ROBIN HAT SL, hereinafter ROBIN HAT, is committed to managing its legal obligations and regulatory compliance in Spain, as well as in the other countries where it markets its products through partners, distributors, or commercial representatives.

As part of that commitment, it has been required to implement a Criminal Compliance and Anti-Corruption Management System (SGCPA), according to which it will identify and manage legal risks, and provide the means for its governing body, senior management, employees, and, as applicable, its business partners; to be aware of the legal obligations that pertain to them and contribute, each from their role, to the generation of an ethical and sustainability culture within ROBIN HAT.

As part of ROBIN HAT's efforts in implementing the SGCPA, this Criminal Compliance and Anti-Corruption Policy has been drafted, which constitutes the framework of the SGCPA and the obligations and commitments assumed by ROBIN HAT.

This document will establish:

• The scope of SGCPA.
• The parameters of behavior and risk.
• The organizational measures and functions of Compliance within ROBIN HAT.
• The obligations related to communication about the operation of the system.
• The obligations related to the provision of channels for receiving information about complaints or irregularities.
• The consequences of non-compliance with both the requirements of the SGCPA and the conduct parameters.
• The criteria for the review and update of the Criminal Compliance and Anti-Corruption Policy.

The SGCPA will be applicable to:

The SGCPA will cover the activities carried out by:

• Partners of ROBIN HAT when acting on behalf and representation of the company.
• Senior management personnel of ROBIN HAT; in the exercise of the functions for which they were hired.
• Staff on the payroll of ROBIN HAT in the performance of their duties. 
• Business partners of ROBIN HAT as long as the contractual or commercial relationship may generate compliance risks.

All activities carried out by any of the subjects mentioned in the subjective scope, that are performed on behalf of or representing ROBIN HAT, or as a consequence of the employment or contractual relationship established between any of the subjects and ROBIN HAT; may be analyzed, investigated, documented, reviewed, or supervised by the Compliance function within the SGCPA, in case it is deemed that it represents or may represent a criminal or corruption risk.

The following behaviors will be considered within the objective scope of SGCPA:

• They may generate criminal liability for the legal entity in accordance with the provisions of the Penal Code. 
• Any practice of bribery, corruption, or contrary to business ethics.
• Any other conduct likely to generate criminal liability that the Compliance function considers relevant and that is included in the risk map of ROBIN HAT for its management.

ROBIN HAT has business interests in different countries, and sells products either directly or through marketplaces or sales representatives, in various countries both within the European Community and around the world.

The activities carried out by any of the subjects indicated in section 2.1 in any country, whether or not ROBIN HAT has a physical presence, may be analyzed, investigated, documented, reviewed, or supervised by the Compliance function within the SGCPA, as long as it considers that they represent or may represent a compliance risk.

ROBIN HAT has carried out a process of identification and risk analysis, which includes those behaviors that, if materialized, could compromise the criminal liability of the organization or involve corrupt practices. Based on this, it has established the level of risk that each behavior represents based on its probability and impact.

The catalog of behaviors incorporated within the SGCPA includes those crimes that generate liability for the legal entity, in accordance with the provisions of the Penal Code; as well as those behaviors that may be classified as bribery or corruption, based on the UNE 19601 standards on compliance management systems and the UNE/ISO 37001 standard on anti-bribery systems.

The Compliance function may incorporate new risks into the catalog of behaviors, whether they generate criminal liability for the legal entity or not, as long as they may have a relevant legal impact on the organization. All identified risks will be analyzed, evaluated, and appropriate controls will be determined for their management.

Behaviors that represent a risk level higher than low must be accompanied by a series of specific controls aimed at eliminating, mitigating, or managing such risks in some way. Control measures may also be established for risks considered low, as long as the Compliance function deems there is reasonable cause to implement the control. 

The review of risks, the definition of controls, and the determination of their review frequency, as well as their effectiveness, corresponds to the Compliance function.

The governing body and senior management are committed to monitoring the effectiveness of controls and approving the necessary human, technological, and economic resources for the operation of the SGCPA.

It is expected that all subjects of application of the Policy:

1. Comply with the obligations regarding regulatory compliance that will be covered by the SGCPA.
2. They meet the requirements of the SGCPA.

Without prejudice to the fact that it is the responsibility of each person to know and comply with the laws and the applicable regulatory framework for ROBIN HAT, the Compliance function will convey and communicate the risks and controls to each of the individuals in the frontline areas who must be aware of and ensure, from their roles, compliance with regulations.

The failure to comply with legal obligations will be considered regulatory non-compliance and will be subject to the disciplinary sanctions that may apply, in accordance with the applicable legislation. The failure to meet the requirements of the SGCPA will be considered non-conformity.

The Compliance function will be the person or body designated to oversee compliance with the Criminal and Anti-Corruption Compliance Policy, the Code of Ethics and Conduct, and the SGCPA, its policies, and procedures in general.

Without prejudice to the above, all members of the organization, according to their level of authority and responsibility, are jointly responsible for monitoring compliance with regulations and the success of the SGCPA.

The Compliance function must enjoy:

• Independence to identify, analyze risks, propose controls, initiate investigations, and present recommendations to the governing body and senior management of ROBIN HAT.
• Budget autonomy: It must have a budget allocation adjusted to the needs of its area. 
• Contact at the highest level to report risk situations and propose recommendations on situations that may impact operational areas, reducing potential conflicts of interest that may arise with intermediaries.

The Compliance function will have the following duties:

• Promote and execute actions for the implementation and maximum effectiveness of the SGCPA. To this end, it will monitor Compliance objectives, drive an annual Compliance action plan, provide support to organization members regarding regulatory compliance, and assess the adequacy of the implemented controls.
• Ensure that periodic training on regulatory compliance is included in the Annual Training Plan of ROBIN HAT, especially in those areas where the risk level is considered high or medium.
• Promote the progressive inclusion of Compliance responsibilities in job descriptions and performance management processes.
• Receive, investigate, and manage the information received through the Ethical Channel, responsibly and promptly addressing any information received, respecting the rights of all parties involved, and taking measures to prevent any reprisals deemed necessary; all in accordance with the Ethical Channel Policy.
• Measure the performance of the SGCPA according to objective, clear, measurable, and reasonable indicators aimed at continuous improvement.
• Identify and manage compliance risks arising from the activities carried out by the subjects indicated in this Policy.
• Ensure the periodic review of the SGCPA.
• Ensure that members of ROBIN HAT, and their business partners when relevant, are provided timely access to the Code of Ethics and Conduct, to the policies of ROBIN HAT, and to consult, when appropriate, with the Compliance function.
• Inform the governing body about the results derived from the application of the SGCPA.

The governing body will be made up of the individuals who have been appointed as administrators of ROBIN HAT. They must demonstrate their leadership and commitment regarding the SGCPA, actively promoting a culture of good regulatory compliance within the organization.

The members of the governing body of ROBIN HAT must fulfill the following obligations:

• Promote the culture of Compliance through exemplary action and defending the values and the Ethical and Conduct Code of ROBIN HAT.
• Ensure the effectiveness of the SGCPA, periodically monitoring that the actions taken have a real and tangible effect on the organization and on the behavior of its members.
• Designate the Compliance function, granting it the necessary autonomous powers of initiative and control, as well as providing it with adequate and sufficient financial, material, technological, and human resources so that it can effectively carry out its work.
• Periodically evaluate the effectiveness of the system and determine if it is necessary to modify the scope of the SGCPA when:

1. There are legislative or jurisprudential changes that advise this;
2. If significant changes occur in the structure or activity of the organization;
3. In any other circumstance that may compromise the proper functioning of the SGCPA.

• Evaluate the recommendations issued by the Compliance function and make the corresponding decisions regarding the matters raised to the governing body, related to the SGCPA or the risks arising from compliance with the established obligations and requirements.
• Ensure the establishment of the processes for will formation and decision-making of ROBIN HAT that guarantee high standards of behavior and contribute to the development of a culture of good regulatory compliance and transparency.
• Approve and modify the Criminal Compliance and Anti-Corruption Policy of ROBIN HAT when there are legislative changes, if there are changes in the structure of the organization, or in any other circumstance that warrants it at the discretion of the governing body or by recommendation of the Compliance function.

The Senior Management, made up of the entire management team of ROBIN HAT, assumes the commitment to good regulatory compliance, maintaining exemplary conduct and actively contributing to the implementation of the SGCPA.

The Senior Management of ROBIN HAT must fulfill the following responsibilities:

• Ensure that the SGCPA is implemented properly at the different levels of the organization.
• Ensure that the requirements and demands of the SGCPA are effectively integrated into the operational processes and procedures of ROBIN HAT.
• Ensure the availability of adequate and reasonably sufficient resources for the effective implementation of the controls provided for in the framework of the SGCPA of ROBIN HAT.
• Comply and enforce the Criminal Compliance and Anti-Corruption Policy at various levels of the organization.
• Communicate the importance of complying with the requirements of the SGCPA both inside and outside of ROBIN HAT, and especially to all those individuals whose actions may compromise the organization's responsibility.
• Promote continuous improvement of the SGCPA and collaborate with the Compliance function in detecting risks and opportunities.
• Contribute to the dissemination of the Ethical Channel Policy and promote the use of this channel and any other means for staff to report irregular behaviors or suspicions of irregularities they may be aware of, as well as to raise questions or inquiries.
• Ensure that no member of the organization is subject to retaliation or disciplinary action for using the ethical channel in good faith to report irregularities, suspicious situations of irregularities, or for refusing to engage in improper conduct.

All members of ROBIN HAT must contribute to the Compliance function, the Administrators, and Senior Management in the implementation of the SGCPA.

A. Common obligations for all employees of ROBIN HAT.

It is the obligation of all workers at ROBIN HAT:

• Act at all times in accordance with the highest ethical standards, respecting the legislation, the Code of Ethics and Conduct, the policies, and other provisions aimed at ensuring good regulatory compliance.
• Report to the Compliance function any irregularity of which you are aware that may be contrary to the law, the Code of Ethics and Conduct, or the policies of ROBIN HAT.
• Collaborate with the Compliance function in the investigation process of any misconduct or non-compliance with the requirements of the SGCPA.
• Attend the training and awareness sessions provided by ROBIN HAT on Compliance.

B. Common obligations of the Business Partners of ROBIN HAT.

ROBIN HAT expects its business partners (strategic allies and suppliers) to always act in compliance with the law and ethics in business, and therefore:

• Comply with legal obligations and refrain from engaging in irregular conduct that violates the Constitution, laws, and regulations in all operations related to the interests of ROBIN HAT.
• Act ethically in business, avoiding all types of corrupt practices or those that seek undue influence over the conduct of public officials to obtain a benefit.
• Respect the rights of your workers and collaborators, avoiding any type of abusive, degrading, discriminatory labor practice or that could be classified as modern slavery according to the definitions of international organizations in the field of Human Rights.

The Compliance function will set the guidelines according to which those business partners who, due to their strategic nature, business volume, or degree of affiliation, must adhere to the compliance of the Code of Ethics and Conduct of ROBIN HAT, or comply with one or more of the internal policies of the organization.

Following the provisions of Standard UNE 19601, the entities controlled by ROBIN HAT must implement the necessary control measures to ensure regulatory compliance in their environment.

The Criminal Compliance and Anti-Corruption Policy will be communicated and made available to all those who have a legitimate interest in knowing it.

The obligations of each of the subjects of application will be communicated in a timely manner and in the formats deemed appropriate by the Compliance function.

ROBIN HAT will make available to its members, business partners, and anyone with a reasonable interest in its activities, communication channels to timely inform the Compliance function about any irregularity or suspicion of irregularity of which they are aware. 

The channels, the process and protocol for receiving, investigating, and managing complaints, as well as the rights of the interested parties, will be regulated in the Ethical Channel Policy.

The Compliance function or whoever it designates must investigate possible breaches and determine the magnitude and implications arising from them, assessing their nature, causes, consequences, and whether they are breaches or non-conformities.

Once the investigation is concluded, the Compliance function will recommend to the Administrators or senior management, as appropriate, the disciplinary or contractual sanctions it deems proportional according to the risk or damage caused, as well as the necessary corrective actions.

The disciplinary actions of a labor nature that ROBIN HAT executes will be in accordance with the law and fully aligned with the applicable Collective Agreement and, in its absence, with the Workers' Statute, following the procedure and determining the sanction according to the severity of the conduct.

The Criminal Compliance and Anti-Corruption Policy will be reviewed by the Compliance function and approved by the Administrators, in the cases provided for in it.

The Compliance function will periodically and permanently review the legal risks of ROBIN HAT and will inform the Governing Body about activities that are affected by new risks arising from legislative changes, changes in activity, or when circumstances require it.

The Criminal Compliance and Anti-Corruption Policy has been approved by ___________ on the _______ of 2023.