1. Introduction

This notice is addressed to all individuals who interact with LONGO S.p.A. in various capacities and are entitled to report any corporate misconduct in which they are directly involved or of which they have become aware.

The notice is made available and communicated to potential interested parties through:

• Publication on the company's website;
• Publication on the official internal company communication channels for employees.

LONGO S.p.A. reserves the right, at its sole discretion, to change, modify, add, or remove any part of this notice at any time.
To facilitate the verification of any changes, the notice will include an update date.

The system implemented by the company ensures the complete anonymization of reports to protect the whistleblower and the authenticity of the collected data, while also minimizing any potential retaliatory actions.

This is in compliance with Legislative Decree No. 24 of March 10, 2023, implementing EU Directive 2019/1937 on the protection of individuals reporting violations of EU law.
The implementation of the aforementioned EU Directive in Italy has led to an overhaul of the 2017 regulations, requiring companies to adopt an internal reporting system that is additional and more advanced than the traditional paper or email channels. This system must also be suitable for handling external reports within the jurisdiction of ANAC.

The purpose of this notice is to clearly and concisely inform potential whistleblowers about the reporting channel provided, its operational mechanism, procedural steps, response timelines, and the company's compliance with legal requirements.

2. Reporting Channel

In compliance with legal obligations, LONGO S.p.A. has implemented a platform provided by a carefully selected partner that offers a corporate whistleblowing system in line with the EU Directive.

The reporting channel is considered an internal channel as per Article 4 of Legislative Decree 24/2023 and allows for written and anonymous submissions.

Through the Whistleblowing Portal, accessible via LONGO S.p.A.’s website, a person who is a victim of corporate misconduct or any third party aware of a past or potentially foreseeable corporate offense can submit a report, either completely anonymously or, at their discretion, non-anonymously.

Reports will be promptly handled by a specially trained professional, ensuring compliance with applicable regulations. This professional will be an external entity to the company and will be part of the Supervisory Body appointed under Article 6 of Legislative Decree 231/2001.

3. Authorized Individuals

All individuals listed under Article 3 of Legislative Decree No. 24/2023 are authorized to submit reports of corporate misconduct.

By way of example and without limitation, reports may be submitted by:

• Employees of LONGO S.p.A. (both permanent employees and temporary workers);
• External collaborators of any kind, including freelancers, consultants, and self-employed workers;
• Business partners in various capacities.

4. Types of Reports Allowed

Reports may concern any behavior or events that, in the whistleblower’s opinion, constitute or could potentially constitute violations of civil, criminal, administrative, or accounting regulations and may harm public or private interests.

Since the company has adopted an Organizational and Management Model under Legislative Decree 231/2001, reports may also concern so-called predicate offenses under this regulation regarding corporate criminal liability.

For example, this channel may be used to report facts or situations that could cause harm or damage to LONGO S.p.A., such as:

• Violations of the Organizational, Management, and Control Model, the Code of Ethics, procedures, protocols, or other internal corporate regulations;
• Relevant offenses under Legislative Decree 231/2001;
• Criminally relevant conduct or conduct subject to administrative sanctions;
• Conduct that may cause financial, reputational, or any other type of damage to LONGO S.p.A., including damages related to competition;
• Conduct that may result in harm to the environment, the health and safety of employees, customers, suppliers, or citizens in general, data protection violations, and security risks for networks and information systems.

5. Retention of Reporting Documentation

Pursuant to Article 14 of Legislative Decree 24/2023, reports and related documentation are retained for the period necessary to process the report and, in any case, no longer than five years from the date of final communication of the report’s outcome. This is done in compliance with confidentiality obligations under Article 12 of Legislative Decree 24/2023 and the principles set forth in Article 5, paragraph 1, letter e) of Regulation (EU) 2016/679 and Article 3, paragraph 1, letter e) of Legislative Decree No. 51 of 2018.

                          ***

In compliance with Legislative Decree 24/2023, LONGO S.p.A. provides for appropriate and proportionate sanctions against individuals found responsible for the following violations:

• Retaliatory acts against the whistleblower, following and resulting from the report;
• Obstruction of the report, either before or during its submission;
• Violations of confidentiality regarding the report;
• Failure to verify and analyze received reports.

Sanctions may also be applied to the whistleblower if it is proven, even in a first-instance ruling, that they are criminally liable for defamation, false accusations, or similar offenses committed through the report to the judicial or accounting authorities. Additionally, civil liability may be established in cases of intentional misconduct or gross negligence (Article 16 of Legislative Decree 24/2023).

6. Operational Instructions

Reports can be registered on the portal by following this procedure:

1. Access the encrypted platform through the provided link: https://longo.trusty.report
2. Ensure a secure connection, as guaranteed by the platform selected by LONGO S.p.A., to protect your privacy.
3. Enter the required information:
   • Type of violation.
   • Date and location: Indicate when and where the violation occurred, whether it was recurring, regular, episodic, inside or outside corporate premises.
   • Individuals involved: If possible, identify the persons involved with all known details.
   • Evidence: Attach documents, images, or other supporting materials.
4. Choose anonymity: Decide whether to provide your personal details or remain anonymous. If anonymity is chosen, the system ensures that the entire reporting process maintains the whistleblower’s anonymity.
5. Submit the report: Upon submission, the system will generate a ticket, which—if personal details were provided—can be used to track the status of the report processing.