The Waymotion policy of Information Management and Security System ensures that:

• As needed by the business process, information must be made available with minimal disruption to employees and the general public.
• The confidentiality of employee and customer data will be protected. Information confidentiality will be ensured, including but not limited to, investigations, third parties, personal information, and electronic communications data.
• All legal and regulatory standards will be complied with.
• Employees receive awareness and training in information security.

• All actual or suspected information security breaches must be reported and investigated by the competent authorities, including the Information Security Systems
• Department, under the responsibility of the CISO (Chief Information Security Officer), who will allocate an IT team, in coordination with the CTO, to respond to the incident(s).
• Appropriate access control will be maintained, and data will be protected against unauthorized access.
• The system analysis is monitored through defined objectives as well as risks to promote the continuous improvement of the system.

Lisbon, December 9, 2023

Rui Andrade

(Diretor Executivo)