Code of Ethics

PREAMBLE

ITIS Holding (Intelligent Traffic and Infrastructure Solutions) is the sole shareholder of the operators of electronic toll systems, companies CzechToll and SkyToll, the technology company TollNet, the provider of payment solutions for carriers, PaySystem, and the supplier of machine vision for traffic systems and automation, company VITRONIC. ITIS Holding is part of the PPF Group.

ITIS Holding a.s., company ID No. 07961774, seated at Argentinská 1610/4, Holešovice, 170 00 Prague 7 (hereinafter referred to as "ITIS" or the "Company"), was established with the ambition to position the group in the field of intelligent solutions for transport infrastructure. The Company focuses on innovation and advanced services related to the need to manage and regulate traffic both outside cities and within urban agglomerations, particularly with regard to environmental aspects.

All companies within the group have excellent references and extensive experience in their respective fields. The PPF Group provides them with the support of a strong partner, enabling them to accelerate growth both organically and through targeted acquisitions. The integration of expertise from several companies contributes, among other things, to the successful development of the next generation of tolling systems based on virtual On-Board Units (OBUs), thereby paving the way for broader utilization, including in passenger vehicles and urban and suburban traffic zones.

As part of its strategy in offering and delivering services, ITIS aims to establish high standards of fair business conduct and to combat corruption. This ITIS Code of Ethics is issued to support the desired standards of behavior.

The Code of Ethics serves as a tool to ensure that the Company's daily activities and the conduct of all its employees align with established principles. It comprises a set of specific rules derived from the organization's core values and principles, defining the standard of professional behavior. Any violations of these rules are strictly sanctioned by ITIS, with disciplinary actions following applicable laws.

Due to the nature of its business, ITIS interacts with government officials, public authorities, and public institutions. A fundamental principle of the company's operations is that ITIS does not finance political parties or movements, nor does it contribute to their activities or engage in political affairs. In its B2B and B2C segments, ITIS applies the same principles as in its B2G segment, strictly avoiding any form of corruption. The company adheres to all principles of the Anti-Bribery Management System in accordance with ISO 37001:2016, for which it holds certification.

By adopting the ITIS Code of Ethics, the Company simultaneously implements the rules contained in the “PPF Group Code of Ethics”, which has been established by PPF Group N.V., with its registered office at Strawinskylaan 933, 1077 XX Amsterdam, registered in the Trade and Industry Register of the Amsterdam Chamber of Commerce under registration number 33264887, and its subsidiaries controlled according to Section 74 of Act No. 90/2012 Coll., on Business Corporations, as amended (hereinafter referred to as the “BCA”), including PPF a.s., the parent company of ITIS Holding a.s. (hereinafter referred to as the “PPF Group”). The PPF Group Code of Ethics forms an integral part of the Corporate Compliance Program adopted by the PPF Group in view of its commitment to compliance with legal regulations, international treaties, ethical and moral standards, and fair business practices. The Corporate Compliance Program ensures oversight of compliance with applicable rules and enables corrective actions to be taken in case of deficiencies, misconduct, or violations. The PPF Group Code of Ethics is available on the PPF Group’s website as well as on the Company’s SharePoint. This Code of Ethics fully references the PPF Group Code of Ethics and supplements it only with ethical rules and procedures that extend beyond the provisions of the PPF Group Code of Ethics or are necessary due to the nature of ITIS's activities and the specifics of its organizational processes. Employees are acquainted with the PPF Group Code of Ethics, along with this Code of Ethics. The PPF Group Code of Ethics thus forms an integral part of ITIS's anti-corruption and ethical policy.

1 Introduction

In accordance with Section 305 of Act No. 262/2006 Coll., the Labour Code, as amended (hereinafter referred to as the "Labour Code"), the Company issues this Code of Ethics.

1.1 Purpose of the Document

The Code of Ethics is an internal regulation of the Company. It is issued in accordance with generally binding legal regulations and provides a more detailed framework of the rights and obligations of employees arising from the provisions of the Labour Code and other applicable laws, taking into account the specific conditions of the employer. ITIS holds ISO 37001:2016 certification for its Anti-Bribery Management System, an international standard that enables organizations of all types to prevent, detect, and address bribery and corruption. This Code of Ethics clarifies and supplements the rules contained in the PPF Group Code of Ethics, as well as general legal regulations governing employee conduct and behavior, particularly the Labour Code, Act No. 89/2012 Coll., the Civil Code, as amended, Act No. 90/2012 Coll., on Business Corporations, and Act No. 40/2009 Coll., the Criminal Code, as amended.

1.2 Scope of application of the Document

This Code of Ethics is binding for the employer and all its employees. It also applies, as appropriate, to individuals who perform work on the employer's premises and are in a legal relationship similar to an employment relationship (e.g., foreign experts, temporarily assigned employees). For the purposes of this Code of Ethics, the term "employee" is used to collectively refer to both employees and the aforementioned individuals.

Every employee is required to familiarize themselves with this Code of Ethics. Employees are entitled to access the Code of Ethics at any time, including its amendments and supplements, which are available in the Quality Management Department or on the Company's SharePoint. It is the responsibility of each manager to inform their subordinates about changes to this Code of Ethics.

1.3 Related Documents and Forms

• Work Order (HR_01)
• Organizational Order (HR_02)
• Occupational Health and Safety Organization (BP_01_01)
• Investigation Methodology for Conduct Contrary to the Code of Ethics, Other Internal or Legal Regulations (LEG_02)
• Rules and Principles for Personal Data Processing at ITIS Holding a.s. (LEG_03)
• Internal Audit Order (QM_04)

2 Adherence to the Company's Core Values

The Company strictly adheres to legal regulations and international treaties in all areas of its operations, both externally in relation to any third parties and public authorities, and internally in relation to its employees. ITIS and its employees are committed to upholding fundamental human rights and freedoms.

The Company and its employees are obligated to comply with relevant legal regulations in all their actions, whether representing the Company, conducting its activities, or acting in its interest. They must conduct themselves in a manner that upholds the Company's good name and reputation, avoiding any actions that could raise doubts about the Company's operations. Similarly, in their private activities, employees are required to act strictly in accordance with the principles and values outlined in the Code of Ethics.

The Company and its employees strictly condemn and reject any criminal conduct or delinquent behavior. They are obligated to refrain from any actions or activities that could be considered criminal under public law, including offenses such as crimes, administrative delicts, or misdemeanors.

In case of any doubts regarding the application of legal regulations to their actions or activities, employees are obligated to consult the matter with their supervisor, the Human Resources department, or the Company's Legal Counsel.

To ensure effective monitoring of compliance with the Code of Ethics, the Company has implemented a system that allows employees and third parties to submit reports, including anonymously if the whistleblower so chooses. The Company processes these reports regardless of the identity of the whistleblower or the method of submission. Submitting a report does not result in any sanctions from the Company. However, knowingly false or malicious reports, which the whistleblower considers to be  proper reports, are not tolerated by the Company.

Senior management actively supports ITIS's anti-corruption program. They serve as role models of moral and ethical standards for other employees and Company representatives and are responsible for monitoring compliance with the Code of Ethics among their subordinates.

In all other respects, the core values of the Company and the PPF Group are governed by the principles outlined in Article 1 of the PPF Group Code of Ethics, titled "Introductory Statement and Core Principles".

The active management of compliance with the Code of Ethics and the anti-corruption system is the responsibility of the Human Resources department.

3 Fundamental Principles for Internal Relations

The Company and its employees adhere to applicable legal and internal regulations governing internal relations within the Company and the group, as well as relationships among employees. The Company does not tolerate any form of discrimination against employees, including in the allocation of work and its remuneration. These principles must be observed by all managers in their approach to employees.

Managers are required to ensure proper onboarding and professional training of their subordinate employees, including participation in training organized by the Company as part of the prevention of conduct and activities that violate the principles and rules of the Code of Ethics.

Employees are required to perform their work to the highest standard and continually enhance their professional knowledge. They engage with clients with the utmost courtesy, consideration, willingness, honesty, conscientiousness, and in alignment with ITIS's mission. Employees address work-related matters responsibly and without unnecessary delay, always striving to prevent the incurrence of unnecessary costs. They make every effort to ensure the most efficient use of the equipment and financial resources entrusted to them, as well as the services provided to them. Employees adhere to the following general principles of conduct:

• do not act based on emotions, favoritism, or preference towards any client or supplier of ITIS,
• respect the opinions, competencies, and authority of others,
• do not succumb to pressure of colleagues,
• contribute to an atmosphere of mutual trust and respect,
• do not allow personal relationships to influence work-related matters,
• have the courage to maintain personal convictions,
• do not shy away from responsibility,
• do not be swayed by flattery,
• do not attempt to shift responsibility onto others,
• never forget that they work with and for people.

Employees must safeguard the Company's assets and ensure their effective use. Theft, careless handling, or wastefulness directly impact the Company's business results. Any suspicion of misuse or theft must be reported and investigated. Company assets may not be used for personal activities unless otherwise specified in an internal regulation.

In all other aspects, the relationships within the Company and the group are governed by the principles outlined in Article 3 of the PPF Group Code of Ethics, titled "Fundamental Principles for Internal Relations".

4 Fundamental Principles for External Relations

External relations encompass, but are not limited to, interactions between the company and public authorities, business partners, suppliers, customers, the media, and the public—i.e., any relationship in which the Company or an employee acts on behalf of the Company, within its activities, or in its interest, and which simultaneously involves any third party distinct from the Company or the PPF Group. For the purposes of this Code of Ethics, the term "customer" also includes potential customers. In the area of ethical principles for relations with third parties, the ITIS Code of Ethics refers to Article 4 of the PPF Group Code of Ethics titled "Fundamental Principles for External Relations". In addition to this Code of Ethics, the following provisions are established:

• ITIS and its employees strictly adhere to applicable legal regulations, international treaties, standards, ethical principles, and standards of fair business conduct in their dealings with suppliers, business partners, and customers.
• Employees shall not prioritize their personal interests over those of ITIS and the entire group, nor shall they allow the emergence of financial or other benefits. For the purposes of this Code of Ethics, "personal interest" refers to any interest that brings personal advantage to the employee, his family, close relatives, or legal or natural persons with whom the employee has had or currently has business or similar relationships.
• If an employee is uncertain whether their personal interest conflicts with the interests of ITIS and the entire group, they must discuss the matter with their direct supervisor. The supervisor will then decide whether the employee can continue with the assigned task. If the supervisor determines that a conflict exists, the task will be reassigned to another employee.
• Employees shall not allow themselves to be placed in a position where they are obligated to reciprocate a proven favor or quid pro quo.
• Employees shall engage with customers without any prejudice, regardless of race, gender, social origin, nationality, sexual orientation, financial status, health condition, marital status, religion, or involvement in political parties or trade unions.
• Relationships with suppliers and customers must be based solely on competitive conditions of quality, price, and services that are most advantageous to ITIS.
• ITIS assesses the credibility of third parties with whom it enters into business or similar relationships, preferring those with established anti-corruption procedures. If third parties lack such procedures, ITIS will inform them of its policy. Should illegal or corrupt conduct occur among third parties, ITIS will terminate all forms of cooperation with them or apply other sanctions.
• ITIS does not tolerate and strictly rejects any manipulation of its financial results, regardless of the purpose.
• In any asset transfer conducted by the Company, within its activities or interests, the responsible employee is required to properly identify both the recipient of the transfer and the purpose of the provided performance. All employees who handle financial resources must undergo specialized training in this area, with varying levels of depth depending on the risk associated with the activities they perform.
• Only the Board of Directors or the designated spokesperson communicates with the media on behalf of the Company. If an employee is contacted by the media, they are obligated to inform the appropriate individuals within the Company.

5 Occupational Health and Safety, Employee Requirements, and Conflict of Interest

The Company considers the safety and health of its employees at work (OHS) to be a priority. Both the Company and its employees adhere to all applicable legal and internal regulations concerning workplace safety and diligently prevent any damage or harm resulting from violations of these regulations. Supervisors and employees actively eliminate potential risks associated with job performance. The area of OHS is governed by a separate internal regulation (BP_01_01).

The Company is committed to ensuring that only qualified and trustworthy employees work for it.

Employees strictly avoid situations that could be perceived as conflicts of interest. If a potential or actual conflict of interest arises, they are obligated to promptly report it to the appropriate supervisor, management, or Human Resources department.

For all matters concerning occupational health and safety, employee requirements, and conflicts of interest within the Company and the PPF Group, the provisions of Article 5 of the PPF Group Ethics Code titled "Occupational Safety, Employee Requirements, and Conflict of Interest" shall apply.

6 Protection of Information and Assets

Employees' obligation to protect the Company's assets extends to information and intangible assets. These include intellectual property, trade secrets, patents, trademarks, business plans and ideas, designs, databases, records, payroll information, and unpublished financial data. Unauthorized use or distribution of such information and intangible assets constitutes a serious violation of Company policies and may also be unlawful, leading to civil or criminal penalties.

Employees must not obtain confidential information from third parties through unauthorized means, nor disclose such information without permission. The Company and its employees do not advance the Company's interests using illegitimate or illegal methods. The company does not support any organizations or associations with illegal activities or objectives.

The Company takes appropriate measures to protect all confidential internal information and handles employee and third-party data strictly in accordance with legal regulations and international agreements, with the utmost caution and responsibility, particularly concerning any communication with external entities.

The Company takes appropriate measures to protect its intellectual property rights and respects copyright laws.

The Company maintains confidentiality regarding sensitive and private data about its employees, customers, and business partners that it has obtained in connection with its activities.

The Company has implemented a dedicated internal regulation (LEG_03) governing the protection of personal data. Employees are required to address any questions or uncertainties regarding the processing of personal data within the Company to the appointed Data Protection Officer.  

If an employee suspects that sensitive or confidential information, or personal data, has been leaked or misused—or if such a leak or misuse is imminent—they are obligated to report this to their direct supervisor, the Board of Members, the Company's Legal Counsel, or the Data Protection Officer.

The Company adheres to the principles outlined in Article 6 of the PPF Group Code of Ethics, titled "Protection of Information and Data", concerning the protection of sensitive and confidential information and personal data within the Company and the group.

7 Intellectual Property Protection

The Company and its employees diligently protect intellectual property rights and comply with all applicable laws and international treaties in this area. All employees are obliged to safeguard the intellectual property rights of the Company and the PPF Group. Employees must respect the copyrights of other entities and always ensure they are authorized to use specific works.

If an employee suspects that there has been or could be a violation of intellectual property rights, they are obligated to promptly report this to their direct supervisor, the Board of Members, or the Company's Legal Counsel.

In all other respects, the rules set out in Article 7 of the PPF Group Code of Ethics, "Protection of Intellectual Property", shall apply to the protection of intellectual property within the Company and the group.

8 Environmental Protection

The Company is fully aware of its environmental responsibility and strictly complies with all applicable legal regulations governing environmental protection.

The Company complies with all environmental protection regulations. In all its activities, the Company protects the environment. The Company holds a certificate according to ČSN EN ISO 14001:2015, demonstrating the implementation and continuous improvement of its environmental management system; therefore, the Company fully adheres to its principles. The Company actively participates in mitigating the consequences of its business activities and strives to minimize the environmental impact of its operational processes by adjusting work procedures.

If an employee observes an event at the workplace that could have a negative impact on the environment, they are obligated to report this fact without undue delay to their direct supervisor, the Board of Members, or the Human Resources department.

The area of environmental protection and environmental responsibility is governed by a separate internal regulation.

In all other respects, the rules set out in Article 8 of the PPF Group Code of Ethics, ”Environmental Protection”, shall also apply to environmental protection within the Company and the group.

9 Complaints, Comments, and Code Violations

Every employee actively supports ethical conduct and contributes to fostering anti-corruption behavior. If an employee becomes aware of a violation of the Code of Ethics, they are obligated to inform ITIS or the PPF Group. Employees are also required to report situations where a violation of the Code of Ethics is merely imminent.

It is unacceptable to disadvantage employees who have reported potential violations of labor law, internal regulations, statutory provisions, or other legal norms, or who have submitted suggestions or proposals for improving the Company's activities and procedures. ITIS refrains from any retaliatory measures against whistleblowers. In addition to the whistleblower, individuals specified in Section 4(2) of Act No. 171/2023 Coll., on the Protection of Whistleblowers, as amended, must not be disadvantaged in any way. Protection against retaliatory measures does not apply to those who knowingly make false reports.

Notifications may be received from employees or external parties, with the notifier having the right to remain anonymous. If the notification is not submitted anonymously, the notifier is required to provide their name, surname, and date of birth, or other information from which their identity can be inferred. If the identity of the notifier is known, the processing of personal data is always conducted in accordance with applicable and effective legal regulations in the field of personal data protection. A notification can be submitted

• by personally notifying the Human Resources department, or the Legal Counsel, or the persons specified in the respective provisions of this Code of Ethics;
• by sending a written letter;
• via the Ethics email address: compliance@itisholding.com;
• by submitting a report to the investigator;
• by submitting an anonymous suggestion via the drop box located at the Company reception;
• by submitting a report to the Ministry of Justice in accordance with the Whistleblower Protection Act.

If it is justified or if it becomes apparent that submitting such a notification is not feasible at the Company level, the notification should be submitted at the PPF Group level in accordance with Article 2 of the PPF Group Code of Ethics. If ITIS receives a notification that is more appropriately investigated at the PPF Group level, the Company will forward this notification to the PPF Group and, if the notifier is known, will inform him of this fact. The same procedure applies if the notification is made to ITIS subsidiaries. Notifications submitted at the PPF level or to ITIS subsidiaries may also be forwarded to ITIS.

Notifications may be submitted in any form; however, they must clearly indicate the subject matter. Submissions that do not clearly specify their subject cannot be investigated.

In the case of a personal notification, a record is made, which is presented to the notifier for reading and signature. The notifier is informed about their rights and obligations and is provided with a copy of the record, to which he has the opportunity to respond. The record is then handled in the same manner as notifications submitted through other means.

If an employee discovers or suspects that someone, in the course of the Company's activities, on its behalf, or in its interest, intends to engage in or is engaging in any conduct that violates the Code of Ethics, they are obliged to report this fact without undue delay through one of the aforementioned methods. In fulfilling this obligation, the employee should ensure that no applicable legal regulations are violated, particularly those related to the protection of confidential, classified, and similar information.

Upon receiving a notification, if the identity of the notifier is known, the investigator must inform the notifier within seven days of receipt, unless the notifier has requested not to be informed or if such notification could reveal the notifier's identity.

Upon completion of the investigation, the investigator shall inform the notifier of the outcome.

The exact procedure for investigating complaints, comments, and reports of ethical rule violations is further detailed in a separate internal regulation (LEG_02).

10 Monitoring and Review of Anti-Corruption Policy

ITIS has established an effective control system that prevents the concealment or alteration of serious violations of the anti-corruption policy and the Code of Ethics. All violations are always addressed through close cooperation between the investigator, the Board of Members, and the Human Resources department.

At ITIS, a multi-level control system is in place for selected financial transactions, verification of implemented projects and activities, and monitoring of business partners and employees. The control framework includes regular assessments before decisions on initiating, postponing, terminating, or reviewing such transactions, projects, or relationships with business partners or employees.

The internal control system at ITIS is based on the level of risk associated with individual projects, activities, or relationships. The risk analysis is prepared by the Chief Financial Officer (CFO) and approved jointly by the CFO, other members of the Board of Members, and the Human Resources department. The risk analysis is subject to regular review and updates.

The control system includes both continuous verification methods and a system of regular internal audits. The regulation of this type of control is governed by a separate internal directive (QM_04).

ITIS employees are required to continuously analyze individual projects, particularly with regard to the following aspects:

• review of the financial budget and comparison with the budgets of similar projects;
• examination of the supply chain with respect to agreed financial flows (who pays what to whom);
• verification of subcontractors’ qualifications and references;
• review of permits and licenses within the project’s supply chain;
• review of the contractual obligations of sales representatives, including commission policies;
• analysis of risks associated with the environment in which the project is to be implemented.

Projects with a higher risk of corruption must be subject to more frequent corruption risk assessments.

All controls, analyses, and reviews must always be carried out by multiple individuals at different levels of management.

ITIS defines anti-corruption policy objectives, which are regularly evaluated. The Company also communicates its anti-corruption policies externally in an appropriate manner. As part of its anti-corruption policy, ITIS further conducts corruption risk analyses, categorizes individual job positions based on their level of corruption risk, assesses the trustworthiness of individuals before their employment, and regularly reviews performance-based bonuses to prevent situations that could encourage corrupt behavior.

Once a year, a report on the review of the anti-corruption policy is issued in the form of an internal audit report. This report includes an overview of investigated breaches of the Code of Ethics (non-conformities) and corrective measures, monitoring results, audit findings, investigations, and the nature and extent of corruption risks the Company has faced or is currently facing.

11 Final Provisions

This Code of Ethics is issued in written form and is accessible to all employees via the Company website and SharePoint. The original copy of the Code of Ethics is stored in the Quality Management department.

Interpretation of the Code of Ethics and Related Generally Binding Legal Regulations will be provided to employees, if necessary, by the Human Resources department and/or the Legal Counsel.

Proposals for amendments or additions to the Code of Ethics should be submitted to the Human Resources department, which is responsible for overseeing compliance with the anti-corruption policy, training, and risk assessment. This is carried out through the appointed role of the Ethics Officer, which is held by the internal auditor.

The employer shall inform employees of any changes to or revocation of this Code of Ethics well in advance of such changes or revocation taking effect.

This Code of Ethics enters into force on January 6, 2025.

This Code of Ethics has been developed in accordance with the established and maintained Integrated Management System (hereinafter referred to as the “IMS”) in line with the following standards:

• ČSN EN ISO 9001:2016 (Quality Management System),
• ČSN ISO 37001:2016 (Anti-Bribery Management System),
• ČSN EN ISO 14001:2016 (Environmental Management System),
• ČSN ISO 45001:2019 (Occupational Health and Safety Management Systems),
• ČSN ISO/IEC 20000-1:2018 (IT Service Management System),
• ČSN ISO/IEC 27001:2014 (Information Security Management System).

Compliance with the Code of Ethics is monitored through audits.