Whistleblowing Policy

Aligned to EU Directive 2019/1937 on the protection of persons who report breaches of Union law, and Romanian Law 361/2022 transposing the Directive.

1.Scope

This policy applies to every person acting on or interacting with Better Quality Assurance S.R.L. ("BetterQA," "the company"), in every country we operate in. The protected reporter group is broader than employees and follows EU Directive 2019/1937 Article 4. It includes:

• Current and former employees, regardless of seniority, location, or contract type
• Contractors, freelancers, consultants, secondees, and trainees
• Directors and the Administrator (Tudor Brad)
• Job candidates (during and after the recruitment process)
• Workers of BetterQA suppliers and sub-contractors, where they become aware of a BetterQA-related breach in the course of their work
• Clients and members of the public who become aware of misconduct by BetterQA in the course of their dealings with us

You can use this channel to raise any concern that suggests BetterQA, or someone acting on its behalf, has breached or is about to breach the law, regulation, our other published policies, or basic standards of professional conduct.

2.Our Position

BetterQA welcomes good-faith reports of misconduct. We believe a company that depends on the trust of clients and the judgement of its engineers cannot afford to discourage people from speaking up. This policy gives you a clear, confidential channel to do that, and binding protection against retaliation if you use it.

3.Specific Obligations

You may report through any of the following channels. You are not required to start with the internal channel; the Romanian Law 361/2022 and the EU Directive permit direct reporting to external authorities, and protection applies regardless of which route you use.

• Internal channel. Email [email protected]. Received by the Managing Director and BetterQA's legal counsel only. You may report under your own name or anonymously. If anonymous, please include enough factual detail (dates, projects, counterparties, amounts) for the report to be investigated
• Direct to the Managing Director. In person, by phone (+40 751 289 399), or by writing to the registered office. Use this if the matter is urgent or if the internal email channel is not appropriate (for example, because the channel itself is implicated)
• External channels for Romanian-law matters. Agenția Națională de Integritate (ANI), the Romanian National Anticorruption Directorate (DNA), Oficiul Național de Prevenire și Combatere a Spălării Banilor (ONPCSB), Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP), or the relevant sector regulator
• External channels in other jurisdictions where you live or work. The competent authority designated under your country's transposition of EU Directive 2019/1937, or the equivalent regulator
• Public disclosure is also protected in the limited circumstances set out in Article 15 of the Directive (for example, where internal and external channels have not produced an adequate response, or where there is an imminent danger to the public interest)

What happens after you report.

Protection against retaliation. Retaliation against anyone who makes a report in good faith - whether the report is ultimately substantiated or not - is itself a breach of this policy and a breach of Romanian Law 361/2022. Retaliation includes:

• Dismissal, contract termination, suspension, demotion, or refusal to convert a fixed-term contract
• Negative performance reviews, withdrawal of bonus, removal from projects, or reassignment
• Harassment, ostracism, or intimidation by colleagues or managers
• Withholding of training, references, or career opportunities
• Adverse action against the reporter's family members, colleagues, or trusted intermediaries who helped them report

Any of these directed against a reporter shifts the burden of proof: the company must demonstrate that the action was for reasons unrelated to the report. We will not invoke confidentiality clauses, NDAs, or non-disparagement clauses to suppress a protected report.

False reports made in bad faith - knowingly fabricated, designed to harm a colleague or counterparty - are themselves a breach of this policy and may be subject to disciplinary action. This is a narrow carve-out and does not apply to honest reports that turn out, after investigation, to be mistaken.

4.Reporting Channel

The primary BetterQA whistleblowing channel:

• Email: [email protected]
• Anonymous reporting permitted
• Acknowledgement within 7 days, outcome within 90 days
• Received by the Managing Director and legal counsel only, both bound by confidentiality
• For urgent matters, phone +40 751 289 399 or write to the registered office (Strada Transilvaniei 202, Baciu, 407055, Cluj County, Romania)

External and public-disclosure channels are listed in section 3 above.

5.Consequences

Retaliating against a protected reporter, attempting to identify an anonymous reporter, or obstructing an investigation under this policy is treated as gross misconduct. Consequences may include:

• Disciplinary action up to and including termination of employment or contract
• Personal liability under Romanian Law 361/2022 (including administrative fines)
• Reinstatement, back-pay, and compensation for the affected reporter
• Reporting of the retaliation to the relevant external authority

For the underlying matters reported (bribery, fraud, AML, conduct risk, modern slavery, supplier issues), the consequences applicable under the policy that governs that matter apply.

6.Review Cadence

This policy is reviewed at least annually by the Managing Director, or sooner if there is a material change in EU Directive 2019/1937 or Romanian Law 361/2022, if the company's headcount crosses any regulatory threshold, or following any report received. The annual review covers the number and type of reports, average time to acknowledgement and outcome, and any retaliation claims.

7.Owner