1. OBJECTIVE AND SCOPE

The main objective of the Internal Information System Policy, hereinafter referred to as “the System” or “IIS”, is to establish BLUE TECH ZONE's commitment to complying with Law 2/2023 of February 20, which regulates the protection of individuals who report regulatory violations and the fight against corruption – hereinafter Law 2/2023.

BLUE TECH ZONE is a commercial brand of the company COSTA BELLVER, S.A.(A12102703), operating under the regulation and framework of the IIS of FOMENTO URBANO DE CASTELLÓN, S.A.

This policy is one of the key documents and pillars of the IIS, meaning it will be widely publicized, inform stakeholders, and be part of the training regarding the System’s management. This policy makes special reference to the Internal Information System Protocol, as both documents are interconnected, with one serving as the foundation for the other, reinforcing BLUE TECH ZONE's commitment to the Internal Information System.

This policy establishes the guiding principles, necessary mechanisms, and fundamental regulations that govern the Internal Information System (IIS), its procedures, and the integrated communication channel. The latter is designed to provide a secure reporting avenue and the appropriate means for reporting and/or disclosing potential irregular conduct, unlawful acts, or potential non-compliance. It is conceived as a mechanism that upholds and ensures the absence of retaliation for the mere act of reporting or disclosing information, thereby fostering a culture of transparency in line with the requirements set forth in Directive (EU) 2019/1937 of the European Parliament and the Council of October 23, 2019, as well as its transposition into national law through Law 2/2023 of February 20.

The legal framework safeguards individuals who demonstrate courageous and socially valuable conduct by reporting facts that should neither be tolerated nor silenced, thereby enabling the prosecution of offenders. A fundamental principle of this policy is to promote social responsibility and commitment.

In this regard, the policy aligns with the primary objective of Law 2/2023: to protect individuals who report legal violations within the context of a professional relationship by ensuring confidentiality and anonymity in communications. Furthermore, it recognizes the importance of allowing organizations to be the first to identify and address potential non-compliance, thus mitigating or promptly remedying any damage such infractions may cause. This policy also places special emphasis on breaches that may have a significant impact on society as a whole. Additionally, it aims to strengthen a culture of transparency and encourage open communication as essential mechanisms for preventing and detecting threats to the public interest.

This policy applies to all stakeholders of BLUE TECH ZONE, encompassing any individual who has had any form of connection or relationship with the company, whether professional or employment-related, even if such a relationship has ended. This includes volunteers, interns, trainees, and individuals participating in selection processes, as well as the family members of BLUE TECH ZONE employees. Furthermore, the protection granted by law extends to individuals who provide assistance to whistleblowers, those within their immediate environment who may face retaliation, and legal entities owned by the whistleblower, among others.

In conclusion, this policy complies with the obligation set forth in Article 5.2(h) of 

Law 2/2023 of February 20, which mandates the establishment of a strategy or policy outlining the general principles governing internal information systems and whistleblower protection.

2. APPLICABLE PRINCIPLES

This Policy is governed by the following principles:

a) Exhaustiveness, integrity, accessibility, and confidentiality. Communications received within the framework of the Internal Information System (IIS) will be handled securely and traceably, in accordance with the provisions of Law 2/2023 and the IIS Manual, while always complying with current data protection regulations and the guarantee of digital rights. The exhaustiveness, integrity, and confidentiality of information will be ensured, along with the prohibition of unauthorized access, the durable storage of information, the comprehensive protection of whistleblowers, and respect for good faith—the latter being an indispensable requirement for whistleblower protection, as it represents civic behavior that stands in contrast to actions that must be excluded from protection, such as the submission of false or misleading information or information obtained unlawfully. The absolute priority of the Internal Information System is to legally protect the identity of individuals who report violations, ensuring that their identity is not disclosed to the persons referred to in the report or to third parties.

b) Independence and autonomy of the IIS Manager. For the IIS to be effective, it is essential to appoint a manager responsible for ensuring its proper operation. The IIS Manager, who must be duly registered with the Independent Whistleblower Protection Authority, will not receive instructions from any superior within the organization, nor will they be subject to any hierarchy. Their organic and functional independence enables them to fulfill their duties, ensuring proper monitoring, investigation, and whistleblower protection. The IIS must be the primary and most expeditious channel for handling information, as prompt and diligent action within the organization can prevent the negative consequences of the reported conduct.

c) Objectivity, diligence, and impartiality in handling reports. Conflicts of interest must be avoided at all times. Persons affected by a report are entitled to the presumption of innocence, the right to defense, access to the case file, and confidentiality of their identity and the facts under investigation. All actions will be carried out with independence, impartiality, and full respect for the law. Depending on whether the reported information falls within the material and personal scope of Law 2/2023, of February 20, the applicable legal guarantees—which may be more stringent, extensive, and detailed—will be provided. Regardless of the legal scope, the protection of whistleblowers and their rights will always be guaranteed.

d) Transparency and accessibility. Access to the IIS and the communication channel implemented by the company will be ensured. This system must allow individuals to report potential regulatory violations and anti-corruption matters either in writing, verbally, or through both means. The provided information will be clear, easily accessible, and widely publicized to ensure awareness of its use, principles, and guarantees.
This Policy makes public BLUE TECH ZONE’s commitment to acting in accordance with the values and principles that guide its activities, as outlined in its ideology, Code of Ethics, and internal regulations. This commitment extends to the respect for all individuals, with particular emphasis on environmental protection, as part of its responsibility to ensure a better quality of life in the public interest. The company is dedicated to maintaining a safe and respectful environment for all, facilitating the use of the IIS to report any conduct contrary to these principles, in line with its commitment to society.

e) Protection against retaliation, safeguarding whistleblowers and other affected parties. As long as reports are made in good faith and in accordance with the IIS and Law 2/2023, BLUE TECH ZONE will ensure the protection of whistleblowers. Protection against retaliation is a means of safeguarding freedom of expression, media freedom, and pluralism, which must be guaranteed not only to whistleblowers but also to persons mentioned in or connected to a report.

At the same time, protective measures also apply to persons accused in a report, in case the information—although seemingly credible—has been manipulated, is false, or has been submitted with improper motives that the law cannot protect. These individuals will retain their rights to judicial protection and defense, access to the case file, confidentiality, identity protection, and the presumption of innocence. Their honor and reputation must be respected equally to that of the whistleblower.

Ultimately, this Policy serves as a mechanism to strengthen institutional integrity, ensuring comprehensive legal protection for individuals who report potential violations, while preventing them from suffering retaliation due to their disclosures. This is in line with Law 2/2023, particularly Article 1, which applies to whistleblowers, subjects of reports, and all those with a specific connection to the case.

f) Confidentiality and anonymity of whistleblowers. Anonymity includes the right to data protection, particularly regarding the identity of whistleblowers and individuals under investigation. This is an essential prerequisite to ensure the effectiveness of legal protections. The IIS will guarantee anonymity and/or confidentiality at the whistleblower’s discretion, as this is a fundamental principle of Law 2/2023, which establishes a general obligation to maintain the whistleblower’s anonymity. The law affirms that:

"There is no better way to protect whistleblowers than by guaranteeing their anonymity."

For this reason, the IIS is designed, organized, and managed in a secure manner to ensure the confidentiality of the whistleblower’s identity, the identity of the accused, and any third parties mentioned in the report. The confidentiality of all actions taken in handling and processing information is also guaranteed, with strong data protection measures to prevent unauthorized access.

3. LEADERSHIP AND COMMITMENT

Leadership, as a mediating axis of the Internal Information System’s (IIS) suitability, is a behavioral premise that requires the leaders of the organization to understand the IIS as more than just a set of interrelated elements. Instead, they must view it as the correct implementation and achievement of its objectives, assuming the responsibility to enforce and ensure the successful functioning of the IIS.

Additionally, leaders must promote a strong culture of compliance within the organization, ensuring alignment with internal values, regulations, and the fundamental principles set forth in the organization's Code of Ethics. Respect for the IIS as an institution is a mandatory standard for all directives and actions undertaken within BLUE TECH ZONE.

4.     PERSON IN CHARGE OF THE SYSTEM

In accordance with articles 8 and 5 of Law 2/2023, of 20 February, the System Manager must be responsible for the diligent management of the Internal Information System and the appropriate treatment of the communications received, which includes, among others, the following actions:

Receiving the communications made in the information channel set up for this purpose.

Initiate, if necessary, the investigation procedure.

Appointing external third party experts, experts or professionals to intervene in the investigation process, if necessary.

Ensure that the information channel is duly enabled.

Have at its disposal all the personal and material means necessary to carry out its functions.

Publicise the information channel so that all internal and external members are aware of it.

Annually report the register of communications and the report on the information channel to the governing body.

In conclusion, and according to Article 8.4 of the same Law, the person in charge of the SII ‘must carry out his or her functions independently and autonomously from the rest of the bodies of the entity or body, may not receive instructions of any kind in their exercise, and must have all the personal and material means to carry them out’.

5. PUBLIC CHANNEL

BLUE TECH ZONE has established a communication and information system to promote compliance and meet the requirements of Law 2/2023 on whistleblower protection.

The purpose of this information channel is to serve as the preferred means for employees, suppliers, clients, collaborators, and other stakeholders to report acts or behaviors that may constitute unlawful conduct or any fact, action, or suspicion that may be considered contrary to the objectives and regulations set forth in the Internal Information System.

The designated channel is public, confidential, and/or anonymous, and it is available to all internal and external members, as well as any person with a contractual or non-contractual relationship with BLUE TECH ZONE.

Access to the channel is available via the following link: https://www.ovetauki.com/canal/grupo-fomento. The protocol for its use is published on the corporate website and is also included in the organization's Code of Ethics. This initiative aims to consolidate all existing reporting channels within the organization into a single management procedure for handling information across different material and personal scopes, ensuring compliance with Law 2/2023 while respecting the culture of transparency and information. Additionally, it enhances the protection of whistleblowers’ rights, including security, confidentiality, anonymity, effective processing, and transparency.

6. NON-COMPLIANCE WITH THE INTERNAL INFORMATION SYSTEM

The procedures, principles, and rules set forth in this Policy are mandatory and hold the highest authority within the internal regulations of BLUE TECH ZONE, S.L. They represent the commitment of the Board of Directors to ensuring compliance with applicable legislation and fostering an organizational culture aligned with ethical standards, in accordance with Law 2/2023, of February 20.

Non-compliance with this Policy may lead to sanctions for both the organization and the individuals involved, through the application of the necessary disciplinary regime. Sanctions may include disciplinary actions such as dismissals, fines, or the initiation of civil, administrative, or criminal proceedings against the individuals involved, among others.

Any employee, director, collaborator, representative, agent, or third party who becomes aware of or suspects any actual or imminent action that constitutes a violation of this Policy must report it through the internal reporting channel implemented by BLUE TECH ZONE. It is expressly stated that the organization will never tolerate actions that contradict the principles of the Internal Information System (SII), nor will it take retaliatory measures against any person who refuses to engage in corrupt practices, even if such refusal results in delays or loss of business opportunities.

The consequences of non-compliance with the Internal Information System shall be governed by the provisions of the applicable collective bargaining agreement, the Workers' Statute, and any other relevant legislation in force.

7. CONTROL, EVALUATION, AND REVIEW

The System Officer is responsible for overseeing the implementation, development, and compliance of the Internal Information System.

The System Officer shall evaluate, whenever deemed appropriate, the effectiveness and compliance of the Internal Information System. This evaluation will also take place in cases where significant violations of the system are identified or when major governmental or operational changes occur within the organization, including modifications to the control structure, corporate activities, or delegation of powers within the governing bodies. In such cases, the System Officer shall assess the necessity of making modifications.

The System Officer shall conduct a review of the Policy every three years and propose any necessary modifications and updates to the Board of Directors, ensuring its continuous development and improvement. This process shall take into account any suggestions and proposals made by BLUE TECH ZONE professionals, thereby reinforcing an ongoing improvement approach.

8. APPROVAL

The Governing Body of FOMENTO URBANO DE CASTELLÓN SA approved this Information Channel Protocol by Act dated October 29, 2024.