Compliance and LGPD

Interact is committed to cultivating ethical, legal and integrity standards in its business operations. This commitment to corporate responsibility seeks to build trust relationships with customers, partners, distribution channels, employees, suppliers and the entire network of relationships that encompasses the Interact Group. The Interact Compliance Program is inspired by the 9 pillars proposed by LEC Legal, Ethics & Compliance, the largest community dedicated to spreading a culture of compliance worldwide.

With our LGPD Program, we also cover the principles, rights and duties demanded by the General Data Protection Law (LGPD – Law 13,709/2018). Periodically, Interact conducts activities to adapt to the culture of security and data protection, with awareness and a focus on improving internal processes. To achieve this, we follow the 10 principles for data processing imposed by the LGPD, as well as comply with all legal bases that encompass the Interact Group.

The Interact Compliance Program originates from a commitment by the leadership of the Interact Group. Directors not only are aware of integrity activities but also advise and participate in managing the risks inherent in the institution’s business.

The Interact Compliance Program is centrally located in the control and risk management structure of the Interact Group. It is part of the SGI – Interact Management System, which also includes instruments such as the 5S Program, based on five senses to improve the work environment: self-discipline, well-being, cleanliness, organization, and utilization.

Since 2006, the Interact Group has also been participating in the implementation process of the Management Assessment System (SAG) of the Programa Gaúcho da Qualidade e Produtividade (PGQP), receiving external evaluations. In 2013, it achieved the Bronze Trophy of the Quality RS Award, known as the Quality Oscar.

The Interact Compliance Program adopts regular training sessions with employees for educational, preventive and corrective purposes. Other communication channels of the company also address the integrity guidelines, such as Corporate TV, internal and external newsletters, the blog, and the Interact Group’s website.

Interact provides specific channels for registering inquiries, incidents, and reports, ensuring confidentiality, impartiality, and proper handling of every submission.

The channels are organized by topic to ensure that each matter is directed to the appropriate responsible party.

COMPLIANCE

The Compliance Channel is intended for reporting situations that violate the Code of Ethics, internal policies, applicable laws, or the organization’s integrity principles.

This channel guarantees confidentiality and may be used with identification or anonymously.

Open a ticket if you identify:

• Conflict of interest

• Moral or sexual harassment

• Fraud or financial irregularities

• Corruption or improper payments

• Non-compliance with internal policies

• Unethical conduct

Email: compliance@interact.com.br

🔗 Click here to open a ticket

LGPD

The LGPD Channel is dedicated to matters related to the General Data Protection Law (Law No. 13,709/2018), ensuring compliance with data subjects’ rights and the proper processing of personal data.

This channel may be used by employees, clients, partners, and suppliers.

Open a ticket in the following situations:

• Request for access to your personal data

• Request for correction or update of personal data

• Request for deletion of personal data

• Questions about how your personal data is being used

• Suspected improper processing of personal data

• Reporting an incident involving personal data

Data Protection Officer: Guilherme Immich

Email: lgpd@interact.com.br

🔗 Click here to open a ticket

INFORMATION SECURITY

The Information Security Channel is intended for reporting incidents or suspicions related to the protection of data, systems, access, and technological assets of the organization.

Information Security aims to protect the pillars of Confidentiality, Integrity, and Availability of information.

Open a ticket in situations such as:

• Security vulnerabilities in Interact products or systems

• Violation of Information Security Policies

• Collaboration in audit processes (Third Party Risk Management / Vendor Risk Management)

Responsible: Felipe Albuquerque de Almeida

Email: comite-si@interact.com.br

🔗 Click here to open a ticket

Upon receipt of the complaint, the Compliance Officer will have a maximum period of 30 (thirty) days, extendable for an equal period, to take all necessary investigative measures, always respecting the current legislation.

In the eventuality that the Compliance Officer becomes the subject of a complaint, they will be automatically removed from the position and the Senior Management must appoint a new Compliance Officer to temporarily occupy the position.

The Interact Compliance Program aims to ensure good relationships with customers, partners and suppliers. In the context of corporate acquisitions, the Interact Group conducts its business based on the provisions of national and international legislation.

Internal decisions are guided by the directives of federal, state and municipal laws in force in the areas of operation, with a focus on consumer protection, economic, tax, labor and social security laws.

The Interact Compliance Program is critically reviewed regularly. With the practice of continuous improvement as a reference, present since the Interact Management System, internal and control audits are carried out to monitor, measure and identify possible integrity corrections.