I - PURPOSE AND SCOPE

In the companies belonging to the Gessi Group (“Gessi”) we are committed to upholding the highest standards of integrity, transparency and accountability in all our business activities. This would not be possible without the coope- ration of all parties in our supply chain.
That is why we have approved this Code of Conduct which outlines our expectations regarding the treatment of workers, environmental protection and ethical business practices. The requirements and expectations defined in this Code of Conduct apply to all Gessi distributors, regardless of the distributor’s location or place of business. As a Gessi distributor, we expect you to share this commitment and abide by this Code of Conduct.
Gessi requires all its distributors to adhere to this Code of Conduct and to strictly comply with it. In particular, we expect all our distributors to:
-respect the human rights of all individuals, including the right to fair treatment;
-ensure the absence of any form of harassment, bullying and discrimination;
-promote safe and healthy working conditions;
-protect the environment and minimise the impact of their activities on natural resources and ecosystems;
-act with integrity and honesty in all business dealings, combating illegal practices and all forms of possible cor- ruption and bribery;
-comply with all applicable laws, regulations and industry standards;
-implement mechanisms to identify and manage risks related to the above-mentioned issues; and
-make available, upon Gessi’s reasonable request, adequate documentation demonstrating the implementation of the principles outlined in this Code of Conduct.

We take the issues outlined herein very seriously and will not tolerate any violations of this Code of Conduct. In the event of such violations, we may take appropriate actions, including the termination of the business relationship. Furthermore, we expect our distributors to cooperate fully with any investigation into potential violations and to take necessary corrective actions.
We believe that, by working together, it is possible to create a responsible and sustainable supply chain that benefits all stakeholders.

II - HUMAN RIGHTS AND WORKING CONDITIONS

We expect all our distributors to comply with all laws, regulations and industry standards, including Collective Bargai- ning Agreements, where applicable, regarding human rights and working conditions.

Modern slavery and forced labour

Our distributors must not use any form of forced or coerced labour, including, but not limited to, bonded labour, slavery, human trafficking, servitude, labour exploitation or violence.

All workers shall be free to leave their employment and must not be subject to any form of physical or psychological coercion or intimidation, such as humiliation, mental abuse, threats or sexual harassment. Distributors’ employees shall begin their employment relationship on a voluntary basis and shall have the right to terminate it in accordance with applicable laws.

Child labour

Child labour is a serious and persistent problem in many parts of the world. Our company is committed to eliminating the employment of children under the minimum legal age set by the country in which the work is performed and in any case under the age of 18 in work that is hazardous, abusive and/or interferes with their education and develop- ment, including for example work during nighttime hours. We expect our distributors to adhere to the highest ethical standards and comply with all applicable laws and regulations regarding the employment of minors.

We are committed to promoting the rights of children and ensuring that they are protected from all forms of exploita- tion. We will work with our distributors and other stakeholders to raise awareness on the issue of child labour and to promote practices that support the rights and welfare of children.

Discrimination and the promotion of diversity

Our distributors must treat all workers with dignity and respect. In addition, our distributors are required to prevent and combat all forms of discrimination, bullying and harassment related to any personal characteristic and/or indi- vidual lifestyle choice such as race, class, ethnicity, nationality, religious belief, gender, sexual orientation, political opinion, age, disability or any other aspect protected by law. Distributors must promote diversity and inclusion in the workplace and encourage the development of a workforce that reflects the diversity of the communities in which they operate.

Respect for freedom of association and collective bargaining

Our distributors must respect the right of workers to associate freely and bargain collectively and must not interfere with the formation of workers’ organisations or the negotiation of Collective Agreements.

Health and safety

Gessi considers it a priority to create and maintain a safe and healthy workplace for all employees, including those working in our supply chain. We therefore expect our distributors to:
-ensure a healthy and safe working environment for all employees;
-comply strictly with all applicable health and safety laws and regulations; and
-adopt adequate systems to identify and address potential health and safety risks; and
-act promptly to resolve identified hazards.

This includes the provision of adequate protective equipment and sufficient training to carry out activities in a safe and hygienic working environment. In addition, it is necessary to ensure that all equipment used by distributors is properly maintained and that all facilities, including toilets and common areas, are clean and safe. We recommend having a certified safety management system such as ISO 45001 where applicable.

Working hours and holidays

We require our distributors to ensure that their employees are treated with respect and dignity and that they have fair and reasonable working hours. We expect our distributors to comply with all applicable laws and regulations regar- ding working hours and holidays, including laws regulating the maximum number of working hours per week and the entitlement to rest periods and holidays.
We also expect our distributors to adopt policies to ensure that employees are able to take holidays and personal days as needed. This may include the granting of paid leave or other forms of compensation.

Employment contracts, wages and training

All employees, including temporary workers, trainees and interns of our distributors must be provided with regular employment contracts in writing outlining all terms and conditions of the employment, including wages and benefits. These contracts must be communicated to all employees, and pay slips must be delivered to employees within the terms specified in the employment contract, and in an appropriate format and language they can easily understand.

Distributors must ensure that wages and related benefits, including overtime pay, meet or exceed the minimum stan- dards set by national, international, regional and/or local laws and regulations. Such remuneration must be at least equal to the minimum wage for equivalent work in the Country and sufficient to provide employees and their families with a decent standard of living. Remuneration must be based on the employee’s skills, experience, professional po- tential and performance and must maintain must maintain wage equity for all employees on equal terms and merit is essential. Overtime hours must be adequately compensated in accordance with applicable laws and regulations.

Our distributors must provide regular training to employees to ensure adequate levels of competence and knowledge to perform the tasks assigned to them.

III - ENVIRONMENT AND SUSTAINABILITY
Gessi aims to reduce its environmental footprint and achieves this through innovative working methods, the imple- mentation of responsible behaviour and the continuous improvement of its management systems.
Our sustainability report is available here: https://www.gessi.com/en/our-world/sustainability

We expect all our distributors to share this commitment and comply with the following environmental standards.

Compliance with environmental regulations
Gessi requires its distributors to comply with national and international environmental laws, regulations and standards, including those relating to air and water quality, waste management and the handling and disposal of hazardous materials. We recommend having a certified environmental management system such as ISO 14001 or EMAS where applicable.

Reduction of environmental pollution
In addition to meeting legal requirements, our distributors must prevent, reduce and mitigate any form of environmen- tal pollution, including air, water, soil and groundwater pollution, and promptly restore and remedy any environmental incidents.

Distributors must also minimise the environmental impact of their activities through the use of energyefficient tech- nologies, the reduction of greenhouse gas emissions and the conservation of natural resources.

Where possible, the distributor should try to limit or avoid the use of rare resources.

Environmental impact monitoring
Distributors must identify and manage the significant environmental impacts of their business and implement impro- vement plans, including specific key performance indicators to monitor progress.
Distributors must also monitor and document their environmental performance and provide Gessi with the relevant quantitative data.

Animal protection and welfare
Gessi requires its distributors to comply with current animal protection legislation and to maintain high animal welfare standards.

IV - COMPLIANCE AND ETHICS
We prioritise integrity, transparency and accountability in all aspects of our business and expect our distributors to uphold these values as well. We and our distributors adhere to high ethical standards in all our business practices.

Corruption and bribery
We will not tolerate, and expect our distributors not to tolerate, any form of corruption or bribery, whether active or passive, in any context, form and manner and in any jurisdiction. This includes not only illegal activities, but also practi- ces that may be accepted, tolerated or not judicially prosecuted in certain contexts, but which could undermine our commitment to integrity.

More specifically, we expect our distributors to reject and prevent any form of corruption and to refrain from giving, offering, promising or accepting to or from business partners, public officials or other third parties (whether private or public) bribes, gifts, presents, entertainment, facilitation payments, donations, job opportunities and any other benefit or advantage that (i) may constitute a violation of rules and/or (ii) are contrary to this Code of Conduct and or (iii) may be perceived as aimed at obtaining an improper or inappropriate business advantage or influence. In particular, such conduct is considered inappropriate or improper (and therefore contrary to this Code of Conduct) when it creates or is expected to create a sense of obligation that may influence business decisions.

Distributors must comply with the anti-corruption and anti-bribery laws of all countries in which they do business. Di- stributors must also not solicit advantages and must avoid conflicts of interest that could lead to the risk of corruption. Our distributors must ensure that their directors, officers, employees, suppliers, affiliates, subcontractors and repre- sentatives (collectively referred to as ‘Third Parties’) also comply with the rules outlined in this section and implement and maintain an effective compliance framework.

Other unlawful acts
Gessi does not tolerate any form of theft, fraud, forgery, scam, embezzlement, fraudulent financial reporting, extortion, insolvency offences, illegal payments and any other illegal act by distributors and their employees. Distributors must also avoid and not facilitate money laundering or the financing of criminal activities.

Therefore, distributors must not engage in misconducts such as, but not limited to: (i) falsifying invoices or creating fraudulent reports or documentation; (ii) falsifying the nature of transactions; (iii) creating or submitting false state- ments; (iv) stealing goods; (v) misusing resources and/or products for personal purposes.

Distributors must take steps to prevent the inadvertent use of company resources for such purposes and must moni- tor unusual or suspicious activities and transactions.

Unfair competition and antitrust
Our distributors must compete fairly and in compliance with all applicable antitrust and unfair competition laws and regulations. By way of example, the following are considered illegal or unfair practices: (i) employee poaching; (ii) exchanging sensitive information with competitors (including prices, costs, market data, sales territories, distribution channels, customer lists or other non public business information); (iii) gathering competitive information through unethical and/or illegal means; (iv) engaging in agreements, coordinated practices or understandings that may restrict competition.

Distributors shall not distort the characteristics of Gessi’s products or services, act dishonestly or engage in other unfair or anti-competitive practices.

Quality and continuous improvement
Distributors are encouraged to continuously improve their performance in terms of quality, cost and time. In fact, we expect our distributors to strive for continuous improvement in the quality of the services provided, to reduce the time needed to perform these services, and to constantly seek the best value for money. We recommend having a certified quality management system such as ISO 9001 where applicable.

Compliance with trade regulations
Ensuring responsible trade is important to Gessi and therefore requires its distributors to comply with all applicable trade laws and regulations, including those relating to import and export controls, trade sanctions and customs pro- cedures. Distributors must keep abreast of these regulations. Without limiting the scope of the above obligations of distributors, Gessi may from time to time issue instructions to distributors regarding compliance with Italian, EU and other applicable regulations. Such instructions shall be immediately applied and strictly adhered to by the distributors.

We also expect distributors to document imports and exports accurately and have procedures in place to mitigate the risks related to trade and export controls.

We recommend our distributors not to cooperate with parties that seek to directly or indirectly send goods or data to parties or countries where this is prohibited under European Union and other applicable regulations.

Management of compliance systems
Our distributors must have adequate governance and compliance systems in place to ensure compliance with all applicable laws and regulations, as well as with this Code of Conduct.

To enable full transparency, distributors must maintain accurate and complete records in compliance with all applicable laws and regulations, including those related to financial reporting, taxation and anti-corruption.

Our distributors are required to provide high quality, safe and effective services in full compliance with Gessi’s in- structions, industry standards and applicable national and international regulatory requirements. Distributors shall also perform their activities in accordance with the legal provisions of the various Countries in which the products are to be marketed, where applicable.

Deliveries
The delivery terms indicated in the order confirmation are subject to the availability of the products in our warehouse. In the event that the ordered goods are unavailable, delays may occur, for which Gessi shall not be held responsible.

Promotional and marketing practices
Promotional materials and marketing activities shall comply with applicable national, European, international, local and regional laws and regulations, the principles of this Code of Conduct, Gessi’s instructions and contractual clauses, and shall always reflect positively on Gessi’s image.

Data protection
We expect our distributors to comply with all applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) and all relevant national laws, and to adhere to the following standards:
-have adequate policies and procedures in place to protect the privacy and security of personal data, including measures to prevent unauthorised access, use or disclosure of such data;
-collect, use or disclose personal data only for legitimate and lawful purposes and in compliance with the rights of the data subject;
-implement appropriate technical and organisational measures to protect personal data against unauthorised access, use or disclosure; and
-inform Gessi of any breach of the above obligation, if it relates to personal data transmitted to the distributor by Gessi and of any security-relevant event that could lead to such a breach.

Confidentiality
All information that distributors obtain from Gessi or become aware of in the course of doing business with Gessi (or in any other context related to our company) shall be treated with the utmost confidentiality and in accordance with applicable laws, regulations and contractual terms, including any non-disclosure agreements in force between the parties. Unless specifically authorised in writing by Gessi, our distributors must not disclose this information to third parties and must implement appropriate measures to properly manage the collection, storage, use and sharing of this information. This includes preventing the misuse, falsification, forgery, theft or unauthorised disclosure of this Gessi’s information. We rely on our distributors to respect the confidentiality of this information of Gessi and our business partners and to treat it with care.

All promotional and informative communications must be correct and not misleading for the customer. Distributors may only use up-to-date materials provided by Gessi.

Intellectual Property
At Gessi we value innovation and creativity and are committed to protecting our intellectual property rights. We expect our distributors to respect and protect our intellectual property and the intellectual property rights of others.

This includes respecting our trademarks, industrial designs, copyrights, patents and any other intellectual property rights of Gessi and the technology we share with our distributors. We expect our distributors to use this information only for the purpose of fulfilling their obligations to us and that they take reasonable steps to protect it from unau- thorised use or disclosure.

In order to ensure the highest level of protection of our most valuable assets, distributors shall not use any of Gessi’s intellectual property rights unless authorised by Gessi s.p.a. in writing and in accordance with its instructions. In any case, distributors shall undertake to use Gessi’s intellectual property rights (when duly authorised) in a manner that promotes Gessi’s goodwill. It shall also be considered an infringement of Gessi’s intellectual property rights to remove, distort and/or modify Gessi’s trademarks or technical data or labels delivered with the products or otherwise provided by Gessi, without Gessi’s prior written consent.
Distributors shall ensure that in marketing the products they do not infringe the intellectual or industrial property rights of Gessi or third parties. In particular, distributors must not engage in conduct or practices aimed at altering or counterfeiting the trademarks and/or distinguishing marks of Gessi or third parties.
Distributors shall display the products in their shops in such a manner that they do not infringe the intellectual pro- perty rights of Gessi or third parties and do not mislead or confuse customers as to the origin, source or quality of the products. In any case, distributors shall conduct themselves, in the performance of their duties, in a manner that reflects positively on Gessi’s reputation.

V - NO EXCLUSIVITY
No distributor shall be granted exclusivity rights unless expressly authorized in writing by Gessi. Any exclusivity ar- rangement must be detailed in a separate agreement between Gessi and the distributor. Without such written au- thorization, no distributor shall assume or claim exclusivity rights over Gessi’s products or services in the territory of operation.

VI - REPORTS AND AUDITS
We believe that compliance with this Code of Conduct is beneficial to all stakeholders and contributes to building a sustainable and fair supply chain. The values set out in this Code of Conduct are of particular importance to Gessi and, therefore, we ask all distributors to strictly comply with the rules set out herein and to adhere to the following monitoring rules.

Reports
Our distributors shall promptly report to us any suspected or confirmed violations of this Code of Conduct and/or relevant laws. This includes violations committed by employees, consultants, partners, agents or other representatives acting on behalf of the distributor or Gessi.

To report any alleged or confirmed violations, please use the following addresses: e-mail: gessi@gessi.it mailing address: Hamlet Vintebbio, Parco Gessi, 13037 Serravalle Sesia, (Vercelli) Italy.

We assure you that all reports received will be treated confidentially, discreetly and without any form of retaliation. However, this general principle does not exempt or limit reporting obligations that may arise as a result of reports, including to the Judicial Authority or other competent authorities. We encourage all recipients to report possible violations in order to maintain a culture of integrity and compliance within our organisation.

Audits
In order to promote transparency and ensure compliance with the standards outlined in this Code of Conduct, we may conduct unannounced inspections at any time during normal working hours. Such inspections may be carried out by our staff or by third parties specifically authorised or delegated by us. During such inspections, we may request access to the offices and premises where our distributors operate, as well as to documentation and evidence, such as photographs. We may also conduct interviews with company directors, employees and other personnel at the di- stributor’s workplaces.

We ask all our distributors to cooperate with these inspections and to keep all documentation necessary to verify compliance with this Code of Conduct and relevant laws and regulations. A distributor’s failure to comply with this Code of Conduct, refusal to establish a recovery plan or failure to implement an agreed recovery plan may result in a breach of contractual obligations and suspension or termination of Gessi’s business relationship with that distributor.

For any questions about the interpretation or application of our Code of Conduct, please do not hesitate to contact Gessi’s contact persons directly involved in the management of your business relationship with us.

Last updated: June 2024

I - PURPOSE AND SCOPE
In the companies belonging to the Gessi Group (“Gessi”), we are committed to upholding the highest standards of integrity, transparency and accountability in all our business activities. This would not be possible without the coope- ration of all parties in our supply chain, including all our suppliers.

That is why we have approved this Code of Conduct which outlines our expectations regarding the treatment of workers, environmental protection and ethical business practices. The requirements and expectations defined in this Code of Conduct apply to all Gessi suppliers, regardless of the supplier’s location or place of business. As a Gessi supplier, we expect you to share this commitment and abide by this Code of Conduct.

Gessi requires all its suppliers to adhere to this Code of Conduct and to strictly comply with it. In particular, we expect all our suppliers to:
-respect the human rights of all individuals, including the right to fair treatment, freedom from discrimination and harassment, and safe and healthy working conditions;
-protect the environment and minimise the impact of their business activities on natural resources and ecosy- stems;
-act with integrity and honesty in all business dealings, including the prohibition of corruption and bribery;
-comply with all applicable laws, regulations and industry standards;
-implement mechanisms to identify and manage risks related to the above-mentioned issues;
-make available, upon Gessi’s reasonable request, adequate documentation demonstrating the implementation of the principles outlined in this Code of Conduct.

We take the issues outlined herein very seriously and will not tolerate any violations of this Code of Conduct. In the event of such violations, we may take appropriate actions, including the termination of the business relationship. Fur- thermore, we expect our suppliers to cooperate fully with any investigation into potential violations and to take the necessary corrective actions. We believe that by working together, it is possible to create a responsible and sustai- nable supply chain that benefits all stakeholders.

II - HUMAN RIGHTS AND WORKING CONDITIONS
We expect all our suppliers to comply with all laws, regulations and industry standards, including Collective Bargaining Agreements, where applicable, regarding human rights and working conditions.

Modern slavery and forced labour

Our suppliers must not engage in any form of forced or coerced labour, including, but not limited to, bonded labour,
slavery, human trafficking, servitude, labour exploitation or violence.

All workers shall be free to leave their employment and must not be subject to any form of physical or psychological coercion or intimidation, such as humiliation, mental abuse, threats or sexual harassment. Suppliers’ employees shall begin their employment relationship on a voluntary basis and shall have the right to terminate it in accordance with applicable laws.

Child labour
Child labour is a serious and persistent problem in many parts of the world. Our company is committed to eliminating the employment of children under the minimum legal age set by the Country in which the work is performed and in any case under the age of 18 in work that is hazardous, abusive and/or interferes with their education and develop- ment, including for example work during nighttime hours. We expect our suppliers to adhere to the highest ethical standards and comply with all applicable laws and regulations regarding the employment of minors.

We are committed to promoting the rights of children and ensuring that they are protected from exploitation. We will work with our suppliers and other stakeholders to raise awareness on the issue of child labour and to promote practi- ces that support the rights and welfare of children.

Discrimination and the promotion of diversity

Our suppliers must treat all workers with dignity and respect and shall not discriminate or harass them on the basis of race, ethnicity, religion, gender, sexual orientation, age, disability or any other characteristic protected by law. Sup- pliers must promote diversity and inclusion in the workplace and encourage the development of a workforce that reflects the diversity of the communities in which they operate.

Respect for freedom of association and collective bargaining
Our suppliers must respect the right of workers to associate freely and bargain collectively and must not interfere with the formation of workers’ organisations or the negotiation of Collective Bargaining Agreements.

Health and safety
Gessi places particular importance on the health and safety of all employees, including those working in our supply chain. We expect our suppliers to provide a healthy and safe working environment for all employees and to comply with all applicable health and safety laws and regulations.

This includes the provision of appropriate protective equipment, training and supervision to ensure that employees are able to work safely and without risks to their health. In addition, it is necessary to ensure that all equipment and machinery used are properly maintained and that all facilities, including toilets and common areas, are clean and safe. We also expect our suppliers to have a system in place to identify and address potential health and safety hazards and to take timely action to correct identified hazards.
We recommend having a certified safety management system such as ISO 45001.

Working hours and holidays
We require our suppliers to ensure that their employees are treated with respect and dignity and that they have fair and reasonable working hours. We expect our suppliers to comply with all applicable laws and regulations regarding working hours and holidays, including laws regulating the maximum number of working hours per week and the entit- lement to rest periods and holidays.

We also expect our suppliers to adopt policies to ensure that employees are able to take holidays and personal days as needed. This may include the granting of paid leave or other forms of compensation.

Employment contracts, wages and training
All employees, including temporary workers, apprentices and trainees of our suppliers must be provided with regular employment contracts in writing outlining all terms and conditions of the employment, including wages and benefits. These contracts must be communicated to all employees, and pay slips must be delivered to employees in every pay period in an appropriate format and language they can easily understand.

Suppliers must ensure that wages and related benefits, including overtime pay, meet or exceed the minimum stan- dards set by national, international, regional and/or local laws and regulations. Such remuneration must be at least equal to the minimum wage for equivalent work in the Country and sufficient to provide employees and their families with a decent standard of living. Remuneration must be based on the employee’s skills, experience, professional po- tential and performance and must maintain wage equity for all employees on equal conditions and merit. Overtime hours must be adequately compensated in accordance with applicable laws and regulations.

III - ENVIRONMENT AND SUSTAINABILITY
Gessi aims to reduce its environmental footprint and achieve this through innovative working methods, the implemen- tation of responsible behaviour and the continuous improvement of its management systems.

Our sustainability report is available here: https://www.gessi.com/en/our-world/sustainability

We expect all our suppliers to share this commitment and comply with the following environmental standards

Compliance with environmental regulations
Gessi requires its suppliers to comply with national and international environmental laws, regulations and standards, including those relating to air and water quality, waste management and the handling and disposal of hazardous ma- terials. We recommend having a certified environmental management system such as ISO 14001 or EMAS.

Reduction of environmental pollution
In addition to meeting legal requirements, our suppliers must prevent, reduce and mitigate any form of environmental pollution, including air, water, soil and groundwater pollution, and promptly restore and remedy any environmental in- cidents. Suppliers must also minimise the environmental impact of their activities through the use of energy-efficient technologies, the reduction of greenhouse gas emissions and the conservation of natural resources.

In order to promote transparency within its supply chain and minimise the use of rare resources, the supplier is en- couraged to trace the sources of conflict minerals and implement measures to this end. Where possible, the supplier should try to limit or avoid the use of rare resources.

Environmental impact monitoring
Suppliers must identify and manage the significant environmental impacts of their business and implement improve- ment plans, including specific key performance indicators to monitor progress.

Suppliers must also monitor and document their environmental performance and provide Gessi with the relevant quantitative data.

Animal protection and welfare
Where animals are used in the provision of the supplier’s services to Gessi, all such animals shall be treated with care, respect and compassion and shall not be subjected to mistreatment or neglect. In particular, all animals must be provided with adequate shelter, food and medical care, including any necessary veterinary treatment. In addition, all animals must be handled and transported in a manner that minimises stress and discomfort.

We strongly discourage the use of animals in any experimental activity.

IV - COMPLIANCE AND ETHICS
We prioritise integrity, transparency and accountability in all aspects of our business and expect our suppliers to uphold these values as well. We and our suppliers adhere to high ethical standards in all our business practices.

Corruption and bribery
We will not tolerate, and expect our suppliers not to tolerate, any form of corruption or bribery, whether active or passive, in any context, form and manner and in any jurisdiction. This includes not only illegal activities, but also practi- ces that may be accepted, tolerated or not judicially prosecuted in certain contexts, but which could undermine our commitment to integrity.

More specifically, we expect our suppliers to reject and prevent any form of bribery and to refrain from giving, offering or accepting bribes, kickbacks, facilitation payments, business opportunities, gifts or entertainment, improper dona- tions or payments, or any other inappropriate favours or benefits to or from business partners, public officials or other third parties (whether private or public). In particular, such conduct is considered inappropriate or improper when it creates or is expected to create a sense of obligation that may influence business decisions.

Suppliers must also not solicit advantages and must avoid conflicts of interest that could lead to the risk of corruption.

Our suppliers must ensure that their directors, officers, employees, suppliers, affiliates, subcontractors and represen- tatives (collectively referred to as ‘Third Parties’) also comply with the rules outlined in this section and implement and maintain an effective compliance framework.

Other unlawful acts
We will not tolerate any form of fraud or illegal activity by our suppliers or their employees. This includes fraudulent financial reporting, embezzlement, extortion, insolvency offences, illegal payments, money laundering and any other illegal acts.

Unfair competition and antitrust
Our suppliers must compete fairly and in compliance with all applicable antitrust and unfair competition laws and re- gulations. Unlawful conduct includes, but is not limited to, price fixing practices, territorial marketing restrictions, and employee poaching.

Quality and continuous improvement
Suppliers are encouraged to continuously improve their performance in terms of quality, cost and time. In fact, we expect our suppliers to strive for continuous improvement in the quality of the services provided, to reduce the time needed to perform these services, and to constantly seek the best value for money.

We recommend having a certified safety management system such as ISO 9001.

Compliance with trade regulations
Ensuring responsible trade is important to Gessi and, therefore, requires its suppliers to comply with all applicable trade laws and regulations, including those relating to import and export controls, trade sanctions and customs pro- cedures. Suppliers must keep abreast of these regulations. Without limiting the scope of the above obligations of suppliers, Gessi may from time to time issue instructions to suppliers regarding compliance with Italian, EU and other applicable regulations. Such instructions shall be immediately applied and strictly adhered to by the suppliers.

We also expect suppliers to document imports and exports accurately and have procedures in place to mitigate the risks related to trade and export controls.

We recommend our suppliers not to cooperate with parties that seek to directly or indirectly send goods or data to parties or countries where the same is prohibited under European Union and other applicable regulations.

Management of compliance systems
Our suppliers must have adequate governance and compliance systems in place to ensure compliance with all appli- cable laws and regulations, as well as with this Code of Conduct.

To enable full transparency, suppliers must maintain accurate and complete records in compliance with all applicable laws and regulations, including those related to financial reporting, taxation and anti-corruption.

Our suppliers are required to provide high quality, safe and effective services in full compliance with Gessi’s in- structions, industry standards and applicable national and international regulatory requirements. Suppliers shall also perform their activities in accordance with the legal provisions of the various Countries in which the products are to be marketed, where applicable.

Data protection

We expect our suppliers to comply with all applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) and all relevant national laws, and to adhere to the following standards:
-have adequate policies and procedures in place to protect the privacy and security of personal data, including measures to prevent unauthorised access, use or disclosure of such data;
-collect, use or disclose personal data only for legitimate and lawful purposes and in compliance with the rights of the data subject;
-implement appropriate technical and organisational measures to protect personal data against unauthorised access, use or disclosure; and
inform Gessi of any breach of the above obligations, if it relates to personal data transmitted to the supplier by Gessi and of any security-relevant event that could lead to such a breach.

Confidentiality
All information that you will obtain from Gessi or become aware of in the course of doing business with Gessi (or in any other context related to our company) shall be treated with the utmost confidentiality and in accordance with applicable laws, regulations and contractual terms, including any non-disclosure agreements in force between the parties. Unless specifically authorised in writing by Gessi, our suppliers must not disclose this information to third parties and must implement appropriate measures to properly manage the collection, storage, use and sharing of this information. This includes preventing the misuse, falsification, forgery, theft or unauthorised disclosure of Ges- si’s information. We rely on our suppliers to respect the confidentiality of this information of Gessi and our business partners and to treat it with care.

Intellectual Property
At Gessi we value innovation and creativity and are committed to protecting our intellectual property rights. We expect our suppliers to respect and protect our intellectual property and the intellectual property rights of others.

This includes respecting our trademarks, industrial designs, copyrights, patents and any other intellectual property rights of Gessi and the technology we share with our suppliers. We expect our suppliers to use such information only for the purpose of fulfilling their obligations to us and that they take reasonable steps to protect it from unauthorised use or disclosure.

In order to ensure the highest level of protection of our most valuable assets, suppliers shall not use any of Gessi’s intellectual property rights unless authorised by Gessi s.p.a. in writing and in accordance with its instructions. In any case, suppliers shall undertake to use Gessi’s intellectual property rights (when duly authorised) in a manner that promotes Gessi’s goodwill.

Furthermore, suppliers must ensure that the products delivered to Gessi are original and do not infringe the intel- lectual or industrial property rights of third parties.

V - REPORTS AND AUDITS
We believe that compliance with this Code of Conduct is beneficial to all stakeholders and contributes to building a sustainable and fair supply chain. The values set out in this Code of Conduct are of particular importance to Gessi and, therefore, we ask all suppliers to strictly comply with the rules set out herein and to adhere to the following mo- nitoring rules.

Reports
Our suppliers must promptly report to us any suspected or confirmed violations of this Code of Conduct and/or re- levant laws. This includes violations committed by employees, consultants, partners, agents or other representatives acting on behalf of the supplier or Gessi.

To report any alleged or confirmed violations, please use the following addresses: e-mail: gessi@gessi.it
mailing address: Hamlet Vintebbio, Parco Gessi, 13037 Serravalle Sesia, (Vercelli) Italy.

We assure you that all reports received will be treated confidentially, discreetly and without any form of retaliation. However, this general principle does not exempt or limit reporting obligations that may arise as a result of reports, including to the Judicial Authority or other competent authorities. We encourage all recipients to report possible violations in order to maintain a culture of integrity and compliance within our organisation.

Audits
In order to promote transparency and ensure compliance with the standards outlined in this Code of Conduct, we may conduct unannounced inspections at any time during normal working hours. Such inspections may be carried out by our staff or by third parties specifically authorised or delegated by us. During such inspections, we may request access to the offices and premises where our suppliers operate, as well as to documentation and evidence, such as photographs. We may also conduct interviews with company directors, employees and other personnel at the sup- plier’s workplaces.

We ask all our suppliers to cooperate with these inspections and to keep all documentation necessary to verify com- pliance with this Code of Conduct and relevant laws and regulations. A supplier’s failure to comply with this Code of Conduct, refusal to establish a recovery plan or failure to implement an agreed recovery plan may result in a breach of contractual obligations and the suspension or termination of Gessi’s business relationship with that supplier.

For any questions about the interpretation or application of our Code of Conduct, please do not hesitate to contact Gessi’s contact persons directly involved in the management of your business relationship with us.

We ask all our distributors to cooperate with these inspections and to keep all documentation necessary to verify compliance with this Code of Conduct and relevant laws and regulations. A distributor’s failure to comply with this Code of Conduct, refusal to establish a recovery plan or failure to implement an agreed recovery plan may result in a breach of contractual obligations and suspension or termination of Gessi’s business relationship with that distributor.

For any questions about the interpretation or application of our Code of Conduct, please do not hesitate to contact Gessi’s contact persons directly involved in the management of your business relationship with us.

Last updated: June 2024

pursuant to Article 13 of the European Regulation 679/2016 (GDPR - General Data Protection Regulation) concerning the following processing of personal data

Dear Supplier,

pursuant to Article 13 of the Regulation (EU) No. 2016/679 - General Data Protection Regulation (hereinafter: the “GDPR”), Gessi s.p.a., in the person of its legal representative pro tempore, as the data controller (hereinafter: the “Controller”), informs all suppliers that the personal data collected during the supplier relationship will be processed in compliance with the provisions contained in the GDPR, the Italian Legislative Decree 196/2003 as amended by the legislative decree 101/2018, and the national and EU legislation in force from time to time on the protection of personal data, as better described in this policy.

DATA CONTROLLER
The data controller is Gessi s.p.a. with registered office in Parco Gessi, 13037 Serravalle Sesia (Province of Vercelli, Italy), Tax Code and VAT N. 02235360027, who can be contacted at the following e-mail address: gessi@pec.gessi.it

PROCESSED DATA
The Controller may process the personal data of the supplier (if he/she were a natural person) and/or of his/her employees, directors, representatives, collaborators and other contractors such as, for example:
-first and last name of the supplier and the supplier’s contact persons
-addresses
-telephone and e-mail addresses
-profession, etc.
collected by the Controller (“Data”).

LEGAL BASIS AND PURPOSE OF PROCESSING
Data are collected and processed by the Controller on the following legal bases and for the following purposes:
-Article 6 paragraph 1 b) of the GDPR: all pre-contractual activities (such as sending offers, credit and customer
management, etc.) and related to the execution of a contract between the supplier and Gessi s.p.a;
-Article 6 paragraph 1 c) of the GDPR: fulfilment by the Controller of legal obligations imposed by industry regu- lations (administrative, tax, accounting, etc.), national and European regulations, applicable to the existing rela- tionship and/or activities connected with and/or instrumental to the relationship between the Controller and the Supplier;
-Article 6 paragraph 1 f) of the GDPR: legitimate interest of the Controller related to the establishment, exercise or defence of a right in all competent forums, including out-of-court procedures.

NATURE OF DATA PROVISION
The provision of Data for the purposes indicated in the preceding paragraph is optional, unless
otherwise specified by the Controller, for example by marking mandatory Data in the forms with an asterisk. Failure to provide Compulsory Data may result in the impossibility of fulfilling the Controller’s contractual obligations.

DATA RECIPIENTS OR POSSIBLE CATEGORIES OF DATA RECIPIENTS
Personal data will be processed by the Controller, and by persons strictly authorised by it. Data may be disclosed to the following categories of third parties:

(I) external natural and/or legal persons authorised to process data by a specific agreement with the Controller (Arti- cle 28 GDPR) or as autonomous data controllers (Article 4, paragraph 1, no. 7 GDPR), also by virtue of the law;
(II) parties to whom such communication must be made in order to fulfil or require the fulfilment of specific obligations
laid down by laws, regulations and/or national and EU legislation, such as public agencies and other public authorities;
(III) other subsidiaries and/or associates and/or affiliates of the Controller that are part of the “Gessi Group”.

DATA TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
As part of the management of the relationship with the Controller, it may be necessary to transfer the Data to coun- tries outside the EU and/or to international organisations in order to achieve the purposes of the processing. In such cases, the Controller will adopt all appropriate security, protection and confidentiality measures aimed at protecting the Data, in compliance with the privacy regulations in force.

RETENTION PERIOD
Your data will be kept for the time necessary to achieve the purposes for which they are processed and, thereafter, within the terms provided for by any applicable regulations.

Criteria for defining retention periods:
-we keep the Data for the period of time during which a contractual relationship with the supplier is ongoing;
-check whether archiving is necessary, depending on our legal situation (e.g. with regard to limitation periods, procedures or checks by authorities); and
-check whether we are obliged by applicable law to keep the Data for a further period (e.g., in the case of purchase transactions we may be obliged to keep records of your transactions for a certain period of time).

DATA SUBJECT RIGHTS AND HOW TO EXERCISE THEM
The supplier may in any case and at any time exercise the following rights:
-access to personal data, rectification or deletion of personal data, restriction of processing, objection, portability under Articles 15-20 of the European Regulation 679/2016 by sending an e-mail request to privacy@gessi.it
-to lodge a complaint with the Italian Data Protection Authority (see website: www.garanteprivacy.it).

EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS
The processing does not involve automated decision-making process

Last updated: June 2024

pursuant to Article 13 of the European Regulation 679/2016 (GDPR - General Data Protection Regulation) concerning the following processing of personal data

Dear Customer,

pursuant to Article 13 of the Regulation (EU) No. 2016/679 - General Data Protection Regulation (hereinafter: the “GDPR”), Gessi s.p.a., in the person of its legal representative pro tempore, as the data controller (hereinafter: the “Controller”), informs all customers that the personal data collected during the customer relationship will be proces- sed in compliance with the provisions contained in the GDPR, the Italian Legislative Decree 196/2003 as amended by the legislative decree 101/2018, and the national and EU legislation in force from time to time on the protection of personal data, as better described in this policy.

DATA CONTROLLER
The data controller is Gessi s.p.a. with registered office in Parco Gessi, 13037 Serravalle Sesia (Province of Vercelli, Italy), Tax Code and VAT N. 02235360027, who can be contacted at the following e-mail address: gessi@pec.gessi.it

PROCESSED DATA
The Controller may process the personal data of the customer (if he/she were a natural person) and/or of his/her employees, directors, representatives, collaborators and other contractors such as, for example:
-first and last name of the customer and the customer’s contact persons
-addresses
-telephone and e-mail addresses
-profession, etc.
collected by the Controller (“Data”).

LEGAL BASIS AND PURPOSE OF PROCESSING
Data are collected and processed by the Controller on the following legal bases and for the following purposes:
-Article 6 paragraph 1 b) of the GDPR: all pre-contractual activities (such as sending offers, credit and customer
management, etc.) and related to the execution of a contract between the customer and Gessi s.p.a;
-Article 6 paragraph 1 c) of the GDPR: fulfilment by the Controller of legal obligations imposed by industry regu- lations (administrative, tax, accounting, etc.), national and European regulations, applicable to the existing rela- tionship and/or activities connected with and/or instrumental to the relationship between the Controller and the Customer;
-Article 6 paragraph 1 f) of the GDPR: legitimate interest of the Controller related to the establishment, exercise or defence of a right in all competent forums, including out-of-court procedures.

NATURE OF DATA PROVISION
The provision of Data for the purposes indicated in the preceding paragraph is optional, unless otherwise specified by the Controller, for example by marking mandatory Data in the forms with an asterisk. Failure to provide Compulsory Data may result in the impossibility of fulfilling the Controller’s contractual obligations.

DATA RECIPIENTS OR POSSIBLE CATEGORIES OF DATA RECIPIENTS
Personal data will be processed by the Controller, and by persons strictly authorised by it. Data may be disclosed to the following categories of third parties:

(I) external natural and/or legal persons authorised to process data by a specific agreement with the Controller (Arti- cle 28 GDPR) or as autonomous data controllers (Article 4, paragraph 1, no. 7 GDPR), also by virtue of the law;
(II) parties to whom such communication must be made in order to fulfil or require the fulfilment of specific obligations
laid down by laws, regulations and/or national and EU legislation, such as public agencies and other public authorities;
(III) other subsidiaries and/or associates and/or affiliates of the Controller that are part of the “Gessi Group”.

DATA TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
As part of the management of the relationship with the Controller, it may be necessary to transfer the Data to coun- tries outside the EU and/or to international organisations in order to achieve the purposes of the processing. In such cases, the Controller will adopt all appropriate security, protection and confidentiality measures aimed at protecting the Data, in compliance with the privacy regulations in force.

RETENTION PERIOD
Your data will be kept for the time necessary to achieve the purposes for which they are processed and, thereafter, within the terms provided for by any applicable regulations.
Criteria for defining retention periods:
-we keep the Data for the period of time during which a contractual relationship with the customer is ongoing;
-check whether archiving is necessary, depending on our legal situation (e.g. with regard to limitation periods, procedures or checks by authorities); and
-check whether we are obliged by applicable law to keep the Data for a further period (e.g., in the case of purchase transactions we may be obliged to keep records of your transactions for a certain period of time).

DATA SUBJECT RIGHTS AND HOW TO EXERCISE THEM
The customer may in any case and at any time exercise the following rights:
-access to personal data, rectification or deletion of personal data, restriction of processing, objection, portability under Articles 15-20 of the European Regulation 679/2016 by sending an e-mail request to privacy@gessi.it
-to lodge a complaint with the Italian Data Protection Authority (see website: www.garanteprivacy.it).

EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS
The processing does not involve automated decision-making process.

Last updated: June 2024

pursuant to Article 13 of the European Regulation 679/2016 (GDPR - General Data Protection Regulation) concerning the following processing of personal data

Dear Applicant,

pursuant to Article 13 of the Regulation (EU) No. 2016/679 - General Data Protection Regulation (hereinafter: the “GDPR”), Gessi s.p.a., in the person of its legal representative pro tempore, as the data controller (hereinafter: the “Controller”), informs all applicants that the personal data collected during the personnel selection process will be processed in compliance with the provisions contained in the GDPR, the Italian Legislative Decree 196/2003 as amended by legislative decree 101/2018, and the national and EU legislation in force from time to time on the pro- tection of personal data, as better described in this policy.

DATA CONTROLLER
The data controller is Gessi s.p.a. with registered office in Parco Gessi, 13037 Serravalle Sesia (Province of Vercelli, Italy), Tax Code and VAT N. 02235360027, who can be contacted at the following e-mail address: gessi@pec.gessi.it

PROCESSED DATA
The Controller may process the candidate’s personal data given by the latter in the CV, in the message sent to the
Controller, during the interview, etc., for instance:
-applicant’s first and last name
-applicant’s address
-telephone and e-mail addresses
-profession, etc.
(hereinafter jointly referred to as “Data”)

LEGAL BASIS AND PURPOSE OF PROCESSING
Data are processed on the following legal bases:
-Article 6 paragraph 1 b of the GDPR: performance of a contract or pre-contractual activities and in particular research, selection and evaluation, as part of the preparatory activities for the establishment of a possible con- tractual relationship, regardless of the type of legal relationship;
-In the case of special data (such as health-related data), Article 9 paragraph 1 of the GDPR: according to which “processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law provi- ding for appropriate safeguards for the fundamental rights and the interests of the data subject”;
-Article 6 paragraph 1 f of the GDPR: legitimate interest of the Controller related to the establishment, exercise or defence of a right in all competent forums, including out-of-court procedures.

NATURE OF DATA PROVISION
The provision of Data marked as mandatory in the Controller’s form and/or job advertisement, e.g. with an asterisk, is compulsory. Failure to provide the mandatory Data will make it impossible for the Controller To consider your appli- cation and respond to you.
The provision of other Data is optional. Failure to provide optional Data will not prevent the Controller from conside- ring your application and respond to you.

DATA RECIPIENTS OR POSSIBLE CATEGORIES OF DATA RECIPIENTS
Personal data will be processed by the Controller, and by persons strictly authorised by it. Data may be disclosed to the following categories of third parties:

(I) external natural and/or legal persons authorised to process data by a specific agreement with the
Controller (Article 28 GDPR) or as autonomous data controllers (Article 4, paragraph 1, no. 7 GDPR), also by virtue of the law;
(II) parties to whom such communication must be made in order to fulfil or require the fulfilment of specific obligations laid down by laws, regulations and/or national and EU legislation, such as public agencies and other public authorities;
(III) other subsidiaries and/or associates and/or affiliates of the Controller that are part of the “Gessi Group”.

DATA TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
The Controller will not transfer Applicant’ personal data to third countries outside the European Economic Area.

RETENTION PERIOD
Your data will be kept for the time necessary to achieve the purposes for which they are processed and, thereafter, within the terms provided for by any applicable regulations. Criteria for defining retention periods:
we keep the Data for the period of time during which applicants are being selected;
check whether archiving is necessary, depending on our legal situation (e.g. with regard to limitation periods, procedures or checks by authorities); and check whether we are obliged by applicable law to retain your Data for a further period.

DATA SUBJECT RIGHTS AND HOW TO EXERCISE THEM
The applicant may in any case and at any time exercise the following rights:
-access to personal data, rectification or deletion of personal data, restriction of processing, objection, portability under Articles 15-20 of the GDPR by sending an e-mail request to privacy@gessi.it
-to lodge a complaint with the Italian Data Protection Authority (see website: www.garanteprivacy.it).

EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS
The processing does not involve automated decision-making process.

Last updated: June, 2024

GOALS OF THIS POLICY
Gessi s.p.a. (hereinafter: “Gessi” or the “Company”) is committed to upholding the highest standards of ethical integri- ty, transparency and accountability in all its business practices, as well as ensuring fairness and transparency of inter- company transactions. The Company considers internal transparency of cost and pricing structures to be important.

For these reasons, Gessi has deemed appropriate the adoption of a Transfer Pricing Policy (hereinafter: “Policy”) that provides a mandatory framework for dealing with all intercompany transactions within the Gessi Group (hereinafter: “Group”).

Therefore, the purpose and scope of this document is to determine the principles and procedures on intercom- pany transactions of any subsidiary of Gessi (hereinafter: “Group Companies”). This Policy applies to any transaction between Group Companies.

All directors, officers, employees, consultants, and contractors of the Group Companies must comply with this Policy. The Board of Directors of the Company may review and update this Policy from time to time to ensure it remains con- sistent with the Board of Directors’ objectives.

PRINCIPLES IN INTERCOMPANY TRANSACTIONS
In all intercompany transactions regarding sale or purchase of goods and service, Gessi Group Companies determine the value or price in line with the arm’s length principle. Arm’s length principle refers that the price or the value applied in purchase or sale of goods or services with related parties, follows the price or the value which would be applied in case there was no such a relation. All kinds of transactions shall be targeted by the arm’s length principle: sale of goods, provision of services, intellectual property licensing, financial transactions, etc.

Therefore, any intercompany transaction shall be conducted on an arm’s-length basis, after consulting the relevant bodies and valuating the market prices.

Furthermore, Group Companies shall comply with the applicable tax legislation in all kinds of goods or service pur- chases and sales transactions with related parties. Group Companies are also required to fulfil the transfer pricing documentation obligations.

METHODS TO BE APPLIED IN INTERCOMPANY TRANSACTIONS
Group Companies determine the prices or the values to be applied in the intercompany transactions by using one of the below methods which is more appropriate to the nature of the operation.

(I) Comparable Uncontrolled Price method: in this method, where the sales price to be applied by a taxpayer which is in line with the arm’s length principles is determined by comparing with the price applied by the unrelated real or legal persons and engages in comparable purchase or sale of goods or services.
(II) Cost Plus method: in this method, the arm’s length price is determined by adding a reasonable gross profit to the
costs of the goods and services.
(III) Resale Price method: in this method, the arm’s length price is determined by decreasing a reasonable gross sales
profit from the price to be applied if a commodity or service is resold to independent real or legal persons.
(IV) Profit Split method: this method is based on the distribution of the operating profit or loss among related parties
according to their functions performed and risks assumed.
(V) Transaction Net Margin method: this method is applied according to the net operating profit margin that is found
by considering the costs, sales or any other appropriate base.

If the arm’s length price cannot be settled through one of the abovementioned methods, the Group Companies can use other methods appropriate to the nature of the operations.

REPORTS
Gessi believes that compliance with this Policy is fundamental to promote highest standards of integrity, fairness, transparency, and accountability in all business relationships between the parties. The values indicated in this Policy are of particular importance to Gessi and, therefore, all Group Companies shall comply strictly with the rules set forth herein.

For these reasons, Gessi requires all Group Companies to promptly report to us any violations of this Policy and/or
the relevant laws, whether suspected or confirmed.

To report any alleged or confirmed violations Group Companies may use the following contact information:
e-mail: gessi@gessi.it
mail: Fraz. Vintebbio, Parco Gessi, 13037 Serravalle Sesia, (Vercelli) Italy

Last updated: June 2024

Guidelines for correct and responsible behaviour to access the workplaces

To all contractors of Gessi s.p.a.
Third parties who for various reasons intend gaining access to company premises

I - Foreword
Gessi s.p.a. (hereinafter: “Gessi” and/or the “Company”) recognises the protection of safety in the workplace as being of fundamental importance within the company organisation. In fact, the Company is committed to spreading and consolidating a safety culture by promoting responsible and safe behaviour by all those who intend to enter company premises. In particular, Gessi has prepared a specific “Workplace visitor policy” (hereinafter: Policy) to manage the daily flow of people entering and leaving the company, thus guaranteeing high standards of safety and efficiency in welcoming and managing the people present in the Company premises. This Policy therefore defines certain proce- dures and rules of conduct that it is necessary to know and comply with in order to access the Company premises, guaranteeing the safety and security of everyone.

II - RECIPIENTS
This Policy is addressed to the Contractors who are required to perform their contractual obligations to Gessi in the Company premises (hereinafter: the “Contractors”), as well as to all third parties who, for various reasons, intend to gain access to the Company areas (hereinafter: the “Visitors”, jointly with the Contractors hereinafter: the “Recipien- ts”), as the case may be, as indicated in this Policy.
Nothing in this Policy is intended to replace the more stringent provisions set out in a specific contract between the
Company and the contractor.

III - RULES OF CONDUCT

A. Rules for occasional visitors
Occasional Visitors with whom Gessi has no business relations may only enter the Company premises from the main entrance and at the times and in the manner agreed with Gessi by telephone or in writing. Visitors may also access company areas only following identification by the secretary, who will inform the internal contact person of the visitors’ arrival. Access to company areas is therefore only permitted with specific approval and if accompanied by authorised internal staff. Upon entering the company, visitors may be asked to show an identity document and sign the privacy policy. The reception may use information technology to register, identify and enable access to company areas by Visitors. The latter may also be granted Wi-Fi access, subject to signing the relevant form and/or authorisation from the relevant contact person. Visitors must not in any way allow improper entry or exit by any other person. Entrance doors to the company cannot be left deliberately open and visitors are not allowed to roam freely around the Com- pany premises without the supervision of the internal contact person. Gessi is not responsible for Visitors’ personal items left in the company premises.

B. Rules for occasional visitors
Contractors with whom Gessi has business relations may only enter the company areas from the main entrance and at the times and in the manner agreed in writing with Gessi. Contractors shall be precluded from entering the company through secondary entrances. If it is deemed necessary, contractors may be asked to show an identity document and sign the privacy policy. Before carrying out the activities agreed upon in writing with Gessi, the Contractors shall be given a temporary badge in order to verify the hours worked. Following delivery of the badge, the Contractors shall be obliged to:
-always punch in and out, when entering and leaving the Company premises;
-wear and display your badge in company areas;
-keep your badge properly;
-avoid other persons to use your badge;
-promptly report any loss of the badge (the cost of issuing a duplicate shall be borne by the Contractor);
-return the badge at the end of the contractual relationship.

C. Rules for all recipients
During their stay in the company, the Recipients must behave with care and attention. They will be liable for any da- mage caused to properties in the company.
Recipients are forbidden to bring onto company premises electronic instruments and other objects or materials, in-
cluding strictly personal ones, that may conflict with Gessi’s security requirements.
Recipients who have gained access to company areas may use the Company’s electronic systems and tools only if
authorised by their contact person and in any case in compliance with the applicable regulations.
Recipients shall treat all information of the Company, its customers and business partners that is not in the public do- main and that they have come to know in any way during their relationship with Gessi and/or in any case when visiting the Company’s buildings, with honesty and confidentiality, as well as in compliance with internal policies and current regulations. Recipients are required to take all necessary precautions to protect the confidentiality of this information. Moreover, the Recipients shall not use this information in any way whatsoever, except as expressly permitted by Gessi in writing and/or what is strictly necessary for the execution of the agreements concluded with Gessi.
Gessi shall remain the sole owner of all assets, whether tangible or intangible, intellectual and industrial property ri- ghts, as well as any knowledge or information obtained by the Recipients in the performance of the activities carried out for Gessi or in any case during the visit to the Company’s buildings, unless otherwise agreed in writing between the parties.

IV - Cooperation with the company
Gessi is convinced that the cooperation of all Recipients is valuable to ensure high standards of safety in the wor- kplace. The Company therefore encourages the Recipients to promptly report any alleged or ascertained violation of this Policy. For any report of an alleged or ascertained violation, you can contact Gessi using the following address: sicurezza@gessi.it. The Company will act against the authors of possible offences proceeding in the manner provided by law. As always, our company is at the full disposal of all Recipients for any doubts and clarifications concerning the rules of conduct set out in this document. For any request for information in relation to this Policy, including its interpretation and application, you can contact Gessi using the following address: sicurezza@gessi.it.

V - Compliance with this Policy
All Recipients are required to scrupulously comply with the rules of conduct indicated in this document. In addition, and as far as not provided for in this Policy, it is specified that each Recipient shall operate in full compliance with Gessi’s Code of Ethics. In addition, the Recipients who avail themselves of the collaboration of third parties shall make sure that such third parties comply with the principles and duties set forth by this Policy, it being understood that, in any case, each Recipient shall be responsible for any omissions or violations of the Policy by his/her collaborators.

VI - Liability and sanctions
By entering the company, you acknowledge to have read and understand the content of the Policy and to undertake to comply with the rules contained therein. Compliance with this document by the Contractors shall be considered an essential part of the contractual obligations assumed by them towards the Company. Any breach of the rules of conduct indicated herein may constitute a breach of contractual obligations, with all legal consequences, including with regard to the termination of the contract and/or assignment, and may entail the payment of compensation for damages arising therefrom.
Should Gessi’s employees allow the Recipients of this Policy to violate the rules contained herein, this conduct may constitute a breach of the primary obligations of the employment contract as well as a disciplinary offence, in compliance with the procedures set forth in Article 7 of the Workers’ Statute and with all legal consequences, in- cluding with regard to the preservation of the employment relationship. Moreover, violation of this Policy may entail compensation for damages arising therefrom. Finally, without prejudice to the hypotheses of disciplinary liability for employees, it should be noted that the violation of the rules contained in this Policy may also be a source of civil and/ or criminal liability of the Recipient if the legal requirements exist.

VII - Final Provisions
This Policy is brought to the attention of Recipients through appropriate communication activities.

Any changes and/or additions to this Policy will be approved in writing by our company and will be promptly disse- minated to the Recipients.

Date of last modification: on 06. 2024

Gessi S.p.A. has been designing and producing exclusive furnishing objects for bathroom, kitchen, private and public wellness for more than 20 years; the Gessi brand is today worldwide synonymous with quality and design in exclusive living environments, be they hotels, spas, yachts or private residences.

The production of sanitary tapware and bathroom accessories is done in harmony with environmental and safety issues.

In absolute contrast to the widespread race to outsource ‘core’ activities and relocate production units, Gessi rea- lises each phase and each component of the product in-house, following best practice models in business and the principles of ‘green’ production, with very high technology, very low environmental impact, high ethical responsibility towards workers, and very high-quality standards.

The activities are supported by the systematic application of the integrated quality-environment-safety management system in compliance with the requirements of the reference standards to enable the needs and expectations of customers and all relevant stakeholders in general to be determined and converted into operational requirements.

To achieve its goals, Gessi has planned to:
-offer super-premium level products;
-achieve maximum customer satisfaction also through the provision of dedicated services;
-meet legislative compliance requirements concerning quality, safety and the environment;
-implement every effort in organisational, operational and technological terms to:
-limit negative environmental impacts: nickel-free production, responsible water consumption, gradual replacement of packaging with lower-impact alternatives, use of electricity entirely from renewable sources, constant improvement of the waste/production ratio and maximisation of waste recovery;
-improve safety conditions: ensuring healthy working environments, systematic updating of production plant and processes (development of alternatives to the use of hexavalent chromium), increasing workers’ awareness also through dedicated voluntary training actions so as to try to minimise negative events (injuries, occupational illness and accidents), continuous consultation and participation of workers in the development and maintenance of the integrated management system;
-involvement and increased awareness also of their suppliers;
-assess in advance the effects of new processes and/or products or changes to existing ones;
-prepare plans to mitigate risks or develop opportunities through objectives and targets integrated with the opera- tional management of activities and business development programmes aimed at continuous improvement;
This document is made available to all interested parties via the company website.

Italian Legislative Decree no.231 of 08 June 2001

OUR MISSION
Gessi is a company known and respected throughout the world; if, on one hand, its brand has become synonymous with design, innovativeness, exclusivity and image, on the other hand, it has known how to distinguished itself with its ability to embody fundamental values of efficiency and dynamism, as well as attention, reliability, integrity and humility.

These values cannot be such if they do not rest on the solid and deep foundations that Gessi has and which are re-
presented by the ethical values that underpin its business model.

Ethics is a fundamental aspect in the conduct of business at all levels, and this approach, in full compliance with the law, adds value to the company and to relations with all stakeholders for whom Gessi intends to be a trustworthy partner over the time.

The image of our company is determined by our decisions, our actions, the way each and everyone of us communi- cates, presents and conducts himself/herself. It is therefore up to all of us to ensure that our Company complies at all times with the general principles of the Code of Ethics, the Code of Conduct and the regulations of the countries in which it operates.

Gian Luca Gessi
Chairman of the Board GESSI S.p.A.

TABLE OF CONTENTS

1 INTRODUCTION
2 GENERAL PRINCIPLES
3 STAFF RELATIONS
4 BUSINESS CONDUCT
5 ACCOUNTING TRANSPARENCY
6 COMPANY COMPUTER SYSTEMS
7 INTERNET AND E-MAIL
8 TELEPHONES
9 CONFIDENTIALITY AND DISCRETION
10 HEALTH, SAFETY AND ENVIRONMENT
11 DISCIPLINARY PROCEEDINGS AND SANCTIONS

1. INTRODUCTION
Gessi S.p.A. (hereinafter referred to as Gessi or the Company) has been dealing with sanitary tapware and bathroom accessories in the metal industry sector since the early 1990s.

The Company has to carry out its activities in an institutional, economic, political, social and cultural context that is constantly and rapidly changing.

In order to successfully deal with the complexity of the situations in which the Company operates, it is important to clearly define the set of values by which it is inspired and that shall apply.

Under no circumstances may the belief that one is acting for the benefit of the Company justify the adoption of con- duct contrary to these principles.

For these reasons, a Code of Ethics and Conduct (“Code”) was drawn up, the observance of which is of fundamental importance for the good and reliable operation of the Company and for protecting its reputation, image and know- how, these being major factors for the Company’s success.

The persons required to comply with the Code are in particular: (i) members of the Board of Directors, (ii) managers,
(iii) employees of any rank, qualification, level, with an open-ended or fixed-term contract (iv) temporary workers, in- terns, collaborators with project collaboration contracts or similar, (v) members of the Board of Statutory Auditors of the Company (vi) Third parties in general, or rather those who have business relations with the Company, irrespective of their content and purpose (e.g., collaborators, commercial or financial partners, consultants, agents in general, etc.) [hereinafter also referred to as Recipients].

The Recipients, in addition to respecting the general duties of loyalty, fairness, and performance of the employment contract in good faith, must refrain from carrying out activities in competition with those of the Company, must comply with company rules and procedures and abide by the precepts of the Code, which is to be complied with by Employees pursuant to and in accordance with Articles 2104 and 2105 of the Civil Code.

Each Recipient or Third Party is required to know the Code, to actively contribute to its implementation and to report any shortcomings. The Company undertakes to facilitate and promote their knowledge of the Code and their con- structive contribution to its contents.
Any conduct contrary to the letter and spirit of the Code may be sanctioned in accordance with section 11 hereof.

The Code is brought to the attention of all those with whom the Company has business relations.

2. GENERAL PRINCIPLES

2.1Recipients and scope of the Code
The rules of the Code apply to all Recipients.
The members of the Board of Directors are guided by the principles of the Code when setting corporate objectives.

The Company is obliged to comply with the contents of the Code when proposing and implementing projects, actions and investments that are useful to the company’s assets, management and technological values and performance for shareholders, while respecting the social function for employees and the community.

It is first and foremost the responsibility of the directors and the management team to give concrete expression to the values and principles contained in the Code, assuming responsibility both within and outside the Company, as well as disseminating knowledge of the Code and related documents, as well as the Organisational Model of the Company pursuant to Article 231/01.
In this logic, the aforementioned persons, in concert with the Supervisory Body of the Company appointed pursuant to Legislative Decree No. 231/01, shall define the training and information programmes for the benefit of all Recipients, also ensuring that the relevant principles are widely illustrated and properly implemented.

The Recipients, in due compliance with the law and regulations in force, will adapt their actions and conduct to the principles, objectives and commitments set out in the Code.

All actions, operations and negotiations carried out and, in general, the conduct of the Recipients in the performance of their activities must be inspired by the utmost fairness and integrity in terms of management, completeness and transparency of information, legitimacy in form and substance and clarity and truthfulness in accounting records in accordance with the rules in force and internal procedures.

All activities performed in the company must be carried out with the utmost commitment and professional rigour. Each Employee must provide professional contributions appropriate to the responsibilities assigned and must act in such a way as to protect the prestige and image of the Company.
Relations between Employees, at all levels, must be based on criteria and conduct that promote fairness, cooperation, loyalty and mutual respect.

For the full observance of the Code, each Employee may refer to his or her supervisor, or directly to the Supervisory Body (SB) appointed pursuant to the Legislative Decree no. 231/01 and/or to the Chief Executive Officer or General Manager of the Company or to the person delegated by the Management with the function of assisting the activity of the SB, where appointed.

2.2 Commitments and obligations under the Code
For the full achievement of the purposes underlying the Code, the Company undertakes to ensure the adoption of all initiatives that can guarantee:
-maximum dissemination of the Code among the Recipients;
-the deepening and updating of the Code in order to adapt it to the evolution of reference values and regulations relevant to the Code;
-the provision of every possible means of knowledge and clarification regarding the interpretation and implementa- tion of the rules contained in the Code;
-the necessary tools so that the Supervisory Body, or the Commissions that may have been set up, may be notified of any violations of the Code;
-carrying out checks on any reports of violations of the Code or reference standards;
-the assessment of the facts and the consequent application of appropriate sanctions in the event of a violation;
-that no one may suffer retaliation of any kind for having provided information on possible violations of the Code or of the reference rules, and that the identity of whistleblowers may enjoy the confidentiality prescribed pursuant to Article 6, para. 2 bis, Legislative Decree No. 231/2001.

Recipients are asked to know the rules contained in the Code and the reference rules governing the activity within the scope of their function (hereinafter referred to as the Rules).

In particular, the Company’s Employees are obliged to:
-refrain from conduct contrary to the Rules;
-contact their managers or directly the Supervisory Body or the Chief Executive Officer / General Manager of the Company or the delegate of the Company with the function of assisting the activity of the Supervisory Body (where appointed), in the event of the need for clarification on the application of the Rules;
-promptly report to their supervisors or directly to the Supervisory Body or to the Chief Executive Officer / Ge- neral Manager of the Company or to the delegate of the Company with the function of assisting the activity of the Supervisory Body (where appointed): any news, either directly observed or reported by others, concerning possible violations of the Rules as well as any request made to them to violate the Rules;
-cooperate with the structures in charge of verifying possible violations of the Rules and minimising their negative effects, also cooperating in the implementation of interventions aimed at preventing the continuation of any breaches

In order to fully implement Article 6 of Legislative Decree No. 231/2001 and guarantee the effectiveness of the Whist- leblowing system, the Company has strengthened its system for managing reports of potential violations of this Code of Ethics and the Model.

The company prohibits any act of retaliation or discrimination - direct and/or indirect - against the whistleblower.

With specific regard to the Whistleblowing policy, reference is made in its entirety to the relevant internal document forming part of the Gessi S.p.A. Model, which integrates the procedures for reporting to the Supervisory Body and the relevant powers of control for matters falling within its competence, in implementation of Article 6, paragraph 2-bis let.
a) and b) of Legislative Decree No. 231/2001. This document is available on the Company’s intranet.

2.3 Further obligations for Managers, executives and employees entrusted with operational responsibilities
Every Employee of the Company entrusted with operational responsibilities has the duty to:

-set an example to their co-workers as to what conduct is acceptable and desirable at the company;
-urge Employees and Third Parties to comply with the Code and urge them to raise reports on the correct applica- tion of the Code or on any shortcomings;
-ensure that Employees understand that compliance with the Rules is an essential part of the quality of work per- formance;
-carefully select, to the extent of their competence, Employees and external collaborators to prevent assignments
being given to persons who do not give full reliance on their commitment to comply with the Rules;
-promptly report, as per the last paragraph of Section 2.1, its own findings, information provided by Employees as well
as from outside concerning possible violations of the rules;
-take immediate corrective action when required by the situation;
-prevent any kind of retaliation against Employees who have reported violations of the Code.

2.4 Obligations to Third Parties
The Company’s Employees as well as the Directors, by reason of their competences, in relations with third parties shall:
-adequately inform them of the commitments and obligations imposed by the Code;
-require compliance with obligations that directly affect their activities;
-take appropriate internal and, if within its competence, external action in the event of failure by third parties to comply with the Rules.

2.5 Contractual value of the Code towards Employees
Observance of the Rules shall be considered an essential part of the contractual obligations of the Company’s Em- ployees pursuant to and in accordance with Article 2104 of the Civil Code, set out below

Article 2104 of the Civil Code - Diligence of the employee - “The employees shall use the diligence required by the nature of the job to be performed, by the interest of the company […].
Furthermore, they are expected to follow the instructions for the performance and discipline of work given by the employer and his/her co-workers whom they shall report to”.

The principles and contents defined in this Code apply to the entire Company, and constitute exemplifying specifica- tions of the general obligations of diligence, fairness and loyalty that qualify the performance of professional services and conduct towards the Company.

Violation of the Rules may constitute a breach of the primary obligations of the employment relationship or a disci- plinary offence, with all the consequences provided for by law and by the Collective Agreement, including with regard to the preservation of the employment relationship, and may also entail the obligation to pay compensation for any damage, including non-pecuniary damage, arising therefrom.

All employees of all ranks and levels must be informed and trained on the context and content of the internal proce- dural rules governing all activities and be duly informed of the relevance and identity of the risks associated with their activities and the possible performance of them contrary to the applicable procedural provisions.

Violation of the aforementioned Rules constitutes a breach of the duties of diligence under Article 2104 of the Civil Code.

2.6 Cooperation and information
It is the Company’s policy to disseminate at all levels a corporate culture characterised by the sharing of necessary information as an essential element for corporate development. All this in compliance with both general and specific corporate privacy and confidentiality principles, differentiated according to the different corporate levels.

All employees are called upon to actively cooperate in the circulation of information of interest for the best perfor- mance of the Company’s activities, always within the framework of respect for the principles of privacy and corporate confidentiality, both general and specific, differentiated according to the different company levels.

2.7 Control activities
It is the Company’s policy to disseminate at all levels a culture characterised by awareness both of one’s own respon- sibilities at individual and collective level and of the existence of controls, as well as characterised by the assumption of a control-oriented mentality. The attitude towards controls must be positive because of the contribution they make to improving the business activity.
Internal controls are defined as all the tools necessary or useful to direct, manage and verify the company’s activities with the aim of ensuring compliance with laws and company procedures, protecting company assets, efficiently ma- naging activities and providing accurate and complete accounting and financial data.
The responsibility for implementing an effective internal control system is common to every level of the organisational structure; consequently, all Company employees, within the scope of their functions, are responsible for the definition and proper functioning of the control system.
Within the scope of their competences, Managers are required to be involved in the company’s control system and to involve employees in it.
Each Employee must feel responsible custodian of the company assets (tangible and intangible) that are instrumental to the activity performed. No Employee may misuse the Company’s assets and resources or allow others to do so.

To this end, particular attention must be paid when establishing contractual relations with new third parties (such as suppliers, commercial and financial partners, trading partners, consultants, contractors, workers and third parties in general) in order to avoid the involvement of the Company in the predicate offences contained in Legislative Decree No. 231/2001 and in any case offences of any kind.

With regard to third parties in general, everyone must contribute to the dissemination of the corporate compliance culture as identified in this Code of Ethics as well as in the Management and Organisation Model.

Special care must be taken, when carrying out the Company’s business activities, to comply with anti-money laun- dering and anti-terrorism regulations, which must be a priority for the entire chain of operators cooperating with the Company and who must be properly trained and informed as well as monitored.

In addition to maintaining proper control measures, the Company shall also adopt an effective system of prevention and organisation of corrective measures, without prejudice to the termination of cooperation relations with persons who intentionally or repeatedly violate the aforementioned Rules.

3. STAFF RELATIONS
3.1 Human resources
Human resources are an indispensable element for the correct and profitable performance of the company’s acti- vities. The dedication and professionalism of employees are decisive values and conditions for achieving the Com- pany’s objectives.

The Company provides all Employees with opportunities for work and professional growth, ensuring that everyone can enjoy fair treatment based on merit criteria, without any discrimination.

The competent Functions shall:
-adopt criteria of merit, competence and in any case strictly professional criteria for any decision concerning an Employee;
-select, recruit, train, remunerate and manage Employees without any discrimination whatsoever;
-create a working environment in which personal characteristics cannot give rise to discriminations.

The Company interprets its entrepreneurial role both in the protection of the workplace, as better specified in para- graph 10.1 below, and of working conditions, and in the protection of the psycho-physical integrity of the Employee, respecting his/her moral personality, avoiding that he/she suffers unlawful conditioning or undue distress.

The Company expects its employees, at every level, to cooperate in maintaining a climate of mutual respect for the dignity, honour and reputation of each person in the company, and to take action to prevent insulting or defamatory interpersonal attitudes.

3.2 Harassment in the workplace
Every employee has the right to work in an environment free from any kind of discrimination based on race, religion, sex, ethnic, trade union or political affiliation.

The Company requires that internal and external labour relations be characterised by the utmost fairness and haras- sment be prevented, such as:
-the creation of an intimidating, hostile or isolating working environment towards individuals or groups of Employees;
-the unjustified interference with the performance of others’ work;
-the obstruction of others’ individual job prospects for mere reasons of personal competitiveness.

The Company neither condones nor tolerates sexual harassment, such as:
-the subordination of activities and conduct relating to the recipient’s working life to the acceptance of sexual fa- vours;
-the proposals of private interpersonal relations, notwithstanding an express or reasonably evident dislike, that have the capacity, in relation to the specificity of the situation, to disturb the serenity of the Recipient with objective impli- cations on his or her human and working expression.

It will be up to the managers in particular to show and promote by their balanced behaviour, a polite, correct and responsible behaviour with regard to sexual issues.

3.3 Agreements with Employees
Any agreement with Company’s Employees shall be evidenced by appropriate written documentation.

4. BUSINESS CONDUCT
The Company, in managing its business and business relations, is inspired by the principles of legality, loyalty, fairness, transparency, efficiency and openness to the market.

Therefore, by way of example only, corrupt practices, illegitimate favours, collusive behaviour, and solicitation, directly
and/or through third parties, of personal and career advantages for oneself or others, are prohibited.

The Company’s Employees and external collaborators, whose actions may be in some way referable to the same Com- pany, shall behave correctly in business dealings of interest to the same Company and in relations with the Public Administration, regardless of the effects on competitiveness and the importance of the business transacted.

The economic resources, as well as the assets of the Company, must not be used for unlawful, improper or even du- bious purposes. Benefits of any kind may not be obtained through illegitimate financial or other favours.

4.1 “Non-compete” obligation
The Company recognises and respects the right of its Employees to participate in investments, business or other activities outside that carried out in the interest of the Company, provided that such activities are permitted by law, do not affect their regular work activities and are compatible with their obligations as Employees.

In any case, all Company’s Employees are obliged not to carry out any activity that may be, even potentially and/or indirectly, in competition with those of the Company itself.

With regard to employees, reference is made in this respect to the provision of the law:

Art. 2105 of the Civil Code - Duty of loyalty - “Employees shall not conduct business, on their own account or on behalf of third parties, in competition with the entrepreneur, nor shall he divulge information relating to the organi- sation and methods of production of the undertaking, or make use of them in such a way as to be prejudicial to it”.

4.2 Conflict of interest
In any case, all Company’s Employees shall avoid any situation and all activities in which a conflict may arise with the interests of the company or which may interfere with their ability to make, in an impartial manner, decisions in the best interests of the company and in full compliance with the rules of the Code.

In particular, all Company’s Employees are required to avoid conflicts of interest between personal economic activi- ties and the tasks they perform within the structure they belong to.
By way of example, the following situations give rise to conflicts of interest:
-economic and financial interests of the Employee and/or his/her family in the activities of suppliers, customers and
competitors;
-using one’s position in the company or information acquired in one’s work in such a way as to create a conflict between one’s personal interests and the interests of the company;
-performance of work activities of any kind with customers, suppliers, competitors; acceptance of money, favours or benefits from persons or companies that are or intend to enter into business relations with the Company.

4.3 Gifts or other benefits
It is not permitted to pay or offer, directly or indirectly, gifts, payments, material or other benefits of any kind to third parties, public officials or private persons.

Acts of commercial courtesy, such as gifts or forms of hospitality, are allowed when they are of modest value, contai- ned within the limits permitted by laws and/or regulations and in any case such as not to compromise the integrity or reputation of one of the parties and cannot be interpreted as aimed at acquiring improper advantages. This type of expenditure, in accordance with the limits laid down by the Company’s organisational provisions in force, must be authorised by the Chief Executive Officer or the General Manager (where appointed) and properly evidenced by do- cuments, and must take place in strict compliance with the procedure ‘PR 71 Management of sponsorships, donations and gifts’, which the Company has adopted.

Any Employee receiving gifts, preferential treatment or forms of hospitality not directly attributable to normal courte- ous relations shall, in relevant cases, inform his/her superior and the Chief Executive Officer; in any case, the Super- visory Body of the Company shall be informed.

Any Employee receiving gifts, preferential treatment or forms of hospitality not directly attributable to normal courte- ous relations shall, in relevant cases, inform his/her superior and the Chief Executive Officer; in any case, the Super- visory Body of the Company shall be informed.

External collaborators (e.g. consultants, representatives, intermediaries, etc.) are asked to adhere to the principles contained in the Code.

To this end, each Employee shall, in relation to his or her duties, take care to:
-observe the internal principles and procedures for selecting and managing relations with external collaborators;
-select only qualified and reputable persons and companies;
-take proper account of indications from any source as to whether certain external collaborators should be used;
-promptly report, as per the last paragraph of Section 2.1, information or suspicions concerning possible violations of the Code by external collaborators.

4.4 Relationships with public Institutions, public officials and persons in charge of a public service
In relations with Public Institutions and their officials and employees, with public officials and persons in charge of a public service, with whom the Company collaborates in the course of its business, the Company’s Employees and external collaborators, whose actions may be in some way referable to the Company, shall behave with the utmost fairness.

Corrupt practices, incitement to corruption, illegitimate favours - even if only boasted -, collusive behaviour, solici- tation, directly and/or through third parties, of personal and career advantages for oneself, for the Company or for others, are strictly prohibited.

As part of its activities, the Company cooperates fully, transparently and actively with Public Institutions and their officials and employees, with public officials and persons in charge of a public service.

The Company, in managing its business and business relations, is inspired by the principles of loyalty, fairness and transparency.

Gifts, acts of courtesy and hospitality towards officials of Public Institutions, public officials and persons in charge of a public service are allowed when they are of modest value and in any case such as not to compromise the integrity or reputation of one of the parties and cannot be interpreted as aimed at acquiring improper advantages. In any case, this type of expenditure, in accordance with the limits laid down by the Company’s organisational provisions in force, must be authorised in advance by the Chief Executive Officer or the General Manager (where present) and properly evidenced by documents.

All Recipients of the Code are required to abstain from any concussive conduct on the part of a public official or a person in charge of a public service who, abusing his or her position or powers, induces or coerces them to unduly give or promise, to him or a third party, money or other benefits.

Recipients involved in the above-mentioned cases are required to provide information to the Supervisory Body, in the manner provided for by the Organisational Model itself.

4.5 Relations with Judicial and Supervisory Authorities
Relations with Judicial Authorities are characterised by maximum cooperation and transparency. Any declarations requested, if due, must be made correctly and truthfully.

The Company guarantees compliance with the provisions of the various Supervisory Authorities that regulate its activities. To this end, it is therefore incumbent on the Company’s Employees to ensure the utmost availability to co- operate with the Supervisory Authorities.

4.6 Relations with private trading partners
The Company, in managing its business and business relations, is inspired by the principles of loyalty, fairness and transparency.

The offer or promise of money or any other benefit to senior persons (such as directors, general managers, managers in charge of drafting corporate accounting documents, statutory auditors, liquidators) and to persons connected to them, so that they perform an act not in accordance with their official duties, to the benefit or in the interest of the Company, is strictly prohibited.

4.7 Relations with political institutions and trade unions
The Company does not make direct or indirect contributions, in any form whatsoever, to political parties, movements, committees and political and trade union organisations, their representatives and candidates, except, where appli- cable, within the scope permitted by the laws in force, in compliance with the principle of transparency and in strict observance of the provisions of the law in force and the procedures identified in the Company’s Organisational Model.

4.8 Relations with the media, research companies, trade associations and other similar organisations
Information to the outside world must be truthful and transparent.

The Company must present itself in an accurate and homogeneous manner when communicating with the mass me- dia, research companies, trade associations and other similar entities. Relations with entities and similar media are exclusively reserved to the corporate functions delegated to do so and, within the framework of the specific dele- gations, are agreed upon in advance with the Chief Executive Officer of the Company, also in coordination with the Company’s communication manager.

Other Company’s Employees, and therefore with the exception of those specifically delegated to do so in paragraph above, may not provide information to representatives of the mass media, research companies, trade associations and other similar entities, nor undertake to provide such information, without the authorisation of the Chief Executive Officer.

In no manner or form may Company’s Employees offer payments, gifts or other benefits aimed at influencing the professional activities of functions of entities, companies or associations referred to in paragraph above or that may reasonably be interpreted as such.

4.9 Relations with customers
The company pursues its business success through the offer of quality products and services and in compliance with all the rules laid down to protect fair competition.

The Company recognises that the appreciation of those who request products or services is of primary importance to the success of the business.

To this end, it is therefore incumbent on the Company’s Employees, within the framework of full compliance with the principles of this Code and therefore within the scope and limits provided for herein, to:
-scrupulously abide by all internal rules and procedures for managing relations with customers;
-provide, with efficiency and courtesy, within the limits of contractual provisions, high quality products and services that meet the customer’s reasonable expectations and needs;
-provide accurate and comprehensive information about products and services so that customers can make informed
decisions, within the principles of transparency as well as corporate confidentiality and privacy,
-adhere to truthfulness and clarity in commercial communications with customers always within the principles of tran-
sparency, but also of corporate confidentiality and privacy.

4.10 Relations with suppliers
It is the duty of Company’s Employees to check that suppliers and subcontractors comply with the conditions and maintain the ethical standards required by the Company.

In the event that there are well-founded suspicions about the ethical behaviour and compliance with the aforementio- ned principles on the part of a supplier or subcontractor, the executive, manager and, in general, the employee con- cerned shall take the appropriate steps to terminate the relevant relationship or provide the office with the necessary information to assess the termination.

To this end, particular attention must be paid in the establishment and management of contractual relations with Sup- pliers or a subcontractor in order to avoid the Company’s involvement in crimes or offences of any kind in respect of which the relationship with the supplier may even be a vehicle for facilitation.

In contracting, procurement and, in general, supply of goods and/or services, Company’s Employees are obliged to:
-scrupulously abide by all internal rules and procedures for selecting and managing relations with suppliers;
-not preclude any supplier company that meets the requirements from competing for the award of a supply to the Company, adopting criteria of fairness and transparency in the selection;
-make the choice of suppliers on the basis of the company’s needs, with the aim of obtaining the best possible con- ditions in terms of quality and cost of the products offered;
-obtain the utmost cooperation from suppliers in constantly ensuring that the requirements of the Company and its customers are met in terms of quality, cost and delivery times, to an extent at least equal to their expectations;
-maintain a frank and open dialogue with suppliers, in line with good business practice;
-bring relevant problems arising with a supplier to the attention of the relevant corporate Functions, so that they can assess all possible consequences in the interest of the Company and its customers.

4.11 Relations with competitors
The Company reaffirms that in managing its business and business relations is inspired by the principles of loyalty, legality, fairness, transparency, efficiency and openness to the market.
The company particularly pursues its business success on the market through the offer of quality products and ser- vices and in compliance with all the rules laid down to protect fair competition.
In particular, within the framework of the competition regulations in force, the Company’s activities and the conduct of its Employees and external collaborators, whose actions may be in some way referable to the Company itself, must be inspired by the most complete autonomy and independence with respect to the conduct of the Company’s com- petitors in the market.

4.12 Protection of industrial and intellectual property
The Company acts in full respect of the industrial and intellectual property rights legitimately held by third parties, as well as of the laws, regulations and conventions, also at EU and/or international level, protecting such rights.

In this regard, all Recipients of this Code shall respect the legitimate industrial and intellectual property rights of third parties and refrain from the unauthorised use of such rights. In particular, employees and collaborators, in the perfor- mance of their activities, shall refrain:

-from any conduct that may constitute usurpation of industrial property rights, alteration or counterfeiting of distin- ctive signs of industrial products, or of patents, designs or industrial models, whether domestic or foreign, as well as refraining from importing, marketing or otherwise using or putting into circulation industrial products with counterfei- ted or altered distinctive signs or made by usurping industrial property rights;
-from using in an unlawful and/or improper manner, in their own interest, in the interest of the company or of third parties, intellectual works (or parts thereof) protected by copyright infringement legislation.

4.13 Fight against organised crime
The Company firmly condemns and, within the scope of its business operations, fights with all the tools at its disposal any form of organised crime, including mafia-related crime.

To this end, particular attention must be paid by the Recipients of this Code of Ethics if they find themselves opera- ting in geographical areas, both in Italy and abroad, historically affected by organised crime phenomena, in order to prevent the risk of criminal infiltration.

Considerable attention will be paid by the Company to verifying the requirements of moral integrity and reliability of trading partners, such as suppliers, agents, consultants, points of sale, business partners, as well as the legitimacy of the activities carried out by them.

5. ACCOUNTING TRANSPARENCY
The duty of transparency in accounting records does not only concern the actions of Employees in the administrative offices, but applies to every Employee, in whatever company environment he or she works.

Accounting transparency is based on the truth, accuracy and completeness of the basic information for the relevant accounting records.

Each Employee is therefore required to cooperate to ensure that accounting data are correctly and promptly represented in the accounts.

Adequate supporting documentation of the activity performed is kept on file for each transaction in order to allow:
-easy bookkeeping;
-the identification of different levels of responsibility;
-an accurate reconstruction of the operation, also to reduce the likelihood of misinterpretation.

Each record must reflect exactly what is shown in the supporting documentation. It is the duty of each Employee to ensure that the documentation is easily traceable and ordered according to logical criteria and in any case according to the procedures established by the Company.

All Company’s Employees must adopt a correct, transparent and collaborative conduct, in compliance with the law and internal rules, in all activities instrumental to the preparation of the financial statements and other corporate communications required by law, in order to provide shareholders and third parties with true and correct information on the Company’s economic, asset and financial situation.

Recipients who become aware of omissions, falsifications, negligence in the accounts or in the documentation on which the accounting records are based, are required to report the facts as per the last paragraph of Section 2.1.

6. COMPANY COMPUTER SYSTEMS
The Company considers the use of new information technologies to be of fundamental and strategic importance for the performance of its industrial activities and the pursuit of its objectives.

Maintaining a high level of computer security is essential to protect the information the Company develops and/or uses and is vital for the effective pursuit of corporate policies and strategies.

The gradual spread of new technologies exposes the Company to risks of both financial and criminal involvement, while at the same time creating image and security problems and potential image damage.

Precisely for the latter purpose, the Company has taken steps, with particular reference to the security measures imposed on the processing of personal data by Presidential Decree No. 318/1999, as well as by Law No. 196/2003 and subsequent amendments, to give appropriate indications and instructions to all Employees affected by the afo-rementioned measures.

6.1 How to use company computer systems
Given that the use of the company’s IT and telematic resources must always be inspired by the principles of diligence and fairness, Employees/users of the information systems are in any case required to adopt the additional internal ru- les of conduct aimed at avoiding damage to the company itself, to other Employees or to Third Parties, in compliance with the indications provided by the Information Technology (IT Manager).

6.2 Company computer systems entrusted to Employees
The personal computer (desktop or laptop), fixed or mobile communication systems and related programmes and/or applications entrusted to the Employee constitute working tools and therefore:
-such instruments must be stored properly and with care;
-such instruments may only be used for professional purposes (obviously in connection with the assigned tasks) and not, except within the limits of reasonableness, for personal, let alone unlawful, purposes;
-theft, damage or loss of such tools must be promptly reported to the Company.

7. INTERNET AND E-MAIL

7.1 Use of personal computers, communication systems and other equipment
In order to avoid the serious risk of introducing computer viruses, as well as altering the stability of software applica- tions, the Company’s Employees are not permitted to:
-install programmes, software of any kind on the equipment unless expressly authorised by the IT Manager,
-use programmes and software not officially distributed by the IT Manager,
-use software and/or hardware tools designed to intercept, falsify, alter or suppress the content of computer com- munications and/or documents;
-change the configurations set on their PC;
-install one’s own means of communication (such as modems) on one’s personal computer, or in any case on the company’s IT equipment.

7.2 Use of magnetic media
Company’s Employees are not permitted to download files contained on magnetic/optical media that are not related to their work.
All files of uncertain or external origin, even if related to work, must be checked and authorised for use by the IT Ma- nager.

7.3 Use of the company network
Network drives are strictly professional information sharing areas and may in no way be used, except within reaso- nable limits, for other purposes.

Therefore, any file that is not work-related may not be saved and/or stored, even for short periods, in these drives.

The Company reserves the right to proceed with the removal of any file or application that it deems to be dangerous for company security, or rather acquired or installed in violation of this Code.

As a general rule, all employees must comply with the requirements set out in the procedure” PR 74 Company IT Regulations”.

7.4 Use of the Internet and related Internet browsing services
Company’s Employees are assigned different ‘profiles’ to allow them to surf the Internet. Each ‘profile’ is assigned, by means of control software, a number of categories of sites for which surfing is permitted.

Browsing within the categories of accessible sites (e.g. home banking, news, e-commerce, etc.) must in any case take place in compliance with the regulations in force and in the safeguarding of work.

The exchange or sharing of music files, images or films, the uploading of files on the Internet, participation in forums and blogs, and the use of chat-lines are not permitted unless they are related to specific work activities.

The storage and use of computer documents of an outrageous and/or discriminatory nature on grounds of sex, language, religion, race, ethnic origin, opinion and trade union and/or political affiliation is not permitted.

7.5 E-mail
E-mails are also a working tool; therefore, all Company’s Employees are not permitted to:
-send or store messages (internal or external) of an insulting, obscene and/or discriminatory nature on grounds of sex, language, religion, race, ethnic origin, opinion and trade union and/or political affiliation;
-use the business e-mail address for participation in discussions, forums or e-mail lists.
In order to safeguard the company’s assets, users are required to take appropriate precautions when using e-mail to exchange messages and documents containing confidential information.

7.6 Monitoring and controls
Since, in the event of contractual and legal violations, both the Company and the individual Employee are potentially liable to sanctions, including criminal sanctions, the Company will verify, to the extent permitted by legal and con- tractual provisions, compliance with the rules and the integrity of its IT system.
Failure to comply with the provisions of this Code may result in disciplinary as well as civil and criminal sanctions.

8. TELEPHONES
The Company’s telephone communication equipment, whether fixed or mobile, shall be used for professional purpo- ses only, except to the extent reasonable and specifically agreed otherwise in writing between the Employee and the Company.

9. CONFIDENTIALITY AND DISCRETION
The Company’s activities constantly require the acquisition, storage, processing, communication and dissemination of news, documents and other data pertaining to negotiations, financial and commercial transactions, know-how (con- tracts, deeds, reports, notes, studies, drawings, photographs, software), etc.
The Company undertakes to ensure the correct application and processing of all information used in the performance of its business activities.

Any information and other material obtained by an Employee of the Company in connection with his or her work is strictly proprietary to the Company.
This information relates to present and future activities, including news not yet released, information and announcements, even if soon to be released.

9.1 Information and news
Company’s Employees called upon to illustrate or provide the outside world with information concerning the objecti- ves, activities, results and views of the Company or of another company belonging to the Group by, by way of example:
-participation in conferences, congresses and seminars;
-drafting of articles, essays and publications in general;
-participation in public speeches;
are required to obtain the authorisation of the Manager in charge and the Chief Executive Officer on the texts, reports prepared and courses of action to be followed.

9.2 Databases
The Company’s databases may contain, among other things, personal data protected by privacy legislation, so-called price-sensitive information, data that cannot be disclosed externally due to negotiated agreements, and data whose inappropriate or untimely disclosure could cause damage to the Company’s interests.

It is the obligation of each Employee to ensure the confidentiality required by the circumstances for each piece of information he or she learns in the course of his or her work and to comply with internal rules on the management of information.

The Company undertakes to protect information relating to its Employees, Customers and Third Parties, generated or acquired within and in business relations, and to avoid any improper use of this information.

Information, knowledge and data acquired or processed by Employees in the course of their work belong to the Company and may not be used, communicated or disclosed without specific authorisation from the relevant manager, either during or after the employment relationship.

Without prejudice to the prohibition to disclose information concerning the organisation and activities of the Com- pany or of another Group Company or to make use of it in such a way as to be prejudicial to it, each Employee shall:
-acquire and process only the data necessary and appropriate for the purposes and in direct connection with his/her functions;
-acquire and process the data only within specific procedures;
-store the data in such a way as to prevent unauthorised people from gaining knowledge of them;
-communicate the data following pre-established procedures and/or upon explicit authorisation of top po- sitions and, in any case, after having ensured that said specific data can be disclosed. In particular, Employees are bound to the utmost confidentiality with respect to information belonging to the Company that, in the specific context of their work, they have been authorised to process;
-ensure that there are no absolute or relative constraints on the releasability of information concerning Third
Parties linked to the Company by a relationship of any nature and, where appropriate, obtain their consent;
-associate the data in such a way that any person authorised to have access to them can easily draw as accurate, exhaustive and truthful a picture of them as possible.

10. HEALTH, SAFETY AND ENVIRONMENT
The Company’s activities are managed in full compliance with current legislation on pollution and occupational acci- dents and diseases.
Operational management is guided by criteria of environmental protection and efficiency while pursuing the impro- vement of health and safety conditions at work.

10.1 Health and safety
The Company is committed to providing a working environment that protects the health and safety of its personnel, considering this obligation a productive investment and a factor of growth and added value for the Company.

The Company is committed to disseminating and consolidating a culture of safety in terms of prevention, developing risk awareness and promoting responsible behaviour by all persons, who are ensured adequate information and trai- ning to guarantee full and punctual compliance with internal rules and procedures, and who are asked to promptly report any shortcomings or non-compliance with the applicable rules.

The Company’s objective is to protect its human resources, through a constant dialogue not only internally, but also in its relations with Third parties involved in the Company’s activities, as provided for by the regulations in force, also with a view to constantly improving the management of health and safety at work.

To this end, the Company, through the competent corporate functions, is attentive to the evolution of the applicable mandatory regulations and the organisational structure, and proposes measures due to:
-a continuous risk and criticality analysis of the processes and resources to be protected;
-reporting accidents and near misses;
-the conduct of training and communication interventions.

In particular, pursuant to occupational health and safety regulations, the Company:
-undertakes to apply to its organisational and functional structure the rules for the protection of occupational Health and Safety with the aim of reducing the risks for personnel in terms of accidents and occupational diseases. This objective is considered strategic for the Company, which intends to pursue it with a view to the continuous impro- vement of its operational management in synergy with the primary goal of optimising activities, reducing waste and diseconomies, and improving profitability;
-manages occupational Health and Safety measures as an intrinsic part of the organisation itself and of work planning, with the aim, in this way, of creating added value to its activities through staff qualification and continuous training;
-uses the Risk Assessment Documents as reference tools for its own prevention activities, drawing up safety proce- dures, operating instructions, and personnel training and education programmes on the basis of what is established in the Documents themselves, the punctual updating of which is ensured with the assistance and support of qualified resources adequate in terms of competence, experience and skills;
-ensures that the competent organisational units have adequate economic, financial and personnel resources by calling on external resources in all cases where there are no adequate competences within the Company;
-implements an adequate system of controls and supervision by identifying all the figures envisaged by Legislative Decree No. 81/2008 and the like, and by training and informing them in a manner appropriate to their responsibilities concerning the generic and specific risks of the work environment and of the activities being performed, so that an adequate and capillary prevention system is established.

10.2 Environmental protection
The Company recognises the protection of the environment as a primary value. To this end, it undertakes to guarantee the disposal of company waste in compliance with the regulations in force from time to time.

All recipients of this Model are asked to actively cooperate in environmental management and the continuous impro- vement of environmental protection, in line with the Company’s policy.

10.3 Security, protection and use of company assets
The Company’s corporate assets consist of tangible physical assets such as, for example, computers, printers, equi- pment, cars, buildings, infrastructure and intangible assets such as, for example, software, confidential information, know-how, professional knowledge developed and disseminated to and by Employees.

Security, i.e. the protection and preservation of these assets, is a fundamental value for the Company.

Each employee is personally responsible for maintaining this security by complying with the relevant company directives and preventing fraudulent or improper use of company assets.

The use of such assets by Employees must be functional and exclusive to the performance of company activities or for the purposes authorised by the company departments concerned.

11. Disciplinary proceedings and sanctions
All Recipients, insofar as they are required to comply with the relevant provisions, are also subject to the relevant sanctions in the event that they behave in breach of the relevant principles.

The penalty regime is differentiated according to the legal and employment position of the perpetrator of the mi- sconduct.

As a general rule, the legislative and contractual rules on sanctions and disciplinary proceedings for the offences re- ferred to in this Code, to be considered as integral parts of the Organisational Model, are contained in the document entitled Penalty System.

In relation to persons who have a subordinate employment relationship, violation of the Code Rules shall constitute a breach of the primary obligations of the employment relationship and therefore a disciplinary offence, with all the consequences provided for by law and by the collective agreement.

Without prejudice to the adoption of a supplementary company disciplinary code, the disciplinary system is to be understood as organised in compliance with the primary Rules and those laid down in collective bargaining, oriented according to principles of proportionality and marked by the right of defence pursuant to Article 7 of Law 300/70.

The applicable sanctions may be conservative but may also include, in the most serious cases, termination of employment.

In any event, compensation for pecuniary and non-pecuniary damage caused by the misconduct shall always be unaffected.

In the case of persons who are not employees, but are on management or control bodies, the penalty system may, in the most serious cases, provide for the termination of the existing relationship.

Third parties who cooperate with the Company in any capacity whatsoever will also be subject to sanctions in the event of violation of the principles set out in this Code. These may consist of a warning in the least serious of cases and take the form of termination of the contractual relationship for the most serious cases.

Even in such cases, any compensation for pecuniary and non-pecuniary damage caused by the misconduct shall always be unaffected.

Approved by the Board minutes dated 12 March 2024

Italian Legislative Decree no.231 of 08 June 2001

TABLE OF CONTENTS
1 FOREWORD
2 INTRODUCTION
3 DEFINITIONS
4 FOREWORD: LEGISLATIVE DECREE NO. 231 OF 8 JUNE 2001
5 THE ORGANISATIONAL MODEL OF GESSI SPA
6 STRUCTURE OF THE DOCUMENTATION CONTAINED IN THE 231 MODEL
7 RISK ANALYSIS 231
8 COMPANY ORGANISATION
9 SUPERVISORY BODY (S.B.)
10 CRIME PREVENTION PROCEDURES
11 PERSONNEL, TRAINING AND INFORMATION
12 DISCIPLINARY SYSTEM AND PENALTY MECHANISMS
13 GENERAL PRINCIPLES FOR PREVENTION AND CONTROL
14 DISSEMINATION OF THE MODEL
15 ADOPTION AND UPDATING OF THE MODEL
16 CODE OF ETHICS
17 RELATED DOCUMENTS

1. FOREWORD
GESSI S.p.A. was founded in 1990 by the Gessi family and today is a leading company in the field of sanitary tapware and bathroom accessories. Since its foundation, it has been pursuing its goals with the ability to embody the funda- mental values of efficiency and dynamism, as well as attention, reliability, integrity and humility.

These values cannot be such if they do not rest on the solid and deep foundations that GESSI has and which are represented by the ethical values that underpin its business model.

Ethics is a fundamental aspect in the conduct of business at all levels, and this approach, in full compliance with the law, adds value to the company and to relations with all stakeholders for whom GESSI intends to be a trustworthy partner over the time.

The Code of Ethics and, more specifically, the Disciplinary Code, represent the core of this Organisation, Manage- ment and Control Model (hereinafter referred to as the model) that GESSI has adopted, in accordance with Legislati- ve Decree No. 231 of 08 June 2001, in order to prevent the commission of offences within the company by directors, managers, employees and collaborators (hereinafter referred to as the Obligated Parties), and the consequent appli- cation of the penalties that GESSI S.p.A. may impose.

GESSI disseminates and makes available its model, code of ethics and code of conduct to the entire company, both internally and externally, including its subsidiaries, to all the Obligated Parties and, more generally, to all parties that have relations with GESSI, so that they can read it, assimilate its principles and comply with its prescriptions and rules of conduct.

Gian Luca Gessi
Chief Executive Officer of Gessi S.p.A.

2. INTRODUCTION
Gessi S.p.A. intends to adhere to the provisions defined in Legislative Decree No. 231/01, for this purpose the “gui- delines for the construction of organisation, management and control models pursuant to Legislative Decree No. 231/2001” of CONFINDUSTRIA, edition of 07 March 2014, are taken into consideration. Some passages of these gui- delines are proposed below in order to recall the basic concepts of the organisational model adopted.

Legislative Decree No. 231 of 08 June 2001 (hereinafter also referred to in the text as ‘Decree 231’) introduced into Italian law the liability of entities for offences resulting from the commission of a crime.

This is an autonomous system of liability, characterised by assumptions and consequences that are distinct from those for the criminal liability of natural persons.

In particular, the entity may be held liable if, prior to the commission of the offence by a person functionally con- nected to it, it had not adopted and effectively implemented organisational and management models capable of preventing offences of the kind committed.

As for the consequences, the establishment of the offence provided for in Decree 231 exposes the entity to the ap- plication of serious penalties, which affect its assets, image and activity itself.

Decree 231 provides for penalties for an entity that has failed to organise itself to avoid criminal phenomena within the company, when persons functionally referable to the entity have committed any of the offences indicated by the same decree.

It should be recalled that this new liability arises only when certain types of offences are committed by persons linked in various ways to the entity and only in the event that the offence is committed in the interest or to the advantage of the entity. Therefore, not only when the unlawful conduct has resulted in an advantage, whether patrimonial or not, for the entity, but also in the event that, even in the absence of such a concrete result, the offence is in the interest of the entity.

However, Article 6 of the provision provides for a form of ‘exoneration’ from liability for the entity if it proves, during criminal proceedings for one of the offences considered, that it has adopted and effectively implemented organisa- tion, management and control models suitable for preventing the commission of the criminal offences considered. The system provides for the establishment of a control body within the entity with the task of supervising the actual effectiveness of the model. Lastly, the rule establishes that trade associations may draw up codes of conduct, on the basis of which the individual organisational models are to be drafted, to be communicated to the Ministry of Justice, which has thirty days to submit observations.

3. DEFINITIONS
Sensitive Area and Activities
Specific corporate activities potentially at risk of committing offences relevant to the Decree, the coordinated com- bination of which may constitute a Sensitive Area (e.g., a sensitive activity is the collection of information by the Ad- ministrative Function from other corporate Functions for the preparation of the financial statements which, together with other activities coordinated with it, contributes to forming the Sensitive Area of the Preparation of Financial Statements which is relevant for the purposes, inter alia, of the offence of false corporate communications).

BoD
The Board of Directors of Gessi S.p.A

Code of Ethics and Conduct
The Code of Ethics and Conduct (hereinafter also referred to as the Code of Ethics or the Code) is the document that sets out the corporate principles and general rules of conduct to be followed by all Recipients, with a view to a business activity characterised by ethics.

Decree
Legislative Decree No. 231 of 8 June 2001, as amended, which introduced into the Italian law the regulation of ad- ministrative liability arising from offences committed by legal persons, companies and associations, including those without legal personality.

Recipients
Persons, including third parties, to whom the Organisational Model is addressed, and more specifically (i) members of the Board of Directors, (ii) members of the Board of Statutory Auditors, (iii) members of the Supervisory Body, (iv) employees of all ranks, qualifications, levels, whether permanent or fixed-term (v) trainees, temporary workers and the like, (vi) third parties in general, who have business relations with the Company, whatever their content and purpose (e.g. commercial or financial partners, consultants, suppliers, agents and mandatees in general, etc.).

Information flows to the S.B.
This is the document, forming part of Gessi S.p.A.’s Model, which illustrates i) the information, communications and documentation that must be transmitted to the Supervisory Body, ii) the persons required to transmit them and iii) the relevant deadlines.

Top managers
Top managers are considered to be those persons who hold functions of representation, administration or manage- ment of the Company or of one of its Departments with financial and functional autonomy, or who exercise, even de facto, the management and control thereof.

Secondary staff
Secondary staff includes all persons working within the company under the direction or supervision of top managers.

Gessi Group or Gessi
Companies belonging to the Gessi Group and in particular all those companies under Italian law directly and/or in- directly controlled by Gessi S.p.A.

Mapping of powers
Mapping of Powers is the document forming part of Gessi S.p.A.’s Model that describes the system of delegation of powers within the Company, also listing which persons can commit the Company towards third parties and within what limits.

Model and/or Manual
Organisation, management and control model pursuant to Articles 6 and 7 of the Decree instrumental to the preven- tion of offences adopted by Gessi S.p.A.

S.B.
Supervisory Body provided for in Article 6 of the Decree with the task of supervising the operation of and compliance with the Model, its knowledge within the Company and its updating.

General section
This is the document forming part of the Gessi S.p.A. Model, which describes the Model itself and illustrates in par- ticular:
-the reference regulatory framework;
-the criteria and activities carried out for the construction of the Model;
-the general principles and founding elements of the Model;
-the structure of the Model and the documents that form an integral part thereof;
-the modalities for the appointment and functioning of the S.B., with specification of the relevant powers, tasks and information flows;
-the methods of dissemination and communication of the Model;
-the criteria for adapting and updating the Model;
-the structure of the penalty system.

Special section: protocols for the prevention of offences
This is the document forming part of the Gessi S.p.A. Model, which describes:
-the types of offences referred to in the Decree that the Company has decided to take into consideration on the basis of the characteristics of its business and the relevant risk profiles;
-the Areas and Activities sensitive to the commission of the aforementioned offences;
-the organisational structures involved in the sensitive Areas and Activities identified;
-the control instruments adopted by the Company, i.e. the set of principles, rules and control procedures aimed at preventing the commission of offences.

Public administration or PA
For the purposes of the Model, the expression ‘Public Administration’ refers to that group of authorities, bodies and agents to which the legal system entrusts the care of public interests. They are identified as:

-national, community and international public institutions, understood as organisational structures whose task is to pursue the satisfaction of the interests of the community by legal means; this public function also qualifies the acti- vity performed by members of the Commission of the European Communities, the European Parliament, the Court of Justice and the Court of Auditors of the European Communities;
-public officials, i.e. those who exercise a public legislative (production of legal rules), judicial (exercise of jurisdictio- nal power), administrative (characterised by the formation or manifestation of the will of the public administration or by its execution by means of authoritative or certifying powers) function (Article 357 of the criminal code);
-persons in charge of a public service, i.e. those who perform an activity regulated in the same manner as a public function, but characterised by the lack of the powers typical of the latter (Article 358 of the criminal code).

Predicate offence
Criminal offence referred to by the Decree, the commission of which determines, in the cases provided for by the Decree, the administrative liability of the entity.

Manager of a Sensitive Area
Person entrusted with the responsibility for a sensitive area in relation to any activity potentially exposed to the risk of offences being committed and, as such, also subject to checks carried out by the Supervisory Body.

Penalty System
This is the document, forming part of the Gessi S.p.A. Model, which regulates procedures, principles of conduct, spe- cific penalties and the relative methods of infliction, in the event of violation or non-compliance by the Recipients of obligations, duties and/or procedures provided for by the Model and/or the Code of Ethics.

Operator
Person involved in the performance of a Sensitive Activity.

Gessi S.p.A. or the Company
Gessi S.p.A., headquartered in Parco Gessi 13037, Serravalle Sesia (VC), Italy, VAT and tax code 02235360027 - Eco- nomic Administrative Index: VC-184137

Whistleblowing Policy
This is the internal document, forming part of the Gessi S.p.A. Model, which integrates, without modifying or replacing them, the procedures for reporting to the Supervisory Body and the relative powers of control for matters within its competence, in implementation of Article 6, paragraph 2-bis let. a) and b) of Legislative Decree No. 231/2001. It de- scribes the process and communication channels to be used for sending, receiving, analysing and processing reports of unlawful conduct and violations of the Model within Gessi and applies to all the persons referred to in Article 5 paragraph 1 let. a) and b) of Legislative Decree No. 231/2001.

4. FOREWORD: LEGISLATIVE DECREE NO. 231 OF 8 JUNE 2001
The Decree introduced into the Italian law the regulation of administrative liability arising from offences committed by legal persons, companies and associations, including those without legal personality.

Pursuant to this legislation, an entity may be held directly liable and sentenced to one of the penalties provided for in the aforementioned regulations (i.e. pecuniary penalties and disqualifications, in addition to confiscation and pu- blication of the sentence), if a person, whether senior or junior, has committed or attempted to commit one or more predicate offences, in the interest or to the advantage of the Company itself.

The objective prerequisite for the administrative liability of entities is that one of the offences set out in the Decree must have been committed. The liability of the entity, however, remains independent of the personal criminal liability of the perpetrator of the offence, meaning that the offence of the entity does not cease even if the perpetrator is not punished for reasons other than the non-existence of the offence itself.

The commission of a criminal offence, in order for the court to recognise the liability of the company, must fall within the sphere of the entity on the basis of precise connecting links:

-there must be a functional link between the perpetrator of the offence and the entity, which is liable for offences committed by persons who, de facto or de jure, have a representative, administrative or managerial role in the entity or in one of its autonomous departments (so-called senior managers), or by subordinates subject to management or supervision of senior managers;
-there must be an instrumental relationship between the offence and the entity’s activity, meaning that the offence must have been committed in the interest or to the advantage of the entity, whose liability is excluded when it was committed in the exclusive interest of the perpetrator or of third parties.

The Decree also provides for a mechanism of exemption from liability.

This system operates differently when:
a) the offence is committed by a senior manager or by persons who hold functions of representation, administration or management of the Entity, or of one of its departments with financial and functional autonomy, as well as by per- sons who exercise, also de facto, the management and control thereof;
b) the offence is committed by persons subject to management of others.

In the first case, even if there are elements constituting the offence, the entity may be exempt from liability if it proves that:
-the governing body has adopted and effectively implemented, prior to the commission of the offence, organisational and management models pursuant to the Decree suitable for preventing offences of the kind committed (the Model);
-the entity has set up a body with autonomous powers of control (S.B.) entrusted with: i) supervising the functioning of the Model, ii) monitoring its compliance, iii) supervising its updating;
-the offence was committed by fraudulently circumventing the Model and the supervisory activity of the Company’s S.B.;
-there was no lack of supervision on the part of the Supervisory Body (failure to supervise).

In the second case, the Company’s liability will be recognised when it is proven that the commission of the offence was made possible by the fact that persons in senior positions did not sufficiently observe the obligations of mana- gement and supervision.

In short, the liability of entities exists in those cases in which a company has set up a business organisation that is culpably negligent and careless, lacking adequate supervision, control rules and operating procedures, such as to facilitate the perpetration of criminal conduct, which can be traced back to the commission of a predicate offence within its structure.

Therefore, the drafting and adoption by the Company of an Organisational and Management Model pursuant to Le- gislative Decree No. 231/2001 meets the need to prevent the perpetration of the predicate offences and, should this occur, to prevent this action from being attributable to organisational fault.

In this perspective, Gessi’s Model is intended to be characterised by efficiency and effectiveness, so that, within the scope of the company’s activity, no one can commit one of the indicated offences if not by eluding, voluntarily and fraudulently and with all the responsibilities of the case, also towards the Company, the protocols provided for by the Model and the supervisory activity of the Company’s Supervisory Body.

Among the offences indicated by the Decree, however, only a few may concretely concern the Company’s activity; it is therefore with reference to these cases that the Model must compare its preventive effectiveness.

In order to identify the relevant offences, the Company has conducted an in-depth risk analysis focused on all deci- sion-making and operational processes in order to identify which areas are subject to the risk of predicate offences being committed and to define which of them may actually be committed.

The offences examined, and the essential rationale for their examination and selection, are listed in the following do- cument entitled: ‘Special Section: Protocols for the Prevention of Offences’.

5. THE ORGANISATIONAL MODEL OF GESSI SPA
The Company, having acknowledged the legislation and its significance, has shared the need expressed by the Law- maker to implement crime prevention systems, and is also aware of the fact that ethics is an essential element for any company that intends to operate correctly and on a long-term basis. This need is particularly evident for a company like Gessi, which acts as a State authority. Gessi Spa has therefore intended to draw up and adopt a Model, setting up an internal control system to prevent the commission of offences by all its Recipients.

To this end, although the adoption of the Model is provided for by law as optional and not mandatory, the Company, in accordance with its corporate policies, adopted the Model for the first time with a resolution of the Board of Directors on 30 January 2013 and with the same resolution established the internal control body, i.e. the Supervisory Board, giving it the relevant powers.

The Model, in its preventive function, is addressed both to persons operating inside and outside the Company, on the sole condition that they find themselves operating in conditions and situations in which they may, by their conduct, create conditions likely to engage the liability of Gessi Spa.

Among others, its primary recipients are the persons who hold functions of representation, administration or mana- gement of the Company, in its various articulations, as well as those who exercise, also de facto, the management and control of the Company, or of Departments endowed with financial and functional autonomy.

On the one hand, they operate under conditions that make it easier for them to engage the liability of the Company with their own conduct and, on the other hand, these ‘senior’ managers, in addition to being directly obliged to re- spect and actively comply with the Model, ensure its observance by those under their management or supervision.

The Model is intended to and must be observed by all Recipients and requires compliance with its general principles (in particular the principles of ethics and conduct set out in the Code of Ethics) also by third parties working with the Company.

This document defines the general criteria for identifying senior managers, subordinates and third parties in general, in order to identify the rules and regulations specifically applicable to each of them to the extent that they are diffe- rentially applicable.

It should be recalled that it may also be a source of liability for the Company if one of the offences referred to in the Decree is committed in the territory of a foreign state. The Recipients must therefore follow the prescriptions outlined in this Model even if the Company operates outside Italian territory or with non-Italian subjects.

The Company controls or holds interests in companies, which are intended to operate in various fields and have ope- rational and management autonomy.

The operations of the aforesaid companies, the Company’s relations with them and the conduct of the functions and persons assigned therein must be continuously monitored; in particular, the companies themselves must autonomou- sly provide for the adoption of their own organisational model, in accordance with the guidelines prepared by the Company, and in any event comply with the rules of conduct adopted and applied by the Company.

For the purposes of preparing this Model, the Company has proceeded to design and elaborate its original version, taking into account the necessary links with the Group when drafting it, while maintaining its own specificity.

Specific reference has also been made to the articulated control system that already constitutes an adequate di- rection given to the Company’s activities.

The Company has also taken due account of the regulatory requirements of the Decree, of group policies (group ethical principles) and made reference to the Guidelines drawn up by the main trade associations (e.g. Confindustria, etc.), while maintaining a specificity also linked to the particular activities performed by the Company.

Subsequently, the Model will be subject to continuous updating and improvement processes, in line with the evo- lution of the reference legislation and jurisprudential orientations; with the changes that have occurred in the Com- pany’s business, organisation and corporate processes; and in light of the reference guidelines.

In the process of updating and continuous improvement of the Model, account shall also be taken of the findings and suggestions emerging from the outcome of supervisory and monitoring activities on the effectiveness and correct application of the control tools adopted by the Company.

6. STRUCTURE OF THE DOCUMENTATION CONTAINED IN THE 231 MODEL
The documentation produced by the Organisational Model adopted by Gessi S.p.A. is managed in accordance with the procedure PR 42-01 “Document and data management”, which regulates GESSI S.p.A.’s documentation more generally

The architecture of the organisational model documentation is schematically represented in the figure above.The general requirements, values and rules of conduct are defined at various levels of detail in the two codes: code of ethics, and supplier code of ethics. They represent the first step in the definition and development of the Organisational model.

The Risk Assessment is a process involving all corporate functions at various levels, aimed at identifying, describing and assessing the risks of individual offences being committed.

Organisation chart and job description describe the hierarchical order and responsibilities of each corporate fun- ction.

The Organisational Model is described in this Organisational and Control Model Manual.

The Crime Prevention Procedures describe the correct performance of tasks and processes, they define reporting and Information flows to the Supervisory Board.

The Penalty system, expressly provided for in the regulation at issue, considers penalties for individuals (at all levels) who do not comply with the provisions of the organisational model.

Pursuant to Article 6, paragraph 2-bis let. a) and b) of Legislative Decree No. 231/01, an internal document was also prepared, the so-called Whistleblowing Policy, which describes the process and communication channels to be used for sending, receiving, analysing and processing reports of unlawful conduct and violations of the Model within Gessi and applies to all persons referred to in Article 5 paragraph 1 let. a) and b) of Legislative Decree No. 231/2001.

6.2 The Code of Ethics and Rules of Behaviour and Conduc
All Recipients, as part of their functions and responsibilities, shall carry out their activities with honesty, integrity, fair- ness and good faith, in compliance with all applicable legal regulations of the Italian legal system, including the appli- cable EU regulations, as well as in compliance with the Company’s Code of Ethics and the procedures identified in this Model. All those who work and operate in and for the Company are required to observe and enforce these principles as part of their functions and responsibilities.

Inspiring one’s work to the principles of the Model and the Code of Ethics is an essential element of work performance.

The members of the Board of Directors in setting business objectives are inspired by the principles of the Company’s Code of Ethics, in compliance with the provisions of this Model.

None of the Recipients is authorised to pursue any business objective in violation of the laws in force, in particular by using the Company’s or their own means and assets.

Also, any third parties that have relations with the Company are expressly required to comply with the Code of Ethics and the principles of conduct of the Company. In the event of non-compliance, the contractual penalties provided for in the Model shall apply.

All actions, operations, transactions and activities carried out by the Company and its agents on its behalf must be:
-Verifiable, traceable, documented, consistent and congruent, based on documentable and complete information;
-Legitimate, respectful of rules, procedures and regulations, and in compliance with the provisions of the Model and respectful of the principle of separation of the various corporate functions;
-Open to objective analysis and verification, with punctual identification of the persons and corporate functions invol- ved and with separation between decision-making, executive and control functions, so that the differentiation of roles contributes to making it less likely that unlawful conduct will materialise that cannot be detected in the interrelation between the different functions.

6.3 Manual of the Management System 231
-Manual 231 constitutes the main document for describing, making known and verifying the Management System adopted by GESSI S.p.A.. It describes and/or refers to:
-The general principles defined by the Guidelines for the construction of organisational, management and control models pursuant to Legislative Decree No. 231/2001 of Confindustria
-The code of ethics and the general principles for defining the Objectives of compliance;
-the structure of the organisation and the definition of responsibilities;
-the description of the Integrated Management System including all the elements and requirements that are part of it;
-the operating methods adopted by GESSI S.p.A. with reference to the Management System procedures and their contents.

Manual 231 is an integral part of Gessi S.p.A.’s corporate documentation and is therefore part of the rules for mana- ging documentation, in particular Gessi Procedure 42.01 ‘Document and data management’. The rules include:
-drafting, with the collaboration of all relevant corporate functions;
-issue;
-distribution;
-updating according to the indications received;

The Board of Directors of Gessi approves Manual 231.
The Company shall inform all Recipients of the Manual and the Code of Ethics, of their existence and train them on their contents.

The competent departments, in coordination with the other corporate functions and with the Supervisory Body, will promote initiatives for the dissemination and knowledge of the Manual and Code of Ethics and for the consequent training also with reference to any amendments and/or updates thereof.

Manual 231 is distributed according to a distribution list that includes:
-Internal Distribution;
-External distribution (if required);

In any case, the Manual is available on the corporate intranet for employees and the General Section and the Code of Ethics on the corporate website for all those who come into contact with the Company.

The copies distributed are divided into:
-Copies subject to updating;
-Copies not subject to updating.
Only those copies that are subject to updating are distributed in controlled form and thus kept constantly up-to-date

6.5 Document and Data Control
The activities are defined in detail in company procedure PR 42-01 ‘Document and data management’, with regard to the 231 system, document and data control covers:

Planning Documents: all documents containing the prescriptions of the 231 System belong to this category:
-Manual 231,
-Code of Ethics,
-Code of Ethics for suppliers,
-Risk identification and assessment,
-Penalty system,
-Prevention procedures.

Registration Documents all documents constituting records, reports, lists or anything else required by the prevention procedures. Records are kept in order to demonstrate, even after a period of time, the conformity of the Organisa- tional system.

Documents of External Origin: all documents of external origin such as reports from the board of auditors, etc. are acquired, managed and stored internally as normal records.

6.6 Adapting and updating the Model

The adoption and effective implementation of the Model constitute, by express legislative provision (Article 6, para- graph I, let. a) of the Decree No. 231/2001), a responsibility of the Governing Body.

Therefore, the power to update the Model, and its subsequent amendments and additions, is entrusted to the Board of Directors of the Company, which shall make use of the experience and indications of the Supervisory Board, except as expressly provided below.

Any necessary amendments and additions to the sections of the Model consisting of:
-Special section: protocols for the prevention of offences;
-Annex on mapping of powers

may also be made by the Chief Executive Officer or the Chairman, after consulting the Supervisory Board, who shall report to the Board of Directors.

The Company, in a dynamic perspective and with a view to constantly updating the Model, is committed to adapting
and amending this Document depending on:

• Legislative novelties with reference to the regulation of the liability of entities for administrative offences;
• Significant changes in the organisational structure or business sectors of the Company;
• Significant violations of the Model and/or outcomes of audits on its effectiveness and in any case on the basis of application experience.

Amendments to this Model shall be duly brought to the attention of the Recipients under the supervision of the Su- pervisory Body.

7. RISK ANALYSIS 231
The Company has identified, among the offences provided for in the Decree, those whose commission is at risk in relation to its activities, while identifying the Sensitive Areas and Activities.

Gessi S.p.A. conducted, according to the scheme defined in CONFINDUSTRIA’s guidelines, a risk identification and analysis activity that, starting from the company context and processes, highlights how events detrimental to the objectives of the organisational model may occur, in particular the commission of offences indicated as predicate offences.

The risk analysis was performed by an interdisciplinary working group appointed by the Chief Executive Officer of Gessi S.p.A.

The analysis, for each process, activity and for each predicate offence, concerned the probability that the event might occur and the probability of occurrence was then defined according to the scoring scheme as follows:

The analysis is repeated periodically and always on the occasion of legislative changes, company organisational changes, changes to production and structural processes, etc. The analysis covers the following aspects:
-applicability of a given event
-likelihood of occurrence
-company changes
-legislative amendments with particular reference to the introduction of new predicate offences.

1- Mapping of the so-called “sensitive” activities, with examples of possible methods of commission of offences and instrumental processes in which context, in principle, the conditions and/or means for the commission of the offences indicated by the Decree may exist.
2-The forecast of specific controls (as explained in the following Special Sections of this Model) in support of instrumental processes deemed exposed to the potential risk of commission of offenices.
3-The establishment of a Supervisory Body, with attribution of specilic tasks on the effective implementation and effective application of the Model.
4-The adoption of a penalty system (as explained in the Fourth Paragraph of the Ge- neral Section of this Model) intended to ensure the effective implementation of the Model and containing the applicable disciplinary measures In case of vigation of prescriptions contained in the Model.
5-The performance of an information and training activity on the contents of this Model (as better detailed in the Fifth Paragraph of the General Section).

8. COMPANY ORGANISATION
The company organisation of Gessi S.p.A. is articulated and adapted to its size and activities.
The organisational chart, including the hierarchical reporting lines for the various positions, both subordinate and staff, is graphically described in the corporate organisational chart. The organisational chart is annexed to this manual and can be updated independently of the updating of the 231 manual. The responsibility for updating the organisa- tional chart lies with the personnel management, after consultation with senior management.

The definition of the responsibilities and authorities of the individual corporate functions is described in the job de- scription. The job description is an annex to this manual and can also be updated by the personnel management. The contents of the job description cover the description of normal work activities, the responsibilities of each function and the authority derived from it.

The job description may contain specific responsibilities with regard to the prevention activities of the predicate offences within the framework of the corporate organisational model. In particular, the specific responsibilities are defined in the individual prevention procedures with which each employee must comply.

Of particular interest is the company’s organisational scheme aimed at protecting health and safety in the workplace in accordance with the relevant laws.

In addition, for the identification of specific responsibilities of corporate figures, please refer to the Integrated mana- gement system manual, which defines, inter alia, the organisational aspects regarding:
-quality systems (ISO 9001),
-health and safety management system (ISO 45001),
-environmental management system (ISO 14001),

9. SUPERVISORY BODY (S.B.)
9.1 Foreword

As we have seen, Article 6 of Legislative Decree No. 231/2001 provides that the company may be exonerated from liability resulting from the commission of the offences indicated if the governing body has, inter alia:
a) adopted organisation, management and control models suitable for preventing the offences at issue;
b) entrusted the task of supervising the functioning, effectiveness, compliance, dissemination of knowledge and updating of the Model to a body of the entity endowed with autonomous powers of initiative and control (hereinafter the S.B.).

The entrusting of these tasks to the Supervisory Body and, of course, the proper and effective performance of these tasks are, therefore, indispensable prerequisites for exemption from liability, whether the offence has been committed by ‘senior’ managers (expressly provided for in Article 6) or by subordinates under the direction of others (as provided for in Article 7). Article 7 paragraph reiterates that the effective implementation of the Model requires, in addition to the establishment of a disciplinary system, its periodic verification, obviously by the body appointed for this purpose.

According to the foregoing, one can see the importance of the role of the S.B., as well as the complexity and onerou- sness of the tasks it has to perform.

In order to correctly configure the S.B., it is necessary to carefully assess the tasks expressly conferred upon it by law, as well as the requirements it must meet in order to adequately perform its duties.

9.2 Identification of the supervisory body
9.2.1 Composition of the supervisory body

The rules under review do not provide any indication as to the composition of the supervisory body. This means that it may consist of one or more persons.
In case of more persons, people from inside and outside the organisation may be called upon to be members of the Supervisory Body, provided that each of them meets the requirements.
Gessi considered it appropriate to entrust the function of the Supervisory Body to a collegiate body of three mem- bers. The Supervisory Body currently in office is a collegiate body, in line with what is suggested by the reference guidelines on the basis of the consolidated case law on the composition and characteristics of supervisory bodies pursuant to Legislative Decree No. 231/2001.

9.2.2 Characteristics, functions and powers of the supervisory body

9.2.2.1 Characteristics of the S.B.

Gessi S.p.A. states that:
-the activities carried out by the Supervisory Body may not be reviewed by any other corporate body or structure, it being understood, however, that the governing body is in any case called upon to supervise the appropriateness of its action, since the management body bears ultimate responsibility for the functioning (and effectiveness) of the organisational model;
-the Supervisory Body has free access to all the functions of the Company - without the need for any prior consent
-in order to obtain any information or data deemed necessary for the performance of its tasks under Legislative Decree No. 231/2001;
-the Body may avail itself - under its direct supervision and responsibility - of the assistance of all the structures of the Company or of external consultants.

In the context of the procedures for the formation of the corporate budget, the management body approves an ade- quate allocation of financial resources, proposed by the Body itself, which the Body may use for any need necessary for the proper performance of its tasks (e.g. specialist advice, business trips, etc.).
The Company considers it particularly important that the choice of the members of the S.B. is made in full compliance with the indications of the Decree and the guidelines of the main trade associations. In this regard, the Company, in selecting possible candidates for the role and in defining the function as outlined in this Model, pays particular attention to the principles of:
-autonomy;
-independence;
-professionalism;
-integrity;
-continuity of action.

The requirements of Autonomy and Independence are preserved by preventing the members of the Supervisory Bo- ard from being assigned responsibilities and/or operational tasks in business or staff processes relevant to the Model and the Controls.

The interpretation of these requirements has led to many doubts and perplexities. It is clear that, for example, the payment of remuneration to a person, whether internal or external to the entity, for the activity in question does not constitute ‘dependence’.

The requirements must be understood in relation to the functionality of the S.B. and, in particular, to the tasks assi- gned to it by law. The position of the S.B. within the entity must guarantee the autonomy of the control initiative from any form of interference and/or conditioning by any component of the entity (and in particular by the governing body). These requirements are ensured by the inclusion of the S.B. in question as a staff unit in a hierarchical position as high as possible and by providing for the “reporting” to the highest corporate operational top management or ra- ther the Chief Executive Officer of Gessi S.p.A. or to the Board of Directors as a whole in the case of facts concerning the Chief Executive Officer.

With reference to the S.B. with multi-member composition, Gessi complies with the requirement of autonomy and independence both with reference to the Body as such and to its members individually considered.

In terms of Professionalism, the Company pursues the achievement and protection of the objective by selecting persons with corporate and control skills, with specific experience or training in carrying out inspection and control activities as well as risk assessment and prevention, and with appropriate legal skills.

This connotation refers to the baggage of tools and techniques that the S.B. possesses in order to effectively perform the assigned activity. These are specialised techniques peculiar to those who perform ‘inspection’ activities, but also consultancy in analysing control systems and activities of a legal nature, with particular regard to criminal law issues.

With regard to the inspection and analysis of the control system, reference is clearly made - by way of example - to statistical sampling; risk analysis and assessment techniques; measures for their mitigation (authorisation procedu- res; mechanisms for the juxtaposition of tasks; etc.); interview techniques and questionnaire processing; etc.. These techniques can be used ex post, in order to ascertain how an offence of the types under consideration could have occurred and who committed it (inspection approach); or in advance, in order to adopt - at the time of designing the Model and any subsequent amendments - the most appropriate measures to prevent, with reasonable certainty, the commission of such offences (consultancy approach); or, again, currently to verify that day-to-day conduct actually complies with those codified.

With reference, on the other hand, to legal competences, it should not be forgotten that the regulation in question is in essence a criminal regulation and that the purpose of the S.B.’s activity is to prevent the commission of offences.

Therefore, knowledge of the structure and manner in which offences are committed is essential., which can be ensu- red by using external advice.

In this regard, as concerns occupational health and safety issues, the Supervisory Body must make use of all the resources activated for the management of the relevant aspects (as mentioned, RSPP - Head of the Prevention and Protection Service, ASPP - Prevention and Protection Service Managers, WSR - Workers’ Safety Representative, MC
-Occupational Physician, first aid officers, fire emergency officer).

The requirement of Continuity of Action must always be considered to be expressed by multiple factors such as: effectiveness and concreteness of verification and monitoring activities; frequency and consequentiality of sessions that meet the need to be held in sufficient number to oversee all the sensitive processes identified and to maintain a continuous control of follow-up activities.
In order to be able to guarantee the effective and constant implementation of a model as articulated and complex as the one outlined, it is necessary to have a structure dedicated exclusively to the Model without operational tasks that could lead it to take decisions with economic and financial effects.

This does not exclude, however, that this structure may also provide, as already mentioned, advisory opinions on the construction of the Model, so that it is not already born with weaknesses or flaws with reference to the offences that are intended to be avoided: advisory opinions, in fact, do not affect the independence and objectivity of judging specific events.

In order to ensure the effective fulfilment of the described requirements, it will be appropriate for members to pos- sess, in addition to the professional skills described, formal subjective requirements that further guarantee the auto- nomy and independence required by the task, in particular:
-integrity,
-absence of conflicts of interest,
-absence of family relationships with corporate bodies and senior management,
-absence of final judgements for predicate offences.

The requirements of autonomy, integrity and professionalism are consistent with the various professional competen- ces that contribute to the control of corporate management in the traditional corporate governance model (e.g. a non-executive or independent director; a member of the Board of Statutory Auditors; the person in charge of internal control).

At the time of the formal adoption of the Model, therefore, the governing body shall:
-regulate the main aspects relating to the functioning of the Body (e.g. appointment and removal procedures, term of office) and the subjective requirements of its members;
-inform the structure of the tasks of the Body and its powers, possibly providing for penalties in the event of non-co- operation.

The Supervisory Body is endowed with all the powers necessary to ensure timely and efficient supervision of the operation of and compliance with the Organisational model adopted by the company, in accordance with Article 6 of Legislative Decree no. 231/2001

Ineligibility and disqualification
Without prejudice to the assessment by the Board of Directors as set out below, no person may be appointed as a member of the Supervisory Board and, if appointed, shall be removed from office if:
-has conflicts of interest, even potential ones, with the Company;
-holds, directly or indirectly, significant shareholdings in the Company within the meaning of Article 2359 of the Civil
Code.
-performs administrative functions with delegated powers or executive functions at the Company;
-is holder, directly or indirectly, of shareholdings of such a size as to entail control or significant influence over the Company;
-is in the legal condition of being disqualified, incapacitated, bankrupt or sentenced to a punishment entailing di- squalification, even temporary, from public office or incapacity to exercise executive office;
-has been convicted or has agreed to the application of the penalty pursuant to Articles 444 et seq. of the Code of Criminal Procedure, without prejudice to the effects of rehabilitation, in relation to one of the offences set out in the Decree or to offences of the same nature (in particular, offences against property, against the Public Administration, against public faith, against public order, tax offences, bankruptcy offences, financial offences; etc.);
-has criminal convictions or other penalties in foreign countries for offences corresponding to those referred to
above.

The Supervisory Board shall promptly notify the Board of Auditors and the Board of Directors of the occurrence of grounds for disqualification.

If one of the above-mentioned grounds for disqualification applies, the Board of Directors, having carried out the appropriate checks, having heard the person concerned and the other members of the Supervisory Body, and after obtaining the favourable opinion of the Board of Statutory Auditors, must adopt, by absolute majority, the measures it deems appropriate until the member’s disqualification is declared.

In the event that the Supervisory Body is also composed of members belonging to the Board of Auditors, the prior hearing of the Board of Auditors shall be held only with regard to those members of the Board who are not members of the Supervisory Body.

The resolution of disqualification must be communicated to the Shareholders’ Meeting at the earliest opportunity.

Suspension
The Board of Directors, having heard the Board of Auditors and the other members of the Supervisory Body, may order the suspension from office of the member of the Supervisory Body who:
-was sentenced for an offence other than those for which revocation is provided for;
-was temporarily subject to a preventive measure;
-was subject to a precautionary measure of a personal nature.

In the event of the application, as a precautionary measure, of one of the disqualification measures laid down in the Decree, the Board of Directors, after hearing the person concerned and the other members of the Supervisory Body, subject to the favourable opinion of the Board of Statutory Auditors, must adopt by absolute majority the measures it deems appropriate, after having obtained the appropriate information, assess the existence of the conditions for suspending the member of the Supervisory Body.

Removal
The following constitute grounds for removal from office as a member of the Supervisory Body:
-significant breaches of the mandate conferred, with regard to the tasks indicated in the Organisational Model;
-breach of the obligations set out in the Supervisory Body’s Regulation, where adopted;
-absence from three or more meetings, even if not consecutive, without a justified reason within a period of twelve consecutive months;
-the occurrence of circumstances that seriously and justifiably impair the member’s independence or autonomy of judging;
-an irrevocable conviction of the Company pursuant to the Legislative Decree or a judgement applying the penalty at the request of the parties, which has become final, where the documents show an “omitted or insufficient supervision” by the Supervisory Body, pursuant to Article 6 paragraph 1, let. d of the Decree;
-breach of confidentiality obligations.

If one of the above-mentioned grounds for removal applies, the Board of Directors, having carried out the appropriate checks, having heard the person concerned and the other members of the Supervisory Body, and after obtaining the favourable opinion of the Board of Statutory Auditors, must adopt, by absolute majority, the measures it deems appropriate until the member’s removal is declared.

Activities of the Supervisory Body
The activities of the Supervisory Body must be continuously tracked and traceable, not only by means of detailed minutes of the meetings, but also by systematically keeping the working papers, which must always be identifiable even ex post.

Lastly, where the members of the Supervisory Body are all external to the Company, a delegate of the Management must always be appointed, who has the necessary professional requisites to support the action of the Supervisory Body and stimulate its action.
In particular, the delegate shall:
-Assist the Supervisory Body in its meetings;
-Coordinate periodic information flows;
-Stimulate urgent communications in relation to relevant facts that need to be investigated;
-Coordinate training initiatives;
-Support the activities of revising and updating the Model;
-In general, support the supervisory activities of the Supervisory Body and encourage its meetings with other corporate control functions in order to ensure the sharing of information and the results of auditing activities.

The Supervisory Body, in the performance of its duties, shall be bound by an obligation of confidentiality towards third parties and, in any case, may not use the information it becomes aware of for purposes other than those of its office.

In particular, and in fulfilment of the indications set out in the preceding paragraphs, the Company has appointed by resolution of the Board of Directors a Supervisory Body in collegiate form.

The term of office of the Supervisory Body is three years and runs until the date of approval of the draft annual ac- counts by the Board of Directors.

In accordance with the principle of autonomy, the Supervisory Body drew up its own regulations governing its acti- vities both internally and with the Company itself, delivering a copy to the Chief Executive Officer for the necessary coordination.

The Supervisory Body office is located at the registered office in Serravalle Sesia (VC), Italy.

The e-mail boxes of the members of the Supervisory Body may be used for the communication of information flows under this Model.

Also, a budget was allocated to the Supervisory Body, by the resolution of the Board of Directors that adopted this Model, that it may manage for the exclusive needs of its office.

9.2.2.2 Functions of the Supervisory Body
The Supervisory Body is endowed with all the powers necessary to ensure timely and efficient supervision of the operation of and compliance with the Organisational model adopted by the company, in accordance with Article 6 of Legislative Decree no. 231/2001, and specifically for the performance of the following tasks:

a) supervision and control of the adequacy of the Model, i.e. verification of the efficiency and effectiveness of the Organisational model adopted and of its actual suitability with respect to preventing and impeding the commission of the offences provided for by Legislative Decree No. 231/2001;
b) verification of compliance with the methods and procedures laid down in the Organisational Model and detection of any behavioural deviations that may emerge from the analysis of information flows and reports to which the mana- gers of the various functions are subject;
c) formulation of proposals to the governing body for any updates and adjustments to the adopted Organisational Model, to be carried out by means of amendments and/or additions, both with reference to sensitive Areas and Acti- vities and to the management of the risk of offences being committed, and updating of the relevant procedures set out in the Special section: protocols for the prevention of offences and operating instructions, which may become necessary as a result of:
*significant violations of the requirements of the Organisational Model;
*significant changes to the internal structure of the Company and/or the manner in which the business activities are carried out;
*regulatory amendments;
d) detection and reporting to the governing body, for the appropriate measures, of those ascertained violations of the Organisational Model which may emerge from the analysis of the information flows, from the reports received as well as from the scheduled or spot checks and which may entail the emergence of a liability for the entity.
As concerns points c) and d), and more generally, all meetings with corporate bodies to which the Supervisory Body reports are documented by means of meeting minutes. A copy of the documentation is kept by the Supervisory Body.
e) proposals, to the Recipients, to issue directives for the execution and application of the procedures;
f)proposals to raise the awareness of the Recipients with regard to any issues concerning the administrative liability of Entities;
g)monitoring the adequate training and constant information of personnel with regard to the principles and prescrip- tions contained in the Model;
h) collection, examination, processing and storage of information and reports provided by the Recipients of the Mo- del;
i) drawing up an information report, on at least an annual basis, to be communicated to the Board of Directors, on the verification and control activities carried out, on the effectiveness and efficacy of the Model, and on the outcome of the same, where necessary pointing out the need for amendments and/or improvements;
l) transmission of the report referred to in point above also to the Board of Auditors.

The Supervisory Body is at the disposal of each Recipient to provide clarifications or explanations concerning possi- ble doubts concerning the Model or situations connected with the performance of a sensitive Area or Activity.

9.2.2.3 Powers and faculties of the Supervisory Body
The Supervisory Body, for the full performance of the functions outlined above, is vested with the powers necessary for the proper functioning of the Model. In particular, the Supervisory Body is vested with the following powers, the list of which is to be considered as illustrative and not exhaustive:
-examining at any time the documentation and request information from the Recipients in relation to any Area or Activity subject to the control of the Supervisory Body and any anomaly that may be connected to the commission of offences. All the persons called upon by the Supervisory Body are required to cooperate with the Supervisory Body;
-proceeding at any time, within the scope of its independence and discretion, to control and verify the effectiveness and application of the Model;
-proceeding, following reports or measures of the competent authority, to control and verify the activities of the Recipients concerned by the report or measure, ensuring in any case respect for the principle of cross-examination and protection of confidentiality;
-verifying and requiring compliance with the principles of the Code of Ethics also from third parties;
-reporting to the competent bodies the prerequisites for the imposition of penalties (as governed by the Penalty System for any violations of the Model or non-compliance with the obligations of conduct set out in the Decree);
-reporting to the Chief Executive Officer any obstacles to the exercise of its activities;
-updating the list of data and communications to be transmitted to its office;
-making observations to the Board of Directors and the Board of Auditors on the management and performance of sensitive Areas and Activities;
-regulating, from an operational point of view, the fulfilments and timing related to the protocols set out in the Model and, in particular:
•Suggesting the issuance of service announcements;
•Regulating the flow of information, establish how it is to be transmitted and the timing;
•Verifying the scheduling of meetings for the training of Recipients and/or new employees;
•Proposing changes to the form and content of the reporting forms prepared by the Company for communications to the Supervisory Body;
•Carrying out periodic checks, including spot and random checks, on compliance with the protocols and regular implementation of the adopted Model;
•Conducting analysis of company activities in order to propose an adjustment of the mapping of Sensitive Areas and Activities to be proposed to the Board of Directors;
•Verifying and requiring compliance with the principles of the Code of Ethics adopted by the Company also with reference to third parties;
•Using the expense fund placed at its disposal by the Company in order to better organise control and supervisory activities pursuant to the Decree;
•Acting upon a report, even anonymous, of a violation of the model or of the commission of an offence, recording every activity and decision concerning the investigation carried out, even if negative.

In carrying out its activities, the Supervisory Body may avail itself of Company personnel and/or external consultants. The Supervisory Body may also avail itself of the collaboration of a person within the Company identified by the Ma- nagement. The Supervisory Body shall inform the Recipients of the names of the collaborators it intends to avail itself of, so that all those concerned are aware of the need for adequate collaboration.

The Supervisory Body has the power to request meetings or information and to cooperate with the other Group Su- pervisory Bodies for the purpose of general coordination within the Group itself when particular issues can be duly addressed with the necessary involvement of the latter or when a certain activity of the Company involves contact with other Group companies. It has the corresponding obligation to cooperate and provide information to the other Supervisory Bodies in the event of requests for information from other Group Supervisory Bodies.

The Supervisory Body establishes with all the control bodies established within the Company and compliance a re- lationship of mutual information on their respective control activities, also in order to avoid overlaps and at the same time to ensure a complete and effective control system in relation to the institutional competences of each control body.

9.2.2.4 Disclosure by the Supervisory Body.

The Supervisory Body must report on the implementation of the Model and the emergence of any critical issues.
Two Supervisory Body reporting lines are envisaged:
-the former, on an ongoing basis, directly to the Chief Executive Officer;
-the second, on a periodical basis at least every six months, to the Board of Directors and the Board of Auditors.

The reporting covers:
-activities carried out by the S.B.;
-reports received (in accordance with the Whistleblowing Policy);
-any critical issues (and suggestions for improvement) that have emerged both in terms of conduct or events within the Company, and in terms of the effectiveness of the Model;
-regulatory amendments.

If the Supervisory Body detects critical issues referable to the Chief Executive Officer, the Chairman or one or more members of the Board of Directors or the Board of Statutory Auditors, the corresponding report shall be promptly reported, after the necessary preliminary verification and investigation activities have been carried out, to all the members of the Board of Directors and the Board of Statutory Auditors, who shall be promptly convened and brought together, excluding the person concerned.

9.2.3 Obligations to inform the supervisory body and Whistleblowing
Gessi S.p.A., in compliance with the provision contained in letter d) of the second paragraph of Article 6 of Legislative Decree No. 231 provides for the obligation to inform the Supervisory Body, therefore it promotes and facilitates in every way the collaboration of all the Recipients of these rules, spreading the knowledge of the principles and benefits for the Company and for those who work within it.

The obligation to inform the Supervisory Body is conceived as a further tool to facilitate the supervisory activity on the effectiveness of the Model and, if necessary, to ascertain ex post the causes that made it possible for the offence to be committed.

In view of the above, the Company provides all necessary protection for whistleblowers, also in compliance with the legal provisions set out below in this Article.

Intercourse with the Supervisory Body may take place in different operational modes. They are precisely regulated and cadenced with reference to the periodic reports falling within the competence of the internal functions, and follow the regulations in force with regard to so-called whistleblowing.

It should be clarified that the information provided to the Supervisory Body is intended to enable it to improve its control planning activities and not, on the other hand, to impose on it punctual and systematic verification activities of all the phenomena represented. In other words, the Supervisory Body is not under an obligation to act whenever there is a report, since it is left to its discretion and responsibility to determine in which cases it should act.
The obligation to provide information is also provided for the purpose of giving greater authority to requests for do- cumentation that are necessary for the Body in the course of its checks.

The obligation to inform is also extended to employees who come into possession of information relating to the com- mission of offences in particular within the entity or to “practices” that are not in line with the Code of Ethics or the Disciplinary Code that Gessi has issued.

It should be emphasised that the obligation to inform the employer of any conduct contrary to the Organisational Model is part of the broader duty of diligence and duty of loyalty of the employee referred to in Articles 2104 and 2105. These rules establish, respectively:

1. The employees shall use the diligence required by the nature of the job to be performed, by the interest of the company and the higher interest of national production.
2. Furthermore, they are expected to follow the instructions for the performance and discipline of work given by the employer and his/her co-workers whom they shall report to” (Article 4) and “The employees shall not deal with bu- siness, on their own account or on behalf of third parties, in competition with the employer, nor divulge information relating to the organisation and production methods of the enterprise, or use it in such a way that could be prejudicial to the latter.” (Article 2105).

Accordingly, as part of these duties, the correct fulfilment of the obligation to inform by the employee cannot give rise to the application of disciplinary penalties.

The Supervisory Body receives copies of disciplinary measures if they are related to 231 issues.

In regulating an effective reporting system, Gessi guarantees confidentiality to those who report violations.

Likewise, Gessi provides for deterrent measures against any improper disclosure, both in terms of content and form.

By regulating the way in which the obligation to provide information is to be fulfilled, the intention is not to encourage the phenomenon of reporting so-called internal rumours, but rather to implement that system of reporting real facts and/or conduct that does not follow hierarchical lines and that allows staff to report cases of breaches of rules by others within the entity, without fear of retaliation. In this regard, the Body also takes on the characteristics of the Ethics Officer, without - however - granting him/her disciplinary powers, which should be allocated to the Board of Directors.

In any case, anyone needing to speak with the Supervisory Body shall be entitled to ask to be heard by that Body.

9.2.3.1 Information to the Supervisory Body

The obligation to provide information to the Body is addressed to all functions, and in particular to the corporate functions at risk of offences. The recipients are required to transmit the following information:

Immediate information
The recipients are required to report to the Supervisory Body without delay:

1. any information concerning the commission or possible commission of offences relevant to the Decree or in any case consisting of conduct contrary to the principles contained in the Code of Ethics;

2. any anomaly that emerged in the context of the sensitive Areas or Activities or in other activities connected the- rewith, taking into account the normal course of the aforesaid activities and the analysis of the risk profiles of com- mission of the offences referred to in this Model (an event that is not relevant if considered individually, could assume a different assessment in the presence of repetitiveness or extension of the area of occurrence).

In this case, the information may concern, for example:
• decisions relating to the application for, disbursement and use of public funds;
• requests for legal assistance made by managers and/or employees against whom the Judiciary charges for offences under the aforementioned legislation;
• measures and/or information from judicial police bodies, or from any other authority, from which it can be inferred that investigations are being carried out, even against unknown persons, for offences under Legislative Decree no. 231/2001;
• committees of inquiry or internal reports which reveals responsibility for offences under Legislative Decree No. 231/2001;
• information on the effective implementation, at all levels of the company, of the organisational model, with evidence of disciplinary proceedings carried out and any penalties imposed or orders to dismiss such proceedings with the relevant reasons;
• summaries of contracts awarded following national and European tenders, or by private negotiation;
• information about orders awarded by public bodies or entities performing public utility functions.
3. the inadequacy of a given procedure to effectively prevent the offence;
4. the modification or introduction of new activities of the company such that the mapping of risk areas made by the company is no longer current;
5. any attempt by a public official or a person in charge of a public service to engage in concussive conduct or inci- tement to corruption.

The recipients are required to promptly provide the Supervisory Body with the information and clarifications reque- sted by it, with regard to the sensitive Areas and Activities pertaining to them or to others connected to them.

Copies of invitations and minutes of meetings of the Board of Directors, Shareholders’ Meetings and meetings of the Board of Statutory Auditors must be sent to the Supervisory Body in a timely manner.

Periodic information
In any case, and in any event, the Managers of the various Sensitive Areas and Activities are required to send the Supervisory Body an update on the situation in their area with regard to the periodic results of the control activities carried out by them to implement the models (summary reports of the activities carried out, monitoring activities, final indices, etc.), in particular the functions concerned shall fill in on a regular basis the Information flows “forms” to the Supervisory Body. The information flows document is attached to this manual.
This information will tend to be provided at least once every six months in correspondence with the corresponding report by the Supervisory Body itself.
In particular, this report should contain information on:
-the start of a project or operation within a sensitive Area or Activity;
-nature of this project;
-names of third parties who are involved in various ways in the performance of company activities;
-any kinship relations of persons involved in the performance of company activities with public officials or persons in charge of a public service;
-significant changes or variations affecting information, data or documentation previously communicated to the Su- pervisory Body;
-conclusion of the project or operation;

-meetings with Public Administration actors;
-periodic reports on occupational health and safety and copies of second- and third-party audits received by Gessi S.p.A., particularly those carried out by scheme certification bodies:
-ISO 45001, occupational health and safety,
-ISO 14001, environmental management system;
-any other sensitive activity the performance of which may be relevant in relation to the preventive and mitigating
system set out in this Model.

The Company shall, without prejudice to what is set out below in terms of whistleblowing, adopt appropriate and effective measures to ensure that the identity of those who transmit to the Supervisory Body information useful for identifying conduct that does not comply with the provisions of the Model and the procedures established by the internal control system is kept confidential, without prejudice to legal obligations and the protection of the rights of the company or of persons wrongly accused and/or in bad faith.

The Supervisory Body implements the necessary measures to guarantee whistleblowers in good faith against any form of retaliation or discrimination and assesses the reports received with discretion and responsibility.

To this end, it may hear the author of the report and/or the person responsible for the alleged violation, giving rea- sons in writing for any independent decision not to proceed in the sole case of a report concerning the commission of specific offences.

The Supervisory Body may also consider and assess anonymous reports, which must in any case describe in detail the facts and persons concerned by the report.

All the documentation relating to the reports received by the Supervisory Body (report forms and annexes, reports, media containing information, copies of company documents, anonymous letters, etc.) shall be kept, in accordance with the filing procedures deemed most appropriate by the Supervisory Body and in any case using techniques that guarantee that they cannot be altered, for a period of not less than 12 years from the time when the documentation is received by the Supervisory Body or is forwarded by it to other parties.

9.2.3.2 Whistleblowing
On 29 December 2017, Law No. 179 of 30 November 2017 came into force, which provides for ‘provisions for the protection of the authors of reports of crimes or irregularities of which they have become aware in the context of a public or private employment relationship’.

This Law introduced paragraphs 2 bis, 2 ter and 2 quater to Article 6 of Legislative Decree No. 231/2001.

In particular, paragraph 2 bis provides that the organisation and management models pursuant to Legislative Decree No. 231/2001 must provide for:
(i) one or more channels enabling the persons indicated in Article 5 paragraph 1, let. a) and b) of the Decree to submit, for the protection of the entity’s integrity, detailed Reports of unlawful conduct or violations of the entity’s organisa- tional and management model, of which they have become aware in the course of their duties; the channel(s) must guarantee the confidentiality of the whistleblower’s identity in the management of the report;
(ii) at least one alternative reporting channel capable of ensuring, through computerised means, the confidentiality of the reporting entity;
(iii) the prohibition of retaliatory or discriminatory acts, whether direct or indirect, against the whistleblower for any reason relating directly or indirectly to the report;
(iv) penalties against those who violate the whistleblower protection measures and those who make Reports that prove to be unfounded with wilful misconduct or gross negligence.

In particular, paragraph 2 bis provides that the organisation and management models pursuant to Legislative Decree No. 231/2001 must provide for:
(i) one or more channels enabling the persons indicated in Article 5 paragraph 1, let. a) and b) of the Decree to submit, for the protection of the entity’s integrity, detailed Reports of unlawful conduct or violations of the entity’s organisa- tional and management model, of which they have become aware in the course of their duties; the channel(s) must guarantee the confidentiality of the whistleblower’s identity in the management of the report;
(ii) at least one alternative reporting channel capable of ensuring, through computerised means, the confidentiality of the reporting entity;
(iii) the prohibition of retaliatory or discriminatory acts, whether direct or indirect, against the whistleblower for any reason relating directly or indirectly to the report;
(iv) penalties against those who violate the whistleblower protection measures and those who make Reports that prove to be unfounded with wilful misconduct or gross negligence.

Paragraph 2 ter of Article 6 introduces the possibility of denouncing the adoption of discriminatory measures against whistleblowers. The complaint can be made (by the whistleblower or by the trade union organisation indicated by the whistleblower) to the National Labour Inspectorate.
Paragraph 2 quater of the same article, finally, states the nullity of the retaliatory or discriminatory dismissal of the whistleblower, as well as the nullity of the change of duties pursuant to Article 2103 of the Civil Code and of any other retaliatory or discriminatory measure taken against the whistleblower. In addition, the employer is required to prove, in the event of disputes relating to the imposition of disciplinary penalties, demotions, dismissals, transfers or subjecting the whistleblower to other organisational measures with direct or indirect negative effects on working conditions ari- sing after the report, that such measures are based on reasons unrelated to the report.
On 15 March 2023, Legislative Decree No. 24 of 10 March 2023, implementing the EU Directive 2019/1937 on Whist- leblowing, was published in the Official Journal.
The purpose of the decree is to regulate ‘the protection of persons who report violations of national or European Union law that harm the public interest or the integrity of the public administration or private entity, of which they have become aware in a public or private employment context’.
Finally, the reference regulatory framework was completed with the ANAC Guidelines (hereinafter also referred to as the ‘ANAC LG’), adopted by resolution of 12 July 2023, setting out procedures for the submission and management of external reports, as well as indications and principles that public and private bodies may take into account for internal channels.

Moreover, on 27 October 2023, Confindustria guidelines were published concerning operational indications to be declined according to the specificities of each corporate structure, such as: the choice and establishment of the internal reporting channel; the identification of the person called upon to handle the report and the activities he/she must perform to follow it up.
The cornerstones of the current legislation can be summarised as follows:
-the guarantee of the confidentiality of the identity of the whistleblower, who had submitted reports of unlawful con- duct or violations of the Management, Organisation and Control Model pursuant to Legislative Decree No. 231/2001;
-the availability of communication channels to the whistleblower, ensuring the confidentiality of his/her identity;
-the prohibition of retaliatory or discriminatory acts (including dismissal) against the whistleblower;
-penalties against those who violate the whistleblower protection measures and those who make reports that prove
to be unfounded.

9.1 Subjects
According to current legislation, persons working in the work environment of a public or private sector entity are en- titled to report as:
-public employees (i.e. employees of the public administrations referred to in Article 1, paragraph 2 of Legislative Decree No. 165/01, including employees referred to in Article 3 of the same decree, as well as employees of the inde- pendent administrative authorities responsible for guaranteeing, supervising or regulating; employees of public eco- nomic entities, private law entities subject to public control, in-house companies, public law bodies or public service authorities);
-employees of private sector entities;
-self-employed persons working for entities in the public or private sector;
-collaborators, freelancers and consultants working for entities in the public or private sector;
-volunteers and trainees, paid and unpaid,
-shareholders and persons with administrative, management, control, supervisory or representative functions, even where such functions are exercised on a de facto basis, in public sector or private sector entities.

Reporting can be done:
-when the legal relationship is ongoing;
-during the probationary period;
-when the legal relationship has not yet begun, if information on violations was acquired during the selection process or at other pre-contractual stages;
-after the dissolution of the legal relationship if the information on violations was acquired before the dissolution of the relationship (pensioners).

Protection measures are also granted to:
-the facilitator (a natural person who assists the whistleblower in the reporting process, operating within the same work context and whose assistance must remain confidential);
-persons in the same employment context as the reporting person, the person making a complaint or the person who has made a public disclosure and who are linked to them by a stable emotional or family relationship up to the fourth degree;
-co-workers of the reporting person or of the person filing a complaint or making a public disclosure, who work in the same work environment as the reporting person and who have a regular and current relationship with that person;
-entities owned by the reporting person or for which those persons work as well as entities operating in the same work environment as those persons.

9.2 Subject matter of the report
The report may concern:
-administrative, accounting, civil or criminal offences;
-unlawful conduct within the meaning of Legislative Decree No. 231 of 8 June 2001 (predicate offences, for example: undue receipt of funds, fraud to the detriment of the State, a public body or the European Union for the purpose of obtaining public funds, computer fraud to the detriment of the State or a public body and fraud in public procure- ment), or violations of the organisation and management models provided for therein;
-offences falling within the scope of European Union acts in the following areas: public procurement; services, pro- ducts and financial markets and prevention of money laundering and terrorist financing; product safety and com- pliance; transport safety; environmental protection; radiation protection and nuclear safety; food and feed safety and animal health and welfare; public health; consumer protection; privacy and personal data protection; and network and information system security;
-acts or omissions affecting the financial interests of the EU; acts or omissions affecting the internal market (e.g. com- petition and state aid violations);
-acts or conduct that frustrate the subject or purpose of the provisions of EU acts.

The report may also concern:
-information on conduct aimed at concealing the above violations;
-unlawful activities that have not yet been carried out but which the whistleblower reasonably believes may occur in the presence of concrete, precise and concordant elements of well-founded suspicions.

The violations reported must be those that are typified and affect the public interest or the interest in the integrity of the public administration or entity.
The provisions of the decree do not apply ‘to objections, claims or demands linked to an interest of a personal nature of the reporting person that relate exclusively to his or her individual work or public employment relationships, or inhe- rent in his or her work or public employment relationships with hierarchically superior figures’.

9.3 Content of the report
The Report must be based on precise and concordant facts about the facts and persons reported and made in good
faith.
If the Report proves to be, due to wilful misconduct or gross negligence, false, unfounded and/or made for the sole purpose of harming the Person reported, or aimed at reporting situations of an exclusively personal nature and outside the scope of the provisions of the law, it will not be taken into account and the conduct will be subject to disciplinary proceedings pursuant to Article 7 of Law No. 300/70 or termination of the contract or appointment.
The Whistleblower must provide all the elements to his knowledge, useful to proceed to the due and appropriate checks and verifications, in order to ascertain the merits of the facts that are the subject of the Report. To this end, any useful documentation supporting the potential unlawful conduct reported must be attached.
By way of example but not limited to, the report must indicate:
-details of the person making the report, indicating the position or function held;
-a clear and complete description of the facts being reported;
-if known, the circumstances of time and place in which the acts were committed;
-if known, the personal details or other elements (such as job title and the department in which the activity is carried out) that make it possible to identify the person(s) who has/have carried out the reported facts;
-an indication of any other persons who may report on the facts being reported;
-an indication of any documents that may confirm these facts;
-any other information that may provide useful feedback on the existence of the reported facts;
-possible presence of conflict of interest.

Anonymous reports, i.e. without any elements enabling their author to be identified, provided that they are made in accordance with the procedures set out in this Document, will be taken into consideration if they are such as to bring to light circumstantial facts relating to specific contexts (e.g. indications of particular names or qualifications, mention of specific offices, proceedings or events, etc.). The requirement of the truthfulness of the facts or situations reported remains unaffected, in order to protect the reported person.

It should be noted, in any case, that reports based on mere suspicions or rumours will not be acted upon: this is be- cause it is necessary to take into account the interest of third parties who are the subject of the information indicated in the report, as well as to avoid unnecessary and costly internal inspections by the companies.
It is mandatory for the whistleblower to declare - when making the report - the possible presence of a conflict of in-terest.

In the light of these indications, the report can therefore be deemed inadmissible for:
-lack of data constituting the essential elements of the report;
-manifest groundlessness of the facts attributable to the infringements typified by the lawmaker;
-presentation of facts of such general content that they cannot be understood by the offices or person in charge;
-production of documentation only without the actual reporting of violations.
In the light of the above, in the event that the report proves to be inexecutable or inadmissible, the offices or person in charge of handling the report may proceed to file it, while ensuring the traceability of the supporting reasons.

9.4 Protection of confidentiality
The identity of the persons involved (reported) and of the persons mentioned in the report is subject to protection by public and private sector entities, ANAC, as well as by the administrative authorities to which ANAC transmits external reports falling within their competence, until the conclusion of the proceedings initiated as a result of the report, in compliance with the same guarantees provided for in favour of the whistleblower.

The identity of the whistleblower may not be disclosed to persons other than those competent to receive or act upon the report. The prohibition to disclose the identity of the whistleblower refers not only to the name of the whist- leblower but also to all the elements of the whistleblowing, from which the identification of the whistleblower can be derived, even indirectly.

9.5 Prohibition of retaliation
Any form of retaliation, even if only attempted or threatened, by which is meant any conduct, act or omission, even if only attempted or threatened, occurring as a result of the reporting, the complaint to the judicial or accounting authorities or public disclosure and which causes or may cause the reporting person or the person making the com- plaint, directly or indirectly, unjust damage, is prohibited.

They are to be considered retaliatory acts:
a) dismissal, suspension or equivalent measures;
b) downgrading or non-promotion;
c) change of duties, change of place of work, reduction of salary, change of working hours;
d) suspension of training or any restriction of access to it;
e) negative merit notes or negative references;
f) the adoption of disciplinary measures or other penalties, including pecuniary penalties;
g) coercion, intimidation, harassment or ostracism;
h) discrimination or otherwise unfavourable treatment;
i) the failure to convert a fixed-term employment contract into an employment contract of indefinite duration where the employee had a legitimate expectation of such conversion;
l) non-renewal or early termination of a fixed-term employment contract;
m) damage, including to a person’s reputation, in particular on social media, or economic or financial loss, including loss of economic opportunities and loss of income;
n) improper listing on the basis of a formal or informal sectoral or industry agreement, which may result in the person being unable to find employment in the sector or industry in the future;
o) early termination or cancellation of the contract for the supply of goods or services;
p) cancellation of a licence or permit;
q) a request to undergo psychiatric or medical examinations.
The management of retaliation notices in the public and private sectors is the responsibility of ANAC.

In order to acquire investigative elements essential for ascertaining the retaliation, the ANAC may avail itself of the cooperation of the National Labour Inspectorate, within the scope of its respective competences, without prejudice to the exclusive competence of the ANAC as regards the assessment of the elements acquired and the possible ap- plication of the administrative penalties referred to in Article 21 of Legislative Decree No. 24/2023.

Moreover, a list of Third Sector entities providing support measures to reporting persons has been set up at ANAC. The list, published by ANAC on its website, contains the Third Sector entities that carry out, in accordance with the provisions of their respective statutes, the activities referred to in Article 5, paragraph 1, letters v) and w) of Legislative Decree No. 117 of 3 July 2017, and that have entered into agreements with ANAC.

Support measures consist of information, assistance and advice free of charge on how to report and on the pro- tection from retaliation offered by national and EU legislation, on the rights of the person involved and on the terms and conditions of access to legal aid.

The declaration of nullity of retaliatory acts is a matter for the judicial authority.
In the context of such judicial or administrative proceedings or out-of-court disputes concerning the ascertainment of the conduct, acts or omissions prohibited under this Article against whistleblowers, it shall be presumed that such conduct, acts or omissions were committed as a result of the whistleblowing, public disclosure or complaint to the judicial or accounting authorities.

The burden of proving that such conduct or acts are motivated by reasons unrelated to the reporting, public disclo- sure or complaint is on the person who has carried them out.
The reversal of the burden of proof does not apply in favour of persons and entities other than the whistleblower (e.g. facilitators, colleagues)

Where the criminal liability of the whistleblower for offences of defamation or calumny or, in any case, for the same of- fences committed with the report to the judicial (or accounting) authority or his/her civil liability, for the same reason, in cases of wilful misconduct or gross negligence, is established, even by a judgment of first instance, the protections are not guaranteed and a disciplinary sanction is imposed on the reporting person or whistleblower.

9.6 Reporting channels
Gessi SpA has adopted a policy for the management of Whistleblowing reports, which is an integral part of the Or- ganisational Model and to which reference is made in full, and whose general application criteria are set out below.

9.6.1 Internal reporting channel
If a Whistleblower has a reasonable suspicion that unlawful conduct has occurred or may occur, he/she may report it to the Joint Committee, appointed by Gessi as ‘Recipient of reporting’ and consisting of the following members:
-HR manager;
-A Supervisory Body member;
-Head of Control and Management.
Reporting can take place through the following communication channels:

1. in written form: by means of the “Mygovernance” platform with which the company is equipped, accessible via the link published on the Gessi website and by following the guided operating instructions within the aforementioned platform;
2. orally: through dedicated telephone lines or voice messaging systems and/or, at the request of the whistleblower, through a direct meeting with the HR Manager.

9.6.2. canale esterno di segnalazione
If the Report refers to members of the Joint Committee, the whistleblower shall inform the Board of Directors, placing the Report in two sealed envelopes, including, in the first envelope, the whistleblower’s identification data, together with an identity document; in the second envelope, the subject of the report; both envelopes shall then be placed in a third envelope with the wording “reserved for the Board of Directors” on the outside at Gessi, Parco Gessi. The Board of Directors shall assess the operating procedures to be followed and the corporate functions to be involved in the management of the Report.

In the hypotheses listed below, the whistleblower may also make a report concerning the breaches referred to in pa- ragraph 5.1 above through an ‘external’ reporting channel set up by ANAC in the following hypotheses:
i) in his/her work environment, there is no provision for internal channel activation as mandatory or, if provided for, it has not been activated;
ii) the report was not acted upon;
iii) there are reasonable grounds to believe that if he/she were to report internally it would not be acted upon or that he/she would face retaliation;
iv) there are reasonable grounds to believe that the breach may constitute an imminent or obvious danger to the public interest
v) the internal report was not acted upon;
vi) there are reasonable grounds to believe that the internal reporting would not be effectively acted upon;
vii) there are reasonable grounds to believe that the report could give rise to a risk of retaliation, such as where similar situations and events have already occurred in the institution;
viii) the whistleblower has reasonable grounds to believe that the breach may constitute an imminent or obvious danger to the public interest

10. CRIME PREVENTION PROCEDURES
Gessi, in accordance with current legislation and its own code of ethics, has defined and implemented a set of pro- cedures and registration documents in order to make the System effective, current and consistent with the activities carried out for the prevention of offences.

The need for the definition of crime prevention procedures and related record reports was defined during the risk assessment process.

The procedures for preventing offences define in detail the responsibilities, implementation methods and sequences of individual activities both across and within corporate functions. They can be understood as specifically dedicated procedures or, alternatively, they can be specific prescriptions included in operational procedures that address the topic in a more general sense.

The list of prevention procedures is annexed to this document.

11. PERSONNEL, TRAINING AND INFORMATION
11.1 Education and training
Education and training are essential components for the effective implementation of the Model and for a widespread dissemination of the principles of conduct and control adopted by the Company, aimed at preventing the risk of com- mission of the offences covered by the Decree. The performance of tasks that may affect health and safety at work requires adequate competence, to be verified and nurtured through the provision of education and training aimed at ensuring that all personnel, at all levels, are aware of the importance of the compliance of their actions with the or- ganisational model and of the possible consequences of conduct that deviates from the rules dictated by the model.

In concrete terms, each corporate worker/operator must receive sufficient and appropriate training with particular reference to his or her job and duties. This must take place on the occasion of recruitment, transfer or change of job or the introduction of new work equipment or new technologies, new dangerous substances and preparations.

Gessi S.p.A. identifies training needs, plans the various activities, and organises education and training according to the needs identified periodically and in accordance with current legislation.

Gessi S.p.A. provides for the development of an adequate training and information programme through mandatory training courses for all personnel and repeated at regular intervals to involve all new employees .

General training courses are aimed at enabling all staff (at all levels) to:
-be familiar with the provisions laid down in Decree 231/2001 and to be aware of the Company’s desire to make them its own and to make them an integral part of the corporate culture;
-be aware of the objectives that the Company aims to achieve through the adoption of 231 Model and of the way in which each person’s roles and duties contribute to achieving them;
-know the methods and recipients of reports concerning the presence of anomalies in the performance of company activities;
-be aware of the disciplinary measures that are applied in the event of violations of the rules of the Model;
-know the powers and duties of the Supervisory Body.

Specific training courses are also provided for all those individuals who, due to their activity, need specific skills in order to manage the peculiarities of said activity.

The aforementioned training includes control and verification mechanisms aimed at monitoring the actual completion and/or participation in the courses as well as the effectiveness of the training through the administration of a que- stionnaire at the end of the training cycle.

It is the task of the Human Resources and Organisation Department to inform the Supervisory Body of the results, in terms of participation, of these courses with the cooperation of the Managers at the various levels, who must ensure that their staff members attend the courses.

The unjustified non-participation of Employees in the aforementioned training programmes may lead to the impo- sition of a disciplinary sanction, which will be imposed in accordance with the rules set out in the ‘penalty system’ document of this model.

The Supervisory Body also implements targeted training activities on the basis of the needs identified within its acti- vities.

11.2 Communication and involvement
The circulation of information within the company assumes a relevant value in order to foster the involvement of all stakeholders and to enable adequate awareness and commitment at all levels.

Involvement is achieved through:
-prior consultation on the identification and assessment of risks and the definition of preventive measures;
-regular meetings that take into account at least the requirements set out in the legislation in force, also using the meetings provided for company management.

The recipients are informed of the contents of 231 Model and the Code of Ethics, published on the website www.gessi. it and of the need for their conduct to comply with the Model and the related ethical-behavioural principles adopted.

On the occasion of the establishment of each new relationship, the Company, moreover, acquires from the Recipien- ts a declaration of acknowledgement and knowledge of the principles of the Code of Ethics as well as, through the provision in contracts of a specific express termination clause, the counterparty’s commitment not to engage in any conduct in breach of the Code of Ethics and 231 Model.

12. DISCIPLINARY SYSTEM AND PENALTY MECHANISMS
12.1 Overview
For the purposes of the effectiveness of the organisational model of Gessi S.p.A. and in compliance with the rules and regulations, the Penalty System has the function of monitoring compliance with the Model and the Code of Ethics, procedures and principles of conduct; it provides for the specific penalties and the methods of infliction in the event of violation or non-compliance with the obligations, duties and/or procedures provided for by this Model.

Article 6, first paragraph letter e), of Legislative Decree No. 231/01, in referring the Entity’s exoneration from liability in case of the adoption and effective implementation of an Organisation, Management and Control Model suitable for preventing the commission of the criminal offences relevant for the purposes of that legislation, provided for the introduction of ‘a disciplinary system suitable for sanctioning non-compliance with the measures indicated in the Model’.

The drafting of an ‘appropriate disciplinary system’ therefore constitutes one of the essential requirements of the Model for the purposes of exempting the Entity from liability.

The violation of the obligations contained in this Model, even if aimed at the pursuit of an alleged corporate interest, constitutes a breach of contract and a disciplinary offence. In fact, the Company does not intend to gain any advan- tage from an unlawful act, and therefore, in the event that an offence has been committed, the Company as of now manifests its willingness to return said advantage.

The disciplinary assessment of conduct carried out by the employer, subject, of course, to any subsequent review by the employment judge, does not necessarily have to coincide with the judge’s assessment in criminal proceedings, given the autonomy of the violation of the code of ethics and internal procedures with respect to the violation of the law involving the commission of an offence. The employer is therefore not obliged, before acting, to wait for the end of any criminal proceedings that may be in progress. In fact, the principles of timeliness and immediacy of the sanction make it not only unnecessary, but also inadvisable, to delay the imposition of the disciplinary sanction pending the outcome of any proceedings brought before the criminal court.

As regards the type of penalties that can be imposed, as a preliminary point, it should be specified that, in the case of employment relationships, any sanctioning measure must comply with the procedures laid down by Article 7 of the Workers’ Statute and/or by special regulations, where applicable, characterised not only by the principle of typicality of the breaches, but also by the principle of typicality of the penalties.

If, on the other hand, the breach of ethical rules is committed by a self-employed worker, supplier or other party ha- ving contractual relations with the company, the termination of the contract may be envisaged as a penalty. A useful tool for this purpose is the inclusion of express termination clauses in supply or collaboration contracts (agency, partnership, tender, etc.) that make explicit reference to compliance with the provisions of the code of ethics.

The Penalty System of this Model provides for penalties in the event of violations of the measures for the protection of whistleblowers and against those who make unfounded reports with wilful misconduct or gross negligence (whi- stleblowing).

If it is proved that an offence has been committed by one of the Recipients of the Model, the Company reserves as of now all rights to compensation for the damage thus caused to the Company.

12.2 Violations of the rules of the code of ethics and disciplinary code
Violation of the rules of the code of ethics constitutes a breach of the primary obligations of the employment rela- tionship or a disciplinary offence, with all legal consequences, including with regard to the preservation of the em- ployment or collaboration relationship.

Failure to comply with the rules of the code of ethics by the recipients shall result in different penalties depending on the role held by the person. Gessi S.p.A. also reserves the right to request in the appropriate places an adequate compensation for any damage caused to the Company.

The list of potential recipients of disciplinary measures must include those indicated in Articles 2094 and 2095 of the Civil Code, “employees” and, where there are no mandatory legal provisions, all “stakeholders” of the Company.

In compliance with Articles 2103, 2106 and 2184 of the Civil Code, Article 7 of Law No. 300/1970 (Workers’ Statute), Law No. 604/1966 on individual dismissals as well as the Collective Labour Agreements. Violation may also lead to dismissal for just cause pursuant to Article 2119 of the Civil Code.

For further details on the penalty system adopted by the Company, please refer to the relevant annex to this Model.

12.3 Overview of penalties
The imposition of penalties is graduated according to the seriousness of the violation committed.

The gradualness of the penalty may extend from a verbal reprimand, for minor and first-time offences, to dismissal, for particularly serious and/or repeated conduct.

Penalties will also be imposed in relation to:
a) the intentionality of the conduct or the degree of negligence, recklessness or inexperience (taking into account, however, the foreseeability of the event);
b) the conduct of the employee in the past, with particular regard to the existence or otherwise of disciplinary pre- cedents;
c) the employee’s role and duties;
d) any other circumstances relevant to the assessment of conduct (including the functional position of any other persons involved).

1. subjective element of the conduct, depending on wilful misconduct or fault
2. relevance of violated obligations
3. level of hierarchical and/or technical responsibility
4. Presence of aggravating or mitigating circumstances with particular regard to professionalism, previous work expe- riences, circumstances in which the act was committed and any recidivism
5. any shared responsibility with other persons who have contributed to the violation
6. conducts that may compromise, even potentially, the effectiveness of the Organisational Model

The application of the penalties system must be constantly monitored jointly by the Supervisory Body.

Gessi S.p.A. adopts a Penalty System detailed in a specific document, this system provides, inter alia:
a) Measures against members of corporate bodies;
b) Measures against employees in senior positions;
c) Measures against employees subordinate to senior positions;
d) Measures against collaborators and consultants.

For further details on the penalty system adopted by the Company, please refer to the relevant annex to this Model.

12.4 Penalties pursuant to Article 6 paragraph 2bis of Legislative Decree No. 231/ 2001(Whistleblowing)
In accordance with the provisions of Law no. 24/2023, with reference to the penalty system relating to the proper handling of reports of offences pursuant to Article 6, paragraph 2-bis, of Legislative Decree No. 231/ 2001(so-called “Whistleblowing”), the following are provided for:
-penalties to protect the whistleblower against those who engage in direct or indirect retaliatory or discriminatory acts against the whistleblower for reasons directly or indirectly linked to the report. In particular, retaliatory or di- scriminatory dismissal of the person making the report for reasons connected, directly or indirectly, to the report is null and void. A change of duties as indicated by Article 2103 of the Civil Code, as well as any other retaliatory or discriminatory measure taken against the whistleblower, is also null and void. In the event of disputes subsequent to the submission of the report and related to the imposition of disciplinary penalties, or to demotions, dismissals, transfers or subjecting the whistleblower to other organisational measures having a direct or indirect negative impact on working conditions, it is the employer’s burden to prove that such measures are based on reasons unrelated to the report itself. The adoption of discriminatory measures against whistleblowers may be reported to the National Labour Inspectorate, for measures within its competence, not only by the whistleblower, but also by the trade union organisation indicated by the whistleblower;
-penalties against those who, with wilful misconduct or gross negligence, make reports that turn out to be unfounded.

The penalties are defined in relation to the role of the recipient of the penalties, as set out in paragraphs above, to the extent that the violations of the rules relating to the reporting system represent, in themselves, violations of the provisions of the Model.

13. GENERAL PRINCIPLES FOR PREVENTION AND CONTROL
The various components of the organisational system are organically integrated into the architecture of the system, which respects a number of control principles, including:
-“Every operation, transaction, action must be: verifiable, documented, consistent and congruous”.

For each operation there must be adequate documentary support on which controls can be carried out at any time, attesting to the characteristics and reasons for the operation and identifying who authorised, performed, recorded, and verified the operation.

The safeguarding of data and procedures in the IT field can be ensured by adopting the security measures already provided for by Legislative Decree No. 196/2003 (Personal Data Protection Code) for all data processing carried out by electronic means.

Article 31 of the Code, in fact, prescribes the adoption of security measures to reduce to a minimum ‘the risks of de- struction or loss, even accidental, of the data themselves, of unauthorised access or processing that is not permitted or does not comply with the purposes of collection’.

-“No one can manage an entire process independently”
The system ensures the application of the principle of segregation of duties, whereby authorisation to carry out a transaction must be the responsibility of a person other than the person who accounts for, operationally executes or controls the transaction.
In addition, the organisational system defines that:
-no one is given unlimited powers;
-powers and responsibilities are clearly defined and known within the organisation;
-powers of authorisation and signature are consistent with the organisational responsibilities assigned.

-“Documentation of controls”.
The control system should document (possibly by means of minutes) the performance of controls, including super- visory ones.

“Information flows”.
Each office manager or activity deemed significant for the purposes of the 231 model prepares a data collection to be sent from time to time to the Supervisory Body. This data collection is carried out by means of a specific customised document called an information flow. The list of information flows is annexed to this document.

14. DISSEMINATION OF THE MODEL
The Company, aware of the importance that the training and information aspects assume in a prevention perspective, defines a communication and training programme aimed at ensuring that the main contents of the Decree and the obligations deriving therefrom, as well as the prescriptions laid down in the Model, are disseminated to all Recipients.

Training and communication are central tools in the dissemination of the Model and the Code of Conduct that the company has adopted, constituting an essential vehicle of the regulatory system that all employees are required to know, observe and implement in the performance of their duties.

To this end, the information and training activities for personnel are organised by providing for different levels of detail according to the different degree of involvement of personnel in risk-crime activities. In any case, the training activities aimed at disseminating knowledge of Legislative Decree No. 231/2001 and of the provisions of the Model are differentiated in terms of content and dissemination methods according to the Recipients’ qualification, the risk level of the area in which they operate and whether or not they hold representative and management positions in the Company.

The training activity involves all the personnel in force, as well as all the resources that may be included in the com- pany organisation in the future. In this regard, the relevant training activities will be planned and concretely carried out both at the time of recruitment and on the occasion of any changes in duties, as well as following updates or amendments to the Model.

With regard to the dissemination of the Model in the corporate context, the Company undertakes to carry out the
following communication activities:
-during the recruitment phase, the Human Resources Department promotes to new recruits the information concer- ning the Organisation, Management and Control Model prepared pursuant to Legislative Decree no. 231/2001, the Code of Conduct and the Code of Ethics, delivering a copy of these documents on the first day of work;
-possibility of access to the section of the company website specifically dedicated to Legislative Decree no. 231/2001 with the possibility of reading and printing the Code of Ethics, the Code of Conduct and the Organisational Model;
-posting on notice boards, at company premises, of a copy of the Organisation, Management and Control Model drawn up pursuant to Legislative Decree no. 231/2001, the Code of Ethics and the Code of Conduct, in order to en- sure its widest dissemination to all employees.

Communication is also implemented by means of organisational tools suitable to ensure widespread, effective, au- thoritative (i.e. issued at an appropriate level), clear and detailed, from time to time updated and repeated communi- cation.

The courses are compulsory and the Human Resources Office will track and record personnel participation in the training courses. The documentation in general relating to the information and training activities will be kept by the Human Resources Office and available for consultation by the Supervisory Body and any person entitled to inspect it.

The Company also promotes knowledge of and compliance with the Code of Ethics and the Code of Conduct and the Model among its business and financial partners, consultants, collaborators in various capacities, customers and suppliers, to whom both documents are made available through online consultation on the Company’s website.

15. ADOPTION AND UPDATING OF THE MODEL
The adoption and effective implementation of the Model are, by express legislative provision, the responsibility of the Board of Directors. It follows that the power to adopt any updates to the Model also lies with the Board of Directors, which will exercise it by means of a resolution in the manner laid down for its adoption.

The updating activity, intended both as an integration and as an amendment, is aimed at guaranteeing the adequacy and suitability of the Model, assessed with respect to the preventive function of the commission of the offences pro- vided for by Legislative Decree No. 231/2001.

The Supervisory Body, on the other hand, is responsible for concretely verifying the need or advisability of updating the Model, promoting this need to the Board. The Supervisory Body, within the scope of the powers conferred upon it in accordance with Article 6, paragraph 1, letter b) and Article 7, paragraph 4, letter a) of the Decree, is responsible for formulating proposals to the Board of Directors concerning the updating and adjustment of this Model.

In any case, the Model must be promptly amended and supplemented by the Board of Directors, also upon proposal and after consultation with the Supervisory Body, when necessary:
-variations and circumventions of the prescriptions contained therein that have revealed their ineffectiveness or in- consistency for the purposes of preventing offences;
-significant changes to the internal structure of the Company and/or the manner in which the business activities are carried out;
-regulatory amendments.

The following tasks remain with the Supervisory Body:
-conducting periodic reviews aimed at identifying any updates to the mapping of sensitive activities;
-coordinating with the Head of Management for staff training programmes;
-interpreting the relevant legislation on predicate offences, as well as any Guidelines that may have been drawn up, also as an update to existing ones, and verifying the adequacy of the internal control system in relation to the regu- latory requirements or to the Guidelines;
-verifying the need to update the Model.

The Heads of the Departments concerned draw up and make changes to the operating procedures for which they are responsible, when such changes appear necessary for the effective implementation of the Model, or when they prove to be ineffective for the purposes of proper implementation of the provisions of the Model. The competent corporate functions also take care of the changes or additions to the procedures necessary to implement any revisions of this Model

Amendments, updates and additions to the Model must always be communicated to the Supervisory Body.

16. CODE OF ETHICS
The code of ethics expresses GESSI S.p.A.’s guidelines first and foremost in compliance with Legislative Decree No. 231, but also in a more general sense starting with the company’s Mission (defined personally by the CEO), the values, which are embodied in specific activities aimed at consolidating stakeholder confidence in the company’s activities, and general policies of conduct.

The code of ethics is approved by the board of directors and is disseminated at all levels both through information and training to staff.

For the full text, please refer to the appropriate document.

17. RELATED DOCUMENTS
-Code of Ethics
-Risk assessment Legislative Decree No. 231/01
-Penalty system
-List of information flows
-Whistleblowing Policy
-Corruption Prevention Policy and Anti-Corruption Guidelines

Approved by the Gessi Board of Directors on 12 March 2024

SUMMARY

1 FOREWORD
2 PURPOSE AND SCOPE
3 DEFINITIONS AND ABBREVIATIONS
4 OBJECTIVE SCOPE OF APPLICATION
5 METHOD OF TRANSMISSION
6 PROTECTIONS OF THE WHISTLEBLOWER AND THE REPORTED PERSON
7 RETENTION OF DOCUMENTATION
8 DISCIPLINARY SANCTIONS
9 RESPONSIBILITY AND UPDATING OF THE POLICY
10 DISSEMINATION AND COMMUNICATION OF THE POLICY
11 TRAINING

1. FOREWORD
On 29 December 2017, Law No. 179 on ‘Provisions for the protection of the authors of reports of offences or irre- gular-ities of which they have become aware in the context of a public or private employment relationship’ came into force, Article 2 of which, regulating the private sector, amended Legislative Decree No. 231/2001 by inserting in Article 6 (“Subjects in senior position and organisational models of the entity”), a new provision that frames, within the or-ganisational and management model pursuant to Legislative Decree No. 231/2001 (hereinafter, also ‘MOG’ or ‘Model’) the measures relating to the submission and management of reports of unlawful conduct.
The Law aims to make workers’ cooperation part of an overall active and organic system aimed at preventing and combating unlawful conduct within public and private entities, through the introduction of the so-called ‘Whist- le-blowing’, and states that the organisation and management model of the entity pursuant to Legislative Decree No. 231/2001 must provide for specific channels of communication and the provision by the entity of tools, including IT tools, that guarantee the protection of the identity of the Whistleblower, excluding the risk of retaliation.

Subsequently, with Legislative Decree No. 24 of 10 March 2023 (hereinafter also referred to as the ‘Decree’), pub-li- shed in the Official Gazette of 15 March 2023, the EU Directive 2019/1937 concerning ‘the protection of persons who report breaches of Union law’ (so-called whistleblowing discipline) was transposed into Italian law.
The objective of the European directive is to establish common minimum standards to ensure a high level of pro- tection for persons who report violations of EU law by creating secure communication channels, both within an orga- nisation and externally.

This is a discipline that pursues, as its ultimate aim, the fight against and prevention of unlawful phenomena in public and private organisations, by encouraging the emergence of prejudicial conduct - of which the whistleblow-er has become aware in the context of his or her work - to the detriment of the entity to which he or she belongs and, as a result, to the collective public interest.

The Decree repeals and amends the previous national regulations, encompassing in a single regulatory text - for both the public and private sectors - the regime for the protection of persons who report unlawful conduct in vio-lation not only of European provisions, but also national provisions, provided that they are based on well-founded grounds and are detrimental to the public interest or the integrity of the entity, in order to ensure the transposi-tion of the directive without retreating from the protections already recognised in our legal system.
Finally, the reference regulatory framework was completed with the ANAC Guidelines (hereinafter also referred to as the ‘ANAC LG’), adopted by resolution of 12 July 2023, setting out procedures for the submission and manage-ment of external reports, as well as indications and principles that public and private entities may take into ac-count for internal channels.

This document also takes into account the best practices contained in the most recent Confindustria Guidelines.
In this context and with this rationale, anyone who becomes aware of facts that are potentially the subject of a report is invited to promptly report them using the methods described below, refraining from undertaking auton-omous ini- tiatives of analysis and/or investigation.

The legislation also requires obligated parties to have reporting procedures in place internally to ensure:

• the protection of the confidentiality of the identity of the reporter and of the alleged perpetrator of the breaches and the protection of the reporting person against retaliatory, discriminatory or otherwise un-fair conduct arising from the reporting;
• the development of a specific anonymous and independent reporting channel, proportionate to the na-ture and size of the obligated party.
  Again, with a view to protecting the whistleblower, the legislation establishes the nullity of retaliatory or discrimi-na- tory dismissal of the so-called whistleblower. A change of duties as indicated by Article 2103 of the Civil Code, as well as any other retaliatory or discriminatory measure taken against the whistleblower, is also null and void.

Gessi pursues objectives of transparency and ethics in the management of its business activities and firmly be-lieves in the added value of communications that can contribute to making incorrect and law-breaking conducts known, so that they can be stopped and/or sanctioned promptly.
For this reason, Gessi intends to adopt this procedure in any case, also making it known through training and aware- ness-raising activities in this regard.

2. PURPOSE AND SCOPE
Gessi is committed to conducting its business with honesty and integrity and also for this reason has implemented communication channels for the handling of Whistleblowing (“Whistleblowing System”) through this Whistleblow-ing Policy (hereinafter also the “Policy”), which is to be understood as an integral part of the Code of Ethics.
This Document supplements, without modifying or replacing them, the procedures for reporting to the Function identified below (in the absence of a Supervisory Body) and the related powers of control for matters within its com- petence.
In particular, the document aims to describe:

1. roles and responsibilities of the actors in the process of reporting wrongdoing and misconduct;
2. channels made available to the whistleblower for reporting violations;
3. objective perimeter of the content of the Report;
4. how a Report is handled and the process that is initiated when a Report is made;
5. modalities of informing the whistleblower and the reported person of developments in the proceedings.

Furthermore, this Policy is aimed at:

1. ensure the protection of the confidentiality of the Whistleblower’s identity;
2. protect the whistleblower against retaliatory and/or discriminatory conduct, direct or indirect, for reasons related ‘directly or indirectly’ to the reporting;
3. ensure specific channels for submitting reports, one of which is suitable for guaranteeing, by computer-ised means, the confidentiality of the identity of the Whistleblower;
4. provide for disciplinary sanctions against a Whistleblower who makes Reports that turn out to be un-founded with wilful misconduct or gross negligence.

The recipients of this Policy are all the members of the corporate, supervisory and control bodies, managers, em-ploye- es of any rank, qualification and level, partners, suppliers and, more generally, all business associates operating in the interest or on behalf of Gessi (hereinafter the “Recipients”).

3. DEFINITIONS AND ABBREVIATIONS

4. OBJECTIVE SCOPE OF APPLICATION
4.1 Subject of the report

From an objective point of view, the new regulations apply to reports concerning breaches of national and European Union law affecting the public interest or the integrity of the public administration or the private entity, of which the Whistleblower has become aware in a public or private employment context.
In particular, reports may concern the violations summarised below, in line with the ANAC Guidelines:
Violations of national regulations and in particular:
-criminal, civil, administrative or accounting offences;
-violations constituting predicate offences for the application of Decree 231;
-violations of the organisation and management models provided for in the aforementioned Decree 231.

• Violations of European legislation, including but not limited to:
  • offences committed in violation of EU law. In particular, these offences relate to the following areas: pub-lic procu- rement; services, products and financial markets and prevention of money laundering and terrorist financ-ing; pro- duct safety and compliance; transport safety; environmental protection; radiation protection and nuclear safety; food and feed safety and animal health and welfare; public health; consumer protection; privacy and per-sonal data protection; and network and information system security;
  • acts or omissions affecting the EU’s financial interests (Article 325 TFEU fight against fraud and illegal ac-tivities affecting the EU’s financial interests) as identified in EU regulations, directives, decisions, recommendations and opinions;
  • acts or omissions relating to the internal market that jeopardise the free movement of goods, persons, services and capital (Article 26, paragraph 2 of TFEU). This includes violations of EU competition and state aid rules, corporate tax rules and mechanisms whose purpose is to obtain a tax advantage that frustrates the object or purpose of the applicable corporate tax law;

• acts or conduct that frustrate the object or purpose of the provisions of the European Union in the areas indicated in the previous points. This includes, for example, abusive practices as defined by the case law of the Court of Justice of the EU.

• persons, services and capital (Article 26, paragraph 2 of TFEU). This includes violations of EU competition and state aid rules, corporate tax rules and mechanisms whose purpose is to obtain a tax advantage that frustrates the object or purpose of the applicable corporate tax law;

• acts or conduct that frustrate the object or purpose of the provisions of the European Union in the areas indicated in the previous points. This includes, for example, abusive practices as defined by the case law of the Court of Justice of the EU.

Reports are excluded from the scope of the new regulations:

• linked to a personal interest of the whistleblower, relating to his individual employment relationship, or inherent to employment relationships with hierarchically superior figures (e.g. labour disputes, discrimination, in-terpersonal conflicts between co-workers, reports on the processing of data carried out in the context of the indi-vidual em- ployment relationship in the absence of an injury to the public interest or to the integrity of the private body or public administration), given that the new regulations aim to protect the integrity of the legal entity and to include ‘all those situations in which the object or purpose of the activities carried out in the public and private sector for the full achievement of public purposes is frustrated, which deviate from its purposes or undermine its proper conduct’;
• in matters of security and national defence;
• relating to violations already mandatorily regulated in some special sectors, to which the ad hoc reporting rules therefore continue to apply (financial services, money laundering prevention, terrorism, transport safety, environ- mental protection.

5. METHOD OF TRANSMISSION
5.1 INTERNAL REPORTING CHANNEL
If a Whistleblower has a reasonable suspicion that unlawful conduct has occurred or may occur, he/she may report it to the Joint Committee, appointed by Gessi as ‘Recipient of reporting’ and consisting of the following members:
-HR manager;
-A Supervisory Body member;
-Head of control and management.

Reporting can take place through the following communication channels:

1. in written form: by means of the “Mygovernance” platform with which the Company is equipped, accessi-ble via the link published on the Gessi website and by following the guided operating instructions within the aforementioned platform;
2. orally: through dedicated telephone lines or voice messaging systems and/or, at the request of the whis-tleblower, through a direct meeting with the HR Manager.

If the Report refers to members of the Joint Committee, the whistleblower shall inform the Board of Directors, placing the Report in two sealed envelopes, including, in the first envelope, the whistleblower’s identification data, together with an identity document; in the second envelope, the subject of the report; both envelopes shall then be placed in a third envelope with the wording “reserved for the Board of Directors” on the outside at Gessi, Par- co Gessi 13037, Serravalle Sesia (VC), Italy. The Board of Directors shall assess the operating procedures to be fol-lowed and the corporate functions to be involved in the management of the Report.

5.2 CONTENT OF THE REPORT OF UNLAWFUL CONDUCT
The Report must be based on precise and concordant facts about the facts and persons reported and made in good faith.
If the Report proves to be, due to wilful misconduct or gross negligence, false, unfounded and/or made for the sole purpose of harming the Person reported, or aimed at reporting situations of an exclusively personal nature and outside the scope of the provisions of the law, it will not be taken into account and the conduct will be sub-ject to disciplinary proceedings pursuant to Article 7 of Law No. 300/70 or termination of the contract or appoint-ment.
The Whistleblower must provide all the elements to his knowledge, useful to proceed to the due and appropriate checks and verifications, in order to ascertain the merits of the facts that are the subject of the Report. To this end, any useful documentation supporting the potential unlawful conduct reported must be attached.
By way of example but not limited to, the report must indicate:
-details of the person making the report, indicating the position or function held;
-a clear and complete description of the facts being reported;
-if known, the circumstances of time and place in which the acts were committed;
-if known, the personal details or other elements (such as job title and the department in which the activi-ty is carried out) that make it possible to identify the person(s) who has/have carried out the reported facts;
-an indication of any other persons who may report on the facts being reported;
-an indication of any documents that may confirm these facts;
-any other information that may provide useful feedback on the existence of the reported facts;
-possible presence of conflict of interest.

Anonymous reports, i.e. without any elements enabling their author to be identified, provided that they are made in accordance with the procedures set out in this Document, will be taken into consideration if they are such as to bring to light circumstantial facts relating to specific contexts (e.g. indications of particular names or qualifications, mention of specific offices, proceedings or events, etc.). The requirement of the truthfulness of the facts or situa-tions reported remains unaffected, in order to protect the reported person.
It should be noted, in any case, that reports based on mere suspicions or rumours will not be acted upon: this is be- cause it is necessary to take into account the interest of third parties who are the subject of the information in-dicated in the report, as well as to avoid unnecessary and costly internal inspections by the companies.
It is mandatory for the whistleblower to declare - when making the report - the possible presence of a conflict of in- terest.
In the light of these indications, the report can therefore be deemed inadmissible for:
-lack of data constituting the essential elements of the report;
-manifest groundlessness of the facts attributable to the infringements typified by the lawmaker;
-presentation of facts of such general content that they cannot be understood by the offices or person in charge;
-production of documentation only without the actual reporting of violations.
In the light of the above, in the event that the report proves to be inexecutable or inadmissible, the offices or per-son in charge of handling the report may proceed to file it, while ensuring the traceability of the supporting reasons.

5.3 EXTERNAL REPORTING CHANNEL
In the hypotheses listed below, the whistleblower may also make a report concerning the breaches referred to in para- graph 5.1 above through an ‘external’ reporting channel set up by ANAC and accessible from the Institutional Internet Site at https://whistleblowing.anticorruzione.it/#/, in the following cases:
I) in his/her work environment, there is no provision for internal channel activation as mandatory or, if pro-vided for, it has not been activated;
II) the report was not acted upon;
III) there are reasonable grounds to believe that if he/she were to report internally it would not be acted up-on or that he/she would face retaliation;
IV) there are reasonable grounds to believe that the breach may constitute an imminent or obvious danger to the public interest
V) the internal report was not acted upon;
VI) there are reasonable grounds to believe that the internal reporting would not be effectively acted upon;
VII) there are reasonable grounds to believe that the report could give rise to a risk of retaliation, such as where similar situations and events have already occurred in the institution;
VIII) the whistleblower has reasonable grounds to believe that the breach may constitute an imminent or ob-vious danger to the public interest

5.4 RECEPTION AND HANDLING OF REPORTS OF ILLEGAL BEHAVIOUR

5.4.1 TAKING CHARGE OF THE REPORT BY THE JOINT COMMITTEE
Owner: Joint Committee
Upon receiving a report through the Mygovernance platform, the Joint Committee has the duty to take it on board within 48 hours of receipt and inform the whistleblower within 7 days of receipt.

In the event that the report is made orally to the Human Resources Manager, the latter shall inform, no later than 24 hours after receipt, the Joint Committee so that it may take charge of the report as indicated in paragraph above.

The Chairman of the Joint Committee verifies whether the reading of the report reveals that:

• there are useful and sufficient elements for an assessment of the merits of the Report itself and therefore no grounds
  for an immediate closure;
• relevant profiles pursuant to Legislative Decree No. 231/2001 can be detected;
• only disciplinary profiles can be detected;
• both relevant profiles pursuant to Legislative Decree No. 231/2001 and disciplinary profiles can be detected.

Once the subject of the report has been identified, the Chairman, unless written delegation to another member of the Committee, shall, within 24 hours of receiving information that the report has been made, draw up a motivat-ed report to be shared with the other members of the Joint Committee within which he reports:

• subject of the report;
• profiles involved;
• reasons why the report is justified or unfounded;
• proposed recipient of the report:
  • Chairman of the Supervisory Body in the case of issues involving liability under Legislative Decree No. 231/01;
  • Human Resources Manager in the case of issues of exclusive disciplinary relevance;
  • Chairman of the Supervisory Body and Human Resources Manager in the event of competition between the abovementioned profiles.

The members of the Joint Committee may submit opposing viewpoints within 24 hours of receiving the report sent by the President, in which case the Committee will meet to discuss them within the next 24 hours.
In the absence of opposing viewpoints, the report is deemed to be assigned to the member of the committee indicated therein, who will either initiate the investigation phase or dismiss it in the event of unfounded profiles.

5.4.2. Investigation
Owner: body to which the report is assigned (Human Resources Manager or Supervisory Body)

With regard to each Report, the Joint Committee Member to whom the Report is assigned by the Chairman of the Joint Committee shall, within 7 days of receipt of the Report, proceed to:

1. initiate specific analyses, where appropriate also involving the corporate functions concerned by the Re-port whether
   deemed appropriate in view of the seriousness and of the Report, by way of example:

-acquiring the information necessary for the evaluations by analysing the documenta-tion/information received;
-involving, where necessary, other company structures or external specialists (e.g. IT specialists) in view of the specific
technical and professional skills required.

2. request, where necessary, clarifications from the reporting party to further investigate the report.

Such investigative and fact-finding activities may only be carried out by the person in charge of handling the re-ports,
including all activities necessary to follow up the report (e.g. hearings or the acquisition of documents).
During the investigation and assessment phases of the report, the Supervisory Body and/or the Human Resources Manager to whom the report is assigned guarantees and protects the confidentiality of the identity of the whist- le-blower, of the reported person and of all the persons involved and/or mentioned in the report.

Where it proves necessary to avail oneself of the technical assistance of third-party professionals, as well as of the specialist support of the staff of other corporate functions/departments, the Supervisory Body and/or the Human Re- sources Manager to whom the report is assigned, shall obscure any type of data that might allow the identifica-tion of the whistleblower or of any other person involved in order to maintain the necessary degree of confidentality.

5.4.3 Outcome of the investigation
Owner: body to which the report is assigned (Human Resources Manager or Supervisory Body)

Once the assessment activity has been completed, the Supervisory Body and/or the Human Resources Manager to whom the report is assigned may:
-propose to the Joint Committee to dismiss the report as unfounded, stating its reasons;
-declare the report well-founded and forward it to the Joint Committee for transmission to the competent internal bodies/functions for follow-up (e.g. corporate management, legal department or human resources).

In any event, the Supervisory Body and/or the Human Resources Manager to whom the report is assigned will pro-ce- ed to trace and file all the stages of the assessment activity correctly according to the type of reporting channel used (for example, if an analogue mail channel was used, all paper documentation such as documents, minutes of hearings, etc. must be properly filed in a folder accessible only to the manager), in order to demonstrate the prop-er diligence taken in acting upon the report.

In particular, the Supervisory Body and/or the Human Resources Manager to whom the report is assigned will rec-ord the following information:
-date of receipt of the Report;
-subject of the Report;
-classification of the Report in:
-unreliable with reasoned proposal to dismiss;
-lacking sufficient and relevant information with a reasoned proposal to dismiss;
-carried out with wilful misconduct or in ‘bad faith’ that could lead to the initiation of disciplinary or sanctining proceedings against the Whistleblower;
-concerning alleged violations referable to offences under Legislative Decree No. 231/2001.
-first and last name of the Whistleblower and the function to which he/she belongs;
-first and last name of the Reported person and the function to which he/she belongs;
-any preliminary findings;
-any decision to close the Report with date and reasons.

In order to ensure the protection of the confidentiality of the whistleblower, the reported person and any person in- volved and of the investigations carried out, any access to the aforementioned database must be indelibly traced and traceable.

-The Supervisory Body and/or the Human Resources Manager to whom the report is assigned will proceed to com-municate the outcome, informing the Joint Committee as well as:
-the Board of Directors;
-the Board of Statutory Auditors of Gessi, if the report involves a member of the Board of Directors;
-the shareholders of Gessi S.p.A., if the report involves both a member of the Board of Directors and a member of the Board of Auditors.

5.4.4. FEEDBACK TO THE WHISTLEBLOWER
The Joint Committee shall also inform the whistleblower of the outcome of the report, within three months from the date of acknowledgement of receipt or - in the absence of such notice - within three months from the date of expiry of the seven-day period for such notice.
In particular, upon expiry of the three-month period, the report manager may inform the whistleblower of:

• the filing of the report, stating the reasons;
• whether the report is well-founded and forwarded to the competent internal bodies;
• the activity carried out so far and/or the activity it intends to carry out.
  In the latter case, the report manager will also inform the whistleblower of the subsequent final outcome of the inve- stigation of the report (archiving or finding that the report is well-founded with transmission to the competent bodies).

6. PROTECTIONS OF THE WHISTLEBLOWER AND THE REPORTED PERSON
6.1 PROTECTIONS OF THE WHISTLEBLOWER AND ASSOCIATED PERSONS

In compliance with the provisions of the applicable legislation, Gessi has taken measures to protect the whistle-blower such as:
-the obligation to keep his identity confidential;
-the prohibition of retaliatory acts against him/her;
-the limitation of his/her liability for the collection or dissemination of certain types of protected information.

Gessi guarantees the confidentiality of the identity of the whistleblower and any other information, including any atta- ched documentation, from which the identity of the whistleblower can be directly or indirectly traced.
The same guarantee is provided for persons involved and/or named in the report, as well as for facilitators, in view of the risk of retaliation.
In this regard, in the context of the disciplinary proceedings initiated by the body against the alleged perpetrator of the reported conduct, the identity of the whistleblower may not be disclosed, where the allegation of the disci-plinary charge is based on investigations that are separate from and additional to the report, even if consequent to it.
If, on the other hand, the charge is based, in whole or in part, on the report and the identity of the person making the report is indispensable for the defence of the person charged with the disciplinary offence or of the person in any event involved in the report, the report can only be used for the purposes of disciplinary proceedings if the whist- leblower has expressly consented to the disclosure of his/her identity.
In such cases, the Company will give prior notice to the whistleblower in writing of the reasons why disclosure of the
confidential data is necessary.
If the whistleblower denies his/her consent, the report cannot be used in the disciplinary proceedings, which, therefo- re, cannot be commenced or continued in the absence of further elements on which to base the charge.
This does not prejudice in any case the Company’s right to proceed with a complaint to the Judicial authorities, should the conditions be met.

In any case, any form of retaliation against the whistleblower, understood as any conduct, act or omission, even if only attempted or threatened, occurring in the work context and resulting - directly or indirectly - in unfair harm to the protected persons, is prohibited.
Retaliatory acts taken in violation of this prohibition are null and void.

The following are to be considered ‘retaliatory offences’, by way of example but not limited to:
-dismissal, suspension or equivalent measures;
-downgrading or non-promotion;
-change of duties, change of place of work, reduction of salary, change of working hours;
-suspension of training or any restriction of access to it;
-negative merit notes or negative references;
-the adoption of disciplinary measures or other penalties, including pecuniary penalties;
-coercion, intimidation, harassment or ostracism;
-discrimination or otherwise unfavourable treatment;
-the failure to convert a fixed-term employment contract into an employment contract of indefinite dura-tion where the employee had a legitimate expectation of such conversion;
-non-renewal or early termination of a fixed-term employment contract;
-damage, including to a person’s reputation, in particular on social media, or economic or financial loss, including loss of economic opportunities and loss of income;
-improper listing on the basis of a formal or informal sectoral or industry agreement, which may result in the person being unable to find employment in the sector or industry in the future;
-o) early termination or cancellation of the contract for the supply of goods or services;
-cancellation of a licence or permit;
-a request to undergo psychiatric or medical examinations.

In accordance with the legislation in force, the Company applies the same protections not only to the whistle-blower, but also to the following persons:
-facilitator, i.e. the natural person who assists the whistleblower in the reporting process, operating within the same work context and whose assistance must remain confidential;
-persons in the same employment context as the whistleblower, the person making a complaint or the person who has made a public disclosure and who are linked to them by a stable emotional or family relationship up to the fourth degree;
-co-workers of the whistleblower or of the person filing a complaint or making a public disclosure, who work in the
same work environment as the whistleblower and who have a regular and current relationship with that person;
-entities owned - either exclusively or in majority by third parties - by the whistleblower, person making a complaint or person making a public disclosure;
-entities where the whistleblower, person making a complaint or person making a public disclosure works.

6.2 PROTECTION OF THE REPORTED PERSON
In accordance with current legislation, Gessi has also adopted safeguards to guarantee the privacy of the reported person, with the only limitation being the application of legal provisions requiring the disclosure of names.
During the verification and investigation activity, the individuals concerned by the Reports may be involved, and under no circumstances will any action be taken solely on the grounds of the Report, in the absence of concrete evidence of its content.
This could possibly occur as a result of other evidence found and ascertained from the Report itself.
The report is not sufficient to initiate disciplinary proceedings.
The Reported person is assured the opportunity to provide any necessary clarification, should it be decided to pro- ceed with the investigative activity as a result of substantiated and relevant information.

7. RETENTION OF DOCUMENTATION
In order to ensure the reconstruction of the different stages of the process, it is the responsibility of the Designat-ed
Body to ensure:

1. the traceability of Reports and their receipt, filing, investigation and assessment;
2. the storage of the documentation relating to the Reports and the related verification activities, as well as any deci- sion-making measures taken by the competent functions in special archives, with the appropriate levels of security/ confidentiality;
3. the retention of documents and reports for the period of time prescribed by law and in any case in com-pliance with the applicable data protection legislation.
   The functions involved in the activities of verifying the validity of the Report ensure, each to the extent of its com-pe- tence, the traceability of the data and information and provide for the storage and archiving of the documenta-tion produced so as to enable the reconstruction of the different stages of the process.

8. DISCIPLINARY SANCTIONS
Violation of this procedure constitutes a disciplinary offence, from which the application of the specific sanctions identified in the specific document entitled “disciplinary system” may result.
Those who have made a report in bad faith are also subject to disciplinary sanction.

9. RESPONSIBILITY AND UPDATING OF THE POLICY
The Designated Body is responsible for this Policy and ensures that it is regularly updated.

10. DISSEMINATION AND COMMUNICATION OF THE POLICY
The Company shall inform all Recipients of the Policy, its existence and content.

11. TRAINING
The Designated Body will be in charge of planning and carrying out training activities related to the Policy as well as posting it on the corporate website.

Information provided according to article art.13 of European Regulation 679/2016 (GDPR - General Data Protection Regulation)

DATA CONTROLLER. The data controller is Gessi S.p.A., represented by the Chairman of the Board of Directors pro tempore, with its registered office at Parco Gessi, 13037 Serravalle Sesia (VC).

DATA PROCESSING DESCRIPTION. Management of the data collected on the dedicated page.

PURPOSE AND LEGAL BASIS. Please be advised that the data will be processed for the following purposes:

The data processing always be based on principles of fairness, lawfulness, transparency and protection of the confidentiality and rights of the data subjects.

MANDATORY OR OPTIONAL NATURE OF DATA PROVISION. Please be advised that, condisering the purposes of the data processing, data provision is mandatory. Failure, partial or incorrect provision could make impossible to finalise the contract.

In case of providing data by filling forms containing asterisks:

The communication of the data marked with an asterisk is necessary and failure to provide it will make impossible for the Data Controller to provide as requested or otherwise handle requests.

The communication of data without an asterisk is optional: failure to provide data will still make it possible to provide the information requested.

RECIPIENTS OR GROUPS OF RECIPIENTS. The personal data may be processed exclusively by the Controller or persons authorised by the latter.

The data will be communicated outside the structure of the owner:
######

The data will not be disclosed.

LODGING A COMPLAINT WITH THE SUPERVISORY AUTHORITY. The data subject is entitled to lodge a complaint with the Supervisory Authority (for Italy: Garante per la protezione dei dati personali www.garanteprivacy.it).

RIGHTS OF THE DATA SUBJECTS. It is possible at any time, to exercise the rights to access personal data, rectify or erase the latter, restrict processing, object thereto or to processing portability according to articles 15-20 of European Regulation 679/2016 by sending an e-mail to the following address: privacy@gessi.it

The exercise of the rights of the interested party could be delayed, limited or excluded in the cases provided by art. 2-undecies Legislative Decree 196/03.

RIGHT TO OBJECT. The right to object, for reasons related to the particular situation of the Data Subject, to the processing of personal data concerning him/her, pursuant to art. 6 (1) (e) or (f) GDPR. With regard to the processing of personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, including profiling to the extent that it is related to such direct marketing through the sending of an email request privacy@gessi.it

EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS. Processing does not involve any automated deci- sion-making process.

TRANSFER OF DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANISATION. The data Controller shall not transfer any personal data to a third country or international organisation.

Information provided according to article art.13 of European Regulation 679/2016 (GDPR - Genaral Data Protection Regulation)

DATA CONTROLLER. The data controller is Gessi S.p.A., represented by the Chairman of the Board of Directors pro tempore, with its registered office at Parco Gessi, 13037 Serravalle Sesia (VC).

DATA PROCESSING DESCRIPTION. Promotion and marketing activities through the use of Newsletters and production activities offered for customers and prospects..

PURPOSE AND LEGAL BASIS. Please be advised that the data will be processed for the following purposes:

MANDATORY OR OPTIONAL NATURE OF DATA PROVISION. Please be advised that, condisering the purposes of the data processing, data provision is mandatory. Failure, partial or incorrect provision could make impossible to finalise the contract.

In case of providing data by filling forms containing asterisks:
• The communication of the data marked with an asterisk is necessary and failure to provide it will make impossible for the Data Controller to provide as requested or otherwise handle requests.
• The communication of data without an asterisk is optional: failure to provide data will still make it possible to pro- vide the information requested.

RECIPIENTS OR GROUPS OF RECIPIENTS. The personal data may be processed exclusively by the Controller or persons authorised by the latter.

The data will be communicated outside the structure of the owner:

The data will not be disclosed.

LODGING A COMPLAINT WITH THE SUPERVISORY AUTHORITY. The data subject is entitled to lodge a complaint with the Supervisory Authority (for Italy: Garante per la protezione dei dati personali www.garanteprivacy.it).

RIGHTS OF THE DATA SUBJECTS. It is possible at any time, to exercise the rights to access personal data, rectify or erase the latter, restrict processing, object thereto or to processing portability according to articles 15-20 of Europe- an Regulation 679/2016 by sending an e-mail to the following address: privacy@gessi.it

The exercise of the rights of the interested party could be delayed, limited or excluded in the cases provided by art. 2-undecies Legislative Decree 196/03.

RIGHT TO OBJECT. The right to object, for reasons related to the particular situation of the Data Subject, to the pro- cessing of personal data concerning him/her, pursuant to art. 6 (1) (e) or (f) GDPR. With regard to the processing of personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, including profiling to the extent that it is related to such direct marketing through the sending of an email request privacy@gessi.it

RIGHT TO WITHDRAW CONSENT. The data subject has the right to revoke his/her consent at any time by sending a request to that effect via email to the address privacy@gessi.it; The revocation does not affect the lawfulness of the processing based on the consent given before the revocation itself.

EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS. Processing does not involve any automated decision-making process.

TRANSFER OF DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANISATION. The data Controller shall not transfer any personal data to a third country or international organisation.

1. PURPOSE AND SCOPE OF APPLICATION

1.1. This Policy (hereinafter referred to as the “Policy”) is adopted by Gessi S.p.A. (hereinafter referred to as “Gessi”) to
regulate the proper use of its IT Tools (as defined in Article 2 of this Policy).
1.2. This Policy applies to all employees, regardless of their role and/or level, as well as to all collaborators of Gessi, regardless of the type of contractual relationship (e.g., temporary workers, project collaborators, interns, etc.), in ad- dition to employees and collaborators of external companies contracted to provide services, who are authorized to use Gessi’s IT Tools (all collectively referred to in this Policy as “Users”).

2. IT TOOLS
2.1. “IT Tools” refers to the following resources provided to Users by Gessi:
(I) Hardware Devices: all electronic devices such as, by way of example, personal computers (PCs), tablets, mobile phones, SIM cards, USB drives, printers, etc., provided to Users by Gessi;
(II) Corporate Accounts: the corporate email account, accounts for Gessi’s internal programs used for managing clients, suppliers, etc.;
(III) Intranet: Gessi’s internal corporate network;
(IV) Software: software programs installed on Hardware Devices;
(V) Internet: Gessi’s password-protected external network.

2.2. This Policy does not grant Users the right to access IT Tools.

2.3. The IT Tools provided to Users by Gessi are and will remain the exclusive property of Gessi (or are otherwise licensed exclusively to Gessi), and the User waives any claim of ownership over them.

2.4. In any case, Users are authorized to use the IT Tools provided solely for performing tasks assigned by Gessi or, in the case of employees and collaborators of external suppliers, for carrying out tasks assigned by those suppliers, within the limits of agreements with Gessi. Users are solely responsible for any unlawful conduct carried out using the IT Tools, unless otherwise specified by applicable regulations.

3. USE OF HARDWARE DEVICES
3.1. Users must handle all Hardware Devices with utmost care. For example, they must promptly report any need for maintenance, or any malfunction observed while using the Hardware Devices, avoid spilling liquids on these devices, use appropriate cases for portable devices, and so on.

3.2. Users must safeguard Hardware Devices appropriately, both within Gessi’s premises and outside (e.g., at other work locations, their own residence, during business trips, etc.) to prevent theft and/or damage.
For instance: for desktop computers within Gessi premises protected by passwords, Users must always lock the com- puter or, at a minimum, log out of the device before leaving their workstation; for portable devices, Users must ensure that these devices are password-protected, not left unattended, not lost, or accessed by unauthorized individuals. They must also carry such devices as hand luggage rather than placing them in checked baggage, and so forth.

3.3. Users must utilize the security features provided by Gessi (e.g., printing functions requiring badges or access codes) where available.

3.4. In case of damage, loss, or theft of Hardware Devices, Users must promptly report the incident to Mattia Masi at mmasi@gessi.it and follow the instructions provided (e.g., filing a report with local authorities if requested).

3.5. Users are not authorized to modify the configuration of Hardware Devices without the consent and/or assistance of Gessi’s IT Department, at the department’s discretion.

3.6. Users must connect to wireless networks following the security guidelines provided by Gessi’s IT Department.

3.7. The use of removable media for exchanging company information (e.g., USB drives, external disks) should be avoided whenever possible. Alternative solutions recommended by Gessi (such as sharing information via collaboration tools) should be used instead.

3.8. Before taking photographs or recording videos within Gessi’s premises, Users must obtain specific written autho- rization from ufficiopersonale@gessi.it.

3.9. It is prohibited to leave documents containing confidential information on printing devices, as they may be acces- sible to unauthorized personnel.

4. USE OF SOFTWARE
4.1. Hardware Devices are equipped with Software selected by Gessi to meet the needs of each User in performing their corporate activities. The installation or use of any software that has not been approved and provided by Gessi is strictly prohibited.

4.2. Users must systematically update the Software. Specifically, as soon as they are notified (e.g., through a visual notification on their device) that a new update is available, Users are required to execute the Software update.

4.3. Hardware Devices are equipped with security Software (e.g., antivirus, anti-malware, or personal firewall software). If a User notices that such Software is not installed, is about to expire, or has expired, they must immediately notify the IT Department. These security Software programs must not be removed or disabled by the User. Users are respon- sible for updating security Software and regularly performing antivirus and antispam scans on their work computers.

4.4. Only personnel authorized by Gessi’s IT Department may remotely access a User’s device, solely for the purpose of providing support and only with the User’s explicit consent.

4.5. Files or folders on a User’s IT device must be shared exclusively using the tools provided by Gessi and in accor- dance with established security rules and guidelines.

5. USE OF CORPORATE ACCOUNTS
5.1 Password
5.1.1. Users are required to safeguard the credentials for accessing email and other corporate accounts (“Accounts”). In this regard, Users must:
• Never share their Account passwords with anyone, including colleagues and/or superiors, except with an individual expressly authorized by the CIO;
• Regularly update their passwords using a combination of uppercase letters, lowercase letters, and numbers;
• Avoid using the same password for both email and other Accounts;
• Avoid using the same password for corporate systems and non-corporate systems;
• Never store Account passwords on an unprotected computer or insecure cloud storage service.

5.1.2. Users who suspect their password has been compromised must immediately change it and contact Gessi’s IT Department.

5.2 Protection of Gessi’s Information

5.2.1. Users are required to implement the following protective measures when using Accounts:
(I) Identify and Report Phishing Emails:
• Be cautious of emails with the following characteristics:

1. An unknown or suspicious sender
2. A sense of urgency or threats
3. Spelling or grammatical errors
4. Requests to click on suspicious links or attachments
   • If unsure of an email’s authenticity, avoid clicking on any links or opening attachments. In case of doubt, contact Gessi’s IT Department;

(II) Handle Attachments with Care:
• Avoid opening attachments from unknown or suspicious senders, as they may contain malware;
• Be cautious of attachments with unusual or suspicious extensions;
• Before opening an attachment, hover over the file name to view its full path. If the path appears strange or suspi- cious, do not open the file;
• If in doubt about an attachment, consult the company IT Department;

(III) Use Corporate Email Responsibly:
• Refrain from using Accounts for non-business purposes, such as: subscribing to personal newsletters, sending personal correspondence, using the corporate email address to create accounts on third-party platforms, etc.;
• Do not configure the corporate email account to forward messages to non-corporate devices or systems or to another colleague (unless expressly authorized by Gessi);
• Ensure that Gessi’s Confidential Information is not disclosed, in accordance with Article 8 of this Policy. When necessary to send sensitive Gessi information to third parties, protect it using encryption or other secure tech- nological solutions available to Users.

5.3 Prohibited Conduct Toward Third Parties
5.3.1. Users must use Accounts responsibly, in full compliance with applicable laws and aligned with Gessi’s interests. It is prohibited to send the following messages using Accounts:
• Defamatory, obscene, offensive, harassing, discriminatory, xenophobic, sexist, homophobic, pedophilic, or racist messages;
• Messages that disclose personal information of colleagues or other individuals without authorization;
• Phishing and spam messages;
• Any other messages in violation of applicable laws.

5.4 Internal Collaboration Tools
5.4.1. The content on Gessi’s collaboration tools (e.g., Teams, SharePoint) must be attributable to a specific user; anonymous content is not allowed. Information not related to Gessi’s business activities should not be saved or pu- blished on collaboration tools.
5.4.2. Inappropriate content will be removed from Gessi’s collaboration tools.

6. USE OF INTERNET
Users are required to use the Internet responsibly and solely for purposes directly related to their role at Gessi. Users are aware that all websites visited and downloads may be monitored and/or blocked by Gessi if deemed harmful or unproductive for the proper conduct of business activities.
The following activities are prohibited, including but not limited to:
• Accessing websites with inappropriate content;
• Sending or publishing information that is discriminatory, harassing, threatening, or defamatory toward Gessi, its employees, or business partners;
• Downloading or copying software and/or files that are protected by copyright and not authorized by Gessi or the copyright owner;
• Sharing confidential or sensitive information.

7. USE OF INTRANET
Each user with a device connected to the company network has access to the Gessi Intranet or a similar platform. This network allows users to access sites, services, and applications developed by various departments to obtain in- formation or collaborate on specific Gessi activities. For confidentiality reasons, access to certain sites, services, and applications is restricted to authorized users only. It is the responsibility of users to ensure that the required level of confidentiality for the information published is maintained.

8. GESSI CONFIDENTIAL INFORMATION – SECURITY MEASURES
8.1. Users acknowledge that all information they come to know during or because of their relationship with Gessi (and/ or through the tasks performed in connection with Gessi) is considered confidential. This includes, but is not limited to, correspondence involving Gessi’s email accounts, information concerning know-how, products, finances, processes and services of Gessi, customers, purchases, test results, technology, patents, industrial designs, utility models, other intellectual property rights, accounting, production, distribution, marketing, pricing, plans, strategies, samples, and any other data regarding Gessi that should reasonably be considered confidential (hereinafter: “Confidential Information”).
(I) Not disclose or allow access to Confidential Information to third parties, except when necessary for the proper performance of their role at Gessi Group;
(II) Keep Confidential Information strictly confidential and store in a secure location (such as a server) with adequate security measures to prevent unauthorized access. Specifically, staff members must handle and safeguard Confiden- tial Information in accordance with this Policy, applying the same level of attention they would use to protect their own confidential information;
(III) Use Confidential Information solely for the purpose of their role at Gessi Group;
(IV) Refrain from copying, duplicating, reproducing, or recording Confidential Information in any form, except when strictly necessary for the performance of their role at Gessi Group. Confidential Information, and any media containing it, must be stored in a secure location that is not accessible to unauthorized individuals;
(V) Immediately report any unauthorized disclosure or use of Confidential Information to their superiors and/or the information security officer and take appropriate measures to prevent further unauthorized disclosure or use;
(VI) Promptly return and/or delete all documents and other materials in their possession, custody, or control, con- taining Confidential Information, upon written request from the relevant Gessi Group company.

8.3. Furthermore, if Gessi provides users with a company mobile phone and/or SIM card for the exclusive performance of their work duties or for mixed use, users must refrain from registering the phone number in their own name or the name of third parties during or after the employment relationship.

8.4. All third-party information under Gessi’s control must be protected in accordance with the terms of any agree- ment with third parties. In the absence of such an agreement, the same principles and protection level as for Gessi’s Confidential Information must be applied.

8.5. Information should only be accessible to those whose roles require it, according to the “need-to-know” principle. Users will not share Gessi’s Confidential Information with other users who do not need such information to perform their duties for Gessi.

8.6. Users must be aware that sharing their screen, documents, or application systems increases the risk of unautho- rized disclosure of Confidential Information. Users involved in screen-sharing or application-sharing activities must be careful not to access documents or information unrelated to the task at hand, and not disclose information visible on the screen to unauthorized persons.

8.7. The obligations in this article will remain in effect throughout the duration of the user’s engagement with Gessi (employment contract, collaboration agreement, supplier role, etc.) and for 5 years following the termination of such engagement.

9. PROCESSING OF PERSONAL DATA
When users process personal data of consumers, other employees, or any other individuals in the course of their duties for Gessi, they must always adhere to the principles of confidentiality, integrity, and availability of the personal data being processed. The processing must be carried out in compliance with the applicable privacy regulations, including:
• Regulation (EU) 2016/679 on the protection of individuals withregard to the processing of personal data and the free movement of such data (“GDPR”);
• Law No. 675 of December 31, 1996 - Protection of individuals and other subjects regarding the processing of personal data;
• Any other applicable legislation concerning the processing of personal data.

10. DUTY TO REPORT
Users must immediately report to Gessi:
• Any theft, loss, malfunction, or destruction of IT equipment;
• Any suspicious email or communication received through company accounts;
• Any instance of disclosure of Gessi’s Confidential Information;
• Any violation of this Policy.

11. TRAINING OBLIGATIONS
Upon Gessi’s request, Users must participate in training courses organized by Gessi regarding the proper use of IT tools and digital security.

12. AUDIT
12.1. Gessi will have the right to verify the correct use of IT tools by Users, always in full compliance with privacy regu- lations and workers’ rights.

12.2. Upon Gessi’s request, Users must provide the IT tools and all necessary information for the audit. If necessary, and to ensure that Users’ rights are not violated, Gessi may request Users to participate in the audit.

13. GENERAL CONDITIONS
13.1 This Policy must be complied with by all Users throughout the duration of their assignment with Gessi.
13.2. Failure to comply with this Policy may result in disciplinary actions, the possibility of terminating the relevant con- tract with the Users, the obligation to compensate for any damages caused, and the exercise of other rights available to Gessi under applicable law.
13.3. Gessi may modify the terms and conditions of this Policy at its discretion, providing notice to the Users.
13.4. This Policy does not replace other agreements between Gessi and the Users. In particular, the General Terms of Use for Gessi S.P.A. Corporate Equipment, where applicable to Users, will remain fully valid and effective.

Acknowledged and Accepted by:
Mr./Ms. __________________________ (signature) on __________________________ (date)