WHISTLEBLOWING MANAGEMENT SYSTEM POLICY

INTRODUCTION

VALUE RETAIL MANAGEMENT SPAIN, S.L.U. (“VRMS” or the “Company”) is the managing company of La Roca Village (owned by VALUE RETAIL BARCELONA, S.L.) and Las Rozas Village (owned by VALUE RETAIL MADRID, S.L.).

VRMS advocates the establishment of a culture of transparency, ethics and zero tolerance against any conduct that may contravene the applicable legislation, its Code of Conduct, or other internal regulations.

The purpose of this policy is to define the fundamental principles upheld, promoted, and embraced by VRMS in the management of complaints. Additionally, the policy outlines the essential components that constitute the System and provides information about other “external” information channels through which informants may alternatively communicate with relevant regulatory authorities.

This Policy will be made accessible to the public on VRMS website, in a dedicated and easily locatable section.

SCOPE OF APPLICATION

This Policy is applicable to the activities that VRMS carries out anywhere and with other entities as long as it has effective control or occupies positions in their managing bodies. Also, it applies to its Board of Directors, management positions and control bodies.

The result of this Policy is applicable to VRMS’ entire staff, suppliers, distributors, franchises, consultants, licensees, agents, investee companies clients, tenants or consumers and any other individual or legal entity using VALUE RETAIL brand or that may have a relationship with VRMS.

APPLICABLE REGULATION

This Policy is adapted to the following regulations:

• Basic Law 10/1995, of November 23, 1995, of the Criminal Code and subsequent updates.
• Law 2/2023, of 20 February, on the protection of persons who report violations of the law and the fight against corruption.
• Basic Law 3/2018, of 5 December, on the protection of personal data and guarantee of digital rights.

This Policy will be adapted to the legislative changes that may occur in Spain and in the countries in which VRMS has activity of any kind, as well as the criteria established in the rulings of the Supreme Court, Constitutional Court, Court of Justice of the European Union and European Court of Human Rights and will also take into account the indications established in the guides, reports and resolutions of the national or European public administration.

APPLICABLE COMPLIANCE STANDARDS

The Policy is adapted to the following national compliance standards:

• The Spanish Prosecutor General’s Office Legal Opinion 1/2016 (Circular).
• UNE 19601:2017. Management system for criminal compliance.
• Main rulings of the Spanish Supreme Court since 2010.

01 REPORTING CHANNEL

1. VRMS makes the Reporting Channel available to whistleblowers, this being the preferred channel for reporting conduct that may be violations of the law, the Code of Ethics or internal regulations. The Reporting Channel has the following channels for communicating information:

• Speak Up Channel, available exclusively to employees, which is managed by VRMS parent company, ensuring that all complaints regarding VRMS, or related to VRMS by any means, will be communicated and managed by the Responsible of the Whistleblowing System. The Speak Up Channel may have its own policies, which will be made available to all employees.
• Other stakeholders in Spain may use any of the following channels, managed directly by VRMS and therefore under the control of the Responsible of the Whistleblowing System: Email: canaldeinformantes@valueretail.com

2. The whistleblower may indicate an address, email or safe place for the purpose of receiving notifications and be contacted.
3. Information will also be provided, in a clear and accessible way, on the external channels available for lodging complaints with the competent authorities, which are announced below:

European Union:

• Name: European Anti-Fraud Office (OLAF)
• Contact data: https://anti-fraud.ec.europa.eu/index_en

Spain:

• Name: Not created yet in Spain
• Contact data: Not created yet in Spain

Catalonia:

• Name: Oficina Antifrau de Catalunya
• Contact data: https://www.antifrau.cat/

02 RESPONSIBLE OF THE WHISTLEBLOWING MANAGEMENT SYSTEM

1. The appointed system responsible will be responsible for the Whistleblowing Management System in Spain (hereinafter, the “System Responsible”) (including any complaint related to VRMS received through the Speak Up Channel or any other channel under its control), that is, it will be the recipient and responsible for the management of communications received through the Reporting Channel, and will be in charge of the investigations that, if applicable, are carried out.

2. The System Responsible may share relevant information relating any complain received with Value Retail Global Whistleblowing Management System Responsible, when needed or necessary, ensuring that all information will be always processed according to this policy and any other global policy applicable.

03 GUARANTEES OF THE REPORTING CHANNEL AND OF THE INVESTIGATION PROCESS

1. All complaints received through the Reporting Channel will be governed by the following guarantees:

• Security measures: the Reporting Channel will have the appropriate technical and organizational security measures to avoid risk of disclosure, unavailability and loss ordestruction of information, that is: the confidentiality, availability and integrity of the inquiries and complaints received will be guaranteed.
• Confidentiality: the confidentiality of the identity of the whistleblower, the reported person and any third party mentioned in the communication, as well as the facts mentioned, will be guaranteed, with only authorized staff having access to the communication.
• Privacy: the processing of personal data will be carried out in accordance with current legislation on data protection.
• Diligent and reasoned response: complaints will be answered respecting the established deadlines and will always be sufficiently reasoned and provide a response to the different questions raised.

04 GUARANTEES TO WHISTLEBLOWERS AND REPORTED PERSONS

1. The rights of whistleblowers and the reported persons are guaranteed, within the framework of the communications received through the Reporting Channel, announced below:

2. Whistleblowers will have the right not to have their identity revealed to unauthorized persons without their express consent, to not receive any type of retaliation for having filed a complaint in good faith and to receive an acknowledgment of receipt and information about the status of their complaint within the corresponding deadlines.

3. The reported persons will have the right to the presumption of innocence and honor, to be heard, to confidentiality, defense, access to the file (with the limitations provided for in the Law), objectivity and impartiality in decision-making. Likewise, they will have the right to a process with all the guarantees, with respect for the legal provisions and the applicable internal regulations, respect for the deadlines and adoption of measures proportional to the seriousness of the events that occurred. They will have the right to know the results of the investigation and the applicable corrective measures.

WHISLTEBLOWING MANAGEMENT PROCEDURE

INTRODUCTION

VALUE RETAIL MANAGEMENT SPAIN, S.L.U. ("VRMS" or the "Company") serves as the management company for La Roca Village (owned by VALUE RETAIL BARCELONA, S.L.) and Las Rozas Village (owned by VALUE RETAIL MADRID, S.L.).

This Procedure elaborates the Whistleblowing Management System Policy, describing the functioning of the communication management received through the Reporting Channel.

In particular, it governsthe process VRMS must follow when managing complaints, which encompasses the investigation of complaints and the disciplinary procedures, if necessary, that may be imposed due to legal violations, the Code of Ethics, or other internal regulations.

The Procedure will be executed by the System Responsible, who, upon receiving notice of a potential breach, must initiate the corresponding investigation, with full support from VRMS. At all levels of VRMS, the actual and effective implementation of this Procedure will be guaranteed, and all the involved are required to adhere to it.

SCOPE OF APPLICATION

This Procedure is applicable to the activitiesthat VRMS carries out anywhere and with other entities aslong as it has effective control or occupies positions in their managing bodies. Also, it applies to its Board of Directors, management positions and control bodies.

The result of this Procedure is applicable to VRMS’ entire staff, suppliers, distributors, franchises, consultants, licensees, agents, investee companies clients, tenants or consumers and any other individual or legal entity using VALUE RETAIL brand or that may have a relationship with VRMS.

APPLICABLE REGULATION

This Procedure is adapted to the following regulations:

• Basic Law 10/1995, of November 23, 1995, of the Criminal Code and subsequent updates.
• Law 2/2023, of 20 February, on the protection of persons who report violations of the law and the fight against corruption.
• Basic Law 3/2018, of 5 December, on the protection of personal data and guarantee of digital rights.

This Procedure will be adapted to the legislative changes that may occur in Spain and in the countries in which VRMS has activity of any kind, as well as the criteria established in the rulings of the Supreme Court, Constitutional Court, Court of Justice of the European Union and European Court of Human Rights and will also take into account the indications established in the guides, reports and resolutions of the national or European public administration.

APPLICABLE COMPLIANCE STANDARDS

The Procedure is adapted to the following national compliance standards:

• The Spanish Prosecutor General’s Office Legal Opinion 1/2016 (Circular).
• UNE 19601:2017. Management system for criminal compliance.
• Main rulings of the Spanish Supreme Court since 2010.

01 PROCEDURE FOR MANAGING COMPLAINTS

1. Communication of the complaint:

VRMS makes the following reporting channels available to those who wish to submit a complaint:

• Speak Up Channel, available exclusively to employees.
• Other stakeholders in Spain: Email: canaldeinformantes@valueretail.com

Likewise, at the request of the whistleblower, a face-to-face meeting with the System Responsible may also be requested within a maximum period of seven (7) business days.

In the event that Employees, managers, hierarchical superiors, administrators, shareholders or participants of VRMS receive a complaint through other channels, they must also maintain maximum confidentiality, avoiding, among others, revealing any information that could allow the whistleblower, the reported person or other affected Persons to be identified, and must immediately send it through the Reporting Channel.

2. Assessment and assignment:

With the information received, the System Responsible will carry out a preliminary analysis in order to verify its veracity, clarity and completeness, as well as the relevance of the reported events. Subsequently, one of the following situations will be determined: -* Acceptance of the complaint* because the facts constitute a possible breach of law, the Code of Ethics or VRMS internal regulations.

• Non-acceptance of the complaint due to lack of grounds in the arguments of the breach or because there is no breach, in which case a brief report will be made on the reasons for its non-acceptance.

In any case, the complaint must be forwarded to the Public Prosecutor immediately, when the facts suggest that a crime may have been committed, or, in the event that the facts affect the financial interests of the European Union, to the European Public Prosecutor's Office.

3. Acknowledgment of Receipt, information on the acceptance or non-acceptance and Record:

Upon receipt of the complaint, either through the Reporting Channel or through direct communication to the System Responsible, an acknowledgment of receipt will be provided to the whistleblower within 7 days from receipt of the complaint (unless this may put at risk the confidentiality of the communication), and they will be informed about the acceptance or non-acceptance thereof. The System Responsible, prior to answering the complaint or starting the investigation, will record the complaint in the whistleblowing record book.

4. Investigation and Resolution:

The System Responsible will carry out the corresponding investigation with the support, where appropriate, of internal employees or external experts, who must respect the confidentiality of any information related to the complaint or investigation.

Opening of the investigation The purpose of the investigation will be to clarify the events that occurred, as well as the identification of responsibilities. The persons involved in the investigation will sign a confidentiality and non-conflict of interest agreement, which is required to offer sufficient process guarantees, with the exception of the System Responsible. The necessary human and financial resources will be assigned to carry out an investigation proportional to the severity of the identified risk.

Precautionary measures: Whenever it is considered that the complaint offers signs of plausibility, the adoption of precautionary measures will be determined if it is considered necessary to avoid any risk that could impede the proper development of the investigation or to avoid retaliation to a whistleblower. Said measures may be taken at any time during the course of the investigation.

Course of the investigation During the investigation, all actions that are considered appropriate for the determination and resolution of the reported breach will be carried out, including, but not limited to, obtaining sufficient evidence, conducting interviews, reviewing documentation, etc. The System Responsible, may collect all the information and documents they deem necessary, as well as the testimony of those persons that may be relevant.

Conflicts of interest In the event that the complaint is made against any of the members participating in an investigation, this person will be excluded or will refrain from participating in the investigation.

Communication to the respondents under investigation: If, during the course of the investigation, it is determined that the facts may be true, and in any case respecting the presumption of innocence, the System Responsible will contact the reported personsunder investigation and inform them of the facts attributed to them. They will also be informed of the forthcoming interview with the System Responsible, without prejudice to availing themselves of their right not to testify, and to present the documentation they deem appropriate.

Duration of the investigation The investigation must be completed within a period of 3 months from the moment the complaint is received. Exceptionally, the investigation may be extended up to a period of an additional 3 months (6 months in total) in cases of special complexity. In the event that, following the investigation, the perpetrators of the breach have not been identified, the investigation will also continue in accordance with the following sections, in relation to the measures to be applied to resolve the breach detected and implement the appropriate actions to prevent it from occurring again.

Final report: The entire process will be documented in a report prepared by the System Responsible. If necessary, definitive measures will be implemented for the case in question, which will be monitored by the System Responsible.

End of the investigation and Proposed Resolution from the System Responsible: Once the investigation has been completed and the corresponding report of a possible breach has been received, the System Responsible will adopt a written resolution that may consist of:

1. Closing the file because they consider that there has been no breach.
2. Proposal

• Imposing a sanction or penalisation in the case of breach of law, Code of Ethics or internal regulations or for a complaint in bad faith.
• Applying urgent corrective measures or approving provisional measures so that they become definitive.

The resolution proposal will be sent to the corresponding body

5. Sanctioning Procedure:

Common provisions: For the imposition of a sanction or penalty, the following aspects, among others, must be taken into account:

1. The seriousness of the facts being investigated.
2. The duration or ongoing nature of the breach.
3. The malicious or reckless nature of the behaviour.
4. The concurrence of aggravating or mitigating circumstances, which will be the following:

• Confession to the facts.
• Collaboration during the investigation.
• Remediation or mitigation of the effects of the harm caused.
• Previous breaches committed, provided that the investigation process has been completed.

Employee In the event that, following the completion of the investigation, a breach has been detected and the perpetrator is a VRMS employee, they may be sanctioned in accordance with the provisions of the Collective or Sectorial Agreements, or equivalent regulations, that are applicable.

Managers, Directors, Partners and Shareholders: In the event that, following the completion of the investigation, a breach has been detected and the perpetrator is a VRMS manager, director, partner or shareholder, they may be sanctioned in accordance with the provisions of current legislation on the matter.

Third parties: In the event that, following the completion of the investigation, a breach has been detected and the perpetrator is a VRMS supplier or third party, the provisions of current legislation on the matter will apply.

6. Completion of the Investigation:

Once the investigation has been completed, in the event that the final report stipulates a sanction or penalty proposal or corrective measures, it must be followed up by the System Responsible and the resulting documentation must be attached to the report.

The completion of the investigation will be communicated to both the whistleblower and the reported person in writing. The communication will contain, at least, information relating to the detection or not of irregular events and, where appropriate, the measures planned or adopted.

A decision to notify the authorities may be considered in the event that the facts of the matter constitute breach of the law and taking into account the provisions of section 2 of this procedure.

Email: Contact via email