Compliance and LGPD

Interact is committed to cultivating ethical, legal and integrity standards in its business operations. This commitment to corporate responsibility seeks to build trust relationships with customers, partners, distribution channels, employees, suppliers and the entire network of relationships that encompasses the Interact Group. The Interact Compliance Program is inspired by the 9 pillars proposed by LEC Legal, Ethics & Compliance, the largest community dedicated to spreading a culture of compliance worldwide.

With our LGPD Program, we also cover the principles, rights and duties demanded by the General Data Protection Law (LGPD – Law 13,709/2018). Periodically, Interact conducts activities to adapt to the culture of security and data protection, with awareness and a focus on improving internal processes. To achieve this, we follow the 10 principles for data processing imposed by the LGPD, as well as comply with all legal bases that encompass the Interact Group.

The Interact Compliance Program originates from a commitment by the leadership of the Interact Group. Directors not only are aware of integrity activities but also advise and participate in managing the risks inherent in the institution’s business.

The Interact Compliance Program is centrally located in the control and risk management structure of the Interact Group. It is part of the SGI – Interact Management System, which also includes instruments such as the 5S Program, based on five senses to improve the work environment: self-discipline, well-being, cleanliness, organization, and utilization.

Since 2006, the Interact Group has also been participating in the implementation process of the Management Assessment System (SAG) of the Programa Gaúcho da Qualidade e Produtividade (PGQP), receiving external evaluations. In 2013, it achieved the Bronze Trophy of the Quality RS Award, known as the Quality Oscar.

The Interact Compliance Program adopts regular training sessions with employees for educational, preventive and corrective purposes. Other communication channels of the company also address the integrity guidelines, such as Corporate TV, internal and external newsletters, the blog, and the Interact Group’s website.

Interact has structured its Compliance Program to contribute directly to ensuring that the processes of hiring, delivery of products and services, and relationships with customers, suppliers and other institutions are conducted transparently based on good governance and ethical practices.

The Reporting Channels play a crucial role in the Program as they provide a secure and confidential way to report suspicious or unethical behavior. Interact also adopts a non-retaliation policy if the reporting party chooses to identify themselves.

In case of suspicion of violation of any of the established principles, the interested party can make a report. Among other information, it may include: (1) a description of the incident; (2) names of those involved or the area of activity, whether or not they are members of Interact; (3) timeframe of the events; and (4) if it is a preventive report, specify when the violation may occur.

The Interact Compliance Program has the following reporting channels:

a) The reporting channel integrated into the SA Strategic Adviser structure. The message is directed to the Interact Compliance Officer. The tracking of the IP address of the machine from which the message originated is strictly prohibited to ensure the confidentiality of the report and the anonymity of the reporter; b) The email compliance@interact.com.br, managed by Interact’s Compliance Officer, Arlete Wasem. Like the previous reporting channel, anyone interested, whether from Interact or not, can report irregularities they are aware of;

The Interact LGPD Program has the following reporting channels:

a) In the same way as the Compliance Reporting Channel, the LGPD reporting channel is integrated into the SA Strategic Adviser structure, selecting the option for LGPD so that all information to be treated as a report is compiled in one place. The message is directed to the DPO (Data Protection Officer). The tracking of the IP address of the machine from which the message originated is strictly prohibited to ensure the confidentiality of the report and the anonymity of the reporter; b) Direct contact with the Officer Guilherme Immich, via email lgpd@interact.com.br, with the confidentiality of their identity ensured.

Reporting Channel

Inquiry of Report

Request from Data Subjects – LGPD

Upon receipt of the complaint, the Compliance Officer will have a maximum period of 30 (thirty) days, extendable for an equal period, to take all necessary investigative measures, always respecting the current legislation.

In the eventuality that the Compliance Officer becomes the subject of a complaint, they will be automatically removed from the position and the Senior Management must appoint a new Compliance Officer to temporarily occupy the position.

The Interact Compliance Program aims to ensure good relationships with customers, partners and suppliers. In the context of corporate acquisitions, the Interact Group conducts its business based on the provisions of national and international legislation.

Internal decisions are guided by the directives of federal, state and municipal laws in force in the areas of operation, with a focus on consumer protection, economic, tax, labor and social security laws.

The Interact Compliance Program is critically reviewed regularly. With the practice of continuous improvement as a reference, present since the Interact Management System, internal and control audits are carried out to monitor, measure and identify possible integrity corrections.