TABLE OF CONTENTS

Chapter 1 – The Administrative Liability of Entities

1.1 The administrative liability system laid down by Legislative Decree no. 231/2001 in relation to legal persons, companies and associations

1.1.1      The regulatory framework

1.1.2      The sanctioning system

1.1.3      Applicability abroad

1.1.4      Objective and subjective conditions for the determination of "liability under Decree 231"

1.2 Unlawful conduct and offences that give rise to administrative liability

1.3 The adoption of the Organisation and Management Model for administrative liability exemption purposes

1.3.1      The requirements of the "231 Model": efficiency and effectiveness

1.4 Sources of the Model: Confindustria guidelines for the adoption of organisation models on administrative liability

Chapter 2 - The Company’s Organisational Structure

2.1         The corporate structure and the Governance Model

2.1.1      General data of the Company and Registered Office

2.1.2      Company object

2.2         The institutional structure: Corporate Bodies

2.2.1      The Board of Directors

2.2.2      Statutory Auditors, members of Audit Bodies

2.3         The system of powers and delegated powers

Chapter 3 - Adoption of the Model

3.1         Recipients

3.2         Function and purpose of the Model

3.3         Structure of the Model and conditions

3.4         Method used to define and update the Model

3.4.1      Phase 1: Initial Control Self-Assessment, collection and analysis of all essential documents

3.4.2      Phase 2: Review of the Company’s business areas in order to identify the areas that are concerned by the potential perpetration of offences and Mapping of Areas Exposed to the Risk of Crime

3.4.3      Phase 3: Analysis of Potential Risks with regard to the possible methods of offence perpetration in the different corporate areas and Documented map of the potential methods of offence perpetration in these areas

3.4.3.1       Risk Assessment Formula

3.4.3.2       L Factor, Likelihood of occurrence of the Offence

3.4.3.3       D Factor, Damage resulting from the Offence

3.4.3.4       C Factor, Controls suited to reduce the Risk

3.4.3.5       Risk Assessment Matrix

3.5             Supervisory Body

3.5.1          Structure and composition of the Supervisory Body

3.5.1.1       Requirements

3.5.1.1.1     Subjective eligibility requirements

3.5.1.1.2     Autonomy and independence

3.5.1.1.3     Professionalism

3.5.1.1.4     Continuity of action

3.5.1.2       Revocation

3.5.1.3       Reasons for suspension

3.5.1.4       Temporary impediment

3.5.1.5       Definition of the duties and powers of the Supervisory Body

3.5.1.6       Reporting by the Supervisory Body

3.5.1.7       Information flows to the Supervisory Body

3.5.1.7.1     Information flows to the Supervisory Body: mandatory information

3.6               DISCIPLINARY SYSTEM

3.6.1            General principles

3.6.2           Sanctions

3.6.2.1        Measures against subordinates

3.6.2.2        Measures against business partners, Consultants, business procurers, external collaborators

3.7              Model Updating

3.8              Information and Staff Training

3.8.1           Model distribution

3.8.2           Staff Training

Chapter 4 - The Code of Conduct

4.1              Foreword

4.2              The Code of Conduct

Section 1: Legislative Decree no. 231 of 8 June 2001

Chapter 1 – The Administrative Liability of Entities

1.1 The administrative liability system laid down by Legislative Decree no. 231/2001 in relation to legal persons, companies and associations

1.1.1    The regulatory framework

Legislative Decree no. 231 of 8 June 2001 (hereinafter, Legislative Decree 231/2001), implementing Government Act no. 300 of 29 September 2000, regulates the administrative liability of legal persons, companies and associations even with no legal personality (entities), introducing it into the domestic legal system for the first time.

This Government Act ratifies, inter alia, the Convention on the Protection of the European Communities' Financial Interests of 26 July 1995, the EU Convention of 26 May 1997 on the fight against corruption and the OECD Convention of 17 September 1997 on combating bribery of foreign public officials in international business transactions, and meets the obligations established by the said international regulations and, specifically, the European conventions that require the establishment of liability paradigms for legal persons and a corresponding sanctioning system to tackle corporate crime.

Legislative Decree 231/2001 is thus part of the country’s fulfilment of its international obligations and - being aligned with the legal systems of many European Countries - it establishes the liability of the societas, which is viewed “as an autonomous centre of interests and legal relationships, a reference point for various types of precepts, and the matrix of decisions and activities pursued by subjects who operate in the name, on behalf or otherwise in the interest of the entity”.

The establishment of companies’ administrative liability arises from the empirical finding that illegal conduct within enterprises, far from resulting from the private initiative of single persons, often falls within the scope of a widespread corporate policy and results from decisions taken by senior management.

It is a sui generis “administrative” liability since, albeit it leads to administrative sanctions, it results from an offence and presents the guarantees that are typical of the criminal process.

1.1.2    The sanctioning system

Specifically, Article 9 of Legislative Decree establishes a number of sanctions that can be divided into four types:

• pecuniary sanctions;
• disqualification sanctions:
• ban from doing business;
• suspension/revocation of a licence or concession or authorisation that was functional to the offence;
• prohibition to enter into contracts with the Public Administration;
• exclusion from allowances, grants, loans, subsidies and revocation of any aid already granted;
• prohibition to advertise goods or services;
• confiscation;
• publication of the conviction.

Administrative sanctions may be applied to companies only by criminal courts and only if all the objective and subjective conditions laid down by law are met, namely: the perpetration of a given offence, in the company’ interest or to its advantage, by qualified subjects (senior management positions or persons under them).

1.1.3    Applicability abroad

The liability of entities extends also to offences committed abroad, as long as the State of the place where the fact was committed does not take action against them and provided the special conditions required by Legislative Decree no. 231/2001 are met.

According to Article 4 of Legislative Decree 231/2001, the entity may be liable in Italy for offences - regulated by the same Legislative Decree 231/2001 - committed abroad. The Explanatory Report on Legislative Decree 231/2001 underlines the need not to leave unpunished a frequent criminal situation, also to avoid easy circumventions of the entire legal system in question.

The conditions (established by the rules or inferable from the framework of Legislative Decree 231/2001) on which the liability of entities for offences committed abroad is based, are:

1. the offence must be committed abroad by a subject who is functionally linked to the entity, within the meaning of Article 5, paragraph 1, of Legislative Decree 231/2001;
2. the entity’s head office must be in Italy;
3. the entity is liable only in the cases and at the conditions laid down by Articles 7, 8, 9, 10 of the Italian Criminal Code (in the cases where the law provides for the offender (natural person) to be punished at the request of the Minister of Justice, an action is taken against the entity only if the request is made also against the entity itself).

The reference to Articles 7-10 of the Italian Criminal Code is to be coordinated with Articles 24 to 25-octies of Legislative Decree 231/2001; therefore, also in in accordance with the principle of lawfulness referred to in Article 2 of Legislative Decree 231/2001, the company can be liable only for offences, among those mentioned by Articles 7-10 of the Italian Criminal Code, for which its liability is laid down by an ad hoc legislative provision;

1. in the cases and at the conditions referred to in the aforesaid articles of the Italian Criminal Code, the State of the place in which the offence was committed does not take action against the entity.

1.1.4    Objective and subjective conditions for the determination of "liability under Decree 231"

Administrative liability arises, first of all, from an offence committed in the entity’s interest or to its advantage.

If the offence is to the exclusive advantage of the perpetrator (or of a third party external to the entity), the entity’s liability is excluded, this being a situation of absolute and manifest extraneousness of the entity to the crime.

As for the subjects, Article 5 of Legislative Decree No. 231/2001 establishes the liability of the entity where the crime is committed:

1. “by persons who hold a representation, administrative or management role within the entity or an organisational unit thereof that is financially and functional independent, and by persons who exercise, de facto or otherwise, the management and control thereof” (so-called “senior management”);
2. “by persons under the direction or supervision of any of the subjects indicated in letter a)” (so-called “subordinates”).

The entity’s liability is additional to that of the natural person who physically committed the offence, and is autonomous thereof, since it exists also when the offender has not been identified or cannot be charged or if the criminal charge is dismissed for reasons other than an amnesty.

For the purpose of establishing the entity’s liability and in addition to the fulfilment of the aforesaid conditions that allow for the crime to be objectively linked to the entity, the law requires the ascertainment of the entity’s culpable liability. This condition is identified with an organisational liability, this meaning the violation of adequate diligence rules self-imposed by the entity itself and aimed at preventing the specific risk of crime.

Specific provisions are laid down for corporate transformations, mergers, demergers and transfers; for further details, please refer to Articles 28-33 of Legislative Decree 231/2001.

1.2 Unlawful conduct and offences that give rise to administrative liability

Although the entity’s liability was originally established for offences against the Public Administration or against the latter’s assets, it has now been extended - pursuant to regulations enacted after Legislative Decree 231/2001 - to many other administrative offences and unlawful conduct.

Specifically, the administrative liability of entities can result from the offences/unlawful conduct listed by Legislative Decree 321/2001, as reported below:

1. Offences against the Public Administration (Articles 24 and 25)
2. Cybercrimes and unlawful data processing (Article 24-bis)
3. Organised crime (Article 24-ter)
4. Forgery of money, public credit cards and revenue stamps (Article 25-bis)
5. Offences against industry and trade (Article 25-bis.1)
6. Corporate offences (Article 25-ter)
7. Crimes with the purpose of terrorism or subversion of the democratic order (Article 25-quater)
8. Female genital mutilation (Article 25-quater. 1).
9. Crimes against individuals (Article 25-quinquies)
10. Market abuse (Article 25-sexies)
11. Manslaughter or serious or very serious culpable personal injury committed through violation of the rules on health and safety at work (Article 25-septies)
12. Receiving, laundering and using money, goods or assets of illicit origin and self-laundering (Article 25-octies)
13. Copyright infringements (Article 25-novies)
14. Induction not to make statements or to make false statements before the judicial authority (Article 25-decies)
15. Environmental crimes (art. 25 – undecies)
16. Employment of illegally staying third-country nationals (Art. 25 duodecies)
17. Racism and Xenophobia (art. 25 terdecies)

The aforementioned list refers to the current list as of the date of writing of this document.  

1.3 The adoption of the Organisation and Management Model for administrative liability exemption purposes

Article 6 of Legislative Decree 231/2001 establishes that, if the crime is committed by a subject listed in the Decree, the Entity is not liable where it proves that:

1. before the offence was committed, the entity’s management adopted and effectively implemented organisation and management models capable of preventing offences like the one that was actually committed;
2. the task of overseeing Model implementation and compliance has been entrusted to a corporate body that has independent powers of initiative and control;
3. the offenders committed the crime by fraudulently circumventing the organisation and management models;
4. there was no omitted or insufficient control by the body referred to in letter b).

Article 7 of Legislative Decree 231/01 also establishes that if the offence is committed by persons under the supervision of a senior position, the entity is liable if perpetration of the offence was made possible by non-compliance with management and supervision duties.

However, such non-compliance is ruled out, and thus the entity is not liable, where the latter, before the offence was committed, adopted and effectively implemented an appropriate Organisation, Management and Control Model to prevent offences like the one that was actually committed.

It should also be noted that, in the case outlined by Article 6 (offence committed by senior management), the burden of proving the existence of the exempting situation lies with the Entity; whereas in the case regulated by Article 7 (offence committed by persons subject to the supervision of others), the burden of proving non-compliance or the absence of the models or their inappropriateness lies with the accuser.

1.3.1    The requirements of the "231 Model": efficiency and effectiveness

The mere adoption of the organisation and management model (hereinafter also "Model") by the entity’s management - to be identified with the body that has management powers - the Single Director - is not enough to exempt the entity from liability; rather, the model needs to be effective and efficient.

As for the efficiency of the Model, Article 6 paragraph 2 of Legislative Decree 231/2001, establishes that the Model must:

1. identify the activities which may give rise to offences (so-called “mapping” or risk activities);
2. define specific protocols designed to plan training and the implementation of the entity’s decisions relating to the offences to be prevented;
3. identify procedures for managing financial resources to prevent offences;
4. establish reporting obligations toward the body appointed to oversee Model implementation and compliance;
5. introduce an effective disciplinary system to punish non-compliance with the measures indicated in the Model.

The effectiveness of the Model is related, instead, to its effective implementation which requires, pursuant to Article 7 paragraph 4 of Legislative Decree 231/2001:

1. a periodic assessment and possible modification of the same in case of significant violations of its provisions or in case of changes within the organisation, its activities or further regulatory changes (Model updating);
2. an effective disciplinary system to punish non-compliance with the measures indicated in the Model.

1.4 Sources of the Model: Confindustria guidelines for the adoption of organisation models on administrative liability

The law expressly establishes (Article 6 paragraph 3 of Legislative Decree No. 231/2001) that organisation and management models can be adopted on the basis of codes of conduct drawn up by associations representing the entities, communicated to the Ministry of Justice.

Implementing the said provision, Confindustria has drawn up and subsequently updated its "Guidelines for the drawing up of organisation, management and control models under Legislative Decree no. 231 of 2001".

To draw up this Organisation and Control Model, the Company has expressly taken into account both the regulatory provisions[1] and the said Confindustria guidelines which will be referred to herein.

SECTION 2: THE COMPANY’S GOVERNANCE MODEL AND ORGANISATIONAL STRUCTURE

Chapter 2 - The Company’s Organisational Structure

2.1      The corporate structure and the Governance Model

2.1.1    General data of the Company and Registered Office

LEHVOSS Italia S.r.l., a limited liability company, whose single member is LEHVOSS BETEILIGUNGSGESELLSCHAFT MBH, has its registered office in Milan (MI), Via Borgogna 2, zip code 20121, Tax Code and VAT 10011260154, REA (Administrative and Economic Dossier) no. MI-1334553.

The Company has its Administrative, Commercial and Warehouse offices in Origgio, Viale Italia 2, zip code 21040.

The Company declares it is subject to the direction and coordination of another entity within the meaning of Article 2497 bis of the Italian Civil Code.

2.1.2    Company object

The Company is active, directly and/or indirectly, in the following activities:

• research, study, design, production, buying and selling, also on a distance basis, import and export of chemical products and other products used in the chemical industry, and machinery and equipment for chemical companies, either on its own account or on behalf of third parties. The Company may acquire, use and transfer patents, knowhow and other intellectual property rights, carry out market research and data processing on its own account and on behalf of third parties, grant and obtain marketing licences. It may also engage in any commercial, industrial, security-based and real estate operations, including financial operations (the latter only on a secondary basis and not toward the public) which are deemed necessary solely to achieve its purposes, including the granting of sureties and guarantees, even on real estate, to any party, for any obligations, including third party obligations. Lastly, the Company may participate in any way in associations, also under participation agreements within the meaning of Article 2549 et seq. of the Italian Civil Code, acquire any interests and stakes in other undertakings and companies and consortia having similar, complementary and related purposes, and in any case as a stable investment and not for placement purposes. The Company may accept national and international representation assignments.    

2.2          The institutional structure: Corporate Bodies

2.2.1    The Board of Directors

The Company is administered by a Board of Directors consisting of 3 (three) members in the persons of Stefanie Klemt, Cristina Lorenzetti and Annalisa Pini, appointed by deed dated 18/10/2023 until revocation or resignation.

2.2.2    Statutory Auditors, members of Audit Bodies

The Company is controlled by a 5-member Board of Statutory Auditors lasting in office for 3 years.

The members of the Board of Statutory Auditors are:

• Chairman of the Board of Statutory Auditors: SARA PUGLIA MUELLER, appointed with deed dated 28 April 2017
• Standing Auditor: BEATRICE LOMBARDINI, appointed with deed dated 28 April 2017
• Standing Auditor: ALBERTO CANOVA, appointed with deed dated 28 April 2017
• Alternate Auditor: GIANCARLO PUGLIA, appointed with deed dated 28 April 2017
• Alternate Auditor: ANGELA ANGLANI, appointed with deed dated 28 April 2017

2.2.3    Supervisory Body

•  LEHVOSS Italia S.r.l. Supervisory Body is made up of the members of Board of Auditors  Mrs. Sara Puglia Mueller Mrs Beatrice Lombardini and Mr. Alberto Canova.
• emailOrganismodivigilanza(at)lehvoss(dot)it
• Office: Via Mazzini n. 20, 20123 Milan

2.3      The system of powers and delegated powers

Ms. Cristina Lorenzetti and Ms. Annalisa Pini have been appointed as Managing Directors of the Company, each with the following powers and proxies, to be exercised with single signature and severally with the other Directors, with the right to sub-delegate, with an expenditure limit of €250,000.00 for transactions that directly or indirectly entail the disposal of sums of money of any kind and without any further limit
(a) negotiating and entering into any contract necessary for the performance of the Company's business, including, by way of non-limiting example, distribution, agency, sales, leasing and other contracts relating to the use of instruments and assets necessary for the performance of the business, such as, by way of non-limiting example, company vehicles
(b) receive correspondence addressed to the Company and make signatures on the receipt of such correspondence;
(c) issuing and collecting receipts, collecting bank cheque books, signing, accepting and endorsing all trade bills, cheques and negotiating documents
(d) negotiate, enter into and terminate any and all contracts pertaining to the corporate purpose, binding the Company to this end;
(e) underwrite insurance contracts, for any risks concerning the Company, pay insurance premiums and claim indemnities;
(f) to sign invoices, delivery notes, credit notes and generally make declarations for tax and social security purposes on behalf of the Company, including tax returns and annual VAT returns
(g) represent the Company before the tax authorities and any public administration;
(h) to collect any amount for any reason whatsoever due to the Company, issuing the relevant receipts and receipts on account or in balance
(i) to collect from the post office, railways, ports, customs and any public or private forwarding office, ordinary, registered and insured letters, postal and telegraphic money orders, postcards, money orders, parcels, folders and packages containing valuables and objects of all kinds, either directly or through other persons, claiming the relative amounts and signing the appropriate discharges and receipts
(j) to deposit for collection on the Company's accounts money, bills of exchange, drafts, securities, shipping notices issued by the post office, railways, ports, customs and any public or private forwarding office; to issue for this purpose ample discharge receipts
(k) to purchase and sell goods, materials and equipment necessary for the Company's business;
(l) to negotiate and enter into contracts relating to the business constituting the object of the Company; and
(m) enter into insurance contracts, against any risk, inherent to the Company's object, as well as the premises occupied by the Company, cars, goods and services in general used by the Company.
 
Ms. Stefanie Klemt has been appointed as Chairman of the Board of Directors, whose representation she has, and as "employer" pursuant to Article 2, letter b) of Legislative Decree No. 81/2008 and subsequent amendments and additions, and for all legal purposes, for all functions and fulfilments pursuant to Legislative Decree No. 81/2008. In particular, Ms. Stefanie Klemt, in her capacity as "employer", has been granted all powers to perform any act aimed at adopting
(a) any measures necessary to ensure the health and safety of workers and the hygiene and safety of workplaces pursuant to Legislative Decree No. 81/2008; and
(b) all the acts necessary or deemed appropriate for the purposes of complying with the obligations and fulfilment of the requirements provided for by Legislative Decree No. 81/2008 or by any other provision of law or regulation on safety at work, as well as for the purposes of compliance with orders on the matter issued by judicial or administrative authorities, none excluded, so that for no reason whatsoever can any lack or incompleteness of powers be opposed,
with functions to be exercised with full autonomy in decision-making, drive, direction and expenditure, and without limitations, including procedural limitations of any kind, in order to ensure the achievement, maintenance and, if necessary, the restoration of safety conditions in the workplace, under her personal civil and criminal liability. In particular, Ms. Stefanie Klemt is granted, purely by way of example and without limitation, the powers to perform all functions and fulfilments relating to safety, pursuant to Legislative Decree no. 81/2008 and subsequent amendments and additions.Ms. Stefanie Klemt is assigned, conferred and/or delegated any and all powers necessary or useful with reference to the provisions of the aforementioned legislative decree no. 81/2008, without exception, for the performance of any and all activities useful or necessary for the implementation of all regulations relating to the hygiene, health and safety of workers, workplaces and means of work, of any kind, nothing excluded or excepted, so that no lack of representation or powers in relation to the health and safety of workers, workplaces and means of work may be in any way opposed. Ms. Stefanie Klemt, as the responsible party and employer pursuant to Article 2, paragraph 1, letter b) of Legislative Decree no. 81/2008 and subsequent amendments and supplements, may not delegate the functions, powers and faculties set forth in Article 17 of the same Legislative Decree no. 81/2008 and subsequent amendments and supplements, as well as anything else that cannot be delegated by law. Ms. Stefanie Klemt, also pursuant to Article 16 of Legislative Decree no. 81/2008 and subsequent amendments and additions, may delegate her functions and identify and designate the persons in charge as set forth in Article 2, paragraph 1, letter e) of Legislative Decree no. 81/2008 and subsequent amendments and additions, cooperating, to the extent applicable, with the other managers of the company in the creation and updating of the company organisational chart and function chart. Ms Stefanie Klemt is also responsible for exercising hierarchical, managerial and disciplinary authority in matters of hygiene, safety and health of workers, workplaces and means of work. Stefanie Klemt is required to promptly inform the Board of Directors in writing of any organisational or structural shortcomings encountered in the performance of her duties, as well as of any situation of risk or non-compliance with the regulations and prescriptions issued, with an express indication of the remedies and measures adopted, without this exempting her from providing for all activities that may be necessary or appropriate to eliminate shortcomings or non-compliance that she must in any case provide for the proper performance of the duties assigned to her.

SECTION 3: THE CONTENT OF THE ORGANISATION AND MANAGEMENT MODEL

Chapter 3 - Adoption of the Model

3.1      Recipients

The principles and content of the Model are intended for the members of the Company’s bodies, executives, employees, these meaning subordinates, interns, collaborators under fixed-term contracts, project-based collaborators.

The Model also applies, within the limits of their existing relationship with the Company, to those parties who, albeit not belonging to the Company, operate according to a mandate or on behalf thereof or are otherwise connected to the Company by relevant legal relationships for the purpose of crime prevention (hereinafter Recipients).

3.2      Function and purpose of the Model

The Company’s decision to draw up an Organisation and Management Model is part of its broader business policy that takes the shape of initiatives and actions designed to make all the Company's staff members (from its managers to its subordinates), its external collaborators and trade partners more aware of the need to act transparently and fairly, in accordance with the current regulations and the fundamental principles of business ethics, in the pursuit of the Company’s object.

Specifically, by adopting the Model the Company intends to pursue the following objectives:

1. to make all its staff and anyone collaborating or having business dealings therewith aware that the Company absolutely condemns any conduct that is contrary to statutory provisions, supervisory provisions, internal regulations and the principles of good and transparent governance which the Company grounds its operations on;
2. to inform its staff, collaborators and external partners of the serious administrative sanctions that may be applied to the Company in case an offence is committed;
3. to prevent any unlawful conduct, including criminal conduct, within the Company through the continuous control of all the areas involving activities at risk and to train staff on the correct performance of their duties.

3.3      Structure of the Model and conditions

This Model includes:

1. a First section designed to illustrate the purposes and content of Legislative Decree 231/2001;
2. a Second section that describes the Governance Model and the Company’s organisational structure;
3. a Third section that represents the heart of the Model and deals with its content:
   • method used to define and update the Model,
   • definition of processes,
   • characteristics and operation of the Supervisory Body and information flows,
   • disciplinary system,
   • training and information activities,
   • Model updating;
4. a Fourth section containing the principles of conduct, i.e. the essential rules of conduct that must be complied with by all those who carry out activities on the Company’s behalf and in its interest, so that their conduct is always in accordance with the principles of fairness, collaboration, loyalty, transparency and mutual respect, as well as to prevent conduct that falls within the list of offences and unlawful conduct provided for by Legislative Decree 231/2001.

The Model is completed by the following Attachments, which are an integral part thereof:

1. Attachment 1 - Mapping of areas exposed to the risk of Crime
2. Attachment 2 - Analysis of the Risks of Crime;
3. Attachment 3 - Code of Conduct
4. Attachment 4 - Preventive Security Protocols; specifically:

• Operative Finance,
• Purchases of Goods and Services,
• Drafting of Financial Statements,
• Dealings with Institutions,
• Court Proceedings and Arbitration Proceedings,
• Staff Selection,
• Health and Safety at Work,
• Copyright Protection,
• Gift Management
• Sponsorship Management;

1. Attachment 4bis - Preventive Security Protocols - Control Check-list for quarterly reports to the Supervisory Body
2. Attachment 5 - Internal Sanctioning/Disciplinary System;
3. Attachment 4 - Documentation for staff and third parties.

3.4  Method used to define and update the Model

In the light also of the Confindustria guidelines, the Company has defined a Model responding to actual situations that can potentially arise in the operations of its organisational structures, having regard to the specific features of each business sector and to each offence regulated by Legislative Decree 231/2001.

The Planning of the Management System was developed through different Operating Phases, specifically:

1. Phase 1 - Initial Control Self-Assessment, collection and analysis of all essential documents;
2. Phase 2 - Review of the Company’s business areas in order to identify the areas that are concerned by the potential perpetration of offences and "Mapping of Areas Exposed to the Risk of Crime";
3. Phase 3 - "Analysis of Potential Risks" with regard to the possible methods of offence perpetration in the different corporate areas and "Documented map of the potential methods of offence perpetration in these areas";

Please find below a summary of the various phases of the methodology used to create and update the Model.

3.4.1    Phase 1: Initial Control Self-Assessment, collection and analysis of all essential documents

An initial Control Self-Assessment check-up was carried out and all the official documents available within the Company were collected so as to gather information on its organisational structure and business (e.g. organisational chart, duties, powers of attorney, delegated powers, operating procedures, etc...).

The check-up was carried out by filling in the document "Initial Control Self-Assessment Check-up pursuant to Legislative Decree 231/2001", kept in the Company’s records.

The results of this initial check-up were then described in the "Preliminary Report on the need for an Organisation and Control Model within the meaning of Legislative Decree 231/2001", kept in the Company’s records, so as to provide relevant information on the opportunity to adopt an Organisation, Management and Control Model under Legislative Decree 231/2001.

3.4.2    Phase 2: Review of the Company’s business areas in order to identify the areas that are concerned by the potential perpetration of offences and Mapping of Areas Exposed to the Risk of Crime

The Company’s businesses/processes were thoroughly examined and, by analysing the activities carried out by the organisational structure, we identified the areas deemed to be “sensitive”, i.e. relevant areas for the liability established by Legislative Decree 231/2001.

In operating terms, the Company examined the areas, activities and subjects (who, in relation to intentional offences, in special and exceptional cases, might include also those who are connected to the Company by mere quasi self-employment relationships, such as agents, or other forms of collaboration such as business partners and the latter’s employees and collaborators) potentially involved in the perpetration of "predicate offences" within the meaning of Legislative Decree 231/2001.

The identification of corporate activities and processes/activities at risk was made by previously examining corporate documents (organisational charts, main processes, powers of attorney, organisational provisions, etc.) and carrying out a number of interviews with key subjects within the Company’s structure.

The results of this review were formalised and described in the "Map of Areas Exposed to the Risk of Crime under Legislative Decree 231/2001", kept in the Company’s records.

The document formalises - in a schematic and descriptive way - the summary results of this analysis and shows, using easily identifiable and readable matrices, the corporate areas/functions that can be potentially involved in the offences listed by Legislative Decree 231/2001.

3.4.3    Phase 3: Analysis of Potential Risks with regard to the possible methods of offence perpetration in the different corporate areas and Documented map of the potential methods of offence perpetration in these areas

The Managers of single functions were asked to illustrate the operating methods and the concrete controls in place to monitor the identified risk in relation to “sensitive” activities.

In operating terms, after identifying the areas/processes potentially exposed to the risk of crime in the “Map of Areas exposed to the Risk of Crime”, we assessed the factors that affected their impact, namely the potential ensuing damage related to the likelihood of their occurrence.

The results of the Risk Analysis were formalised - in a graphic, schematic and descriptive way - in the document "Analysis of Potential Risks with regard to the possible methods of offence perpetration in the different corporate areas under Legislative Decree 231/2001", kept in the Company’s records.

In methodological and operating terms, as established by the most advanced risk analysis and prevention management systems, the Risk Analysis was carried out by determining the applicable risks using an internationally renowned algorithm that is used in risk analysis processes (e.g. it is generally used to identify and estimate risks in relation to the protection and safety of personal data (Legislative Decree 196/2003) and for risk assessments concerning health and safety at work (Legislative Decree 81/2008)).

The Risk Analysis was structured according to the following operating phases:

1. Listing of offences;
2. Listing of sensitive processes
3. Analysis of existing Controls;
4. Analysis of the Likelihood of occurrence of the Offence;
5. Analysis of impacts and Damage;
6. Measurement of risk.

The Paragraphs below report the descriptive methodological details of this analysis.

3.4.3.1 Risk Assessment Formula

To assess the Risk of offences being committed, we used the following risk analysis Formula:

R ( Risk ) = LxD/C

Where:

L = LIKELIHOOD of the crime being committed:

D = POTENTIAL DAMAGE resulting from the offence;

C = CONTROLS already in place and suited to reduce the Risk R, considered as a whole.

In order to use this formula correctly, a numerical scale was defined on 4 levels ranging from 0 to 3, both to assess Likelihood ( L ), Damage ( D ) and existing Controls ( C ), in accordance with the criteria reported below.

3.4.3.2  L Factor, Likelihood of occurrence of the Offence

L = Likelihood Factor for the Company, namely the possibility that the offence may be perpetrated, according to the following numerical scale:

0= N.A: IRRELEVANT (N.A. NOT APPLICABLE - NOT PRESENT)

1= HIGHLY UNLIKELY: possibility only in case of a combination of several unlikely, independent and hardly predictable and/or controllable events

2= POSSIBLE OR LIKELY: concrete possibility of occurrence of the offence as the direct consequence of a specific, clearly identifiable cause.

3= HIGHLY POSSIBLE OR LIKELY: high possibility of occurrence of the offence as the direct consequence of a specific, clearly identifiable cause.

3.4.3.3 D Factor, Damage resulting from the Offence

D = Damage Factor for the Company, namely the legal impact deriving from the offence, according to the following numerical scale:

0= N.A. (NOT APPLICABLE - NOT PRESENT)

1= LOW RISK: situation that determines a slight legal risk for the Company (minor administrative sanctions)

2= MEDIUM RISK: situation that determines a medium/high legal risk for the Company (medium/high administrative sanctions)

3= HIGH RISK: situation that determines a high legal risk for the Company (heavy criminal, administrative sanctions, disqualification sanctions).

3.4.3.4 C Factor, Controls suited to reduce the Risk

C = Controls, namely an element that is suited to reduce the Risk R, assessed as a whole, according to the following numerical scale:

0= N.A. (NOT APPLICABLE)

1= CONTROL NOT APPLIED;

2= DE FACTO CONTROL, NOT FORMALISED

3= DE FACTO CONTROL FORMALISED WITH INTERNAL PROCEDURES AND REGULATIONS.

The assessment of the controls in place was made:

1. By analysing the controls applied to internal operating processes.
2. By analysing the controls applied in relation the single Offences regulated by Legislative Decree 231/2001.

The C final value used in the Formula R=LxD/C consists of the AVERAGE value of the C factors referred to in paragraphs 1 and 2 above.

3.4.3.5 Risk Assessment Matrix

The use of a 4-level numerical scale ranging from 0 to 3 allows for the level of risk to be assessed (1 to 9) according to an overall matrix based on the formula R (Risk) = LxD/C.

In this mathematical Formula, the C factor (Controls) is crucial in order to establish the final Risk assessment.

In fact, Risk assessment can be viewed as consisting of two different operating Phases: the first in which the Risk is assessed in theory, without considering the C Factor, and a second Phase in which the Control element, represented by the C Factor, is taken into account.

In summary, Phase 1 leads to the ex-ante assessment of the INITIAL THEORETICAL RISK without considering the C Factor (hence R=LxD) while Phase 2 leads to the ex-post assessment of the FINAL ACTUAL RISK, after considering the controls in place (hence R=LxD/C).

The results of the Control analysis (C Factor) were firstly applied:

• to the Company’s internal operating Processes
• to the single Offences regulated by Legislative Decree 231/2001

We then reported the final Risk Assessment Matrix, which shows the Analysis of the Likelihood of occurrence of an Offence (L Factor) and the analysis of Damage having an impact on the Company in case of the perpetration of an Offence.

The Matrix, as specified above, reports the ex-ante assessment of the INITIAL THEORETICAL RISK without considering the C Factor (hence R=LxD) while Phase 2 leads to the ex-post assessment of the FINAL ACTUAL RISK, after considering the controls in place (hence R=LxD/C).

Finally, for an easier understanding and visualisation of the results of the risk analysis, the same results were reported in a graphical representation.

3.5 Supervisory Body

3.5.1    Structure and composition of the Supervisory Body

Legislative Decree 231/2001 provides for the establishment of a supervisory body within the Entity, endowed with autonomous powers of initiative and control, which is specifically given the task of overseeing Model implementation and compliance and of taking care of its update. The existence of the Supervisory Body (hereinafter also "SB") is required in order for the Model to be deemed suitable.

The SB has three members: Mrs. Sara Puglia Mueller, Mrs. Beatrice Lombardini and Mr. Alberto Canova.

The Supervisory Body is established pursuant to a resolution by the Board of Directors, which, at the time of its appointment, acknowledges fulfilment of the requirements of independence, autonomy, integrity and professionalism of its members, referred to in the paragraph below.

The Supervisory Body lasts in office for one year and the renewal of its term may be formalised from year to year.

The members of the Supervisory Body may resign at any time, giving written notice to the Company’s Management and specifying the reasons therefor.

3.5.1.1 Requirements

3.5.1.1.1              Subjective eligibility requirements

The appointment as a member of the SB is conditional upon fulfilment of subjective eligibility requirements.

The following facts are reasons for the SB members’ ineligibility and/or revocation:

• if the member is temporarily banned or suspended from holding management positions within legal persons and undertakings;
• if the member is in any condition of ineligibility or revocation laid down in Article 2382 of the Italian Civil Code;
• if the member holds, whether directly or indirectly, a number of shares with which he can exert considerable influence on the Company.
• if the member has been convicted or involved in plea bargaining, even if not yet final, and even if the punishment is conditionally suspended, subject to the effects of rehabilitation:
• for one of the offences regulated by Royal Decree no. 267 of 16 March 1942 (bankruptcy law);
• for one of the offences regulated by Chapter XI of Book V of the Italian Civil Code (companies and consortia);
• for an offence committed with criminal intent, for no less than one year;
• for an offence against the Public Administration, public faith, the public heritage, the public economy or a tax offence;
• for one of the offences regulated by the rules on the banking, financial, security, insurance business and by the rules on markets and securities, payment instruments.
• if the member, whether in Italy or abroad, has been convicted or involved in plea bargaining, even if not yet final, and even if the punishment is conditionally suspended, subject to the effects of rehabilitation, for violations that are relevant for the purposes of the administrative liability of entities under Legislative Decree no. 231 of 2001;
• if the member has been committed for trial for all the offences/unlawful conduct regulated by Legislative Decree 231/2001;
• if the member has been an executive director, in the three years preceding his appointment as a SB member, in companies:
• that have gone bankrupt, have been involved in an administrative compulsory receivership or similar procedures

3.5.1.1.2              Autonomy and independence

The autonomy and independence of the SB are guaranteed:

• by its positioning, independently of any function, within the Company’s organisational structure;
• by its members’ independence, integrity and professionalism;
• by the SB’s reporting lines to the Company’s Senior Management;
• by the fact that its activities cannot be challenged by any other corporate body or structure;
• by its autonomy in establishing its operating rules, through the adoption of its own Regulations.

The SB has independent spending authority based on an annual budget, approved by the Company’s Management at the proposal of the SB itself. In any case, the latter may ask for the assigned budget to be increased if the budget proves not to be sufficient for the effective performance of the SB’s duties, and may extend its spending authority on its own initiative in exceptional or urgent cases, to be subsequently reported to the Company's Management.

In the course of its inspections and controls, the SB has the broadest powers so as to effectively perform its duties.

In the performance of its duties, the SB must avoid any conflict of interest with the Company, even only potential conflicts, arising for any reason (for example, for personal or family reasons).

3.5.1.1.3              Professionalism

The SB’s members must have appropriate business experience and technical and legal knowledge to effectively perform the Supervisory Body’s duties.

At the same time, the Supervisory Body must ensure the presence of adequate professionalism for the performance of its functions.

Specifically, the SB must have extensive corporate experience in relation to the activities performed and must hold senior executive positions.

Where necessary, the SB may rely on external consultants for technical operations that are necessary to carry out its controls. In this case, such consultants must always report the results of their services to the SB.

3.5.1.1.4              Continuity of action

The SB must ensure necessary continuity in the performance of its functions, also by programming and planning its activities and controls, taking records of its meetings and regulating all information flows from corporate structures.

3.5.1.2 Revocation

The members of the SB may be revoked by the Company’s Management only for good cause.

In this respect, "good cause" for revocation includes, but not only:

• gross negligence in the performance of the duties connected with their appointment;
• "omitted or insufficient supervision" by the SB - as established by Article 6, paragraph 1 d) of Legislative Decree 231/2001 - resulting from the Company’s conviction, even if not yet final, under Legislative Decree No. 231/01 or from a judgement imposing the sanction requested (the so-called plea bargaining);
• the ascertainment, after their appointment, that the SB members have been members of the Supervisory Body of companies sanctioned, with a final measure (including the sentence issued under art. 63 of the Decree), under art. 9 of the same Decree, for unlawful conduct committed during their office;
• the assignment of operating functions and responsibilities within the Company’s organisation that are incompatible with the requirements of “autonomy and independence" and "continuity of action” that are typical of the SB;
• serious and ascertained reasons of incompatibility which jeopardise the members’ independence and autonomy;

3.5.1.3 Reasons for suspension

A reason for suspension from the position of SB member is the ascertainment, after their appointment, that the SB members have been members of the Supervisory Body of companies sanctioned, with a final measure (including the sentence issued under art. 63 of the Decree), under art. 9 of the same Decree, for unlawful conduct committed during their office.

The members of the SB are required to notify the Company’s Management, assuming responsibility therefor, of the occurrence of the said reason for suspension. The Company’s Management, also in any other case when it learns directly of the occurrence of the said reason, suspends the relevant person(s) from the position of SB member.

The decision on the revocation, if any, of suspended members must be the subject of a resolution by Management.

The non-revoked member is reassigned all his previous functions.

3.5.1.4 Temporary impediment

In case of events that temporarily prevent the SB from carrying out its functions or from performing them with the necessary autonomy and independent judgement, the latter must declare the presence of a legitimate impediment.

For example, an illness or injury lasting more than three months and preventing the full performance of one’s duties, is a reason for temporary impediment.

In the case of a temporary impediment or in any other case that makes it impossible for a member to perform his duties, the Company’s Management provides for the temporary integration of the SB by appointing a substitute member at the first useful meeting, who will remain in office for the period of the impediment.

If the impediment lasts more than 6 months, which may be extended for a further 6 months, the Company’s Management may revoke the member(s) affected by the aforesaid reasons for impediment.

3.5.1.5 Definition of the duties and powers of the Supervisory Body

The audits and controls carried out by the Supervisory Body are strictly functional to the effective implementation of the Model and do not surrogate or replace the institutional control functions of the Company itself.

The duties of the SB are expressly established by Legislative Decree 231/2001 in Article 6, paragraph 1 b) as follows:

• to oversee Model implementation and compliance;
• to oversee its periodic updating.

In the fulfilment of these duties, the SB is assigned the following tasks:

• to oversee Model implementation in relation to the prevention of the offences referred to in Legislative Decree 231/2001;
• to check compliance with the Model and with decision-making protocols, identifying any anomalous behaviour arising from the analysis of information flows and from the reports which the managers of the various organisational structures are required to make;
• to carry out periodic inspections and controls, on an ongoing basis and whenever it deems it necessary, in the light of the various sectors of intervention or of the types of activities and their critical issues in order to ensure the efficiency and effectiveness of the Model, coordinating them with those recognised and entrusted to the Managers of the Organisational Structures who are the recipients of specific decision-making protocols, so as to assess Model compliance and implementation.

In pursuing its activities, the SB may:

• have free access, also through specifically appointed structures, to any Company structure - without the need for any prior consent - in order to request and acquire information, documents and data which are deemed necessary to perform its duties. If the SB is denied access to documents, and reasons are given therefor which are not shared by the SB, the latter draws up a report to be sent to Management;
• ask directors, control bodies, audit firms, collaborators, consultants and in general all those who work on the Company’s behalf, for relevant information or for the production of documents, including computer documents, pertaining to activities at risk;
• supervise the constant updating of the Model, including the identification, mapping and classification of activities at risk and submitting to Management, where necessary, proposals for any additions and adjustments that may become necessary as a result of:
• significant violations of the provisions of the Model;
• significant changes in the Company’s internal structure and/or ways of doing business;
• legislative amendments to Legislative Decree 231/2001, such as the introduction of offences which can potentially have an impact on the Company’s Model;
• define and take care of information flows so as to enable the SB to be periodically updated by the Managers of Organisational Structures and thus identify any shortcomings in the operation of the Model and/or any violations thereof;
• implement an effective information flow that enables the SB to report about Model effectiveness and compliance to the competent corporate bodies;
• check the presence of an effective internal communication system to ensure the transmission of relevant information for the purposes of Legislative Decree 231/2001, ensuring the protection and confidentiality of the informant and fostering knowledge of the types of conduct to be reported and the conditions for reporting them;
• oversee the promotion of initiatives for the widespread knowledge and understanding of the Model, of the content of Legislative Decree 231/2001, of the Code of Conduct, of the impact of legislation on the latter’s business, as well as initiatives to train and make staff aware of of the importance of Model compliance, acquiring information on their frequency;
• oversee the promotion of initiatives designed to facilitate knowledge and understanding of the Model by all those who work on the Company’s behalf;
• give opinions on the meaning and application of the provisions of the Model, on the correct application of protocols and of the corresponding implementation procedures;
• prepare and submit to Management’s approval the budget for the proper performance of the tasks assigned, with absolute independence.
• promptly report to Management, for the corresponding appropriate measures, any ascertained violations of the Model that can give rise to the Company’s liability and propose any sanctions laid down in this Model;
• ensure the suitability of the disciplinary system pursuant to Legislative Decree 231/2001.

In the pursuit of its activities, the Supervisory Body may rely on the support of structures with specific expertise in the corporate sectors the subject of controls from time to time.

The members of the SB and the subjects which the SB itself relies on, for any reason, are required to comply with the obligation of confidentiality in relation to any information they acquire in the performance of their duties.

The members of the SB ensure the confidentiality of any information they acquire, especially when concerning reports received thereby in relation to alleged violations of the Model. The members of the Supervisory Body refrain from receiving and using confidential information for purposes other than those set out in this paragraph, and in any case for purposes that do not conform to the typical functions of the Supervisory Body, except in case of an express and conscious authorisation.

Any information held by the members of the Supervisory Body shall in any case be treated in accordance with the current applicable regulations and, specifically, Legislative Decree 196/2003 ("Privacy Code") as amended.

Any information, signalling, report established in the Model are kept by the SB on a special (computer and/or hard copy) file.

3.5.1.6 Reporting by the Supervisory Body

To ensure its full autonomy and independence in the performance of its duties, the SB reports directly to the Company’s Management.

The SB annually reports to Management on:

• the results of its supervision in the relevant period, reporting any problems or issues and any appropriate interventions on the Model;
• any reports received, including what has been found directly thereby, in relation to alleged violations of the provisions of the Model and of protocols, and on the outcome of the ensuing verifications;
• the activities which, despite being planned, have not been implemented for justified reasons of time and resources;
• the schedule of controls established for the following year.

The SB may ask at any time to be heard by Management whenever it ascertains particularly important facts, or whenever it believes that an assessment or intervention in relation to matters pertaining to the operation and effective implementation of the Model, is appropriate.

To guarantee proper and effective information flows, the SB may ask for clarifications or information directly to Management for the purpose of a full and proper exercise of its powers.

In turn, the SB may be convened at any time by Management to report on special events or situations relating to the operation of and compliance with the Model.

3.5.1.7 Information flows to the Supervisory Body

3.5.1.7.1              Information flows to the Supervisory Body: mandatory information

Information flows concern any information and document that must be brought to the SB’s attention, as laid down in the Model and applicable protocols.

In addition to what is set out in the single decision-making protocols that are an integral part of the Model, specific communication obligations have been established and specified in Attachment 4 – Preventive Security Protocols and in the attached Control Check-List for quarterly reports to the Supervisory Body.

3.6 DISCIPLINARY SYSTEM

3.6.1    General principles

According to Article 6, paragraph 2 of Legislative Decree 231/2001, in order for the Model to be effective and suitable, it must "introduce a suitable disciplinary system to sanction any non-compliance with the measures indicated in the Model".

The application of the disciplinary system and of the corresponding sanctions is independent of any criminal proceedings brought by the judicial authority and of their outcome, where the conduct also amounts to an offence within the meaning of Legislative Decree 231/2001.

The idea of a disciplinary system suggests that the Company must introduce a scale of applicable sanctions depending on the different level of risk posed by a given conduct with respect to the perpetration of an offence.

The Company has thus put in place a disciplinary system which, firstly, sanctions all violations of the Model, from the most serious to the most minor, through a system of gradual sanctions and which, secondly, is in accordance with the principle of proportionality between the conduct and the sanction applied.

Regardless of the nature of the disciplinary system required by Legislative Decree 231/2001, there remains the main characteristic of the disciplinary power to be exercised by the employer, which refers (according to Article 2106 of the Italian Civil Code) to all categories of workers and which is exercised independently of collective bargaining agreements.

The establishment of violations, disciplinary procedures and the application of sanctions fall within the duties of Management. The Supervisory Body is involved, instead, in the ascertainment of violations and in the application of sanctions for violations of the Model, this meaning that a disciplinary measure cannot be applied, or not applied, for any violation of the Model without previously informing and hearing the Supervisory Body.

There remains the right for the Company to take action for any damage and/or liability ascribed thereto for any conduct by its employees that is in violation of the Model.

3.6.2    Sanctions

Any failure and conduct by employees that is in violation of the rules set out in this Model leads, pursuant to Legislative Decree 231/2001, to the application of disciplinary sanctions in accordance with the principle of proportionality set out in Article 2106 of the Italian Civil Code, taking account - in each case - of the objective seriousness of the fact that represents a violation, the level of guilt, any reiteration of the same conduct as well as the intentionality thereof.

The disciplinary system identifies the violations of the principles, behaviours and controls contained in the Model and, in accordance with the applicable provisions of law and/or collective bargaining agreements, it identifies the sanctions established for employees, as reported below.

The disciplinary system is binding on all employees and, within the meaning of Article 7, paragraph 1, Law 300/1970, it must be exhibited "by being posted in a place that is readily accessible to all".

3.6.2.1 Measures against subordinates

Compliance with the provisions and rules of conduct set out in the Model amounts to fulfilment, by the Company’s employees, of the obligations set out in Article 2104, paragraph 2 of the Italian Civil Code; the Model is a substantial and integral part of these obligations.

The employees’ violation of the provisions and rules of conduct set out in the Model always amounts to a disciplinary offence.

It should be noted that subordinates are subject to the National Collective Labour Agreement for employees working in trade (tertiary sector, distribution and services, hereinafter simply "Trade NCLA”), currently in force until 31 December 2018 (as regards its regulatory and economic sections).

The measures indicated in the Model, whose infringement is sanctioned thereby, are communicated with an internal circular that is distributed to all employees; they are posted in a place that is readily accessible to all and are binding on all the Company’s employees.

Disciplinary measures can be applied to the Company’s employees in accordance with Article 7 of Law no. 300 of 20 May 1970 (the so-called “Workers’ Statute") and any special applicable regulations.

For non-executive employees regulated by the Trade NCLA, these measures are those laid down by the disciplinary rules referred to in Article 225 et seq. of the said NCLA and, specifically, depending on the seriousness of the infringement:

• oral reprimand for minor violations;
• written reprimand for repeated minor violations;
• fine not exceeding an amount equal to 4 hours of ordinary wages;
• suspension from pay and service for no more than 10 days;
• disciplinary dismissal without notice.

The notice of infringement of the Model is followed by a disciplinary action aimed at ascertaining the infringement itself. Specifically, during the ascertainment process, the charge will be notified to the employee, who will then be given a reasonable term within which to present his defense case. Once the violation is established, a disciplinary sanction will be applied to the wrongdoer, proportionately to the seriousness of the violation.

It is understood that the procedures, provisions and guarantees laid down by Article 7 of the Workers’ Statute, and by Article 225 of the Trade NCLA in case of non-executive workers regulated thereby, concerning disciplinary measures, will be complied with.

As regards the establishment of infringements, disciplinary procedures and the application of sanctions, the powers previously granted to the Board of Directors remain in place.

3.6.2.2 Measures against business partners, Consultants, business procurers, external collaborators

The infringement by business partners, Consultants, external collaborators, business procurers, agents or other subjects having contractual relationships with the Company, of the provisions and rules of conduct set out in the Model and applicable thereto, or the perpetration by the same of the offences regulated by Legislative Decree 231/2001, will be sanctioned in accordance with specific contractual clauses included in their contracts.

These clauses, expressly referring to compliance with the provisions and rules of conduct laid down in the Model, may establish, for instance, such third parties’ obligation not to act or behave in such a way as to cause the Company’s violation of the Model. In the event of a breach of this obligation, contract termination must be envisaged.

The Company remains obviously entitled to seek compensation for damages arising from any breach of the provisions and rules of conduct laid down in the Model by the said third parties.

3.7 Model Updating

As expressly required by law, Management is responsible for adopting and effectively implementing the Model, relying on professionals/external consultants with recognised skills and expertise.

The updating of the Model, this including both any additions and changes to the Model, is designed to ensure its adequacy and suitability.

3.8 Information and Staff Training

3.8.1    Model distribution

The methods used to communicate the Model must be such as to ensure its full publicity and thus guarantee that its recipients are aware of the procedures to be followed to duly fulfil their duties.

The information given must be complete, timely, accurate, accessible and ongoing.

The Company’s objective is to communicate the content and principles of the Model also to those who, despite not being formally classified as employees, operate - even occasionally - to achieve the Company’s objectives pursuant to contractual relationships.

Communications and training are entrusted to external consultants who are also assigned, inter alia, the task of promoting initiatives to spread knowledge and understanding of the Model, of the content of Legislative Decree 231/2001, of the impact of the law on the Company’s business, and of training staff and making them aware of compliance with the principles enshrined in the Model, and of promoting and coordinating initiatives to facilitate knowledge and understanding of the Model by all those who operate on the Company’s behalf.

3.8.2    Staff Training

Training is designed to promote the staff’s knowledge of the rules set out in Legislative Decree 231/2001.

Such knowledge requires the Company to provide a comprehensive picture of the law, its practical implications, the content and principles which the Model is based on, the Code of Conduct and the Security Protocols implemented by the Company. Therefore, all employees are required to be familiar with, to observe and to abide by the said content and principles, contributing to their implementation.

To ensure the staff’s effective knowledge of the Model and of the procedures to be adopted for the proper pursuit of their activities, specific mandatory training is thus provided to the Company’s staff.

Special attention is paid to the training of newly-hired staff and to employees who, despite not being newly hired, are called to cover new roles

Section 4: The Code of Conduct

Chapter 4 - The Code of Conduct

4.1 Foreword

This Section outlines the rules of conduct adopted by the Company, which must be complied with by all those who carry out activities on the Company’s behalf and in its interest (cfr. Sec. 3 para. 3.1 “Recipients”) so that their conduct is always in accordance with the principles of fairness, collaboration, loyalty, transparency and mutual respect, as well as to prevent conduct that falls within the list of offences and unlawful conduct provided for by Legislative Decree 231/2001.

Non-compliance with or the violation of the following rules by the recipients of the Model (including third parties, both internal and external to the Company) must be regarded as a violation of the ethical-behavioural principles adopted by the Company, of the duties of fairness toward it, and of specific contractual clauses, if any.

Therefore, such non-compliance and/or violation will be sanctioned in accordance with Article 3.5.2 (Sanctions) of Sec. 3 of this Model.

4.2 The Code of Conduct

In the pursuit of its business, the Company complies with the laws and regulations in force in the legal systems of all the countries in which it operates, in accordance with the principles of loyalty, fairness, responsibility, freedom, personal dignity and respect for diversity, condemning all types of discrimination based on sex, race, language, personal and social conditions, religious and political beliefs.

To this end, the Company promotes a work environment which, inspired by respect, fairness and collaboration and taking account of everyone’s experience in the relevant sectors, allows for the involvement and accountability of employees and collaborators with regard to the specific objectives to be attained and the methods to be used to pursue them.

Given the increased attention that has been recently paid to corporate governance, the Company has deemed it appropriate to draw up a Code of Conduct (hereinafter the "Code" or "Code of Conduct") to clearly define the set of values and responsibilities which the Company recognises, accepts, shares and assumes.

The Code of Conduct represents, inter alia, a founding part of the Organisation, Management and Control Model adopted by the Company within the meaning of Legislative Decree 231/01 (hereinafter "231 Organisation Model"), in the belief that ethics in business should be pursued as a condition for corporate success.

In this perspective, the principles and values enshrined in the Code of Conduct are the first set of rules which the 231 Organisation Model is based on as well as a useful interpretation reference for the concrete application thereof in relation to corporate dynamics.

The Company is engaged in spreading and providing information on the provisions of the Code of Conduct and on the application of the same to the subjects which it refers to, so that all those who operate - in any way - for the Company perform their services and/or duties or functions in strict and continuous compliance with the principles and values enshrined therein.

Whistleblowing

In accordance with the provisions laid down by Law no. 179 of 30 November 2017, the Company has established:

1. a specific channel that can be used by the individuals indicated in Article 5(1) a) and b) to submit, for the purpose of protecting the Company’s integrity, detailed reports of unlawful conduct, which are relevant within the meaning of the said decree, and founded on precise and concordant facts, or of violations of the Company’s organisation and management model, which they become aware of in the performance of their duties; such channels ensure the confidentiality of the whistleblower in the whistleblowing management process;
2. at least one alternative reporting channel that ensures, using IT tools, the confidentiality of the whistleblower;
3. the prohibition to engage in any direct or indirect retaliation or discrimination against the whistleblower for reasons connected, whether directly or indirectly, to the former’s whistleblowing;
4. disciplinary sanctions (under paragraph 2 e)), for breaching the whistleblowing protection rules and for making deliberate or grossly negligent false claims.

The Code of Conduct is attached as "Attachment 3 - Code of Conduct" to this document.

The LEHVOSS Group 

Lehmann&Voss&Co. and its subsidiaries (LEHVOSS Group) offer a broad portfolio of chemical and mineral specialities through the flexible combination of the three procurement channels distribution, trade and production. For our customers, we are a trustworthy partner with high technological solution competence, personal advice and individual services. 

As a family business, we think and plan for the long term. Our actions are based on the values described in "Our Values-Our Guidelines". As a chemical company, we want to increase the value of the company without taking risks that threaten its existence or overlooking social, legal and ecological aspects. Everyone is responsible for ensuring that this is reflected in our daily actions. This makes our actions sustainable. 

Policy Statement on Sustainability - also within the Supply Chain 

As a signatory, we commit to support the Ten Principles of the UN Global Compact (see Annex) in the area of human rights, labour standards, environmental protection and anti-corruption, and to integrate it with its 10 Principles into our corporate strategy and culture and daily business. We participate in cooperation projects that promote the general goals of the United Nations, in particular the Sustainable Development Goals. 
We consider the protection of human rights to be a central element of our corporate responsibility. We base our commitment to respect human rights on the United Nations Universal Declaration of Human Rights and the International Labour Organization (ILO) Declaration on Fundamental Principles and Rights at Work. We are committed to respecting internationally recognised human rights, to respecting them in our business activities and along our value chains. This includes in particular the prohibition of child and forced labour, the prohibition of all forms of slavery and discrimination, and the strengthening of freedom of association. 
We are also committed to the observance of labour protection, the payment of adequate wages, as well as the prohibition of environmental pollution, forced eviction and the use of security forces if their use entails the risk of disregarding or restricting human rights. 
We are committed to the Minamata, POPs and Basel Conventions.
This statement illustrates our fundamental commitment to respecting human rights. The principles set out here apply to our own business activities and to all employees of the LEHVOSS Group. 
Furthermore, we also expect our suppliers and other business partners to commit to complying with the principles set out here and to implement appropriate processes to respect human rights. This includes providing information on how they comply with these principles when requested to do so. 
We always comply with applicable national law. In cases where international human rights are restricted by local laws, we strive to promote the principles behind the international standards without conflicting with local laws. Where local laws go beyond international standards, we will comply with them. 
To live up to our commitment to respect human rights, we work to implement appropriate due diligence processes to identify and mitigate risks or impacts. We will adapt our policy statement accordingly over time. 
As a company in the chemical-pharmaceutical sector, we have the opportunity to strengthen the protection of human rights in many ways. However, we are also aware of the potential human rights risks that can accompany our business activities. 
We strive to gradually and regularly analyse, document and better understand our risks and their concrete connection to our company through structured risk assessments in our own business activities, the supply chain and related to our products and services. We will have conducted an initial risk analysis by the end of 2023. We will incorporate the results of our risk analyses into relevant business processes, in particular into our supplier management system. Where risks exist, we will implement appropriate preventive measures. 
The health and safety of our employees is our top priority. By implementing uniformly high standards at all our sites, for example through the Responsible Care Management System, we are continuously working to create a safe and healthy working environment. Our employees take part in regular training to promote safety-conscious behaviour. 
In cases where we cause or contribute to actual human rights violations through our business activities, we are committed to implementing effective remedial action. 
A governance structure that allocates responsibilities for the operational implementation of our human rights strategy is currently being established. We will update our policy statement accordingly. 

Compliance - Trust Through Honest and Compliant Business Conduct - a Personal Challenge and the Result of Joint Efforts 

In all our business activities and decisions, we undertake to comply with the applicable laws and other relevant provisions of the countries in which we operate. Business partners are to be treated fairly. Contracts shall be complied with, taking into account changes in the general conditions. 
This LEHVOSS Group Code of Conduct clarifies these principles. The aim is to prevent situations that could call into question the probity of our conduct and confidence in our performance. 
We can only continue to achieve these goals if all those involved cooperate. Therefore, the Code of Conduct formulates binding requirements for all employees. 
All employees must comply with all relevant laws and regulations in their work environment as well as with internal instructions and guidelines. 
All employees are required to behave honestly and fairly in their working environment and to avoid any conflict between private and business interests of the LEHVOSS Group or the interests of our customers. 
Managers have a role model function. They bear responsibility for their own conduct and the conduct of employees in their area of responsibility as well as for proper compliance with all procedures provided there to avoid reputational and legal risks. 

Respectful Treatment of Each Other - Prohibition of Discrimination - Development According to Performance and Potential 

Our success is also essentially based on respectful interaction with each other. We are willing to learn from mistakes and value the open word. The essential criteria for the development of employees are performance and potential. 
The LEHVOSS Group does not tolerate discrimination or harassment of any kind in the work environment, whether based on age, disability, origin, gender, political or trade union views, race, religion or sexual orientation. 
Protection of Personal Data and Confidential Information-Requests for Information from Public Authorities 
We strictly observe the regulations on the protection of personal data. 
Confidential information and documents about customers, the LEHVOSS Group or employees must be protected in an appropriate manner from the insight of third parties as well as colleagues who are not involved. 
Personal data may only be collected, processed or used to the extent necessary for specified, explicit and legitimate purposes. The use of data must be transparent for the data subjects. Their rights to information and correction and, if applicable, to objection, blocking and deletion must be safeguarded. 
In the technical protection against unauthorised access to data and information, an appropriate standard corresponding to the state of the art shall be maintained. 
The use, further processing or placing on the market of plagiarised products is not approved. 
The LEHVOSS Group cooperates with all competent public bodies and supervisory authorities. Any communication in this regard may only be conducted via the employees appointed for this purpose. 

Communication Towards Customers, Business Partners and the Public 

All statements and reports of the LEHVOSS Group must be complete, honest, accurate, timely and understandable. Be it towards business partners, customers or the public. 
This applies in particular to information and advertising material about our products. 
Information to business partners, customers or the public about the LEHVOSS Group, our products, our customers or business partners may only be provided by employees authorised to do so. 

Social Networks 

Anyone who speaks out in a public discussion or on social networks on topics that affect the LEHVOSS Group or our business partners should make it clear that they are acting as a private individual and have the interests of the LEHVOSS Group and business partners in mind. 
Please take into account that statements in emails or social networks can be made informally and spontaneously, but are then nevertheless recorded and can be viewed for a long time by the recipient or the internet public. 

No Conflicts of Interest with Clients and Business Partners 

The LEHVOSS Group strives for sustainable business relationships with its customers and business partners for mutual benefit. 
Every employee must therefore ensure that the interests of our customers are taken into account in a fair manner. Interests of customers or business partners must not be given priority to the detriment of other customers or business partners. 

Customer Complaints 

Customer complaints provide valuable information about opportunities for improvement in our business and, if handled properly, offer an opportunity to strengthen or regain customer relationships. 
The LEHVOSS Group takes care to ensure that all significant customer complaints are dealt with promptly in a fair and comprehensible manner. 

Personal Conflicts of Interest 

If employees become involved in conflicts between their personal interests and their professional duties or the interests of the LEHVOSS Group or our customers, this can damage the reputation of these employees and the LEHVOSS Group as a whole. 
Employees should therefore avoid such situations in the interest of the LEHVOSS Group as well as in their own interest. The following applies in detail: 

• No sideline activities that impair the time scope of the employment contract duties or the competitive interests of the LEHVOSS Group. Secondary activities must be reported in advance to the supervisor and the Human Resources Department. Honorary positions of limited duration do not have to be reported. 

• No financial interests in companies that may be affected by professional decisions of the employee or the LEHVOSS Group (exception: listed stock corporations). 

• The awarding of contracts to relatives, life partners or other related persons of employees - if known - must be reported in advance to the superior and the Legal Department. This also applies to transactions with companies in which relatives are directly or indirectly involved. 

• If possible, no direct reporting lines between children, parents, spouses or civil partners. 

• No assumption of positions of entrepreneurial responsibility (e.g. member of a governing body, managing director, board of directors, supervisory board, advisory board) with customers, business partners or competitors without the prior consent of the management after notification to the Legal Department. 

In cases of doubt, please consult the Legal Department. The perception of third parties is decisive. Even the appearance of a personal conflict of interest is damaging. 

Gifts, Business Lunches and Events 

Gifts, business meals and events for informational, representational or entertainment purposes may be a legitimate means of establishing and supporting business relationships. However, they must never be used to gain unfair business advantage and must not be to such an extent or in such a way as to impair the professional independence and judgement of those involved. 
By observing the following rules, employees can protect themselves from misunderstandings: 

• No objections to hospitality and meal invitations directly related to business to a reasonable extent (maximum of EUR 150 per person as a guideline). 

• No objections to give-aways. 

• In principle, no objections to gifts with a market value of up to EUR 40 (benchmark) -         unless in a timely manner prior to the conclusion of contracts or negotiations, -         to the private address or in any other non-transparent manner. 

• Never cash or money substitutes, e.g. cheques, gift vouchers. 

• Invitations for representation purposes or with a predominant or partial entertainment part only, 

  • after special examination of customary business practice and appropriateness, 

  • if representatives of the host are present, 

  • participation is not repeated frequently, and 

  • the travel and accommodation costs are not covered by the inviting business partner. 

• In case of doubt, the Legal Department should be consulted. 

Particular caution is required in the case of public officials. Here, the rules for gifts and invitations of the respective authority must be observed. 

Donations and Sponsorship 

The management decides on donations and sponsoring. They may not be used to indirectly obtain unfair advantages from business partners. 

No Tolerance of Corruption, Special Caution with Public Officials 

Our success in the market is based on performance, flexibility and service and must not be cheated by unfair benefits. Our business partners trust in the professional judgement of our employees. 
The LEHVOSS Group therefore does not tolerate any form of bribery or venality, acceptance of benefits or granting of advantages. 
Those who do not observe the rules on gifts and invitations in Clause 11 run the risk of becoming liable to prosecution for corruption offences. Even the promise or demand of unfair advantages can be punishable. 
In the case of invitations and benefits to public officials, their internal rules for gifts and invitations must be observed in any case. The granting of advantages to public officials may be punishable as acceptance or granting of an advantage simply because it is made in view of the official position. It is not necessary that the exercise of office is to be influenced in an unfair manner. Anyone entrusted with the performance of public duties can be a public official, not only civil servants and public employees. 

Prevention of Money Laundering and Terrorist Financing 

The LEHVOSS Group has established risk-appropriate precautionary measures in accordance with the legal provisions and requirements of the regulatory authorities to prevent money laundering and the financing of international terrorism as well as export control. These must be observed at all times. 

Protection of Competition 

The LEHVOSS Group does not participate in illegal agreements and practices that restrict competition, in particular agreements on prices, conditions and market sharing with competitors. Before employees deviate from standard contracts or procedures provided for in cooperation agreements, they clarify with the Legal Department that this does not involve any inadmissible effects under competition law. 
In contacts with competitors and business partners, employees of the LEHVOSS Group do not discuss internal matters, such as prices and terms of sale or financing, costs, market overviews, organisational procedures or other confidential information from which competitors or business partners could derive competitive advantages, without prior clarification with the Legal Department. 

Protection of LEHVOSS Group Assets and Protection of Natural Resources 

Technical trade secrets and commercial business secrets are important LEHVOSS Group resources. Every employee is therefore obliged to protect them. This includes strict compliance with the LEHVOSS Group's information security regulations. 

The assets and business equipment, business documents and working materials of the LEHVOSS Group may neither be misused for private purposes nor handed over to third parties if this could impair the interests of the LEHVOSS Group. 
Employees shall strive in their work to protect natural resources and to ensure that the business activities of the LEHVOSS Group have the least possible impact on the environment through material conservation, energy-saving planning and the reduction and recycling of waste. Each employee shall consider environmental and social criteria in addition to economic considerations when selecting suppliers, promotional materials or other external services. 

Occupational Safety 

Processes, operating sites and resources must comply with the applicable legal and internal requirements for occupational safety as well as health, fire and environmental protection. 

Whistleblower 

All staff are strongly encouraged to approach the Legal Department or their supervisor if they notice that someone is not behaving according to the rules. This can prevent small problems from becoming big ones. No employee who makes a report in good faith need fear disadvantages - even if the report turns out to be unfounded. Notifications can also be made anonymously. 
Possible compliance violations or human rights abuses can be reported by employees, business partners or affected persons via our anonymous whistleblower channel, accessible via link: https://www.lehvoss.de/en/company/anonymous-whistleblower-channel/: 

Consequences in the Event of Infringements 

Violations of these rules can result in significant reputational damage and legal disadvantages for the employees concerned, their colleagues and the LEHVOSS Group, up to and including fines, criminal proceedings or restrictions on official permits. Furthermore, violations can lead to measures under labour law by the LEHVOSS Group. 

Signature          Management Board of the LEHVOSS Group (Knut Breede, Dr Thomas Oehmichen, Soenke Thomsen) 

                         Legal representatives LEHVOSS Italia (Stefanie Klemt, Cristina Lorenzetti e Annalisa Pini )

Origgio 12.05.2025

ANNEX:            THE TEN PRINCIPLES OF THE UN GLOBAL COMPACT 

The Ten Principles of the United Nations Global Compact are derived from: 

• the Universal Declaration of Human Rights,
• the International Labour Organization’s Declaration on Fundamental Principles and Rights at Work,
• the Rio Declaration on Environment and Development, and
• the United Nations Convention Against Corruption. 

Human Rights

Principle 1: 

Businesses should support and respect the protection of internationally proclaimed human rights. 

Principle 2: 

Businesses should make sure that they are not complicit in human rights abuses. 

Labour 

Principle 3: 

Businesses should uphold the freedom of association and the effective recognition of the right to collective bargaining; 

Principle 4: 

Businesses should uphold the elimination of all forms of forced and compulsory labour;

Principle 5: 

Businesses should uphold the effective abolition of child labour; and

Principle 6: 

Businesses should uphold the elimination of discrimination in respect of employment and occupation. 

Environment 

Principle 7: 

Businesses should support a precautionary approach to environmental challenges;

Principle 8: 

Businesses should undertake initiatives to promote greater environmental responsibility; and

Principle 9: 

Businesses should encourage the development and diffusion of environmentally friendly technologies. 

Anti-Corruption 

Principle 10: 

Businesses should work against corruption in all its forms, including extortion and bribery.