Risk Policy

1. Purpose

This Risk Policy outlines the approach of Interesting World S.L. ("the Company") to identifying,

assessing, managing, and mitigating risks associated with its business operations, particularly its

online retail activities conducted via the website dws-shops.top. The policy ensures that

appropriate risk management practices are embedded across all levels of the Company.

2. Scope

This policy applies to all departments, employees, contractors, and partners engaged with the

operations of Interesting World S.L., including the development, maintenance, and operation of

its online commerce platform.

3. Risk Management Objectives

• To minimize potential losses due to operational, financial, regulatory, or reputational

issues.

• To ensure business continuity through proactive identification and mitigation of potential

threats.

• To enhance decision-making and accountability in risk-sensitive areas.

• To protect customer data, maintain consumer trust, and uphold the Company’s integrity

and compliance obligations.

4. Risk Categories

The following categories of risk are considered within the scope of this policy:

4.1 Strategic Risks

• Changes in consumer preferences or economic downturns affecting product demand.

• Expansion into new markets or product categories without sufficient due diligence.

4.2 Financial Risks

• Currency exchange volatility, especially with cross-border sales.

• Credit risk associated with delayed payments or third-party failures.

4.3 Operational Risks

• Failures in order processing, warehousing, or shipping logistics.

• Disruptions due to supplier dependency or inventory mismanagement.

4.4 Legal and Compliance Risks

• Non-compliance with GDPR, e-commerce laws, and consumer rights regulations.

• Intellectual property disputes or regulatory enforcement actions.

4.5 Reputational Risks• Negative customer reviews or social media backlash.

• Publicity from delayed deliveries or poor-quality products.

4.6 Technological and Cybersecurity Risks

• Cyberattacks including data breaches, phishing, or ransomware.

• Downtime or vulnerabilities in the website or payment processing systems.

4.7 Fraud and E-commerce-Specific Risks

• Chargeback fraud due to disputed transactions.

• Identity theft or unauthorized account access.

• Return fraud, such as customers returning counterfeit or used items.

• Affiliate or promotional abuse.

5. Risk Assessment and Monitoring

The Company performs regular risk assessments to review potential threats and vulnerabilities in

the e-commerce environment. Risks are ranked based on likelihood and impact. Monitoring

includes:

• Regular audits and penetration testing.

• Fraud detection and transaction monitoring tools.

• Analysis of return patterns and chargeback trends.

6. Risk Mitigation Measures

• Data Security: Employ encryption, secure payment gateways, and access controls.

• Fraud Prevention: Use of real-time fraud detection software, identity verification, and

customer behavior analysis.

• Legal Compliance: Ongoing consultation with legal advisors and regulatory bodies to

ensure adherence to applicable laws.

• Business Continuity: Maintain disaster recovery plans and redundant infrastructure.

• Supplier Risk Management: Establish contracts with clear terms and penalties for non

performance.

7. Roles and Responsibilities

• Management: Oversees overall risk framework and reviews this policy periodically.

• Staff: Expected to report observed risks or irregularities and follow established protocols.

8. Incident Reporting and Escalation

Any employee or contractor who identifies a potential or actual risk event must report it

immediately to the designated authority. A structured escalation and investigation process will be

initiated to determine the scope, cause, and required corrective action.9. Training and Awareness

Employees will be provided with regular training sessions to raise awareness about key risks,

fraud indicators, data handling procedures, and their roles in maintaining a secure online

environment.

10. Client Identification & Verification

In accordance with anti-money laundering (AML), counter-terrorist financing (CTF) regulations,

and other applicable laws, Interesting World S.L. is committed to ensuring that it conducts

proper client identification and verification procedures. The Company’s efforts in verifying the

identity of its clients are aimed at protecting both the business and its customers from fraud and

illegal activities.

10.1 Identification and Verification Process

To create an account or place orders on dws-shops.top, customers are required to provide certain

personal information for identity verification purposes. This may include, but is not limited to:

• Full name

• Date of birth

• Address (billing and shipping)

• Email address

• Phone number

• Payment method details

We also may request a government-issued ID or similar documentation (e.g., passport, driver’s

license) to confirm the identity of individuals engaging in high-value transactions or orders that

meet certain criteria.

10.2 Collection of Proof of Identity

When requested, clients must provide clear, legible copies of the following documents:

• A government-issued identification (such as a national ID card, passport, or driver’s

license).

• Proof of address (such as a utility bill, bank statement, or official government

correspondence, no older than 3 months).

• A recent payment receipt or document confirming the payment method used.

10.3 Use of Collected Data

The collected documents and information will solely be used for identity verification and fraud

prevention purposes. It will not be shared with any third parties unless explicitly required by law

or as necessary to process a transaction, and the customer has consented. All personal data will

be stored securely and only for as long as necessary to meet the legal obligations and internal

policies of Interesting World S.L.

10.4 Refusal to Process Orders

In the event that a client fails to provide the requested identification or if the provided documents

cannot be verified, Interesting World S.L. reserves the right to refuse service or cancel orders. If there is suspicion of fraudulent activity, the Company may report the issue to the appropriate

authorities and take further action as necessary.

10.5 Data Retention and Confidentiality

All personal data collected as part of the verification process will be handled in accordance with

Interesting World S.L.'s Privacy Policy. This includes secure storage and restricted access to

authorized personnel only. Documentation for verification purposes will be retained only as long

as necessary and in compliance with applicable legal requirements.

11. Review and Updates

This Risk Policy will be reviewed at least annually or following any significant change in

business operations, regulatory requirements, or risk exposure.