Information Systems

Last updated: December 9, 2025

1. OBJECT

This Policy (hereinafter, the “Policy”) aims to formalize the operation of the internal information system of Alstp International Advice Services, S.L. (hereinafter, “ALSTP”).

The Policy establishes:

  • Protocol for reporting irregular, illegal, or unethical conduct
  • Procedure for action, investigation, processing, and conclusion
  • Guarantees and protections for the involved parties (especially for the reporting person)
  • Rights and obligations of participants

This policy reflects ALSTP’s commitment to: ✔ Compliance with Law 2/2023, of February 20 ✔ Ethical and excellence standards ✔ Standard UNE-ISO 37002:2021

2. SCOPE

Persons subject to this policy:

  • Advisors and members of management bodies
  • Workers (any type of contractual relationship)
  • Suppliers, volunteers, interns
  • Participants in selection processes
  • Clients and related entities
  • Assistants to the reporting person

Reportable facts include:

  • Legal infringements (occupational safety, corruption, competition, environment, money laundering)
  • Harassment, abuse, or degrading treatment conduct
  • Non-compliance with ALSTP’s internal policies

3. REFERENCES

  • Regulatory Compliance Unit Regulations

4. DEFINITIONS

TermDefinition
CSRCorporate Social Responsibility
ALSTPAlstp International Advice Services, S.L.
Reportable FactsConduct susceptible to being reported
Report / DisclosureCommunication regarding Reportable Facts

5. PUBLICATION

Available on ALSTP’s corporate website

6. COMPETENT BODY

Regulatory Compliance Unit:

  • Implementation and application of the policy
  • Responsible for the internal information system
  • The President acts as delegated responsible

Functions:

  • Reception and assessment of reports
  • Direction of investigations
  • Proposal for resolution to the managing partner

7. REPORTING CHANNELS

  1. Email: comunicaciones@alstp.com (Guarantees anonymity)

  2. External authorities:

    • Independent Authority for the Protection of Whistleblowers
    • Corresponding regional bodies

8. REQUIREMENTS FOR REPORTS

  • Detailed description (dates, facts, individuals involved)
  • Supporting evidence (when possible)
  • Optional identification (anonymous reports are accepted)

9. ADMISSION OF REPORTS

  • Assessment period: 7 calendar days
  • Grounds for inadmissibility: ✓ False or bad faith reports ✓ Non-compliance with requirements
  • Right to submit allegations: 15 business days

10. PROCESSING OF THE CASE

  • Maximum timeframe: 3 months (extendable for an additional 3 months)
  • Guarantees: ✓ Confidentiality ✓ Right to defense ✓ Possibility to request additional information

11. RESOLUTION

  • Proposal from the Compliance Unit to the managing partner
  • Criminal cases: Immediate referral to the Public Prosecutor’s Office/European Public Prosecutor’s Office
  • Application of sanctioning measures when applicable

12. GOVERNING PRINCIPLES

  • Anonymity
  • Confidentiality
  • Promptness
  • Presumption of innocence
  • Objectivity and autonomy

13. CONFIDENTIALITY

Strict obligation for all participants

  • Protection of data and information
  • Prohibition of unauthorized dissemination
  • Technical and organizational measures (Annex 2)

14. PROTECTION OF THE REPORTING PERSON

  • Guarantee against retaliation
  • Investigation of detrimental conduct
  • Mechanisms for reporting potential retaliation

15. DATA PROTECTION

Processing in accordance with GDPR (EU) 2016/679 ARCO Rights: