The FIS Ethics Helpline is a confidential reporting system operated on behalf of FIS by NAVEX and is provided by FIS to allow colleagues and individuals outside of the company to ask questions or to report actual or suspected violations of company policies, including the FIS Code of Business Conduct and Ethics (the “Code”), or local laws and regulations. The FIS Ethics Helpline provides the option to report anonymously, where permitted by local law.

In relation to the data you provide through the FIS Ethics Helpline, Fidelity National Information Services, Inc. (“FIS”) is the controller. FIS’ address is 347 Riverside Avenue, Jacksonville, FL 32202, United States of America.

Use of the Ethics Helpline is entirely voluntary as you may use various other channels to report your concern (i.e., such as reporting to your line manager, The People Office, or the Legal, Compliance and Corporate Affairs Department by sending an email to the FIS Ethics Office at fisethicsoffice@fisglobal.com).

In certain countries, FIS may only accept reports through the Ethics Helpline that relate to financial, accounting, auditing or bribery matters. If your concern pertains to a matter that under local law may not be accepted by FIS through the Ethics Helpline, you will need to contact the FIS Ethics Office at fisethicsoffice@fisglobal.com.

Please be aware that information you provide about yourself, your colleagues, or any aspect of FIS’ operations may result in decisions that affect others. Therefore, FIS asks that you only provide information that, to the best of your knowledge, is correct and factual.

FIS has a strict non-retaliation policy for any report made in good faith, even if it later turns out to be incorrect. In making a good faith report or for participating in an investigation, colleagues should not fear dismissal or retaliation of any kind. For purposes of reporting actual or suspected violations of the Code or any applicable law, rule or regulation, “good faith” is defined as having reasonable grounds at the time a report is made, based upon the circumstances and information available, to believe that the information in the report is true. However, knowingly providing false or misleading information may result in consequences including disciplinary proceedings up to and including termination.

Unless you choose to remain anonymous, where permitted by local law, you will be asked to provide the following information:

• First and last name
• Email address
• Telephone number

In addition, FIS will ask you to provide the name and title of all individuals you are reporting on and a description of the suspected legal or compliance violation (including attachments, if any, that support your report).

FIS also requests information about your location and the location where the event took place so that any applicable local laws can be applied in gathering information and undertaking any investigation. FIS also requests information about the time the incident occurred and how you became aware of the incident. FIS may collect information from others during any subsequent investigation.

If you provide information in a Live Chat, the contents of the chat may be recorded or saved.

The information you provide will be treated confidentially to the extent permitted by law and to the extent practicable to conduct a thorough investigation into your concerns. We encourage you to identify yourself to facilitate any necessary follow-up.

Once you have completed your report, you will be provided with a Report Key, and you will be asked to create a password. You will need both in order to access the matter which you have reported.

Unless you have indicated otherwise or unless required by law, the questions and reports filed through the Ethics Helpline will only be used and reviewed by those individuals who need to access the information to fulfill their professional duties. FIS Ethics Helpline reports are forwarded by NAVEX to FIS’ Ethics Office for further review.

The FIS Ethics Office will evaluate the information you provide and will conduct an investigation. . In some instances, if the nature of the allegations dictate, the matter will be transferred to The People Office to conduct an investigation in accordance with its standard investigation protocols.

Your cooperation and assistance in any investigation may be necessary to conduct a thorough review of your concerns. If an investigation indicates that a violation of our company policies (including the Code) or applicable laws or regulations has occurred, FIS will take such action as it considers appropriate in the circumstances.

Depending on the nature of the matter, the FIS Ethics Office may communicate the question or report to appropriate staff at FIS to assist in the investigation and resolution of your report, such as staff in The People Office, Legal Compliance and Corporate Affairs Department, Internal Audit, Information Security and/or the Finance Department.

Depending on the nature of the matter, it may not be possible for FIS to share the result of its investigation with you.

Please note that, in some circumstances, individuals you identify through the Ethics Helpline may be informed about the fact that a report has been made. To the extent reasonably possible, FIS will not identify you; however, it may be necessary for your identity to be disclosed in order to fully investigate your concerns. All individuals you identify will have the right to respond to or correct information you report.

FIS prohibits retaliation against any individual who makes a report in the Ethics Helpline or participates in a related investigation. Retaliation is a serious violation of policy. Individuals who engage in retaliatory conduct will be subject to disciplinary action up to and including termination of employment. If you believe you are being subject to retaliation, you should immediately report this to The People Office or the Ethics Office at fisethicsoffice@fisglobal.com.

Please do not provide any data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health, data concerning a person’s sex life or sexual orientation or financial data (such as, bank account numbers or payment card details), about yourself or another person, unless such data constitutes a key element of your report.

FIS processes your personal data:

• to administer the Ethics Helpline and assess and follow up on submissions to the Ethics Helpline;
• to investigate alleged violations;
• to take any necessary follow-up action upon the completion of an investigation;
• to create anonymous reports for FIS’ Executive Team and the Audit Committee of the Board of Directors.

In the context of operating the Ethics Helpline, FIS relies on the following legal bases for the processing of personal data:

• Your consent to process the report submitted by you (this relates to personal data that identifies you as reporter);
• Our legitimate interest in investigating your report and taking any follow up actions upon the completion of such investigation (this relates to personal data that identifies the individuals you are reporting on). Our legitimate interest is making sure that FIS is aware of and responds to all suspected violations of applicable law/regulations and our Code and to protect our brand and reputation .
• In some cases, FIS also processes personal data in the Ethics Helpline for compliance with a legal obligation to which FIS is subject (for example, whistleblowing legislation) and/or because such processing is necessary for the establishment, exercise or defense of legal claims .

Personal data is collected for the purposes referred to above (or for secondary purposes where it is closely related, for example such as storing it) and will only be shared on a strict need-to-know basis with:

• Designated staff in FIS’ Ethics Office, responsible for administering and managing the Ethics Helpline;
• FIS staff responsible for investigating alleged wrongdoings reported through the Ethics Helpline and/or for taking the required measures to follow up any investigation, such as instituting disciplinary proceedings or legal proceedings (for example, staff in The People Office, or the Legal, Compliance and Corporate Affairs Department);
• Public authorities, government, regulatory or fiscal agencies where it is necessary to comply with a legal or regulatory obligation to which the relevant FIS entity is subject to as permitted by applicable local law;
• NAVEX who operates the Ethics Helpline on FIS’ behalf;
• Statutory auditors, forensic auditors and/or external legal counsel engaged by FIS.

Calls and online reports to the Ethics Helpline are received on behalf of FIS by NAVEX. NAVEX is based in the United States with servers located in different countries.

The access rights detailed above involve the transfer of personal data in various jurisdictions (including jurisdictions outside the European Union) in which FIS operates. FIS will process your personal data in accordance with applicable law in your jurisdiction. When FIS transfers your personal data, FIS will make sure an adequate level of protection is provided for the personal data by using one or more of the following approaches:

• Internal transfers of personal data with FIS affiliates are governed by an Intra-Group Data Processing and Data Transfer Agreement that includes Standard Contractual Clauses as approved by the European Commission, a UK International Transfer Addendum, as well as model clauses issued in other countries to legitimize data transfers;
• The transfer of personal data with the external vendor that operates the Ethics Helpline (NAVEX) is governed by a Data Processing Agreement that includes the Standard Contractual Clauses as approved by the European Commission and a UK International Transfer Addendum NAVEX is also certified under EU-US Data privacy framework.

With regard to the processing of Ethics Helpline questions and reports, you have the following privacy and data protection rights:

• You can request access, correction, updates or deletion of your personal data;
• You can object to the processing of your personal data, ask FIS to restrict processing of your personal data, or request portability of your personal data;
• If FIS has collected and processed your personal data with your consent, you can withdraw your consent at any time, subject to permitted or required exceptions under applicable data protection laws. Withdrawing your consent will not affect the lawfulness of any processing FIS conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent;
• You have the right to complain to a data protection authority about FIS’ collection and use of your personal data;
• For individuals in China, you have the right to request that FIS explains the rules set out in this Privacy Notice (right to explain processing rules). Close relatives of a deceased person have the right to access, make copies of, correct or delete personal data of the deceased person, unless the deceased person has arranged otherwise before their death.

Your rights may be limited, for example, if fulfilling a request would reveal personal data about another person, or if the processing is required by law.

To exercise any of your privacy and data protection rights set out above, please click here to complete the FIS Data Subject Rights Form or email FIS’ Privacy & Data Protection Office via DataRights@fisglobal.com.

FIS does not tolerate any retaliation against anyone who, in good faith, exercises any of these rights.

FIS will retain the information you submit in accordance with FIS’ Records Management Policy and Records Retention Schedule.

Any information you submit that is not needed to answer your question or for the investigation of your concern may be deleted or archived, as permitted by local law. In addition, once FIS has responded to your question or completed any investigation, all information you submitted will be deleted or archived as required by local law. FIS may retain anonymized questions and reports for statistical reasons.

FIS uses appropriate technical and organizational measures to protect personal data. FIS implements appropriate access controls so your personal data will only be accessible on a need-to-know basis.

For more information about the security measures applied by NAVEX on the Ethics Helpline, please read NAVEX’s privacy statement.

If you have any questions, concerns, comments or complaints on how FIS processes your personal data, please contact the FIS Privacy and Data Protection Office at privacyoffice@fisglobal.com. Alternatively, you have the right to lodge a complaint with a supervisory authority competent for your country.

FIS’ Data Protection Officer and Representative (Fidelity Information Services Operations GmbH) can be contacted via Data.Protection@fisglobal.com.