This Policy is approved by Order of the Managers of Keratech Engineering Ltd.

(the Company) dated 14.12.2023 in fulfilment of the Company’s obligations as an employer under Art. 2 of the Act on the Protection of Whistleblowers or Public Disclosers.

The Whistleblower Protection Act shall apply to matters not covered by this Policy.

1. PURPOSE OF THE POLICY

The purpose of this Policy is to provide the persons referred to in section 2 below with information on the conditions and procedures for reporting or making public information on infringements of Bulgarian law or European Union acts which have come to their knowledge in the course of or in connection with the performance of their work or official duties or in another work context.

In addition, the Policy provides information on measures to ensure the protection of whistleblowers or whistleblowers.

2. WHO CAN BLOW THE WHISTLE

Under this Policy, whistleblowers may:

– Employees of the Company or other persons who perform work for hire, regardless of the nature of the work, the method of payment or the source of funding;

– self-employed persons who work without an employment relationship and/or who exercise a freelance profession or craft with whom the Company has a contractual relationship;

– trainees (paid or unpaid) and volunteers of the Company;

– the sole owner of the capital and the manager of the Company;

– persons working for the Company, including as its subcontractors, persons to whom the Company is a contractor (contractors or suppliers);

– applicants for employment with the Company whose employment is about to commence in cases where the information concerning the breaches was obtained during the selection process (e.g. in a competition or other form) or any pre-contractual relationship;

– employees where the information was obtained in the context of an employment relationship that had been terminated at the time of the alert or public disclosure.

3. WHAT VIOLATIONS ARE BEING REPORTED

In view of the Company’s business, the Policy applies to whistleblowing or public disclosure of information about:

3.1. Violations of Bulgarian legislation or acts of the European Union in the field of:

– public procurement;

– financial services, products and markets and the prevention of money laundering and terrorist financing;

– product safety and compliance;

– transport safety;

– environmental protection;

– radiation protection and nuclear safety;

– food and feed safety, animal health and welfare;

– public health;

– consumer protection;

– protection of privacy and personal data;

– security of networks and information systems.

3.2. infringements affecting the financial interests of the European Union within the meaning of Article 325 of the Treaty on the Functioning of the European Union and further specified in the relevant Union measures;

3.3. infringements of internal market rules within the meaning of Article 26(2) of the Treaty on the Functioning of the European Union, including European Union rules and Bulgarian legislation on competition and State aid;

3.4. infringements relating to cross-border tax schemes the purpose of which is to obtain a tax advantage which is contrary to the object or purpose of the applicable corporate tax law;

3.5. the commission of an offence of a general nature of which the person has become aware in connection with the performance of his or her work or in the performance of his or her official duties.

3.6. This policy also applies to whistleblowing or public disclosure of information about breaches of Bulgarian law in the area of:

– the rules for payment of public state and municipal claims;

– labour legislation.

4. HOW TO REPORT

4.1. A report may be made to the officer designated to receive and process reports in one of the following ways:

– Verbally – by face-to-face meeting or in a telephone conversation;

– In writing – by submitting the alert on paper or by e-mail.

4.2 A form approved by the

Commission for the Protection of Personal Data, which shall be completed by:

– the sender of the alert – when the alert is submitted in writing;

– by the employee of the Company specified below in this Policy responsible for handling alerts – when the alert is submitted orally. If desired, the whistleblower may sign the form completed by the employee.

4.3 The whistleblower may attach any sources of information to support the allegations made and/or reference to documents, including reference to persons who could corroborate the information reported or provide additional information.

4.4. If the alert is not submitted by the means specified in this Policy, a notice shall be sent to the whistleblower to remedy the deficiencies within 7 days of receipt of the alert. If the irregularities are not remedied within this period, the alert together with its annexes shall be returned to the whistleblower.

4.5. Signals which do not fall within the scope of this Policy and the content of which does not warrant being considered credible or reliable shall not be considered. Alerts that contain demonstrably false or misleading statements of fact shall be returned to the sender for correction of the statements.

5. TO WHOM THE ALERT SHALL BE ADDRESSED

Reports may be made to the following Company official:

Employee Name Ekaterina Dimitrova

Position Front Office Manager

Contact phone +359 52 910 800

E-mail address fom@rosslyn-hotels.com

Address for contact. Knyaz Boris 111, 9002 Varna

6. ACTIONS OF THE COMPANY IN CASE OF A SIGNAL

In the event of a signal, the Company shall:

6.1. Take the necessary actions within its competence to stop the violation or to prevent it if it has not started.

In the event of more than one signal, priority shall be given to those signals which pose a greater threat to the public interest;

6.2. Terminate the inspection:

– Where the offence reported is a minor case and does not require further follow-up action;

– On a repeated report that does not contain new information relevant to an offence in respect of which an investigation has already been completed, unless new legal or factual circumstances warrant further action;

– Where evidence of a criminal offence is found, in which case the report and the accompanying material shall be sent immediately to the public prosecutor’s office.

In cases where the inspection is terminated because it is a minor case or because it is a repeated signal, the whistleblower may, at his/her discretion, submit a signal to the Commission for Personal Data Protection.

6.3. Prepares an individual report in which it briefly describes the information from the whistleblower, the actions taken, the final results of the whistleblower check, which, together with the reasons, it communicates to the whistleblower and the person concerned, subject to their protection obligations.

7. PROTECTION OF THE WHISTLEBLOWER

7.1. The Company prohibits any form of retaliation against whistleblowers or whistleblowers who have disclosed information under this Policy that is retaliatory in nature and places them at a disadvantage, as well as threats or attempts to do so, including in the form of:

– suspension, dismissal, or other grounds for termination of an individual’s employment;

– demotion or delay in promotion;

– a change in the location or nature of the work, the duration of working hours or a reduction in remuneration;

– refusal to provide training to maintain and improve the professional qualifications of the employee;

– a negative performance evaluation, including in a job recommendation;

– the application of pecuniary and/or disciplinary liability, including the imposition of disciplinary penalties;

– coercion, rejection, threats of retaliation or actions, whether physically, verbally or otherwise, which are intended to undermine the dignity of the individual and create a hostile work environment;

– direct or indirect discrimination, unequal or unfavourable treatment;

– denying the possibility of transfer from a fixed-term contract to a contract of indefinite duration where the employee has a legitimate right to be offered permanent employment;

– early termination of a fixed-term contract or refusal to re-contract where such is permissible under the law;

– damage, including to the person’s reputation, in particular on social networks, or financial loss, including loss of business and loss of income;

– inclusion on a list drawn up on the basis of a formal or informal agreement in a sector or industry which may result in the person being unable to take up employment or being unable to supply a good or service in that sector or industry (blacklisting);

– early termination or cancellation of a contract for the supply of goods or services where the person is a supplier;

– termination of a licence or permit;

– referring the person for medical examination.

7.2. The Company shall take all necessary measures to protect the information relating to whistleblowing and to protect the identity of whistleblowers by ensuring that only employees who need the information to perform their duties have access to the information.

7.3. In the event of a breach of the whistleblower protection requirements of this Policy and the Whistleblower Protection or Public Disclosure Act, whistleblowers shall be entitled to compensation for pecuniary and non-pecuniary damages suffered.

8. CENTRAL /EXTERNAL/ WHISTLEBLOWING BODY

The competent administrative authority to which signals included in the scope of this Policy may be submitted is the Commission for Personal Data Protection with the address: 1592 Sofia Blvd. “Prof. Tsvetan Lazarov № 2 “, e-mail: kzld@cpdp.bg, website: www.cpdp.bg.