Anti-Corruption and Conflict of Interest Prevention Policy

(Applicable to Employees, Service Providers, Suppliers and Subcontractors of Curiosidade Plena Unipessoal Lda. and the Holistic Travel Plan – HTP Platform)

1. Purpose and Objective

1.1. This Policy establishes the principles, rules, and procedures aimed at preventing, detecting, and mitigating corruption, fraud, and conflicts of interest in all activities of Curiosidade Plena Unipessoal Lda. and the Holistic Travel Plan (HTP) Platform.

1.2. This document ensures compliance with Law No. 93/2021 (General Regime for Corruption Prevention), as well as international integrity and business ethics standards, including ISO 37001 (Anti-Bribery) and COSO frameworks.

1.3. The central objective of this Policy is to promote a culture of transparency, integrity, and responsibility, ensuring that all HTP operations are conducted ethically, traceably, and in legal compliance.

2. Scope of Application

2.1. This Policy applies to all employees, managers, service providers, suppliers, and subcontractors who maintain contractual relationships with HTP.

2.2. It covers all activities and operations, including procurement processes, business relations, strategic partnerships, and interactions with public or private entities, both in Portugal and abroad.

2.3. It also applies to third parties acting on behalf of HTP, who must formally adhere to this Policy as a condition for collaboration.

3. Key Definitions

For the purposes of this Policy:

• Corruption: Any act of offering, promising, soliciting, or accepting an undue advantage, financial or otherwise, with the intent to influence decisions illegally or unethically.
• Conflict of Interest: A situation in which personal, financial, or family interests may interfere or appear to interfere with the impartiality of professional decisions.
• Fraud: The intentional act of deception, omission, or manipulation of information, aimed at obtaining a personal or third-party benefit, to the detriment of HTP, its clients, or partners.

4. Fundamental Principles

4.1. HTP adopts zero tolerance toward any form of corruption, bribery, fraud, or facilitation payments.

4.2. All operations must observe transparency, traceability, and legal compliance, with adequate documentation allowing audit and supervision.

4.3. Any suspected violation of this Policy must be reported immediately through formal reporting channels.

4.4. HTP guarantees protection to good-faith whistleblowers, as provided for in the Whistleblower Protection Policy.

4.5. Supervision of this Policy will be carried out by a Compliance and Ethics Officer (a role that may be combined with the DPO), who will report directly to Management and ensure the implementation and updating of the prescribed measures.

4.6. The Management of Curiosidade Plena Unipessoal Lda. holds ultimate responsibility for approving this Policy, allocating necessary resources for its implementation, and periodically reviewing its application.

5. Duties and Prohibitions

5.1. It is prohibited to offer, promise, receive, or accept any undue advantage, financial or otherwise, that could influence commercial, contractual, or institutional decisions.

5.2. Participation in decisions or processes where an employee, provider, or supplier has a personal, financial, or family interest is prohibited, unless previously declared and authorized by Management.

5.3. All employees and managers must submit an annual declaration of potential conflicts of interest, updated whenever new relevant situations arise.

5.4. All parties involved must fully cooperate in internal and external audits and investigations related to reports or infractions, providing information and documents whenever requested.

6. Reporting Channel and Whistleblower Protection

6.1. HTP provides a confidential and secure channel, accessible to employees, providers, and suppliers, for reporting suspected corruption, fraud, conflicts of interest, or other violations of this Policy.

6.2. All reports will be impartially analyzed, investigated, and documented, resulting in a formal report with conclusions and a Corrective Action Plan (CAP), establishing deadlines, responsibilities, and mitigation or correction measures.

6.3. The CAP will be monitored by the Compliance Officer/DPO until all defined actions are fully resolved, with auditable records.

6.4. Records related to reports and CAPs will be stored for a minimum period of 5 years, in accordance with legal and regulatory requirements.

6.5. HTP guarantees confidentiality and protection against retaliation for all whistleblowers acting in good faith.

7. Training and Awareness

7.1. All employees and service providers in critical functions must attend mandatory annual training on ethics, integrity, and corruption prevention.

7.2. Specific sessions will be organized for managers and those responsible for procurement and supplier contracting, addressing risks and internal procedures.

7.3. All training sessions will have documented records of participation and results, with periodic evaluation of their effectiveness.

8. Risk Management and Third-Party Due Diligence

8.1. HTP will maintain a Corruption and Fraud Risk Map, updated annually, identifying critical processes and areas (e.g., procurement, payments, and institutional relations).

8.2. Suppliers, partners, and subcontractors will be subject to integrity and compliance due diligence procedures prior to contracting and periodically thereafter, especially when involved in financial operations or institutional representation.

8.3. All resulting information will be documented and analyzed by the Compliance Officer/DPO, integrating HTP’s Operational Risk Matrix.

9. Approval of Gifts and Hospitality

9.1. Any gift, present, invitation, or hospitality received or offered with a value exceeding €50 (or another limit defined annually by Management) must be reported to the Compliance Officer and approved by Management before acceptance or granting.

9.2. All gifts and hospitality will be documented in a formal record, subject to annual internal and external audits.

10. Internal Communication and Dissemination

10.1. This Policy will be disseminated to all employees, service providers, and suppliers and will remain permanently accessible in HTP’s Policy and Privacy Center and other official digital media.

10.2. All new employees and service providers must sign a declaration of knowledge and acceptance of this Policy as a condition to begin duties or partnerships.

11. Record and Evidence Management

11.1. All records related to reports, audits, risk reports, CAPs, approvals, and training will be stored for a minimum of 5 years, in a secure and auditable format.

11.2. These records will be available for internal and external inspections and by competent authorities upon formal request.

12. Sanctions and Disciplinary Measures

12.1. Sanctions will be applied according to the severity of the infraction, distinguishing between negligence, intentional violation, or recurrence, ensuring an investigation process and right of defense.

12.2. Measures may include:

• Formal warning and mandatory corrective training for minor or negligent infractions;
• Suspension, contract termination, and communication to competent authorities for serious or repeated violations;
• Civil and criminal liability, whenever applicable.

12.3. In all cases, offenders must fully cooperate with internal and external investigations and regulatory authorities.

13. Monitoring, Auditing, and Reporting

13.1. This Policy will be reviewed annually based on internal and external audits and risk reports.

13.2. An Annual Implementation and Compliance Report will be prepared, including the number and types of reports, CAPs implemented, measures taken, training sessions held, and risks identified, presented to Management and available for inspection by authorities upon request.

13.3. HTP will make non-confidential summaries of the Annual Report results available to relevant stakeholders (employees, service providers, and suppliers) to reinforce transparency and ethical culture.

13.4. The results of audits, CAPs, and the annual report will be used to update this Policy and HTP’s Operational Risk Matrix, ensuring continuous improvement and regulatory alignment.

13.5. This Policy complements and integrates with the Whistleblower Protection Policy, Cybersecurity Policy, Terms and Conditions, and HTP’s Operational Risk Matrix.

Definitions of Technical Terms and Key Concepts

• Compliance Audit: Systematic, internal, or external process to assess whether HTP’s policies, processes, and practices comply with legislation, standards (e.g., ISO 37001), and internal requirements.
• Independent External Audit: Assessment conducted by an external and impartial entity or professional to verify whether HTP’s processes and controls comply with applicable standards and best practices.
• Undue Benefit: Any financial or non-financial advantage, such as gifts, invitations, or privileges, granted or received to influence decisions unethically or illegally.
• Reporting Channel: Confidential and secure mechanism provided by HTP for reporting suspected corruption, fraud, or violations of this policy.
• Compliance: Set of practices and policies adopted by HTP to ensure all activities comply with laws, regulations, standards, and ethical principles.
• Confidentiality: Protection of information against unauthorized access, disclosure, or use, applicable to all data and records managed under this policy.
• Conflict of Interest: Situation where personal, financial, or family interests may compromise or appear to compromise the impartiality of professional decisions.
• Corruption: Act of offering, promising, soliciting, or accepting undue advantage, financial or otherwise, to influence decisions illegally or unethically.
• NIS2 Directive: European standard establishing security and risk management requirements for networks and information systems, relevant for data protection and operational integrity.
• Integrity and Compliance Due Diligence: Preliminary and periodic assessment of the integrity and legal compliance of suppliers, partners, and subcontractors before and during contractual relationships.
• Fraud: Intentional act of deception, omission, or manipulation of information to obtain personal or third-party benefit, to the detriment of HTP, its clients, or partners.
• Corporate Governance: Framework of practices, processes, and rules ensuring HTP management acts ethically, transparently, and responsibly toward shareholders, employees, and society.
• Hospitality: Invitations, meals, accommodations, or other benefits offered or received in a professional context that must comply with value limits and reporting rules defined by HTP.
• ISO 37001: International standard defining requirements for anti-bribery management systems and best practices for corruption prevention and detection.
• Law No. 93/2021: General Regime for Corruption Prevention (RGPC), which establishes obligations for private entities in Portugal regarding corruption risk management and whistleblower protection.
• Corruption and Fraud Risk Map: Document identifying and classifying HTP’s critical areas and processes potentially exposed to corruption or fraud risks, updated annually.
• Operational Risk Matrix: Document identifying, evaluating, and categorizing operational and compliance risks, including corruption and fraud, with associated mitigation measures.
• Facilitation Payment: Informal or improper low-value payment made to officials or third parties to expedite or secure routine or administrative acts.
• Stakeholders: Individuals or entities that may be affected by or have an interest in the application of this policy, including employees, providers, suppliers, clients, and regulatory authorities.
• Corrective Action Plan (CAP): Set of formal measures established after a report or audit, with defined deadlines and responsibilities, to correct identified failures and prevent recurrence.
• Cybersecurity Policy: Complementary document regulating the protection of networks, data, and systems, essential to prevent fraud and unauthorized access.
• Whistleblower Protection Policy: Complementary document that establishes protection and confidentiality mechanisms for whistleblowers.
• Traceability: Ability to track and verify all stages of a process or decision through documented records allowing audit.
• Annual Implementation and Compliance Report: Document presenting the results of this policy’s implementation (number of reports, CAPs implemented, training, risks identified, and measures taken), used for transparency and auditing.
• Compliance and Ethics Officer/DPO: Person or team designated to oversee the implementation of this policy, manage reports, monitor risks, and report directly to Management.
• Reputational Risk: Potential damage to HTP’s image and credibility resulting from corruption, fraud, or conflicts of interest.
• Residual Risk: Risk that remains even after mitigation measures are applied and must be monitored by risk management.
• Bribery: Any offer, promise, or delivery of advantage, direct or indirect, to a public or private person, with the aim of influencing decisions or obtaining undue benefits.
• Whistleblower: Person who, in good faith, reports an infraction or irregularity, internally or externally, protected against retaliation by applicable legislation.

Version History and Dates

• Version number: 00000001
• Creation Date: 02.10.2025
• Effective Date: 02.10.2025
• Last Update: 02.10.2025
• Next Scheduled Review: 02.10.2026