Continuity Plan

Daskapital's measures, procedures and guiding principles to ensure the continued operation.

1.          GENERAL PROVISIONS

1.1. Daskapital's Continuity Plan (hereinafter referred to as the "Plan") aims to establish the measures, procedures and guiding principles designed to ensure the continued operation of Daskapital and the continued provision of essential services related to existing investments and the proper administration of the agreements entered into between Daskapital and its users in unforeseen situations.

1.2. The Plan was drawn up in accordance with the Law of the Portuguese Republic and the provisions of Regulation (EU) 2020/1503 of the European Parliament and of the Council of October 7, 2020, on European providers of crowdfunding services to entities, and the terms used therein shall be interpreted accordingly, unless otherwise specified.

2.          DEFINITIONS

2.1. Unless otherwise specified, for the purposes of this Plan, the words and expressions listed below shall have the following meanings:

2.1.1. "Daskapital", means Das Kapital, Lda. private limited company, NIPC Nº 516 460 730, with share capital of 50.000.00 (fifty thousand euros) and headquartered at Rua do Pereiro, número 291, Ul, 3720-593 Oliveira de Azeméis, Portugal, responsible for managing Daskapital websites/platforms, or other entities with which it is in a control or group relationship, such as Daskapital - Crowdfunding S.A. and Daskapital España S.L.; in certain contexts, the same as Daskapital Website or Platform;

2.1.2. "Platform" or "Daskapital Platform" means the information system based on the Internet and accessible to the public through the address www.daskapital.eu, to be operated or managed by Daskapital which, operating in accordance with EU regulations and other applicable legislation, allows Promoters to present Collaborative Financing Projects and credit assignment proposals to obtain liquidity and funding from Investors;

2.1.3. "Investor" means the entity(ies) (individuals or natural persons, SMEs, Companies, Sole Proprietorships, Associations, Public or Private Institutions, other Organisations or Legal Persons) who intend to make investments and who have created an account on the Daskapital Platform, having accepted its General Terms and Conditions and Privacy Policy;

2.1.4. "Law" means the laws and regulations in force applicable to European providers of crowdfunding services to entities;

2.1.5. "Project" means the business activity or activities for which a project promoter seeks funding through a collaborative financing offer;

2.1.6. "Promoter" means the entity(ies) (SMEs, Companies, Sole Proprietorships, Associations, Public or Private Institutions, other Organisations or Legal Persons, and, in some cases, individuals or natural persons) seeking funding or liquidity from Investors and who have created an account on the Daskapital Platform, having accepted its General Terms and Conditions and Privacy Policy;

2.1.7. "Beneficiary" means the same as Promoter;

2.1.8. "Privacy Policy or Policy" means the Privacy Policy available at www.Daskapital.eu and acceptance of which is required in order to use Daskapital's services;

2.1.9. "General Conditions" means the General Conditions of the Daskapital Platform, acceptance of which is required in order to use it;

2.1.10. "Client" refers to the universe of Promoters and Investors as defined in this document and also to any person who visits Daskapital's websites/Platforms and who interacts with Daskapital through them.

2.1.11. "User" means the same as Client;

2.1.12. "Mangopay" means Mangopay, S.A., a company registered under number B173459 in the Luxembourg Trade Register and authorized to receive, transfer and collect funds from Users in electronic currency and supervised by the Luxembourg Financial Sector Supervisory Commission (CSSF), with registered office at 110 route d'Arlon L-1150 Luxembourg and whose website is: www.cssf.lu;

2.1.13. "Payment institution" means a payment institution legally authorized to provide payment services for the activities carried out by Daskapital;

2.1.14. "Account" means a Customer's account created on Daskapital for the purposes of crowdfunding;

2.1.15. "Payment Account" means a Customer's account created with the Payment Institution;

2.1.16. "Agreements" means the loan agreements, service agreements, credit assignment agreements, general agreements, special conditions and other legal agreements entered into within the scope of Daskapital's operations and which govern the agreements between Beneficiaries and Investors and between the latter and Daskapital;

2.2. Other definitions used in this plan shall be understood in accordance with the Laws of the Portuguese Republic.

3.          ORGANIZATIONAL ARRANGEMENTS

3.1. The occurrence of an event or incident/emergency that significantly damages, or could significantly damage, the Platform's processes must be immediately reported to Daskapital's Board of Directors.

3.2. In the event of an event or incident/emergency, the Daskapital Board of Directors may create a Continuity Management Group ("CMG") which shall implement the Continuity Plan and take measures to manage the continuity of the Platform, namely:

3.2.1. Analyzing events and incidents, making decisions on issues relating to the management of the Platform's continuity;

3.2.2. Communicate with the bodies that produce and disseminate public information;

3.2.3. Communicate with authorities and other institutions;

3.2.4. Ensuring information security in the event of an incident;

3.2.5. Reporting on business continuity management to the Daskapital Board of Directors;

3.2.6. Perform other duties as assigned.

3.3. The members of the GGC will communicate with each other by telephone, e-mail and/or through Daskapital's internal communication program

3.4. When dealing with an emergency, Daskapital must rely on the knowledge and skills of its employees, information processing and communication resources (data, servers, computer and hardware equipment, computer and telephone network installation and other equipment), technical resources and the ability to manage and supervise them and, if necessary, the services of third parties.

3.5. Typical emergency response actions should be as follows:

3.5.1. Assessing the damage suffered and deciding whether to activate the business continuity plan, alerting Daskapital employees, Investors and Promoters;

3.5.2. Execution of urgent actions that guarantee the continuity of operational processes in emergency mode;

3.5.3. Restoring critical operational processes that have been interrupted;

3.5.4. Establishing/eliminating the reasons for the incident;

3.5.5. Recording the incident in the operational incident log;

3.5.6. Introduction of preventive measures.

3.6. The methods, means and actions used to implement the plan must be appropriate to the specific situation.

3.7. The methods, means and actions used to implement the plan must be effective in terms of cost and direct or indirect benefit.

3.8. All incidents related to business continuity must be recorded in the operational incident log.

4.          MAIN CRITICAL PROCESSES AND FUNCTIONS THAT NEED TO BE SAFEGUARDED FOR CONTINUITY

4.1. Daskapital will consider the following processes to be critical:

4.1.1. The possibility for users to log in to their Investor and/or Promoter account on the Platform;

4.1.2. Representation of the main information fund balances, status of published projects, status of participation in projects, portfolio of financed projects) in the Investor and/or Promoter account;

4.1.3. Carrying out the main operations for the Investor and/or the Promoter.

4.1.4. Uninterrupted recording and storage of information relating to users of the Platform and their transactions;

4.1.5. Control of Daskapital's business operations.

5.          OPERATIONAL RISKS UNDERLYING THE BUSINESS AND DASKAPITAL

5.1. In order to safeguard its business, Daskapital, as the entity responsible for managing Crowdfunding Platforms, will take into account the operational risks that it may encounter in its activity.

5.2. The main underlying operational risks that may affect Daskapital's activities are as follows:

5.2.1. Loss or significant damage to Daskapital's facilities;

5.2.2. Loss of Daskapital employees;

5.2.3. Inability of Daskapital employees to perform their duties;

5.2.4. Malfunctions and data transmission failures;

5.2.5. Communication service failures;

5.2.6. Breakdowns in technical equipment;

5.2.7. Platform malfunctions;

5.2.8. Loss/leakage and disclosure of data (social engineering attacks);

5.2.9. Failures of service providers in general and payment service providers, and identification of Platform users;

5.2.10. Loss of the legal authorization required to manage crowdfunding platforms;

5.2.11. Insolvency (judicially declared) of Daskapital or cessation of activities.

5.3. Daskapital understands that the list of risks indicated is not exhaustive. If other Daskapital operational risks materialize (not directly indicated in this Plan), Daskapital employees must react appropriately, complying with the general principles and procedures set out in this Plan.

6.          BUSINESS CONTINUITY IN THE EVENT OF LOSS OR SIGNIFICANT DAMAGE TO DASKAPITAL'S FACILITIES

6.1. In the event of significant loss or damage to the facilities (in the event of a fire, natural disaster, terrorist act, criminal activity or other action), the facilities must first be evacuated and the appropriate emergency services (police, fire department, etc.) informed;

6.2. The Board of Directors of Daskapital or the GGC must decide on other actions necessary to continue the activity and prevent the loss of Daskapital documents, assess the damage, restore technical means and communications, promptly inform the persons responsible for maintaining the servers and IT, as well as the necessary emergency services;

6.3. In the event that Daskapital loses its physical premises, the Board of Directors or the GGC must organize its operation as soon as possible through remote work, or from temporary premises;

6.4. Daskapital's Board of Directors or the GGC must ensure that paper documents that are essential to Daskapital's business or the provision of services used in Daskapital's business are scanned regularly and filed electronically on Daskapital's servers.

7.          RECOVERY OF DASKAPITAL'S ACTIVITY IN THE EVENT OF LOSS OF EMPLOYEES

7.1. In the event of a loss of Daskapital's collators, first of all, the damage suffered (if any) must be assessed. Daskapital's Board of Directors or the GGC will assess whether:

7.1.1. The loss of staff could have an impact on the performance of Daskapital's activities;

7.1.2. Which functions of the lost staff can be transferred to another Daskapital employee;

7.1.3. The need to hire other employee(s) to carry out the duties of the lost staff;

7.1.4. In the event of an urgent need for staff, Daskapital's Board of Directors or the GGC will look for alternatives (e.g. purchasing the service from third parties, hiring employees) until the necessary staff is available.

8.          THE INABILITY OF DASKAPITAL EMPLOYEES TO PERFORM THEIR DUTIES

8.1. The Daskapital Board of Directors or the GGC shall ensure that, in cases where Daskapital employees are unable to perform their duties, another Daskapital employee or the Daskapital Board of Directors or the GGC can take over their duties.

8.2. If the employee is unable to perform his or her duties, the damage, if any, must be assessed.

8.3. In the event that a Daskapital employee is unable to perform his/her duties, the Daskapital Board of Directors or the GGC will also assess whether:

8.3.1. Failure to perform the duties in question may have an impact on Daskapital's business performance;

8.3.2. Which functions of a Daskapital employee could be transferred to another Daskapital employee;

8.3.3. The need to hire other employee(s) to carry out the duties in question.

8.4. In the event of a very urgent and pressing need for staff, Daskapital's Board of Directors or the GGC will look for alternatives (e.g. purchasing the service from a third party, hiring employees) until the necessary staff is made available. Until services are resumed and/or new employee(s) hired, the critical functions to be performed must be distributed proportionally to other (current) Daskapital employees.

8.5. Upon completion of the assessment provided for in point 8.3 (and, if necessary, after hiring another employee(s)), Daskapital's Board of Directors or the GGC will transfer the duties of the Daskapital employee(s) who cannot perform their duties to another employee(s) and/or external service provider.

8.6. In order to ensure that the Daskapital Board of Directors or the GGC can take over the duties of the employee(s), the documents and information with which the employees work must be accessible to Daskapital or at least one other employee (e.g. stored on cloud servers, kept in physical or electronic form, giving continuous access to Daskapital or another employee).

9.          MANAGEMENT AND SUPERVISION OF TECHNICAL MALFUNCTIONS, DATA TRANSMISSION FAILURES, DATA LOSS, COMMUNICATION SERVICE FAILURES AND PLATFORM MALFUNCTIONS IN THE EVENT OF AN EMERGENCY

9.1. The management and supervision of technical malfunctions, data transmission failures, communication failures and Platform malfunctions must be aimed at ensuring that, in the event of a failure of the Daskapital Platform, systems failure, database failure, Internet failure, computer system or software failure, cyber-attack or other technical failure, all or a large part of the data and information managed is restored as quickly as possible and that after the failure, the Platform and Daskapital's systems continue to function.

9.2. Responsibility for the proper organization of the supervision and management described above shall lie with the Board of Directors of Daskapital or the GGC or third parties providing such services.

9.3. By decision of Daskapital's Board of Directors, the technical supervision and maintenance of the information systems, as well as ensuring their continued operation, may be passed on to third-party service providers, who must ensure the proper fulfillment of the functions assigned to them, the continuity of Daskapital's services, and the operation of the technological systems and infrastructures. If these functions are delegated, the contact details of the service providers will be attached to this document.

9.4. Daskapital will use the following measures to protect against damage to computer systems or software and loss of data:

9.4.1. Back up all information on Daskapital's servers, including folder and directory systems.

9.4.2. Backups should be made on a daily basis and the information copied to remote servers and/or cloud storage services, thus ensuring the restoration of all or most of the data in the event of unforeseen circumstances;

9.4.3. In order to protect the system against cyberattacks and data reading, all information must be accessible via virtual private network (VPN) logins. The Platform's maintenance specialists must encode passwords before sending them to the database and they must comply with a level of complexity including at least 8 characters, at least one number, a special symbol and/or at least one lowercase and uppercase letter. Users should also be asked to change their passwords regularly.

9.5. Daskapital employees must use laptops that are connected to Daskapital's servers and equipment that allows mobility. Therefore, in the event of breakdowns or technical problems at Daskapital's premises (communication service failures, internet connection failures, power supply failures, etc.), Daskapital's activities may be transferred to other premises until the problem is resolved.

9.6. In the event of communication breakdowns on the premises, mobile communication on the Internet may be organized by decision of the Daskapital Board of Directors.

9.7. In the event of a Platform (Daskapital systems) malfunction, Daskapital's programming service providers or internal programmers will first be asked to identify and correct the faults/malfunctions. If no programming errors are detected, the server (database) service providers will be involved in identifying and correcting the problems.

9.8. The Board of Directors of Daskapital, or the Person(s) responsible appointed by it, will inform Daskapital users of any Platform malfunctions with a significant impact, as well as inform Daskapital users in advance of scheduled updates, changes or technical maintenance work on the Platform, due to which the Platform's activity may be impacted leading to any malfunctions, by publishing the respective information on the Platform.

10.          MANAGEMENT IN THE EVENT OF DATA LEAKAGE/LOSS AND DISCLOSURE (SOCIAL ENGINEERING ATTACKS)

10.1. Daskapital's data may be subject to risks not only due to breaches of Daskapital's technical and IT systems or communications, but also due to social engineering attacks in which data may be lost, disclosed or access to it may be restricted.

10.2. In order to limit the risk of social engineering attacks, Daskapital shall implement security rules and provide information security training to Daskapital employees.

10.3. An employee who detects a possible case of social engineering attack must immediately notify Daskapital's Board of Directors and take reasonable steps to stop the detected attack.

10.4. In the event of a social engineering attack, the relevant authorities will be notified immediately, and the employee(s) responsible must be removed from office if involvement is suspected.

10.5. In the event of a social engineering attack, an investigation will be carried out to determine the reason, scope and possible consequences of the attack.

10.6. In the event of a social engineering attack, it must be ensured that:

10.6.1. The way in which the attack was carried out is identified;

10.6.2. The security loopholes that allowed the attack are fixed;

10.6.3. The information that has been compromised is identified;

10.6.4. Accounts whose access data may have been leaked are blocked, forcing users to reset their access data;

10.6.5. All users who may have been victims of the attack are informed;

10.6.6. Users are notified of temporary system malfunctions if system functions are temporarily limited due to an attack;

10.6.7. All the provisions of the General Data Protection Regulation regarding the loss, leakage or disclosure of data are complied with.

10.7. The investigation must gather the elements that allow for the preparation of a case against third parties, and legal action must be taken against third parties.

11.          FAILURES OF SERVICE PROVIDERS IN GENERAL, AND OF PAYMENT AND USER IDENTIFICATION SERVICE PROVIDERS

11.1. Partners who provide services to Daskapital have the right to cease their activities, to suspend cooperation with Daskapital or if there are any malfunctions in the provision of their services.

11.2. In order to avoid failures resulting from the activity of the service providers used, particularly payment and/or user identification service providers, or from the termination of cooperation with them, Daskapital will take the following measures:

11.2.1. Whenever possible, by having the necessary technical skills and competence, take over all or part of the services provided by service providers and carry them out using internal resources;

11.2.2. Maintain continuous contact with service providers and be aware of the scope of the services they can provide and, if necessary, maintain agreements with more than one service provider;

11.2.3. Ensure that, in the event of a failure in the provision of services, Daskapital can, if possible, transfer the provision of services (in full or only in part) to another service provider.

11.3. In the event of malfunctions and failures in the provision of payment services, Daskapital will immediately notify the partner providing the service to identify and correct the causes of the failure, and set deadlines for doing so. Likewise, users must be notified of the occurrence of possible faults and malfunctions.

11.4. If the failure cannot be determined and corrected within a reasonable period of a few hours, if possible, Daskapital shall direct the payments to an account opened with another payment services partner institution for the administration of the crowdfunding funds or notify the Investors requesting them to provide a copy of the payment orders for the amount invested so that it can trace the funds.

11.5. In the event of malfunctions and failures in the provision of user identification services, Daskapital will immediately notify the partner providing the service to identify and correct the causes of the failure, and set deadlines for doing so.

11.6. If the fault cannot be determined and corrected within a reasonable period of a few hours, Daskapital may take over the user identification function itself or direct users to an alternative user identification service provider.

12.          WITHDRAWAL OF DASKAPITAL FROM THE PUBLIC LIST OF OPERATORS OF COLLABORATIVE FINANCING PLATFORMS

12.1. Daskapital may lose its authorization to operate collaborative financing platforms (Crowdfunding Platforms) and be removed from the public list of Crowdfunding Platform operators in accordance with the procedure set out in the legislation.

12.2. If Daskapital is removed from the public list of crowdfunding platform operators, Daskapital users (Investors and Promoters) will be notified of the decision.

Once Daskapital has been de-listed, Daskapital will not allow any new Financing Transactions to be entered into. Financing Operations that have already been concluded will still be carried out, i.e. the payments and interest made by the project Promoters will be accepted and distributed to the Investors, with the exception of cases where such obligations are transferred to other persons under the procedure provided for by law.

12.3. In cases where a request for removal from the list of Crowdfunding Platform operators is submitted by Daskapital itself, if possible, an agreement on the transfer of funding transactions should be concluded with another Crowdfunding Platform.

12.4. Daskapital will endeavor to ensure that the administration of the Daskapital Platform is transferred to another entity without any failures occurring on the Daskapital Platform.

13.          PROCEDURE IN THE EVENT OF DASKAPITAL'S INSOLVENCY

13.1. Daskapital has outsourced the function of Payment Institution to a partner entity that provides payment services (Mangopay), so the e-money wallets and the funds of the Platform users are deposited in accounts of that third-party entity that is independent of Daskapital, ensuring complete segregation of assets from Daskapital. In the event of Daskapital's insolvency or cessation of activity, the following scenarios are envisaged:

13.1.1. The registration of new users (Investors and Promoters), the granting of new loans, the acceptance of applications and new projects from Promoters and the conclusion of Financing Operations will be suspended immediately;

13.1.2. Delegation of the management and maintenance of the Platform to a third party, ensuring the continuity of payments from users' wallets via the partner Payment Institution;

13.1.3. Settlement of e-money wallets at the partner Payment Institution and transfer of funds to users;

13.1.4. Transfer to the beneficiaries of all the relevant information to follow up the payment plan to the Investors.

14.          CONTACTS TO USE IN THE EVENT OF AN EVENT OR INCIDENT/EMERGENCY

14.1. In the event of an event or incident/emergency, the GGC should be contacted at GGC@daskapital.eu.

14.2. The email address will be accessible to all GGC members at all times, ensuring effective communication between GGC members and between the GGC, Daskapital and users

15.          FINAL PROVISIONS

15.1. This plan is effective as of this date and may be amended by Daskapital's Board of Directors.

Last updated: October 7, 2024