Whistleblowing Policy

The following internal policy implements the provisions of the Protection of Whistleblower Act (CAP 527 of the laws of Malta) regarding reporting of illegitimate conduct and behavior within public and private companies, established by the EU Directive 1937/2019.

1. Scope of the policy and applicability

We are committed to conducting our business with honesty and integrity and we expect all staff to maintain high standards. Any suspected wrongdoing should be reported as soon as possible.

This policy covers all current and ex-employees, candidates, officers, consultants and contractors of Logifuture Malta Limited (the “Company”). Any person who makes a report under this policy will be a subject or reporting person for the purposes of this policy.

The protection of the reporting person is one of the main purposes of Protection ofWhistleblower Act (the “Act”), together with that of excluding and punishing any form of retaliation against the reporting person or other subjects connected to them. The Act also extends protection to those subjects who could be the recipients of retaliation, even indirectly, due to the role assumed within the reporting process, public disclosure or complaint or the relationship detail that links them to the reporting person.

They are, among others:
- Facilitators, i.e. those who assist the reporting person in the reporting process while operating within the same working context;
- People from the same working context of the reporting person;
- People related to the reporting person;
- Colleagues of the reporting person.

2. What is whistleblowing and subject of the reports

Whistleblowing is the reporting of suspected wrongdoing or dangers in relation to our activities. This includes bribery, facilitation of tax evasion, fraud or other criminal activity, miscarriages of justice, health and safety risks, damage to the environment and any breach of legal obligations.The types of violations that can be reported include, as illustrative examples:

- Cases of negligence in the performance of our business;
- Administrative offences as may be defined by the applicable laws;
- Criminal offences;
- Accounting offences;
- Money Laundering and terrorism financing;
- Fraud.

One of the conditions for the subject person to be protected under the Act, as set forth below, is that at the time of making a report, is that person has is reasonable grounds to believe, in light of the circumstances and the information available to them at the time of reporting, that the matters reported by them are true. You will not be penalized, treated unfavourably or discriminated against if you make a report by mistake. Malicious, abusive or fraudulent reports will be treated as gross misconduct and the person who makes a report with such intent will not benefit under any form of protection under this policy.

The reports concerning a dispute, claim or request linked to a personal interest of the reporting person will not be considered a whistleblowing report.

3. Channels and methods of submitting reports

The reporting person has at their disposal a diversified system of reporting channels, and they are:
- Internal company channel;
- External channel as detailed below;
- Public disclosure.

3.1 Reporting channels and reports management

The Company has therefore activated an internal email channel where you can report any offense in writing; alternatively, the reporting person can also request a direct meeting with the Group’s legal function and/or the Company’s Director to report the offense(-s).

To make a report, you can use the address whistleblowing@logifuture.com you can write to this email address from your company email address or from another email address. 

The reports will be visible on a special dashboard created on the Jira application. By entering Jira with your credentials it will be possible to follow the entire procedural process of the report. If the reporting person does not have a Jira account associated with the email address with which the report was made, it will be necessary to create it using that said email address. The Company guarantees the confidentiality of all those subjects involved in any report to which the current legislation confers protection.

If the reporting person uses the internal channel made available by the Company to make a report, the latter will be processed by the dedicated function that will revert within seven calendar days via Jira. The same company function will be the one that will conduct the discussions with the reporting person and, if the nature of the report is consistent with the cases envisaged by the Act, will conduct any investigations until their conclusion. The feedback on the report will be provided within three months from the date of the acknowledgment of receipt subject to extension of the time, where applicable. 

You may also submit an anonymous report. Said reports are treated as ordinary reports and therefore managed according to this procedure by the Company. Please note that the Company will not take any steps to identify the reporter however, you are solely responsible for anonymity of the report (i.e. the email address from which you send a report or what details you include which may lead to your identification). In any case, the whistleblower or anonymous complainant, subsequently identified, who has communicated the reports through the external channels that they have suffered retaliation can benefit from the protection that the Act guarantees against retaliatory measures.

In the case of anonymous reports, the Company is always required to record and keep the relevant documentation according to the general retention criteria of the documents applicable in the current legislation, thus making it possible to trace them in the event that the reporting person, or in any case the person who has filed a complaint, inform through the relevant external channels that they have suffered retaliatory measures due to said anonymous report or complaint. It is important to clarify that in the case of anonymous reports, if there is no information from the reporting person regarding any means of communication or contacts to be used during the management of the report in addition to the Jira application normally used, the Company may not be able to ensure adequate communication with the reporting counterparty. The reporting person can also make a report via registered mail with return receipt to the following address, taking care to reserve the letter for the kind attention of Director.

3.2 Externalchannel

The reports can be made externally to one of the competent authorities as listed in the Schedule 1 to theProtection of Whistleblower Act.

4. Protectionsand support measures

The Act offers the reporting person and also subjects other than the reporting person a system of safeguards and protection which provides:-

- The protection of confidentiality of the reporter, the facilitator, the person involved and the people mentioned in the report;
- The protection from any retaliation adopted by the entity due to the report, public disclosure or complaint made;
- The limitation of liability with respect to the revelation and dissemination of certain categories of information that operate under certain conditions.

4.1 Protection of confidentiality

The Company guarantees the confidentiality of the identity of the reporter and also guarantees, in compliance with the fundamental principles regarding the protection of personal data, that the reports cannot be used beyond what is necessary to adequately follow up and act on them. The identity of the reporting person or any other information from which it can be deduced cannot be revealed without the express consent of the reporting person. The protection also extends to the facilitator who assists the whistleblower.

4.2 Protection from possible retaliation by the Company

The Act defines the prohibition of retaliation as any behaviour, act or omission, even if only attempted or threatened, carried out as a result of reporting, reporting to the judicial authority or public disclosure and which causes or may cause the reporting person or the person who filed the complaint, directly or indirectly, unfair damage or disadvantage.

For example, the following is a non-exhaustive list of actions by the Company that may be considered retaliation:

- Dismissal, suspension or equivalent measures;
- Demotion or failure to promote;
- Change of functions, change of place of work, reduction of salary, modification of working hours;
- Suspension of training or any restriction of access to it;
- Notes of demerit or negative references;
- Adoption of disciplinary measures or other sanctions, including pecuniary;
- Coercion, intimidation, harassment or ostracism;
- Discrimination or otherwise unfavorable treatment;
- Failure to convert a fixed-term employment contract into a permanent employment contract, where the worker had a legitimate expectation of such conversion;
- Failure to renew or early termination of a fixed-term employment contract;
- Damage, including to the person's reputation, particularly on social media, or economic or financial harm, including loss of economic opportunities and loss of income;
- Improper listing on the basis of a formal or informal sectoral or industry agreement, which may result in the person being unable to find employment in the sector or industry in the future;
- Early termination or cancellation of the contract for the supply of goods or services;
- Cancellation of a license or permit;
- Request to undergo psychiatric or medical tests. 

The application of the protection against retaliation regime is subject to some conditions and requirements, listed below:

- The individual reported, reported, or made the public disclosure based on reasonable belief that the information about the violations reported, disclosed or reported is truthful and falling within the objective scope of application of the decree;
- The report or public disclosure was made in compliance with the regulations established by the Act;
- and a consequential relationship is necessary between reporting, disclosure and reporting made and the retaliatory measures suffered. 

The aforementioned protection provided in the event of retaliation by the Company does not apply in the event of an assessment with a sentence of criminal liability for the crimes of slander or defamation or in any case for the same crimes committed by submitting a report, or of civil liability, for having reported false information intentionally or negligently reported. If said responsibilities are ascertained, a disciplinary sanction may also applied to the reporting party, where applicable. 

This Policy is subject to review on as needed basis, as may be required by the applicable law and on approval of the Director of the Company and the Chief Legal Officer of Logifuture Group. 

Effective Date: 6th May 2024.