1.Purpose of the Procedure adopted by STIGA Group and scope of application

Provided that Legislative Decree 24/2023 entered into force, STIGA S.p.A. (hereinafter the "Company") implemented a Group procedure for the management of the whistleblowing, which replaces the whistleblowing procedure under the Organisational Model (Ref. Par. 12.4 from page 43 to page 45), aimed at minimising and reducing the risk of crimes being committed in the performance of professional activities (hereinafter the "Procedure").

According to the Procedure, which establishes the whistleblowing internal reporting channel through the Company IT platform available at the following link https://areariservata.mygovernance.it/#!/WB/stiga, the following circumstances shall be reported:
- Violations of the Group Code of Ethics;
- Violations of laws and regulations;
- Violations of orders of the Authorities;
- Violations of Model 231 and company procedures;
- Violations of human rights;
- any conduct that causes damage or harm, even if only in terms of image, to the Group.
(hereinafter, each as the "Report ")

The following shall not be reported and shall not be dealt with:
• disputes, claims or requests concerning a personal interest of the Reporting Person or of the person who filed a complaint to the judicial or accounting authorities that relate exclusively to his/her individual work or public employment relationship, or concerning his/her work or public employment relationship with hierarchically superior figures;
• violations already regulated on a mandatory basis by the European Union or national laws mentioned in Part II of the Annex to Decree 24/2023 or by national laws that enforce the European Union laws mentioned in Part II of the Annex to Directive (EU) 2019/1937, even if not indicated in Part II of the Annex to Decree 24/2023;
• endanger of national security, unless such matters are covered by relevant secondary EU law.

2. Addressees of the Procedure

The Procedure applies to the following persons:
- Group employees and candidates;
- External consultants of the Group;
- Group customers;
- Group suppliers;
- Any other party dealing with the Group.
(hereinafter, each as the " Whistleblower ")

3. General rules for reporting

The reporting channels shall be managed internally by a person duly appointed by the Company, in accordance with the specific appointment (hereinafter, the “Receiving Person”).

The Receiving Person shall receive Reports only through the channels provided by the Group. Any other means of reporting is deemed to be invalid.
The Whistleblower may request the support of the Facilitator to submit the Report, provided that the same protection measures as those provided for the Whistleblower will be granted.

4. Phases of the Reporting Process

The reporting process consists of 3 different phases:
- Report receipt;
- Preliminary investigation phase;
- Closing of the Report.
Each phase is described below.

4.1. Report Receipt
Reports shall be submitted to the Receiving Person by means of the IT platform provided by the Company, or by registered mail.
The Receiving Person receives Reports exclusively through the channels made available by the Group.
No other means of Reporting will be considered valid.

4.1.1. Reporting by means of the IT platform provided by the Company
The Company implemented a specific IT platform, which is accessible by the following link:
https://areariservata.mygovernance.it/#!/WB/stiga,
The same link will directly lead to the IT platform where the Reporting Person can log in, using the chosen username and password.
To submit a Report, the Reporting Person shall follow the forms and steps provided by the IT platform, entering all the data that are required.

4.1.2. Reporting by registered mail
Should the Whistleblower not have access to the platform, or should the Whistleblower be unable to access the platform, the Report may be sent by registered letter addressed to the office of the Internal Auditor, Via del Lavoro, n. 6, 31100 Castelfranco Veneto (TV) in a sealed envelope marked as CONFIDENTIAL on the outside. The envelope must be sealed with adhesive tape (also transparent) so that openings cannot be altered.

4.2.Preliminary investigations
The preliminary investigation phase is managed by the Receiving Person, according to a fixed timetable:
• within 15 working days from the date of receipt of the Report, the Receiving Person shall start the investigation, carrying out a preliminary assessment of the Report;
• the preliminary investigation shall be completed within 3 months from the date of receipt of the Report.
Should the Report has been filed through the Company IT platform, the Reporting Person may check the status of the investigation in real time. In the case of a Report by registered letter, the Reporting Person will only be informed of the status of the investigation (taking over, filing and action taken) as long as the Report contains a valid telephone number.

4.2.1. Preliminary assessment
Activities of initial assessment are carried out by the Receiving Person, who has full access to any information necessary to perform the assignment.
Should the Receiving Person deem the Report clearly unfounded, he/she will officially dismiss the Report.
Should the Report be vague, not providing enough information to start an investigation, the Receiving Person shall request the Reporting Person to provide more details.
In case it is not possible to contact the Reporting Person, or should the Reporting Person fail to provide further details within fifteen calendar days of the request, the Receiving Person will proceed to close and file the Report.

4.2.2. Investigation Phase
The purpose of the Investigation Phase is to carry out further investigations to ascertain whether the reported facts are well founded or not.
The Receiving Person may, if necessary, be assisted by a third parties (internal or external) during the Investigation Phase.

4.2.3. Report Closure
Once the Investigation phase is over, the Receiving Person shall close the Report, qualifying it as "Founded " or "Not founded" and "With Actions" or "Without Actions".

5. Whistleblower protection and prohibition of retaliation

In accordance with the fundamental data protection principles, such as limitation of purposes and minimisation of data, Reports shall not be used beyond what is necessary for their proper follow-up. In particular, the identity of the Whistleblower, or any other information from which the Whistleblower may be identified, shall not be disclosed.
Two circumstances are required to disclose the identity of the Whistleblower: (i) the express consent of the Whistleblower; (ii) a written communication of the reasons for such disclosure, namely:
• in disciplinary proceedings whereas the disclosure of the Whistleblower's identity is essential for the defence of the Person Concerned, who has been charged with the disciplinary sanction;
• or in proceedings resulting from internal or external Reports as far as such disclosure is essential for the defence of the Person Concerned.
Under no circumstances will acts of Retaliation be tolerated or permitted.
The Company safeguards the identity of the involved persons, of the Facilitators and of the persons mentioned in the Report until the conclusion of the necessary assessments applying the same warranties of the Whistleblower.

6. Data processing and retention of the documentation

Each personal data processing is performed in compliance with the Regulation (UE) 2016/679 (“GDPR”), of the legislative decree date June 30th 2003, n. 196 as well as any other relevant provision and in line with the internal procedures adopted by the Company.