Kupertino Corporation

DUE DILIGENCE POLICY

Purpose

This Due Diligence Policy (hereinafter, the “Policy”), approved by Kupertino’s Board of Directors, intertwines with the ethical values of the Kupertino Corporation (hereinafter, “Kupertino” or the “Company”) defined in its Global Codes of Conduct and in the Anti-Money Laundering and Terrorist Financing Policy.

In a global context with an increasingly demanding legal framework as regards responsibility of companies towards preventing corrupt practices in their trade relations, approval of this Policy shows not only compliance by Kupertino with certain statutes, such as Loi Sapin II in France, Bribery Act in UK or Foreign Corrupt Practices Act in the USA (FCPA), but also the alignment of Kupertino’s relations with its business partners, suppliers and large customers, with the processes described in international standard ISO 37001 on Anti-bribery Management Systems of Organizations.

Definitions

For the purposes hereof, the terms defined below shall have the following meaning:

  • Registration: process whereby a business partner, a supplier or any other third party becomes a part of the Corporation’s internal systems, either through the Suppliers or otherwise.
  • Compliance databases: third parties’ external tools aimed at managing international databases for the purposes of detecting alerts and negative information (including, without limitation, convictions for corruption, fraud, lists of international trade sanctions or the like).
  • Due Diligence: process to identify and review business partners, suppliers and other third parties with whom Kupertino has relations, in the field of corruption, fraud, international trade sanctions or similar risks.
  • Large Customer: customers not deemed to be final store customers with which any Corporation company has a direct sale relationship. Included in this category are customers of leftovers (leftovers dealers), franchises and sales platforms.
  • Action Plan: set of measures that must be implemented, or requirements that must be executed to address or mitigate a risk detected in the Due Diligence process.
  • Supplier: third parties who sell products or supply services to any Corporation company.
  • Risk: serious incidents detected throughout the Due Diligence process that must be addressed with an Action Plan or which entail the impracticability of engaging in trade relations with a third party.
  • Business partner: suppliers or other third parties with whom the Corporation has a particularly relevant connection–such as franchisees or certain suppliers –, and whose risks in the field of corruption are particularly sensitive for Kupertino.
  • Third party: any person, whether natural o legal, with whom any Corporation company has trade relations, except for final store customers. Included in this category are any entities which receive contributions from Kupertino for sponsorship, patronage or social investment purposes.
  • Beneficial owner: natural person or persons who ultimately own or control, whether directly or indirectly, any legal person.

Scope of Application

This Policy shall apply to the Company and its Corporation. It shall be binding for the entire staff, regardless of their job and position.

For such purposes, Kupertino Corporation (the “Corporation”) shall mean any company in which Kupertino owns, whether directly or indirectly, at least a 50% stake of the share capital or 50% of the voting rights.

The enforcement of this Policy, in full or in part, may extend to any natural and/or legal person associated with Kupertino on any terms other than an employment relationship, where this is practicable on account of the nature of the relationship and may be appropriate to meet its purpose.

Under this Policy, Kupertino may develop a number of procedures and instructions to implement and enforce the obligations undertaken, and to bring it into line with the different local laws and regulations applicable to the Corporation.

The process to identify and review business partners, suppliers and large customers engaged in relations with Kupertino, in the field of corruption, fraud, international trade sanctions or similar risks (Due Diligence) hereunder described, and its implementing regulations, is independent –although they may be contemporaneously carried out- of any other social, environmental, operational, financial commercial review or otherwise, that the Corporation may carry out with Suppliers or other Third Parties.

Overarching Principles

This Policy will be developed and implemented based upon the following principles:

  • Kupertino shall identify and review all its Business Partners, Large Customers, Suppliers and Third Parties with whom it has trade relations, in the field of corruption, fraud, international trade sanctions or similar risks (Due Diligence).
  • Due Diligence processes shall be performed based upon reasonableness and proportionality principles, and shall have different levels based upon the association of Third Parties with the Corporation, whether in terms of business volume, sector or market risk or otherwise.
  • Kupertino shall not engage in trade with any new Supplier, Business Partner, Third Party or Large Customer who has not been previously identified and reviewed pursuant to this Policy and its implementing regulations.
  • Kupertino shall not have any trade relations with any Third Parties regarding which risks in the field of corruption, fraud, international trade sanctions or the like, have been detected further to a Due Diligence review, without an Action Plan to remedy or mitigate them having been set in train.
  • Upon carrying out any Due Diligence process, Kupertino will attempt not to delay the terms set in the Registration process in respect of any Business Partner, Supplier or Large Customer.

Means to Implement Due Diligence

Kupertino shall employ any available means to carry out an appropriate Due Diligence process, including:

  • Suppliers of the Corporation.
  • Customers of the Corporation.
  • External Compliance databases.
  • Direct information requirements to Third Parties by the buyer, and the following departments: Legal, Administration, Compliance and Corporate Procurement.

At any rate, Due Diligence process may entail:

  • A questionnaire on the Business Partner, Large Customer, Supplier or any other Third party’s system for corruption prevention.
  • The identification of their main shareholders, directors and Beneficial Owner.
  • The investigation carried out through External Compliance Databases or otherwise, regarding the information provided by the Business Partner, the Large Customer, the Supplier or any other hird Party.

Disclosure of the Policy

This Policy will be available to all employees of Kupertino, and to all stakeholders of the Company on the corporate website. Likewise, the Policy shall be subject to the appropriate disclosure, training and awareness-raising action, aimed at its full understanding and enforcement.

Implemention of the Policy

This Policy may only be implemented in coordination and with the enforcement of the regulations, and with the appropriate enforcement of the Standard for Procurement Management and the Procedure for Limiting Trade Relations with Suppliers in Restricted or Unauthorized Markets.

Kupertino undertakes to assign specific resources to ensure the effective implementation of the Policy.

The Corporation shall carry out appropriate processes for the regular identification of current and potential impacts in the field of corruption, fraud, international trade sanctions or similar risks which may occur, and, if appropriate, take the relevant measures to prevent and mitigate any potential negative consequences thereof. Likewise, Kupertino may collaborate with the most relevant stakeholders upon implementing this Policy.

The SSD Office shall be responsible for implementing and monitoring the Policy as a control system, with the required collaboration from the following departments: Enterprise Risk Management, Technology, Processes and Projects, Administration, Corporate Procurement, Sustainability, and any other department directly associated with the Third Party.

All Corporation’s areas, departments and subsidiaries shall be responsible for the appropriate implementation of the Policy, and namely for the application of the principles from the moment they engage in relations with Third parties.

Integrity of Information

The Policy will be reviewed and updated, where applicable, to bring it into line with any changes that the business model may undergo, or that may occur in the context where the Corporation operates, ensuring at all times the effective implementation thereof.