Introduction

The present policy (the “Policy”) sets the general principles and the operational framework through which Deel receives, assesses, and investigates reports alleging irregularities, omissions or offenses that come to the attention of its employees, customers, suppliers, or other stakeholders. The Policy constitutes a means of ensuring the integrity, internal governance, and reputation of Deel. It contributes to the identification of risks and to the adoption of the appropriate corrective measures, including but not limited to, detecting in advance incidents of fraud or other serious offenses, applying the appropriate measures to liable parties and, when required, notifying the competent Authorities, as the case may be.
Ensuring an environment of trust and safety for their employees, customers and suppliers, Deel encourages reporting in good faith of illegal acts or serious offenses, which come to their attention.
This Policy does not impair any right of a reporting person under existing laws and should not be interpreted to contravene existing laws, regulations, and rights thereunder. In addition, this Policy does not intend and shall not be deemed to prohibit or restrict a reporting person in any
way from communicating directly with, cooperating with, responding to any inquiry from investigatory or other agency, authority or body, foreign regulatory, investigatory or other agency regarding any possible violation or suspected wrongdoing.

Regulatory Framework

The Policy complies with the requirements of the regulatory framework, as stipulated in the Directive (EU) 2019/1937 of the European Parliament and of the Council on “the protection of persons who report breaches of Union law” as well as relevant legal and regulatory provisions.

Scope of the Policy

A. Definitions

For the purposes of this Policy, the following definitions shall apply:
Breach is the unlawful act or omission which relates to the laws and regulations applicable to Deel, as set out below.
Report is the oral or written communication of an actual or potential breach or a concern. Reporting person or Whistleblower is the natural person who reports or discloses information on breaches in the context of their work-related activities with Deel. Reported Person is the individual against whom an allegation has been made, a natural or legal person who is referred to in the report as a person to whom the irregularity is attributed or with whom that person is associated.
Retaliation is any direct or indirect act or omission which occurs in a work-related context, prompted by reporting, which causes or may cause unjustified detriment to the whistleblower. Retaliatory actions may include, but are not necessarily limited to, harassment, discriminatory treatment, inappropriate performance appraisal, salary freeze or adjustment, work assignments, demotion, termination of employment, or the withholding of an entitlement. Responsible personnel is an impartial person or department of Deel designated to assess the information provided by the reporting person in the report (see below Section VI)

B. Reporting persons

This Policy applies to the following categories of reporting persons:

• All employees of Deel,

• Contractors, subcontractors and suppliers of Deel, as well as persons working under their supervision,

• Shareholders and members of the Board of Directors,

• Persons whose work-based relationship with Deel has ended or is yet to begin for information on breaches acquired during the recruitment process, pre-contractual information or information acquired during the course of their employment, The present Policy also applies to colleagues and relatives of reporting persons, as well as to legal entities that the reporting persons own, work for or are otherwise connected with in a work related context.

C. Breaches

Deel encourages and considers critical the provision of information by reporting persons regarding offenses and suspected illegal behavior, mismanagement incidents or serious irregularities-omissions in connection with Deel's regulations, policy and procedures, financial reporting and financial statements, whenever the reporting person reasonably believes that the information disclosed is substantially true. Reporting persons are encouraged to report in good faith any breaches or suspected breaches of applicable laws and regulations such as:

• Acts or omissions involving gross negligence, potential fraud or corruption;
• Breach of laws and regulations regarding the prevention of money laundering and terrorist financing;
• Acts or omissions conflicting with the interests of Deel involving serious violations of Deel's policies and procedures;
• Acts or omissions which endanger the safety of an employee;
• All kinds of harassment (e.g. sexual, racial, religious, gender identity etc.), as well as abuse of power.
• Offering or accepting a bribe by a Deel employee;
• Expropriation, theft or mismanagement of assets and money belonging to Deel or to customers of Deel;
• Breach of confidentiality and data protection laws;
• Consumer protection;
• Infringement of the legal framework applicable to Deel;
• Acts or omissions relevant to the integrity and accuracy of Deel's financial statements and reporting;
• Acts harmful to the environment. Information on breaches include any information and reasonable suspicions about actual or potential breaches, which occurred or are very likely to occur in Deel, and about attempts to conceal such breaches. Reporting persons are strongly encouraged to submit substantiated information on breaches, so that Deel may reasonably undertake actions to investigate and follow-up on the information provided.

D. Local Regulations

In jurisdictions where local laws or regulations set stricter rules than those set out in the present Policy, the stricter rules prevail.

Anonymity and confidentiality

Deel has put in place a secure process which ensures the anonymity of any reporting person, as well as the confidentiality of their identity and that of any third party mentioned in the report.
Whistleblowers shall be protected against retaliation or reprisal actions, on the following grounds:

• The identity of the Whistleblower, should they have opted not to be anonymous, shall be protected and confidentiality shall be ensured.
• Submitted reports are communicated only to predefined persons, the number of which is narrowed to those responsible for carrying the investigation and are entitled to act in discretion and confidentiality. By respecting the above would also result in protecting the identity of the reported persons.
  Deel ensures that the Whistleblower is properly protected against possible negative consequences, such as threats or attempts of retaliation, or discrimination or any other form of unfair treatment.
  Revealing the identity of the Whistleblower may be required by a judicial or other legal procedure in the context of investigating the corresponding case. In particular, the Whistleblower shall be informed before their identity is disclosed, unless such information would jeopardize the related investigations or judicial proceedings. When informing the Whistleblower, Deel shall provide an explanation for sharing the confidential data concerned.
  Deel ensures that Reported Persons are fully protected against potential negative impact, in such cases where the assessment of the report does not reveal a Policy breach. Even when the investigation decides upon a justified violation and measures have been taken against the Reported Persons, their protection is ensured against involuntary negative effects, irrespective of potential sanctions imposed by the competent bodies.
  Deel takes all necessary technical and organizational measures to protect personal data. Any processing of personal data under this Policy is carried out in accordance with relevant national and European regulation. Personal data of the parties involved is protected and is processed for the sole purpose of verifying their validity. The Legal Department retains in electronic format, a file, which includes all submitted reports, as well as the corresponding documentation. The records are not stored longer than is necessary and are deleted in accordance with applicable laws and regulations.

Procedure

A. Reporting Channels

Reports can be submitted by e-mail to phb@deel.com , or by post to: Bouaziz & Partners, 45 Quai de la Seine, 75019, Paris. Upon request of the Whistleblower, the report may also be submitted by means of a physical meeting. In such a case, the responsible staff ensures that, subject to the consent of the Whistleblower, the conversation is recorded in a durable and retrievable form. In order to facilitate the proper examination and assessment of the submitted reports, the reporting persons are encouraged to provide all available information, including the facts giving rise to the suspicion/concern related with the report, indicating the date and nature of the event, the name(s) of the person(s) involved as well as potential witnesses, or other evidence, including documents and locations.

B. Processing of Reports

Deel's responsible personnel shall process reported breaches in the following manner:

• Upon receipt of the report, the responsible personnel undertakes to assess the information provided by the reporting person in the report. All persons assigned the examination or assessment of a particular case are obliged to disclose to Deel any conflicts of interest prior to performing any actions with regard to the case and abstain from any further involvement in that case.
• The responsible personnel shall follow-up on any report and an acknowledgement of receipt will be provided to the reporting person within seven days.
• If the case is out of scope of the present Policy, obviously unsubstantiated or no investigation can be undertaken, the report is closed and archived. The reporting person is notified via email.
• If the case can be investigated, the responsible personnel will begin an internal investigation by engaging other competent functions of Deel based on the circumstances and the specific areas of the business and by requesting additional information from the reporting person if necessary. The reported person may be asked to provide relevant information, as well.
• Based on the outcome of the investigation, the responsible personnel decides on remediating actions and informs the whistleblower of the decision taken on their report. If the reported breach is material the Board of Directors may be informed about the breach.

In any case, Deel shall provide feedback to the reporting person within a reasonable timeframe, not exceeding three months from the acknowledgement of receipt. Such feedback may indicatively include:

• referral to other channels or procedures in the case of reports exclusively affecting individual rights of the reporting person;
• closure of the procedure based on lack of sufficient evidence or other grounds;
• launch of an internal enquiry and, possibly, its findings and any measures taken to address the issue raised;
• referral to a competent authority for further investigation, in accordance with applicable laws

C. External reporting

The present Policy does not preclude the reporting of breaches or relevant information to external channels maintained by competent authorities, in accordance with applicable laws. Any reporting undertaken in accordance with the present Policy does not constitute a precondition for the submission of reports to external channels maintained by competent authorities.

Responsible personnel

Deel shall ensure that the designated responsible personnel possess the necessary professional skills and knowledge to assess and investigate reportable breaches in accordance with Deel's policies and the applicable legal framework. Designated responsible personnel have a duty to maintain professional secrecy and confidentiality when transmitting the information both inside Deel and outside towards any competent or judicial authority. Responsible personnel may be designated from the Legal Department. If the investigation requires special knowledge or skills, the responsible personnel considering the particulars of the case may also assign the investigation to other members of the Deel's staff (e.g. staff members of Deel's HR function).
In any event, any detected conflicts of interest that have not been disclosed or breach of confidentiality by involved staff members shall be considered a serious breach of professional conduct by the responsible staff member and will be subject to appropriate disciplinary measures.

Review

The present Policy will be reviewed once a year or whenever significant regulatory changes take place. Review Record: