The Regulatory Guide

This Regulatory Guide constitute a part of Customer Authority, sets out information about it as well as about CaixaBank, S.A. (Spółka Akcyjna) Oddział w Polsce (“CaixaBank”) and covers the following matters:

1. Registration details,

2. CaixaBank Customers,

3. Customers Complaints about the service,

4. Anti-Money Laundering, International sanctions and Tax Information Exchange,

5. Details of the on-boarding documentation,

6. Compensation Scheme,

7. Data processing,

8. Banking secrecy.

1. Registration details.

CaixaBank, S.A.,(Spółka Akcyjna) Oddział w Polsce is a branch of a credit institution – CaixaBank, S.A. with its registered seat in Valencia (Spain) operating under an authorisation issued by the European Central Bank and National Bank of Spain (Banco de España), which, to a limited extend, is subject to the supervision of the Polish Financial Supervision Authority (Komisja Nadzoru Finansowego). Details about the scope of the supervision over CaixaBank by the Polish Financial Supervision Authority are available in CaixaBank on Customer’s request. CaixaBank is a trading name of CaixaBank, S.A. with its registered office in Valencia, Spain. CaixaBank, S.A. (Spółka Akcyjna) Oddział w Polsce is an organisational unit of CaixaBank, S.A. with its registered office in Valencia, Spain, conducting business operations, to which provisions of Act of 6 March 2018 on the rules for the participation of foreign enterprises and other foreign persons in trade in the territory of the Republic of Poland (Journal of Laws [Dziennik Ustaw] of 2018, item 649, as amended) apply to it. CaixaBank, S.A. (Spółka Akcyjna) Oddział w Polsce has no legal capacity separate from CaixaBank, S.A with its registered office in Valencia, Spain.

CaixaBank S.A. is present on the list of credit institutions providing banking services in Poland through a branch, as maintained by Polish Financial Supervision Authority (Komisja Nadzoru Finansowego) . Therefore, it provides banking activities in accordance with article 5 of Banking Law Act of 29 August 1997 (uniform text: Journal of Laws [Dziennik Ustaw] of 2020, item 1896, as amended) (“Banking Law”). CaixaBank will consider the Customer’s requests for any offered accounts, products and services and may accept or refuse the application at CaixaBank's sole discretion.

2. Caixabank’s Customers.

In Poland CaixaBank offers its services exclusively to corporate Customers. It do not deal with consumers in the meaning of Civil Code.

3. Complaints about the services.

CaixaBank wishes to provide Customers with a service of the highest standard possible. The most important feedback comes to CaixaBank from Customers. Customers’ comments enable CaixaBank continually to improve level of Customer service.

How to make a Complaint:

If the Customer is unhappy about any aspect of CaixaBank service then it can lodge a complaint in the following manner:

(i) by phone, at +48 22 306 12 00;

(ii) by sending a letter to the Branch Director at the following address: CaixaBank, S.A. (Spółka Akcyjna) Oddział w Polsce, ul. Prosta 51, 00-838 Warsaw;

(iii) directly at the office of CaixaBank, from 9.00 am to 5.00 pm, by contacting the relationship manager.

A Complaint may be made also through an attorney-in-fact, authorized by the Customer under a power of attorney granted in the ordinary written form.

Please provide as much information as possible about the complaint, including:

I. name and surname of a person filing a Complaint in the name of the Customer,

II. full name and address of the Customer, User or his legal representative, number in the public register, e.g. KRS for entities entered therein,

III. bank account number,

IV. the reason for the Complaint, with a detailed description of the events or violations reported by the Customer and the Customer's expectations regarding the method of resolving the Complaint,

V. the circumstances of the events constituting the subject of the Complaint,

VI. a statement that, to the knowledge of the person submitting the Complaint, no administrative, court or amicable proceedings are pending with regard to the subject of the Complaint, including no complaint (skarga) has been filed with the Polish Financial Supervision Authority or lawsuit,

VII. date, place and signature in the name of the Customer.

The Customer is obliged to attach to the submission of the Complaint all documents containing evidence justifying the complaint.

Making a complaint as soon as possible after the objections aroused will facilitate and speed up the fair examination of the complaint, unless this circumstance does not affect the way in which the complaint is processed.

Upon Customer’s request, CaixaBank will confirm the fact of filing a complaint.

CaixaBank will not charge the Customer for making a complaint.

Next Steps:

Customer will provide the Customer with a final response without unnecessary delay but no later than 30 Business Days from the date the complaint is received by CaixaBank. In case the complaint is particularly complex and require more time and CaixaBank is unable to complete the investigation within that time, CaixaBank will inform the Customer of the reasons for such situation and update the Customer on the progress of an investigation carried out by CaixaBank. CaixaBank will send the Customer the final response no later than 90 days after CaixaBank has received the complaint.

In the case of a complaint relating to payment transactions, covered by the provisions of the Act of 19 August 2011 - Payment Services Act (unform text Journal o Laws [Dziennik Ustaw] of 2021, item 1907, as amended) the time limit for CaixaBank to reply is 15 Business Days and in the case of more complicated cases 35 Business Days.

Manner of handling complaints

CaixaBank will investigate Customer’s complaint as quickly and efficiently as it is possible. CaixaBank will look at all the facts of the case on the basis of the evidence available to CaixaBank and determine a fair and reasonable outcome. CaixaBank aims to be as competent, diligent and impartial as possible and will always try its utmost to put things right for the Customer.

CaixaBank may need to request more information in connection with the complaint, in which case it will contact the Customer or other person as required. If CaixaBank needs to disclose Customer’s personal information to someone else for the purposes of the investigation, CaixaBank will ask for the Customer’s permission first.

Where relevant, CaixaBank will take into account similarities with other complaints received and applicable regulatory guidance.

What is a final response?

A final response is CaixaBank’s written response setting out the findings of its investigation into Customer’s complaint and offering redress or remedial action as appropriate. If the complaint is rejected CaixaBank will give the Customer reasons for doing so and indicate ways of appealing from CaixaBank’s decision or the possibility of seeking mediation, arbitration or other forms of dispute resolution.

4. Anti-Money Laundering, International Sanctions and Tax Information Exchange

CaixaBank is required to establish each Customer's identity in accordance with applicable anti-money laundering, international sanctions and tax information exchange legislation. CaixaBank may contact the Customer to obtain further information to enable CaixaBank to complete its “know your customer” process before entering into an agreement with the Customer or to obtain further information during the course of the agreement.

CaixaBank may be unable to process transactions with / for the Customer or to otherwise deal with the Customer in case to do so might in CaixaBank’s view breach anti-money laundering or international legislation. Where CaixaBank suspects money laundering, terrorist financing, other criminal activity and/or international sanctions CaixaBank may be required to report information about the Customer and/or its accounts to law enforcement agencies.

Additionally, depending on the circumstances CaixaBank may be required to refer information about the Customer to the Polish, US or other tax authorities pursuant to the Act of 9 October 2015 on the implementation of the Agreement between the Government of the Republic of Poland and the Government of the United States of America on the improvement of compliance with international tax obligations and implementation of the FATCA legislation, the Act of 9 March 2017 on the exchange of tax information with other countries, the Organisation for Economic Co/operation and Development-s Common Reporting Standard and/or other similar legislation. Such information may be shared between tax and/or other authorities globally.

Regarding Sanctions issues, CaixaBank Group complies with any economic or trade sanctions laws, regulations, embargoes or restrictive measures administered, enacted or enforced by (hereinafter “Sanctions”): (i) the United States of America; (ii) the United Nations; (iii) the European Union or any present or future member state thereof; (iv) Poland; (v) the United Kingdom; or (vi) the respective governmental institutions and agencies of any of the foregoing, including without limitation, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), the Polish Ministry of Finance (together “Sanctions Authorities”).

It is prohibited for CaixaBank to maintain a business relationship with a person/entity:

(i) against whom/which according to Article 117 of the Act of 1 March 2018 on counteracting money laundering and terrorist financing (uniform text: Journal of Laws [Dziennik Ustaw] of 2021, item 1132, as amended) the specific restrictive measures shall be applied, indicated in :

a. lists announced by the General Inspector of Financial Information on the basis of United Nations Security Council resolutions issued on the basis of Chapter VII of the Charter of the United Nations, concerning threats to international peace and security caused by terrorist acts, in particular in the lists referred to in paragraph 3 of United Nations Security Council Resolution 2253 (2015) or in paragraph 1 of United Nations Security Council Resolution 1988 (2011),

b. list kept by the General Inspector of Financial Information, according to Article 120 of the Act of 1 March 2018 on Counteracting money laundering and terrorist financing(uniform text: Journal of Laws [Dziennik Ustaw] of 2021, item 1132, as amended); published in the Public Information Bulletin on the dedicated website of the minister competent for public finance;

(ii) located in, incorporated or organised under the laws of, or owned or (directly or indirectly) controlled by, or acting on behalf of, a person located in, incorporated or organised under the laws of a country or territory that is, or whose government is, the target of country- or territory-wide Sanctions (including, without limitation, Iran, North Korea); or

(iii) otherwise a target of Sanctions;

(iv) indicated in any of the Sanctions and Sanctions Lists. (hereinafter, “Restricted Persons”);

(v) participated or controls a Restricted Person;

(vi) is acting directly or indirectly for or on behalf of such any Restricted Person;

(vii) participates or controls a Restricted Person;

(viii) is incorporated, located, having its operating headquarters or is resident in a country or territory, or whose government is subject to Sanctions;

(ix) that maintains any business relationships or has any activity or business for or with any individuals of countries, territories or jurisdictions subject to Sanctions;

(x) that will use any part of the proceeds of any contract with CaixaBank directly or indirectly to make funds available to or receive from any individual subject to Sanctions or will direct such funds to finance, directly or indirectly, any activity or business for or with

(a) any individual subject to Sanctions,

(b) any territory or country that, at the time of using the proceeds or the product is, or its government, subject to Sanctions or

(c) otherwise is in breach of Sanctions.

Although, operations in or related to sanctioned jurisdictions, North Korea, Iran are prohibited and operations in Cuba cannot be in US dollars or with a US nexus, including US goods, unless the ones not prohibited or allowed by an OFAC General Licenses.

CaixaBank would like to highlight, that operations in or related to the restricted jurisdictions mentioned in the paragraph above are conducted in-line with the relevant sanctions programs. All operations in these countries are considered high risk and subject to review prior to their execution.

5. Details of the on-boarding documentation

• CaixaBank’s on-boarding documentation will be in English and by signing and accepting it, the Customer represents that is has an appropriate level of understanding of the English language to understand the information provided in it. Any communications between CaixaBank and the Customer will be in English, Spanish or Polish if the Customer has requested it in the relevant Individual Conditions. On Customers request the on-boarding documentation may be drawn up in Polish version as well. In such case Polish version will prevail.

• the Customer downloads a copy of the Regulatory Information Guide, the List of Price and Services (Tariff of Banking Fees and Commissions) and the Processing Guide, which sets out payment execution times, cut-off times and other operational information, on CaixaBank’s website (www.caixabank.pl).

6. Compensation Scheme

CaixaBank are part of CaixaBank, S.A., which is based in Spain. If CaixaBank was to fail, financially depositors may, depending on their circumstances, be covered by the Spanish Deposit Guarantee Fund (Fondo de Garantía de Depósitos).

This means that if CaixaBank is unable to meet its financial obligations, its eligible Polish depositors may be entitled to claim up to a maximum limit from the Fondo de Garantía de Depósitos. The monetary amount guaranteed is applied per depositor – this means that a Customer with deposits with CaixaBank in both Poland and Spain will be treated as a single claimant. Joint account holders are treated as a single claimant, so that the compensation will be divided between them in accordance with their interest in the deposit.

The maximum monetary amount guaranteed per depositor is €100,000 for deposits in Euros and, for deposits in other currencies, the equivalent of €100,000 in the relevant currency according to the exchange rate applicable on the earlier day (i) the relevant Court issues a judicial resolution declaring the insolvency of the bank or (ii) the Banco de España issues a resolution stating the need for the Fondo de Garantía de Depósitos to be applied. If the relevant date is a bank holiday, the date for the applicable exchange rate will be the previous business day.

For further information about the Fondo de Garantía de Depósitos (including the amounts covered and eligibility to claim) please contact CaixaBank, S.A. (Spółka Akcyjna) Oddział w Polsce or:

Fondos de Garantía de Depósitos

C/ José Ortega y Gasset, 22 -5 planta

28006 Madrid

Teléfono: +34 91 431 66 45

Fax: + 34 91 575 57 28

Email: fogade@fgd.es

Website: www.fgd.es

7. How CaixaBank treats Customer’s information

7.1.1 In order to provide you, as our business customer(s), with our products and services (the “customer(s)” or “you”), we may need to process personal data regarding certain people (natural persons) related to you including your directors, officers, authorised signatories, other employees, shareholders, beneficial owners and guarantors or grantors, etc. (“Relevant Individuals”).

7.1.2 This Privacy Notice describes how personal data is being processed by CaixaBank, S.A. (“CaixaBank”, “we” or “us”), with NIF A-08663619, having its seat at Calle Pintor Sorolla, 2-4 Valencia (Spain). CaixaBank processes this personal data as data controller, through its branch CaixaBank, S.A. (Spółka Akcyjna) Oddział w Polsce, for the performance of a contract to which you are a party, in order to take steps at your request prior to entering into a contract with us, to comply with legal obligations, to enable CaixaBank to pursue its legitimate interests or for a purpose to which data subjects have given their consent to, as further described below.

Additionally, for certain types of processing, which we inform you about herein, CaixaBank processes personal data jointly with other companies and are therefore jointly responsible for such processing activities. For more information in relation to such joint controllers and the key aspects of the joint agreements in place please visit: https://www.caixabank.es/particular/general/tratamiento-de-datos-empresas-del-grupo_en.html.

7.2 Personal data we process

7.2.1 We obtain the following personal data regarding Relevant Individuals from you, directly from them or from other sources, as described below:

7.2.1.1 Data provided by you or Relevant Individuals directly (or derived from our relationship with you) including identification and contact details (e.g. name, surname, ID information / document, place and date of birth, nationality, PEP condition, signature, business and private postal address, email address and telephone number) and economic activity details (e.g., position, status, sector, financial activity, source of funds, legal capacity and professional contact details); and

7.2.1.2 Data such as identification data, contact details and data related to international sanctions obtained from sources accessible to the public (such as the commercial register, transparency register, insolvency register databases, credit information systems, public databases and the Internet) or other third parties pursuant to the provisions of Banking Law Act of August 29, 1997 (Dz.U.2023.2488).

7.2.2 Where you provide to us personal data in respect of any Relevant Individuals to us, you are responsible for, and confirm that you have lawfully shared, such personal data with us and, where required, obtained the consent of the respective Relevant Individuals for us to use their personal data in the manner set out in this Regulatory Information Guide. You also undertake to appropriately inform all Relevant Individuals about the processing of their personal data by us as further described herein.

7.3 Purposes and lawful bases for processing

7.3.1 We process personal data in order to enter into, manage and perform the provision of financial products or services in the scope of the agreement (or to take appropriate precontractual steps) with our customers, being the legal basis for the performance of said agreements or in order to take the necessary steps to enter into the same.

This data processing includes checking details and making decisions about credit and credit-related product or services for our customers and verifying their identity and the identities of any Relevant Individuals; as well as managing the contractual relationship with them (i.e. answering to operational queries, sending operational communications, etc.).

7.3.2 We process personal data on the lawful basis of complying with legal obligations, including to:

7.3.2.1 comply with applicable anti-money laundering and terrorist financing regulations (including checking our own records and systems for information about any other accounts (including any personal accounts) belonging to you or your business partners or to Relevant Individuals and about your shareholders who are beneficial owners);

7.3.2.2 comply with the specific regulations applicable to financial and credit institutions and other applicable regulations (such as tax regulations); as well as to comply with requirements of authorities or other regulatory bodies in accordance with the law; and

7.3.2.3 carry out regulatory checks or other controls to meet our obligations towards any regulatory or tax authority (such as obligations arising from international policies on financial sanctions and counter terrorist financing).

Most of the above processing activities are carried out jointly with other CaixaBank Group companies. For more information in relation to such joint controllership please visit: https://www.caixabank.es/particular/general/tratamiento-de-datos-empresas-del-grupo_en.html.

7.3.3 When you apply for a bank account or other financial product or service with us, we may, on the lawful basis of our legitimate interest as described below, process personal data for the following purposes:

7.3.3.1 Adopt the necessary steps to avoid and deal with malicious transactions or behaviour, by identifying attempts to commit fraud against us or our customers (which includes checking fraud prevention lists and communicating with competent agencies), considering our legitimate interest in preventing fraud that would entail financial or reputational losses for us or our customers.

This processing activity is also carried out jointly with other CaixaBank Group companies. For more information please visit: https://www.caixabank.es/particular/general/tratamiento-de-datos-empresas-del-grupo_en.html.

7.3.3.2 Enquiry and communication with credit reporting systems or agencies within the framework of the request and subsequent management of products involving financing, considering our legitimate interest in avoiding non-payments and defaults by applicants or holders of products involving financing.

7.3.3.3 Take the measures provided for in the international financial sanctions and counter terrorist financing programmes to which we are not directly subject to (e.g., those adopted by the U. S. Department of the Treasury’s Office of Foreign Assets Control (OFAC)), considering our legitimate interest (and that of our co-controller companies as foreseen in the link provided above) in being able to carry out our business activities in those countries where such measures are required.

7.3.3.4 Locate our customers in order to contact them in the event of a breach of their contractual obligations (including where needed for recovering any debts they owe), considering our legitimate interest to defend our interests and recover debt in situations of non-payment.

7.3.3.5 Perform statistical analysis and testing (applying, where possible, anonymisation or pseudonymisation techniques) in order to draw up reports on our activity and relationship with the market, on the composition and evolution of our customer base and on the suitability and effectiveness of our products and services, based on our legitimate interest in designing, organising and optimising our business and commercial activity as efficiently as possible.

Where we process personal data in fulfilment of our own legitimate interest, we carry out a balancing test (available upon request) to verify that said legitimate interest is not prevailed by the data subject’s interests or rights.

Please note that we may also process personal data from Relevant Individuals as a means to inform you (as our customer) by mail, telephone, text (or similar) message, email and other electronic methods, about products and services similar to those previously contracted which may be of your interest (unless you have opted out from such communications) or others, provided that you have provided your consent, as required.

7.4 Recipients of personal data

7.4.1 We share, or make available, personal data with the following recipients:

7.4.1.1 Controllers or joint controllers of the pertinent data processing, i.e., where the processing is carried out under shared responsibility, it is performed by the companies within Caixabank Group, in accordance with what we have explained outlined for each of the processing events.

7.4.1.2 Third parties which provide a service to us (such as financial back-office services, administrative support services, IT services, etc.) or to anyone to whom we subcontract (or may subcontract) our rights and/or our duties under any agreement. These will act as data processor and will not process personal data for their own purposes.

7.4.1.3 Authorities, regulators, public institutions or other third parties so long we have a legal obligation to do so (e.g. in the framework of the fight against the financing of terrorism and organised crime, and for the prevention of money laundering, as well as within the framework of the prudential supervision of credit institutions).

7.4.1.4 Credit reporting systems or agencies, as anticipated above, and always following applicable conditions and requirements set forth in applicable regulations.

7.5 International Data Transfers

The processing of personal data is carried out, generally, by service providers located in the European Economic Area (EEA) or located in countries that ensure an adequate level of protection. In other cases, we will guarantee the security and legitimacy of the processing of the data by requiring appropriate safeguards (e.g., binding corporate rules or standard data protection clauses adopted by the European Commission) to be put in place. For further information on such international transfers and the safeguards adopted (including the possibility of obtaining a copy thereof) please contact CaixaBank’s Data Protection Officer at https://www.caixabank.es/particular/general/dpo_en.html.

7.6 Personal data retention

We will keep personal data in accordance with data protection laws. The data will be processed while the contractual or business relations established remains in force. Once the validity has expired, the data will be stored for the sole purpose of complying with the legal obligations required and to formulate, exercise or defense of claims, during the applicable retention periods.

7.7 Data protection rights

Any Relevant Individual may access, rectify or erase their personal data, as well as restrict or object to the processing or request its portability. They also have the right to provide instructions as to the situation of their personal data in case of death (as applicable) and to revoke their consent at any time (where this is the lawful basis for processing personal data).

In order to exercise these rights, notification shall be addressed to in writing to CaixaBank’s branch registered office at ul. Prosta 51 00-838 Warsaw, Poland, or to any other CaixaBank, S.A. branch, or to the Spanish registered office of CaixaBank, S.A. located at Calle Pintor Sorolla 2-4 46002 Valencia (Spain) or by means of www.caixabank.com/ejerciciodederechos.

Likewise, any Relevant Individual has the right to lodge a complaint with a supervisory authority (in Poland, the President of the Personal Data Protection Officer (Prezes Urzędu Ochrony Danych Osobowych) or the lead supervisory authority of CaixaBank Group, the Agencia Española de Protección de Datos, www.aepd.es).

8. Data Protection Officer

Finally, any Relevant Individual may contact CaixaBank’s Data Protection Officer for any doubt or query at https://www.caixabank.es/particular/general/dpo_en.html Professional secrecy

CaixaBank is also bound by bank secrecy i.e.CaixaBank, its employees, and persons acting as intermediaries of banking operations, are bound by the obligation of secrecy in relation to bank secrets, which includes all information relating to a banking operation obtained in the course of negotiations, and during the conclusion and performance of the agreement under which that operation is performed by the bank as described in Article 104 of Banking Law. In certain situations CaixaBank shall not be however bound by the bank secrecy, including:

- due to the nature and type of banking act or the provisions of law in force, the agreement on the basis of which the banking act is undertaken cannot be properly performed, or the acts connected with concluding the agreement cannot be performed without revealing the information subject to banking secrecy,

- the information subject to banking secrecy is revealed to undertakings or foreign undertakings, among others, that CaixaBank entrusted, in accordance with Article 6a section 1 and Articles 6b-6d of Banking Law regarding bank’s outsourcing activities, with temporarily or permanently performing acts connected with conducting banking activity or that were entrusted with performing acts in accordance with Article 6a section 7 of Banking Law regarding factual acts under bank outsourcing activities, both to the extent the information is necessary to properly perform those acts,

- the information subject to bank secrecy is revealed to advocates or legal advisers in connection with legal assistance rendered to CaixaBank,

- revealing information subject to bank secrecy is essential to the conclusion and performance of agreements on the sale of 'receivables-lost', as classified in accordance with separate provisions of law,

- insuring debtors of securitised receivables against the risk of insolvency, and

- providing information to other banks, credit institutions or financial institutions participating in the same financial holding is essential to properly carry out duties indicated in the provisions of law for counteracting money laundering and financing terrorism.

Additionally

Moreover CaixaBank in certain cases, can be obliged to disclose the information covered by bank secrecy, only to entities and in cases indicated in the Article 105 of the Banking Act .including:

- other banks and credit institutions, to the extent that such information is necessary to perform banking operations and for the purposes of acquisition and disposal of claims;

- other institutions entitled by law to grant credits – subject to the condition of reciprocity, as regards the claims and bank account operations and balances, to the extent that such information is necessary to grant credits, loans of money, bank guarantees and sureties;

- other banks, credit institutions, or financial institutions, to the extent that such information is necessary ensure compliance with the applicable regulations on consolidated supervision, including, in particular, the preparation of consolidated financial statements covering CaixaBank, manage the risks relating to large exposures and apply internal approaches as well as other methods and models referred to in the provisions of the third part of Regulation No. 575/2013;

- other banks, savings and credit unions, the National Savings and Credit Union (Krajowa Spółdzielcza Kasa Oszczędnościowo-Kredytowa) , and the clearing house or Central Database to the extent necessary to provide the summary information with relation to inheritance left by the account holder;

- the Head of the National Tax Administration (Szef Krajowej Administracji Skarbowej) and the clearing house referred to in the Article 67 of Banking Law within the scope necessary to properly perform their tasks and obligations referred to in the section IIIB of the Tax Ordinance Act of 29 August 1997 (uniform text: Journal of Laws [Dziennik Ustaw] of 2022, item 2651, as amended) and Financial Information System Act of 1 December 2022 (uniform text: Journal of Laws [Dziennik Ustaw] of 2023, item 180);

- providers rendering payment initiation services, within the scope necessary to provide such payment service;

- providers rendering account information services within the scope necessary to provide such payment service;

- payment service providers within the scope necessary to perform the obligations specified in certain provisions of Payment Services Act of 19 August 2011 (uniform text: Journal of Laws [Dziennik Ustaw] of 2022, item 2360, as amended);

- insurance companies, reinsurance companies, parent insurance entities, parent insurance entities not regulated or mixed parent insurance entities in the extent necessary to perform the provisions of group supervision and within the scope necessary to perform the provisions of supplementary supervision exercised pursuant to the supplementary supervision act dated 15 April 2005 (uniform text: Journal of Laws [Dziennik Ustaw] of 2020, item 1413, as amended), as amended which apply to said entities;

- at the request of courts and authorized state bodies, including the Banking Guarantee Fund (Bankowy Fundusz Gwarancyjny) and the Financial Supervision Authority (Komisja Nadzoru Finansowego) in the scope and cases referred to in the Article 105 section 1 item 2 of the Banking Law.

The Bank is not obliged to not disclose the bank secrecy subject to paragraph 4 and 4a of the Article 104 of the Banking Act, towards the person to whom the information covered by the secrecy concerns.

Subject to Article 106a (the bank is oblige to inform a public prosecutor, the Police, and any other competent authority authorized to conduct preparatory proceedings in case of reasonable suspicion that the bank's activities are used to conceal any criminal activity or for any purposes connected with a fiscal offence) and Article 106b (the public prosecutor in charge of the proceedings relating to a criminal or fiscal offence may require the disclosure of information that constitutes bank secrets by a bank, its employees, or any persons acting as intermediaries in banking operations, only on the basis of a decision issued at the prosecutor's request by a regional court of appropriate jurisdiction) of the Banking Act, only when the entity that the information concerns authorizes the bank, in writing, to reveal specified information to an indicated person or organizational unit. The authorization may also be expressed in electronic form. In this case, the bank is obliged to consolidate the authorization thus expressed on an IT data carrier within the meaning of Article 3 point 1 of the Act of 17 February 2005 on computerization of the activities of entities performing public tasks (uniform text: Journal of Laws [Dziennik Ustaw] of 2023, item 57).

9. Qualified electronic seal

The use of the qualified electronic seal in order to place statement of will to Caixabank, S.A. (Spółka Akcyjna) Oddział w Polsce requires additional formalities. If the Customer uses the qualified electronic seal CaixaBank requests the Customer and the Customer is obliged to provide CaixaBank with all relevant information, documents and statements that are necessary in order to: (i) verify validity of the electronic seal and the certificate attached to it; (ii) identify the person placing statement of will with use of qualified electronic seal; (iii) verify whether such person is properly authorized to represent the Customer, and (iv) confirm that the person authorized to represent the Customer accepts the statement of will placed with use of the qualified electronic seal. This may include necessity of providing additional statements of will or confirmations signed with use of handwritten signatures or qualified electronic signatures. CaixaBank reserves the right not to accept the statement of will that is not confirmed/verified in accordance with preceding sentences. The banking activities which relate to such non-confirmed/non-verified statements of will should be regarded as non-executed and non-existing.

1 See: https://www.knf.gov.pl/podmioty/Podmioty_sektora_bankowego/zestawienie_notyfikacji_dot_dzialnosci_instucji_kredytowych_na_terytorium_RP_poprzez_oddzial