Compliance and LGPD

Our Integrity Program

Interact is committed to cultivating ethical, legal and integrity standards in its business operations. This commitment to corporate responsibility seeks to build trust relationships with customers, partners, distribution channels, employees, suppliers and the entire network of relationships that encompasses the Interact Group. The Interact Compliance Program is inspired by the 9 pillars proposed by LEC Legal, Ethics & Compliance, the largest community dedicated to spreading a culture of compliance worldwide.

With our LGPD Program, we also cover the principles, rights and duties demanded by the General Data Protection Law (LGPD – Law 13,709/2018). Periodically, Interact conducts activities to adapt to the culture of security and data protection, with awareness and a focus on improving internal processes. To achieve this, we follow the 10 principles for data processing imposed by the LGPD, as well as comply with all legal bases that encompass the Interact Group.

PILLAR 1 | Project and Alignment of Senior Management

The Interact Compliance Program originates from a commitment by the leadership of the Interact Group. Directors not only are aware of integrity activities but also advise and participate in managing the risks inherent in the institution’s business.

 

PILLAR 2 | Risk Assessment

The Interact Compliance Program is centrally located in the control and risk management structure of the Interact Group. It is part of the SGI – Interact Management System, which also includes instruments such as the 5S Program, based on five senses to improve the work environment: self-discipline, well-being, cleanliness, organization, and utilization.

Since 2006, the Interact Group has also been participating in the implementation process of the Management Assessment System (SAG) of the Programa Gaúcho da Qualidade e Produtividade (PGQP), receiving external evaluations. In 2013, it achieved the Bronze Trophy of the Quality RS Award, known as the Quality Oscar.

PILLAR 3 | Code of Ethics and Conduct

The Interact Group has a Code of Ethics and Conduct based on the company’s values and principles. The purpose of the document is to guide on the main objectives, internal processes, corporate philosophy, rights, duties and corporate and individual benefits. Therefore, it is the instrument that guides the standards of ethical conduct in the activities of the Interact Group.

 

PILLAR 4 | Internal Controls

Based on risk assessment, the Interact Group manages and implements control measures to mitigate Compliance risks and strengthen processes in the Interact Management System. These activities permeate all areas of the company, embedded in the context of monitoring institutional policies and processes.

PILLAR 5 | Training and Communication

The Interact Compliance Program adopts regular training sessions with employees for educational, preventive and corrective purposes. Other communication channels of the company also address the integrity guidelines, such as Corporate TV, internal and external newsletters, the blog, and the Interact Group’s website.

 

PILLAR 6 | Reporting Channels

Interact has structured its Compliance Program to contribute directly to ensuring that the processes of hiring, delivery of products and services, and relationships with customers, suppliers and other institutions are conducted transparently based on good governance and ethical practices.

The Reporting Channels play a crucial role in the Program as they provide a secure and confidential way to report suspicious or unethical behavior. Interact also adopts a non-retaliation policy if the reporting party chooses to identify themselves.

In case of suspicion of violation of any of the established principles, the interested party can make a report. Among other information, it may include: (1) a description of the incident; (2) names of those involved or the area of activity, whether or not they are members of Interact; (3) timeframe of the events; and (4) if it is a preventive report, specify when the violation may occur.

The Interact Compliance Program has the following reporting channels:

a) The reporting channel integrated into the SA Strategic Adviser structure. The message is directed to the Interact Compliance Officer. The tracking of the IP address of the machine from which the message originated is strictly prohibited to ensure the confidentiality of the report and the anonymity of the reporter; b) The email compliance@interact.com.br, managed by Interact’s Compliance Officer, Karine Hermes. Like the previous reporting channel, anyone interested, whether from Interact or not, can report irregularities they are aware of;

The Interact LGPD Program has the following reporting channels:

a) In the same way as the Compliance Reporting Channel, the LGPD reporting channel is integrated into the SA Strategic Adviser structure, selecting the option for LGPD so that all information to be treated as a report is compiled in one place. The message is directed to the DPO (Data Protection Officer). The tracking of the IP address of the machine from which the message originated is strictly prohibited to ensure the confidentiality of the report and the anonymity of the reporter; b) Direct contact with the Officer Martina Imhoff, via email lgpd@interact.com.br, with the confidentiality of their identity ensured.

Reporting Channel

Inquiry of Report

Request from Data Subjects – LGPD

PILLAR 7 | Internal Treatment of Reports

Upon receipt of the complaint, the Compliance Officer will have a maximum period of 30 (thirty) days, extendable for an equal period, to take all necessary investigative measures, always respecting the current legislation.

In the eventuality that the Compliance Officer becomes the subject of a complaint, they will be automatically removed from the position and the Senior Management must appoint a new Compliance Officer to temporarily occupy the position.

 

PILLAR 8 | Due Diligence

The Interact Compliance Program aims to ensure good relationships with customers, partners and suppliers. In the context of corporate acquisitions, the Interact Group conducts its business based on the provisions of national and international legislation.

Internal decisions are guided by the directives of federal, state and municipal laws in force in the areas of operation, with a focus on consumer protection, economic, tax, labor and social security laws.

PILLAR 9 | Monitoring and Audit

The Interact Compliance Program is critically reviewed regularly. With the practice of continuous improvement as a reference, present since the Interact Management System, internal and control audits are carried out to monitor, measure and identify possible integrity corrections.