as a committee of the board of directors, for payment of compensation."

The Audit Committee shall determine if the Company or external investigator should undertake the investigation of the issues submitted.  The level of details of the inquiries and the communication to be carried out should be determined on a case-by-case and the report should be submitted to the Audit Committee.

6. Retention of Complaints and Investigations

The Audit Committee and/or the Compliance Officer appointed by the Board of Directors of Danaos Corporation shall maintain a log of all complaints, tracking their receipt, investigation, and resolution and shall prepare a summary report, periodically, to the Board of Directors.

The Audit Committee and/or management shall maintain records of all steps taken in connection with any investigation of a Report including investigation of Reports that are found to be unsubstantiated. Such records will be retained for a period of five years.  Records containing personal data shall fall under the relevant Company’s retention policy for personal data protection.

7. Personal Data Protection

Confidentiality - The information on the person who makes an allegation and the accused person(s) should be treated with the utmost confidentiality.  This is also an important element for encouraging employees to report on any wrongdoing.

Data quality - It is important not to process more personal data than necessary.  The Company shall only collect relevant information - and not more information than necessary - in the first place.  In practice this means, an initial review of the information reported and keeping only the information that is relevant to the case.

Right of information - The Company shall provide a general privacy notice on its website.  The persons involved should be informed regarding the way their personal data will be processed as soon as practically possible.  The personal information in a report can relate to the person who makes an allegation, the person under investigation, witnesses or other individuals that are mentioned.  However, it is possible that informing the accused person(s) at an early stage will jeopardize the investigation.  In these cases, the sharing of specific information with the accused might need to be deferred.  Deferral of information should be decided on a case-by-case basis and the reasons for any restriction should be documented.

Data security - Given that the information processed is sensitive and that leaks or unauthorized disclosure may have adverse consequences both for the person who makes an allegation and the person(s) accused, special care must be taken over the technical and organizational measures needed to mitigate the risks and ensure data security.

This Code of Business Conduct and Ethics was adopted by the Board on September 18, 2006; last revised on September 14, 2018.