EXTRACT OF PART ONE OF THE ORGANIZATION AND MANAGEMENT MODEL 231

EXTRACT FROM PART ONE OF THE ORGANIZATION AND MANAGEMENT MODEL 231

S E C T I O N II – PRINCIPLES

This section contains the principles that guide and inspire this organization and management model.

The principles listed here must be respected by all those who operate on behalf of Fratelli Pisa Srl

II.1. - ETHICS

The adoption of ethical principles relevant to the prevention of the crimes envisaged by Legislative Decree 231/2001 constitutes an essential element of the "231" process.

The Fratelli Pisa company recognizes the importance of ethical-social responsibility in the conduct of business and corporate activities, committing itself to respecting the legitimate interests of its stakeholders and the community in which it operates.

The behaviors of anyone, individual or organisation, who tries to appropriate the benefits of the collaboration of others, exploiting positions of strength, are unethical and encourage the adoption of hostile attitudes towards the organisation.

In any case, the pursuit of the organization's interests can never justify conduct contrary to the principles of correctness and honesty.

II.2. - LEGALITY

II.2.1. COMPLIANCE WITH THE LAWS

Compliance with the legislation in force and applicable to the organization is an essential condition for every activity of the organisation. By legislation we mean the Italian Constitution and laws, the provisions of equal standing of the European Union, the national laws of the countries in which the organization operates.

II.2.2. COMPLIANCE WITH NEGOTIABLE OBLIGATIONS

The Fratelli Pisa company also undertakes to scrupulously respect all obligations deriving from contracts or other contractual instruments to which it is a party. As well as to respect the other obligations linked to the social context in which it operates.

II.2.3. COMPLIANCE WITH THE LEGISLATIVE DECREE V O 23 1/2001

The Fratelli Pisa company is committed to reducing the risks of committing the crimes envisaged by Legislative Decree 231/2001. Risk reduction must be as low as possible, considering compliance with the law as a priority objective. The periodic review and updating have the aim of limiting the level of acceptable risk to the lowest possible and giving maximum effectiveness to the organization and management model.

The “231” process is described in detail in section b) of Part III of this document.

II.3. - PENALTY

The provisions of this document, as well as legal or other provisions that are binding for the organization must be interpreted rigorously having as a guide the primary purposes of this document which are compliance with ethical principles and laws.

II.4. - RISK MANAGEMENT

The organisation's activities and the resulting choices must be conducted with awareness according to best practices such as the ISO 31000 standard.

In managing risks, compliance with the laws and the interests of stakeholders must be guaranteed1. Risks must be managed by assigning clear and specific powers and responsibilities.

II.4.1. RISK ANALYSIS

Every significant activity of the Organization must be preceded by risk analyses. The risk analysis must identify and describe the risk scenarios in relation to the commission of the crimes envisaged by Legislative Decree 231/2001 with reference to the specific activity carried out by the entity. The roles, powers and responsibilities for risk analyzes must be clearly and specifically allocated.

II.4.2. RISK ASSESSMENT

The utmost rigor must be followed in the risk assessment, i.e. in case of indecision the solution with the greatest guarantee must be chosen taking into account ethical principles and the law. The damage must always be considered maximum regardless of the qualitative or quantitative evaluation criteria, since the commission of a crime, even if minor, cannot be tolerated. The choice of remedies must be made consistently, preferring those that offer the greatest protection and not according to criteria of mere economy.

The "Acceptable Risk" must be assessed in accordance with the higher principles considering that the prevention system must be such that it cannot be circumvented except fraudulently.

II.5. – CORRECTNESS AND TRANSPARENCY

The information disseminated by the organization is complete, transparent, understandable and accurate, taking into account the recipients, so that the latter can make informed decisions.

The information, given its nature, must satisfy adequate levels of integrity and availability; a suitable level of authenticity must be guaranteed for information intended for dissemination or which may have significant impacts on the organisation, human resources and stakeholders.

All the actions and operations carried out and the behavior of those who work for the organisation, in carrying out their duties or functions, must therefore be inspired by transparency, correctness and mutual respect, as well as legitimacy from both a formal and substantial, according to current regulations and internal and group procedures and regulations.

II.6. - CONFIDENTIALITY

The organisation, in compliance with the provisions of the law, guarantees the confidentiality of the information in its possession, including personal data.

Those who operate on behalf of the organization are expressly prohibited from using confidential information for purposes not connected to the exercise of their professional activity even after the termination of the relationship that binds them to the organization.

II.7. - HUMAN RESOURCES

The human factor constitutes at the same time the key resource of the organization and is the source from which the crimes to be prevented can be committed. It follows that the organization pays the utmost attention to the management of human resources by selecting and maintaining particularly qualified personnel. Particular attention is paid to motivational aspects and specific training needs, taking into account the potential of individuals and favoring the conditions for a proactive, collaborative, rewarding and non-conflicting work environment. This is in the belief that a healthy working environment strengthens the organization against the threat of committing crimes.

Those who operate in the name and/or on behalf of the organization must carry out their work and duties with professional commitment, diligence, efficiency and correctness, making the best use of the tools and time at their disposal and assuming the responsibilities connected to the commitments made.

The organization guarantees an adequate level of professionalism in the execution of the tasks assigned to its collaborators, committing itself to enhancing the skills of its resources, making suitable training, professional updating and development tools available to them.

All staff are hired with a regular employment contract, as no form of irregular work and exploitation is tolerated.

Any form of discrimination is avoided both in the selection phase and in the management and career development of staff; the evaluation of candidates is based solely on the pursuit of company interests.

Any action that may constitute abuse of authority and, more generally, that violates the dignity and psycho-physical integrity of the person is not tolerated by the organization.

II.8. - DOCUMENTATION

Every operation, transaction, action, relevant for the purposes of Legislative Decree 231/2001 (such as for example accounting and security documentation) must be verifiable, documented, coherent and congruous, respecting the security principles of the Information System better specified below.

The control and supervision system must document the implementation of controls, including supervision; the "supervisory documentation" sub-process is part of the "231" process contained in section b) of Part III of this document.

The documentation must be produced and maintained according to suitable levels of evidentiary effectiveness taking into account current legislation.

II.9. SAFETY

II.9.1. AT WORK

The Fratelli Pisa company promotes and spreads the culture of safety, developing awareness of risks, promoting responsible behavior by all employees and collaborators, in order to preserve their health and safety.

The Fratelli Pisa company guarantees a working environment that complies with current health and safety regulations through the monitoring, management and prevention of risks associated with the performance of professional activities.

The management of health and safety at work constitutes an integral part of the general management of the organisation.

The Fratelli Pisa company adopts an occupational health and safety management system (SGSL).

The SGSL integrates health and safety objectives and policies into the design and management of work systems and the production of goods and services, defining the methods for identifying, within the organisation, responsibilities, procedures, processes and the resources for the implementation of the company prevention policy, in compliance with current health and safety regulations (Legislative Decree 81/2008).

Adequate resources are specifically allocated for the implementation of the principles expressed above.

II.9.2. OF THE INFORMATION SYSTEM

The information and the tools with which it is processed (electronic and otherwise, including software programs) are a key resource of the organization and at the same time are one of the main tools for the commission of some of the crimes contemplated by Legislative Decree 231/2001. By Information System we mean the set of resources organized and used by the organization for the processing of information, it follows that the organization considers the protection of the Information System a priority.

The protection of personal data, as required by current applicable sector legislation, is an integral part of the security of the Information System.

II.9.3. OF FINANCIAL RESOURCES

Financial resources are strategic for the organization and at the same time are one of the instruments most affected by the commission of some of the crimes provided for by Legislative Decree 231/2001.

The art. 6 co. 2 lett. c) of Legislative Decree 231/2001 prescribes the obligation to identify ways of managing financial resources suitable for preventing the commission of crimes; to this end, the Organization scrupulously complies with current sector legislation by subjecting the aforementioned activities to the control of supervisory functions.

II.10 - ENVIRONMENT

The Fratelli Pisa company actively contributes in the appropriate forums to the promotion of scientific and technological development aimed at safeguarding resources and the environment. Operational management must refer to advanced criteria of environmental protection and energy efficiency, pursuing the continuous improvement of health and safety conditions at work and environmental protection.

The people of the organisation, as part of their duties, actively participate in the process of risk prevention, safeguarding the environment and public safety and protecting the health and safety of themselves, their colleagues and third parties.

II.11 - SURVEILLANCE AND UPDATE

The art. 6 co.1 lett. b) Legislative Decree 231/2001 provides for the obligation to entrust to a body of the organization, equipped with autonomous powers of initiative and control, the task of supervising the functioning and observance of the MOG and of ensuring its updating.

for this purpose, the Body has established and appointed a specific Supervisory Body, to which it has provided attributions of skills and responsibilities so as to be endowed with autonomous powers of initiative and control in compliance with the law.

The Supervisory Body as mentioned above has the task of monitoring the functioning and compliance with the MOG and ensuring that it is updated.

The "Supervision" process is better defined in section e) of Part III of this document "Supervision System" in compliance with the principles contained in the policy of the Supervisory Body.

In order to guarantee the effectiveness and efficiency of the MOG, periodically, generally every three years, or sooner if significant organizational or legislative changes occur, the review is promoted on the initiative of those in charge of supervision (advisers or autonomous body). and updating of the MOG itself.

The “Review” sub-process is part of the “231” process described in section b) of Part III of this document.

II.12 - COMMUNICATIONS

The art. 6 co. 2 lett. d) of Legislative Decree 231/2001 provides for the obligation to organize an information system for those responsible for supervision.

This system is defined in the sub-process "Supervisory information system" (SIV) also with the name "information flows"; it is part of the “231” process

The process is assigned to a manager who has the responsibility of ensuring its effective implementation and updating.

The SIV defines the content of the information that must be transmitted to the Supervisory Body, identifying those who must carry out the communications, the methods and times.

The information transmitted to those carrying out surveillance must meet high levels of integrity, availability, confidentiality and authenticity.

Suitable communication channels must be identified and established towards those carrying out the supervision, through which all those who work for the entity can report facts relevant for the purposes of Legislative Decree 231/2001 (such as for example security incidents, violations or suspected violations of the rules established by the MOG).

If supervision is entrusted to an autonomous body, an effective communication system towards the top management of the entity must also be guaranteed.

II.13 - TRAINING

All those who work on behalf of the organization must be informed and receive training on the relevant aspects of the rule, the rules decided by the organization on the matter, the responsibilities and consequences for failure to comply with the rules.

Training is a primary element of the security and crime prevention system provided for by Legislative Decree 231/2001.

Training activities must be planned and diversified taking into account the specific needs of the recipients.

The training activity must be measured in order to verify its effectiveness. Responsibilities for training must be clearly assigned.

Training must be updated when significant changes to the MOG occur or when the need emerges from checks on the effectiveness or awareness levels of the recipients.

The “231 training” sub-process is part of the “231” process contained in section b) of Part III of this document.

II.14 - DISCIPLINARY SYSTEM

The art. 6 co.2 lett. e) provides for the obligation to conform the disciplinary system so as to make it suitable for sanctioning failure to comply with the measures indicated in the model.

The Disciplinary System provides for the actions to be taken in the event of incorrect behavior relevant for the purposes of Legislative Decree 231/2001 by: employees, collaborators, administrators and anyone else working in the name or on behalf of the organisation.

In particular, as regards employees, the disciplinary aspects must comply with the provisions of the sector regulations in force in the period considered.

Responsibilities for checks and disciplinary complaints must be clearly and specifically defined and brought to the attention of all interested parties by suitable means.

The Disciplinary System relevant for the purposes of the "231" process is reported in section f) of Part III of this document.