Whistleblowing Policy

Introduction
‍

YouHodler Italy S.r.l. (hereinafter, the “Company”) has adopted this policy (the “Policy”) to govern the handling of reports of violations or irregularities discovered in the workplace (hereinafter, “Reports”), in accordance with Legislative Decree No. 24/2023 (the “Whistleblowing Decree”), implementing EU Directive 2019/1937.

The whistleblowing legislation aims to ensure the protection of persons who report violations of national or European Union law that harm the public interest or the integrity of a private entity, including relevant violations in the crypto-asset sector.

This Policy governs:

• the scope of Reports;
• internal reporting channels;
• the procedures for handling Reports;
• measures to protect the whistleblower and other involved parties;
• the criteria for document retention and confidentiality protection.

Any amendments to the Policy are approved by the Board of Directors.
‍

2. General aspects of the document

2.1. Purpose of the Policy

This Policy aims to define the internal reporting management system adopted by the Company and the related protection measures provided for by the Whistleblowing Decree.

In particular, the Policy aims to:

1. define the scope of relevant reports;
2. identify the functions involved in managing reports and their respective roles;
3. regulate the channels available for submitting reports;
4. describe the procedures for receiving, evaluating, and managing reports;
5. regulate the retention and traceability of documentation;
6. ensure adequate confidentiality measures and protection against retaliation;
7. ensure information and training activities regarding the whistleblowing system.

2.2. Policy Recipients

This Policy applies to all individuals who have, or have had, an employment or professional relationship with the Company, including:

• employees;
• self-employed individuals;
• contractors and consultants;
• volunteers and interns, whether paid or unpaid;
• shareholders;
• persons performing administrative, managerial, supervisory, oversight, or representative functions.

The protections provided also apply:

• during the pre-contractual or selection phases;
• during the probationary period;
• after the termination of the employment relationship, where the information was obtained during the course of such relationship.

The Policy is made available through the Company’s communication channels, website, and internal tools.
‍

2.3. Reporting Officer

The receipt and handling of Reports is entrusted to the Compliance Officer, who acts as the Primary Reporting Officer (hereinafter also “Officer”).

In the event of the Principal Officer’s temporary unavailability, the relevant activities are carried out by the CRO, designated as the Alternate Officer.

If the report concerns the Primary Officer, or if the reporter believes there is a conflict of interest, the report may be addressed to the Alternate Officer via confidential analog methods using the “double sealed envelope” system.

The Reporting Officer may involve other company functions or external consultants, limited to the information strictly necessary for the preliminary investigation and in compliance with confidentiality obligations.
‍

3. Management of Reports

3.1. Scope of Reports

The following may be subject to reporting:

• violations of national or European Union law in the sectors covered by the Whistleblowing Decree;
• violations related to financial services, anti-money laundering, consumer protection, personal data protection, cybersecurity, and financial markets;
• acts or omissions that harm the financial interests of the European Union;
• violations of competition, state aid, and corporate tax rules;
• conduct that undermines the purposes and objectives of applicable European legislation.

The following are not covered by the Policy:

• disputes or claims of an exclusively personal nature;
• matters relating to individual employment relationships or relationships with supervisors;
• Vague reports lacking factual elements or based on mere assumptions.

3.2. Reporting Channels

Reports may be submitted:

• in writing;
• via an online platform;
• orally, through a face-to-face meeting with the Reporting Officer, in a location suitable for ensuring confidentiality.

The Company also provides for the possibility of making external reports to the National Anti-Corruption Authority (ANAC) in the cases provided for by the Whistleblowing Decree, including:

• failure to follow up on an internal report;
• risk of retaliation;
• imminent or evident danger to the public interest.

3.3. Content of Reports

Reports must be as detailed as possible and contain precise and consistent information useful for verifying the reported facts.

Where possible, the whistleblower should provide:

• their identifying information and contact details;
• a clear description of the facts;
• the time and place of the reported events;
• the individuals involved;
• any supporting documentation;
• the names of any individuals aware of the facts;
• any additional information useful for the investigation.

Anonymous reports are also permitted, provided they are sufficiently detailed. The relevant protections also apply retroactively if the reporter is identified and suffers retaliation.
‍

3.4. Receipt and Evaluation of Reports

The Reporting Officer:

• confirms receipt of the report within seven days;
• assesses the admissibility of the report in light of the requirements set forth in the Decree;
• may request additional information from the whistleblower.

Reports deemed inadmissible or insufficiently detailed are closed, and the reporter is notified.

‍

3.5. Preliminary Investigation

For reports deemed admissible, the Responsible Party conducts the necessary verifications, including through:

• document review;
• interviews;
• internal investigations;
• involvement of company departments or external consultants.

The identity of the reporter may be disclosed only with the reporter’s express consent.

Upon completion of the investigation, the Manager may:

• dismiss the report as unfounded;
• deem the report valid and forward it to the competent bodies for further action.

All investigative activities must be adequately documented and archived.
‍

3.6. Feedback to the whistleblower

The Manager provides feedback to the reporter within three months of receiving the report.

The feedback may concern:

• the closure of the report;
• forwarding to the competent authorities;
• the status of ongoing investigations.

If the preliminary investigations require additional time, the whistleblower will still receive updates on the activities carried out.
‍

4. Confidentiality and Retention of Documentation

The Company guarantees the confidentiality of:

• the identity of the whistleblower;
• the identity of the reported individual;
• of all persons involved in the Report;
• the information contained in the Report.

Reports and related documentation are stored in secure archives for the time necessary to manage the procedure and, in any case, no longer than five years from the communication of the final outcome.

The processing of personal data is carried out in compliance with applicable data protection laws and Regulation (EU) 2016/679 (“GDPR”).
‍

5. Prohibition of Retaliation and Protective Measures
‍
The Company prohibits any form of retaliation against the whistleblower or other individuals involved in the report.

Protective measures apply if:

• the whistleblower acted with reasonable belief in the truthfulness of the information;
• the report was made through the designated channels.

The following, among other things, are considered retaliation:

• dismissal;
• demotion;
• unjustified transfers;
• discrimination;
• harassment;
• negative performance evaluations;
• reputational or financial damage.

Retaliatory actions are null and void.

The whistleblower may also report any retaliation to ANAC.
‍

6. Protection of the reported individual

The Company guarantees confidentiality also with respect to the reported individual and other parties involved in the report, subject to legal obligations or requests from competent authorities.
‍

7. Liability of the whistleblower

The civil, criminal, or disciplinary liability of the whistleblower remains unaffected in the event of:

• Reports made with intent or gross negligence;
• Reports that are manifestly unfounded;
• Abuse of the procedure;
• Slanderous or defamatory reports.

8. Training and Information

The Company ensures adequate information regarding reporting channels and this Policy through internal communications, the website, and corporate tools.

Key information is also made available during onboarding or at the start of employment.

The Lead Officer, the Alternate Function, and the Deputy Officer receive specific training on:

• whistleblowing regulations;
• personal data protection;
• report management;
• principles of confidentiality, ethics, and integrity.

Report an Illegal Act (Whistleblowing)

If you have observed unlawful conduct or irregularities, you can file a report by filling out this form, even anonymously. All reports are treated with the utmost confidentiality in accordance with applicable laws and the Company’s Whistleblowing Policy.

What can be reported

Actions, conduct, or omissions may be reported:

• that have already occurred;
• that can reasonably be believed to have occurred;
• that are likely to occur;
• as well as attempts to conceal such conduct.

Reportable violations include, but are not limited to:

• violations of anti-money laundering regulations;
• violations of the MiCA Regulation or other regulations applicable to the Company;
• administrative, accounting, civil, or criminal offenses;
• material violations under Legislative Decree 231/2001;
• violations related to financial services, consumer protection, personal data protection, cybersecurity, and anti-money laundering;
• conduct that harms the financial interests of the European Union;
• violations of competition laws or internal market regulations;
• conduct contrary to the Code of Ethics, company policies, or the Company’s principles of integrity.

What is not covered by whistleblowing reports

The following do not fall within the scope of whistleblowing:

• personal complaints or disputes;
• requests related to one’s employment relationship;
• conflicts with colleagues or supervisors;
• reports based solely on assumptions, suspicions, or personal opinions lacking concrete evidence.

Principles Applied to the Handling of Reports

The Company guarantees:

• the confidentiality of the reporter’s identity and the information contained in the report;
• impartiality in the handling of investigations;
• proportionality of the investigative activities;
• protection of the whistleblower acting in good faith.