Data Protection Officer

Our Data Protection Officer maintains an open channel of communication with the external public. If you have any questions and/or suggestions regarding BEONTAG's data protection program, please contact our Data Protection Officer by [email protected] or through our channel.

Privacy and Personal Data Protection Policy

1. INTRODUCTION AND OBJECTIVE

In the daily life of Beontag, or "Company", whether in the conduct of business, in the search for new products, services and opportunities, or in the organization of its internal structure, the processing of personal data is an indispensable part of this reality. Beontag understands that it must act with responsibility and transparency, taking care of such information and providing them with technical and administrative security measures.  
This Policy provides guidelines and establishes rules related to the privacy and protection of personal data of customers, employees and third parties during the processing of personal data by the Beontag, and in the relationship with third parties, in which there is sharing or shared use of personal data.  
With this document, Beontag aims to be in compliance with the applicable data protection regulations, promoting transparency and good faith towards the Data Subjects, by protecting their personal data and their civil rights and liberties, as well as the best practices within its reach.  
Beontag adopts 8 pillars, to be demonstrated throughout this Policy, for the implementation of an effective Privacy and Personal Data Protection Program in the company:

   • Commitment and support of the top management

   • Group responsible for the Program

   • Structuring of rules and instruments

   • Communication and training

   • Mapping and Internal Controls

   • Communication channel with Data Subjects and Supervisory Authorities

   • Crisis management plan

   • Continuous monitoring of the program

2. SCOPE

The Policy applies to Beontag in full, by all Beontag Employees, interns, Senior Management and all its subsidiaries, mainly to the business and operational areas that carry out international transfer of personal data, as well as service providers, partners and third parties with whom Beontag shares personal data, who act as controllers and operators/processors of personal data within the scope of the relationship with Beontag, both in Brazil and abroad.  
The guidelines provided herein are applicable to all internal Beontag processes in which there is, at some point, processing of personal data and/or sensitive personal data of any Data Subjects.

3. REFERENCES

   • Beontag Consent Management Policy;  
   • Beontag Security Incident Crisis Management Procedure;  
   • Beontag Data Retention and Deletion Policy;  
   • Beontag International Data Transfer Policy;  
   • Beontag New Processing Activity Registration Policy;  
   • Procedure for requesting the Data Subject of personal data    

4. TERMS AND DEFINITIONS

• Supervisory Authority: National authorities acting in the guidance, supervision, supervision and protection of personal data, such as ANPD (National Data Protection Authority – Brazil), ICO (Information Commissioner's Office – United Kingdom) or CNIL (Commission Nationale de l 'Informatique et des Libertés – France), Commission de la protection de la vie privée – Belgium, Office of the Data Protection Ombudsman – Finland, Guarantor per la protezione dei dati personali – Italy, Commission Nationale pour la Protection des Données – Luxembourg, GIODO (The Bureau of the Inspector General for the Protection of Personal Data – Poland), Information Commissioner – Slovenia, Datainspektionen – Sweden, European Data Protection Supervisor – Europe, Agencia de Acceso a la Información Pública – Argentina, Unidad Reguladora y de Control de Datos Personales – Uruguay.
• Beontag: Beontag Group
• Controller or controllers: natural or legal person(s), of public or private law, who are responsible for decisions regarding the treatment of personal data.
• Anonymised data: data relating to a Data Subject that cannot be identified, considering the use of reasonable technical means available at the time of treatment.
• Personal data: information related to the individual identified or identifiable. That is, information(s) that identifies a natural person either directly (first and last name, document number, e-mail address, phone number, IP address) or indirectly, from associations and profiling (address, marital status, occupation, income, financial history, credit score).
• Sensitive Personal Data: personal data on racial or ethnic origin, religious conviction, political opinion, trade union membership or organization of a religious, philosophical or political nature, data on health or sexual life, genetic or biometric data, when linked to an individual.
• Data Protection Officer (DPO) or Person in Charge: this is the person responsible at Beontag who acts as the Company's representative before the Supervisory Authority, as a communication channel between the controller and the data subjects, and the person responsible for disseminating, guiding and monitoring about the Privacy and Data Protection Standards in the Company.
• Security Incident: any adverse event related to a breach of the security, technical or administrative, of personal data, leading to the loss of one or more basic principles of Information Security (Confidentiality, Integrity and Availability) and that may bring risks or damage to the Data Subjects. Examples of incidents are: unauthorized access, accidental or unlawful, resulting in data leakage, loss, destruction or alteration of personal data, among other forms of illicit or inappropriate data processing.
• Underages: refers to children (up to twelve years old) and teenagers (between twelve and eighteen).
• Privacy and Data Protection Standards: any and all national or international legislation that has been edited and promulgated to promote and protect the privacy and protection of personal data, such as: General Data Protection Regulation (“GDPR”) – Regulation (EU) 2016/679 - European Union; General Personal Data Protection Law (“LGPD”) – Law No. 13.709/2018 (Brazil); United Kingdom General Data Protection Regulation (“UK GDPR”) – United Kingdom; Legislative Decree No. 196/2003 and Legislative Decree No. 101/2018 – Italy; French Data Protection Act (“FDPA”) - Law No. 2018-493 and Decree No. 2018-687 (France); Ley de Protección de los Datos Personales – Law No. 25.326 (Argentina); Data Protection Law – HE 9/2018 – VP (Finland), Personal Data Protection Law and Habeas Action Law – Date No. 18.331/2008 – Uruguay.
• Program: refers to Beontag's Privacy and Personal Data Protection Program.
• Operator or operators: natural or legal person(s), public or private law, who performs the processing of personal data on behalf of the controller. Data processing Impact Report: personal data protection impact report is the controller's documentation that contains the specificities of certain data processing activities that may generate risks to the Data Subjects, providing measures, safeguards and risk mitigation mechanisms, whose purpose is to identify and mitigate the risks related to the protection of personal data in a given processing activity. 
• Third Parties: suppliers, partners, consortium members, service providers, or subcontractors of the Company, including, for example, consultants, lawyers, expediters, as well as individuals and legal entities that are commercial representatives of Beontag.
• Legitimate Interest Evaluation Test: this is a test to be conducted in parallel to the Impact Report, whenever the hypothesis of processing is the legitimate interest of Beontag and the Data Subject, to demonstrate whether the legitimate interest is applicable in the specific context and for the intended purpose, with analysis of the need, legitimacy, balance and safeguards. 
• Data Subject: natural person to whom the personal data that is the object of processing by Beontag refers, such as customers, employees, third parties, shareholders, candidates of the selection process, partners of a legal entity. 
• International transfer: transfer of personal data to another country and/or international organization, at any time of processing, including for mere storage. 
• Shared use of data: communication, dissemination, international transfer, interconnection of personal data or the shared treatment of personal databases by public agencies and entities, in compliance with their legal competencies, or between them and private entities, reciprocally, with specific authorization, for one or more treatment modalities permitted by those public entities, or between private entities.

5. ASSIGNMENTS AND RESPONSIBILITIES

It is the duty of everyone at Beontag and Third Parties with whom there is sharing or shared use of personal data, to carry out the processing of personal data in compliance with this Policy.

5.1. Upper Administration

The Upper Administration shall:

• Support the initiatives of the Person in Charge/DPO and Data Protection Committee by providing information and access to data, whenever necessary;
• Support the Person in Charge/DPO and the Data Protection Committee with financial resources and commitment to the Beontag Privacy and Data Protection Program;
• Encourage and apply good personal data processing practices on a daily basis at Beontag, ensuring that Beontag employees and their third parties adhere to the Company's internal policies and procedures;
• Formally approve the policies, goals and strategies related to Beontag's Privacy and Data Protection Program, as well as the necessary measures for its implementation and monitoring;
• Allow the Person in Charge/DPO to have access to all information, facilities and resources necessary for the execution of his/her duties at Beontag.

5.2. Data Protection Committee

The Data Protection Committee of Beontag is formed by the following areas:

• Compliance;
• Information Technology; and
• Legal.

As needed, the Beontag Data Protection Committee may request the participation of other areas.

The Committee's responsibilities are:

• To support the Person in Charge/DPO in the execution of his activities;
• To observe any regulatory, jurisprudential and good practice changes related to data protection;
• To execute the activities of the Privacy and Data Protection Policy before Beontag;
• To develop and to review the policies, procedures and other internal documents related to the Program;
• To propose goals and strategies related to the Privacy and Data Protection Program;
• To analyze the forms for recording new treatments of personal data, observing the legal, technical and administrative aspects, to approve or disapprove the treatment flow, with any adjustments and application of security measures;
• To prepare and review the data processing impact report and the legitimate interest assessment test, where applicable;
• To monitor the signs and resolve any security incidents, applying the appropriate remediation measures and recording the evidence;
• To monitor the guidelines of Supervisory Authorities and carry out any adjustments of the program to such guidelines;
• To assist the Person in Charge/DPO in communicating to the Data Subjects and the applicable Supervisory Authority in case of a security incident, in compliance with the Beontag Security Incident Crisis Management Procedure.

5.3. Data Protection Officer (DPO)/Person in Charge

• To receive requests, complaints and communications from the Data Subjects, as well as provide clarifications, adopt measures and address them internally when necessary, recording all appropriate evidence, according to the Request Procedure of the Data Subject of Beontag;
• To receive communications from the Supervisory Authority, as well as provide clarifications, adopt measures and address them internally when necessary; 
• To guide Employees, interns and Senior Management regarding the practices to be taken;
• To monitor the adequacy of personal data protection standards, as well as internal policies elaborated on this topic;  
  To conduct training related to the Program;
• To advise and monitor the preparation of an Impact Report on the Protection of Personal Data and a Legitimate Interest Assessment Test;
• To communicate with the agents responsible for data processing (controllers, co-controllers, operators/processors) with whom Beontag has a relationship and organize demands arising from such relationships;
• To perform the other duties determined by Beontag;
• To access and to ensure the information relevant to the processing of personal data at any time;
• Actively act in cases of security incident with personal data, in accordance with the Security Incident Crisis Management Procedure;
• To promote Beontag awareness and compliance measures to improve the Program;
• To manage and internally address any reports, requests and questions sent to the Beontag Privacy Channel.

5.4. Information Technology

• Perform continuous monitoring of Beontag's security standards, adjusting them whenever possible to security incident risks;
• To analyze the evidence of security incidents, technically, and applying the necessary measures;
• To propose measures and technical solutions for the protection of personal data at Beontag;
• To perform periodic tests on Beontag systems and environments to monitor and improve internal safety standards;
• To guide, together with the Person in Charge/DPO, on information security and technical protection of personal data within Beontag;
• To ensure security standards in line with the requirements of the applicable Privacy and Data Protection Standards, good market practices, as well as any new legal and regulatory requirements applicable to Beontag;
• To implement and improve internal tools and mechanisms that make it possible to guarantee the rights of the Data Subjects;
• To assist in security incidents involving personal data, in accordance with the Security Crisis Management Procedure;
• To present results and action plans related to security and information technology assessments to Senior Management for internal privacy and data protection improvement at Beontag.

5.5. Legal and Compliance

   • To inform and instruct employees and Third Parties continuously of this Policy and other instruments that are part of Beontag's Privacy and Personal Data Protection Program;  
   • To monitor the effectiveness of the Beontag Program, proposing applicable adequacy measures;  
   • To ensure the adequacy of contracts with Third Parties, through appropriate clauses to the Privacy and Data Protection Rules applicable to the specific case;  
   • To monitor the guidelines of Supervisory Authorities and jurisprudence of courts regarding the application of privacy and data protection laws, communicating to the Data Protection Committee, whenever necessary, about relevant updates to Beontag;  
   • To assist in conducting internal investigations related to privacy and data protection violations and Beontag Program Policies and Procedures.

5.6. Managers responsible 

   • To know and apply the operational procedures so that Beontag complies with the applicable Privacy and Data Protection Standards, as well as in relation to the processing carried out in its area;  
   • To communicate with the Person in Charge/DPO to formally register, from the Form for Registration of New Processing of Personal Data, any new activities involving processing of personal data related to the processes of the area under their management and send to the Data Protection Committee, which will analyze and approve or disapprove, with or without adjustments to be implemented;  
   • To monitor and participate in the activities of the Data Protection Committee, when requested;  
   • To participate in training and implement adequacy measures as required by the Working Group.

5.7. Marketing

   • To support the Data Protection Committee and the Person in Charge/DPO with actions to promote Beontag's culture of privacy and data protection;  
   • When necessary, assist in the analysis of risks to Beontag's image and reputation, with regard to privacy and data protection issues  
   • To advise the Data Protection Committee and the Person in Charge/DPO with disclosure of preventive measures for security incidents and crisis management procedures.

5.8. Employees or Third Parties 

   • To exercise the functions established in this document respecting the duties of loyalty, diligence and good faith;  
   • To avoid situations of conflict that may affect the interests of Beontag;  
   • To keep Beontag information confidential;  
   • To act actively in the prevention and protection of personal data about any security incidents;  
   • To comply with data retention and proper deletion guidelines in accordance with this Policy and the Data Retention and Erasure Policy. To inform the Data Protection Committee about improper retention of data or improper deletion;  
   • To collect consent from Data Subjects in cases where this is necessary, as provided in the Beontag Consent Management Policy;  
   • To comply with the guidelines proposed in this Policy and in the other materials of Beontag's Privacy and Personal Data Protection Program;  
   • To inform the manager of the department responsible for personal data about treatment for communication to the Data Protection Committee of new projects involving personal data.   
   • In the case of third parties, whenever it is necessary to have access to personal data of which Beontag is the controller of personal data, enter into a confidentiality agreement (NDA) and/or sign a contract in which there is a confidentiality and privacy clause and protection of personal data.

6. GENERAL PROVISIONS

6.1. General Concepts

6.1.1. Processing of Personal Data  
The processing of personal data is any operation carried out with the data, such as collection, production, reception, classification, adaptation, alteration, consultation, organization, structuring, dissemination, use, access, reproduction, transmission, distribution, processing, archiving, storage, disposal, evaluation or control of information, modification, communication, transfer, dissemination or extraction.   
By the broad legal definition, any above action involving personal data constitutes a treatment activity. The mere visualization, from the access to personal data, already characterizes the processing and, therefore, will be covered by the Privacy and Data Protection Standards.  
Beontag, concerned about the compliance of each processing carried out under its responsibility, seeks to raise awareness among its Employees and Third Parties to continuously adopt security measures.  
Examples of processing carried out by Beontag:  
   • Collection, reception, use and storage of personal data for registration of new customers and maintenance of the existing customer base;  
   • Collection of personal data for access to Company facilities;  
   • Control of employee information and transmission to public bodies in compliance with current laws;  
   • Archiving of personal data of third parties, for the legal deadline;  
   • Deletion of personal data of terminated employees, after the mandatory period of custody has elapsed.

6.1.2. Agents Responsible for the Processing of Personal Data

Controllers are responsible for the decisions to be made regarding the processing of personal data, while operators/processors are responsible for conducting the processing activities as determined by the controller.   
Also, there is the figure of the co-controller, which is the one who exercises joint controllership of personal data with other controllers, so that decision-making is collective competence and the attributions, responsibilities and burdens are determined in a formal agreement between the parties.  
Beontag will act sometimes as controller, sometimes as co-controller, sometimes as operator/processor, depending on the processing and the specific relationship.  
Whenever Beontag acts as a controller, co-controller or operator of personal data, it must:   
   • To handle personal data in accordance with the principles set forth in the item. 6.3 of this document and in accordance with applicable data protection laws;   
   • To conduct training and register the participation of senior leadership and key employees who deal with personal data;  
   • To ensure that individuals authorized to carry out any type of processing of personal data have committed to confidentiality or are under an appropriate obligation of confidentiality;   
   • To process personal data only in accordance with the instructions of the data controller or co-controller, unless otherwise required by the Supervisory Authority;   
   • To register all personal data treatment activities and sensitive personal data containing the department and the person responsible for each activity, the category of the data Subject, its purpose, types of data processed, its sources, with whom the data is shared, existence of international transfer of data, its retention period, systems used during the treatment activity, its proper legal basis, among other pertinent information;  
   • To prepare, record and file the personal data impact report (RIPD) whenever required by law, legal, administrative or institutional obligation;  
   • To implement appropriate technical and organisational measures to ensure proper data processing and in accordance with the applicable principles of privacy and protection of personal data;   
   • In case of transfer of Personal Data outside Brazil, apply the protection measures;   
   • To formalize the relationship with controllers, co-controllers and operators/processors through a contract, agreement or other formal legal act containing the applicable clauses and provisions;   
   • Do not appoint another operator/processor without specific prior authorization from the controller;  
   • To assist the controller in fulfilling its obligations with respect to obligations to the Supervisory Authority and Data Subjects, such as responding to requests related to the rights of Data Subjects (item 6.4 of this document);   
   • To notify the controller or co-controller within a reasonable time in relation to any personal data breach or incident with personal data;  
   • After the end of the provision of services, delete existing copies of personal data, at the request of the controller, unless the legislation requires the conservation of the data or is necessary for defense in judicial, administrative or arbitration proceedings;  
   • Make available to the data controller all information necessary to demonstrate compliance with its legal obligations and allow and cooperate with audits, including inspections, conducted by the controller or another auditor appointed by it;   
   • To carry out and register guarantees that the rights of the Data Subjects are fully fulfilled.

6.2. Relationship with Operators/Processors 

Whenever Beontag establishes a relationship with an agent that acts as an operator/processor of your personal data, it must ensure that the operator has in place appropriate technical, security and organizational measures to ensure compliance with principles and good practices that concern the privacy of the Data Subjects and protection of the personal data that will be processed. In addition, a contract or agreement must be entered into with this Operator defining its qualification and delimiting its attributions and obligations in relation to data protection.

6.3. Principles and Legal Bases

Beontag only carries out processing operations that are in line with the requirements of the applicable Privacy and Protection Standards. There will be no data processing that does not have a specific purpose in accordance with the applicable legislation. Beontag respects the essential principles for the processing of personal data.

6.3.1. Legal Bases

All personal data is processed by Beontag for legitimate and lawful purposes. Depending on the personal data and the specific purpose, as well as the location of the processing, Beontag will assign an adequate legal basis to process the data after careful analysis of the characteristics of the processing flow. There will be no processing without adequate compliance with the appropriate legal basis, in accordance with the law of the specific data processing jurisdiction.   
It is possible that the legal bases will change according to the course of the life cycle of the processing of personal data, resulting from the change in the purpose of the processing, which will consequently change the company's data mapping/inventory. Therefore, Beontag's mapping/inventory of personal data must be updated periodically, at least annually, and whenever necessary, to faithfully reflect the data processed by the Company and the proper purpose and corresponding legal basis. If, after updating, it is identified that there is no longer a legal basis for Beontag to continue the processing, it must be stopped immediately and the appropriate retention and disposal measures adopted.

 6.3.2. Principles

The principles represent fundamental elements that must be strictly considered in all data processing to ensure compliance with the Privacy and Data Protection Standards and global good practices. Beontag shall always process data in accordance with the principles below:  
(i) Legality and Justice  
All processing of personal data must take place on a valid and applicable legal basis, never in disagreement with any applicable legislation, always in a fair and balanced manner in the relationship with the Data Subjects.  
(ii) Transparency  
Beontag shall be clear, precise and unambiguous with Data Subjects so that they know, in all contexts, how and for what we process their personal data.  
Transparency includes accessibility and ease of communications with the Data Subjects so that there is maximum understanding about the performance of processing and the respective agents.  
(iii) Non-Discrimination  
Under no circumstances may personal data and sensitive personal data be processed for unlawful or abusive discriminatory purposes.  
(iv) Purpose   
The processing of the data must take place for legitimate, specific, explicit and informed purposes to the Data Subject, without the possibility of further processing in a manner incompatible with these purposes.

(v) Adequacy  
It refers to the compatibility of the processing with the purposes informed to the Data Subject, according to the context of the processing and in a manner consistent with one of the legal bases.   
(vi) Necessity and Minimization   
This is the limitation of the performance of the processing to the minimum necessary for the accomplishment of the intended purpose, covering only the relevant data, in a proportional and not excessive way.   
(vii) Free Access, Quality and Accuracy of Data   
To the Data Subjects, Beontag will guarantee the easy and free consultation on the form and duration of the processing, as well as accurate and clear information on the performance of the processing and the agents involved, provided that it does not violate commercial or industrial secrecy of Beontag or Third Party.  
We also ensure the quality, accuracy, relevance and updating of personal data, according to the need and for the fulfillment of the purpose of its processing.   
(viii) Security, Prevention and Limitation (Integrity and Confidentiality)   
Beontag adopts security standards appropriate to its operations, especially when they involve processing personal data, using technical and administrative measures capable of protecting personal data from security incidents.   
No personal data should be retained for longer than necessary, so Beontag periodically evaluates the retention periods of each data and adopts disposal measures, when necessary.  
All security measures implemented by Beontag, as well as the actions taken in relation to personal data throughout its processing are duly documented internally.  
(ix) Accountability and Responsibility  
Beontag adopts the necessary measures to demonstrate and prove the adoption of effective measures capable of proving compliance and compliance with the rules for the protection of personal data and even the effectiveness of such measures.   
We also assume that we are responsible for any form of processing of personal data that occurs within our organization, adopting a serious and respectful attitude towards the data and the respective Data Subjects. 

6.4. Rights of Data Subjects

Beontag ensures compliance with the rights of the Data Subjects of the processing of personal data that it carries out, in accordance with the provisions mentioned below:  
   • Right to Transparency of Information: It is the right of the Data Subjects to be informed in a clear and accessible way about the collection and use of their data by Beontag, and all the specificities related to the processing activities that occur within the scope of the Company.  
   • Right of Processing Confirmation and Right of Access: Data Subjects have the right to obtain confirmation that Beontag processes their personal data and to have access to specific information about their processing.  
   • Right of Rectification: The Data Subject of personal data may request rectification on the registration of his personal data, such as inaccurate, incorrect or outdated data;  
   • Right of Deletion/Right to Erasure: The Data Subject has the right to delete his/her personal data and may request the deletion, blocking or anonymization of his/her personal data processed by Beontag in certain cases. This may include, but is not limited to, circumstances in which it is no longer necessary for Beontag to retain your personal data for the purposes for which it was collected.   
   • Right to Restriction of Processing: The Data Subject may request the restriction or suppression of the processing of their personal data. In these cases, Beontag may store the personal data, but may not use them in some specific cases according to the specific request of the Data Subject and provided that there is no hypothesis in which such processing is necessary, such as legal or regulatory obligation.  
   • Right of Opposition: The Owner may object to the processing of data when it is based on legitimate interest.  
   • Right to Portability: The Data Subject may request the portability of his/her personal data to another service or product provider, upon express request. This practice makes it possible to transfer, transmit or copy personal data to a Third Party, so that there is security and the usability of the data is not affected.  
   • Right Related to Automated Decisions: Data Subjects have the right not to be subject to a decision based only on an automated process, including the definition of profiles, which produces direct or indirect legal effects to the Data Subject. Automated decision processes are those made by automated means that have no involvement of humans.  
In order to meet the requests of the Data Subjects, the Beontag has tools and mechanisms that aim at the speed and effectiveness in the response or observance of these rights, as well as the proper filing of the measures that are adopted in relation to this request, as detailed in the Request Procedure of the Data Subject.  
To this end, we make available a communication channel to Data Subjects, publicly accessible on our website. Which can be accessed by the following means: https://www.contatoseguro.com.br/beontag.

7. SPECIFIC GUIDELINES

7.1. Access to Personal Data

Beontag understands that improper access qualifies security incidents. For this reason, access is limited to employees who justifiably need personal data to conduct their activities, in line with the previously mapped treatment flows.

7.2. Retention and Disposal

The personal data processed by Beontag shall be permanently deleted, through systemic deletion or destruction of physical documents, as soon as they achieve their purposes, at the request of the Data Subject when applicable, or at the request of the Supervisory Authority.   
However, it is possible that Beontag retains the personal data, when authorized its conservation for specific hypotheses provided for by law.  
When personal data is retained after fulfilling its original purpose, it must be encrypted or anonymized to protect the identity of the data subject in the event of a personal data incident.  
With regard to the retention of personal data in cases where the data is processed for the purpose of exercising rights, both of activation of parties and of defense in legal, administrative or arbitration proceedings, the period provided for in specific laws of prescription and limitation of actions shall be observed for the purposes of data retention.   
During the period of any legal proceeding in which there may be a need for the use of data by the CCRR Group, such data may be stored following the CCRR Group's security measures, principles and internal guidelines regarding the processing of data for as long as the judicial discussion lasts.  
As established in the Personal Data Retention and Elimination Policy, the standard period of retention of personal data by the CCRR Group is 5 years after the termination of the link that gave rise to the processing of such data, such period is due to the statute of limitations, decay and tax periods generally adopted in national legislation.  
In exceptional cases where custody periods are not foreseen or clear in the current legislation or there is no peaceful understanding about the term, as well as where the feasibility of retention is under discussion, the Supervisor/DPO must analyze the situation and possibly trigger the Data Protection Committee to resolve to declare the retention period of a given document that contains personal and related data, always taking into account the guidelines of this policy and all other policies relating to privacy and data protection of the CCRR Group.

7.3. International Transfer

Beontag adopts restrictive conduct regarding the international transfer of personal data, understanding that it should not be carried out indiscriminately and only when strictly necessary for the conduct of its activities or when there is a security standard compatible with its guidelines, always in accordance with the provisions of the Privacy and Data Protection Standards, as established in the International Data Transfer Policy.

7.4. Processing of Personal Data of Minors

Beontag does not, as a rule, process personal data of minors (children and adolescents). However, there are times when it will be necessary to treat them. In these cases, the data will be processed in the best interest of the minor and in strict accordance with the legal hypotheses that allow such processing.  
The personal data of children and teenagers, as well as sensitive data, must be subject to greater protection compared to other personal data.

7.5. Privacy by Design and Privacy by Default 

In consideration of the principle of Privacy by Design, all products and services that are created by Beontag are subject to analysis to ensure the privacy and protection of personal data of the Data Subjects and compliance with all principles, guidelines and rules of the subject from the design phase to the launch/implementation of these products and services.

7.6. Disclosure of Personal Data to Third Parties

The Beontag must ensure that the personal data in its possession are not disclosed to unauthorized third parties, including family members or friends of its employees, private entities and government agencies, without the company's authorization or court order to do so.   
All employees must exercise caution when requested to disclose personal data to third parties and must seek authorization from the Data Protection Committee or the Person in charge/DPO to do so, including in the case of a court order.   
All requests to provide data to third parties must be supported by appropriate documentation and properly stored with the authorization of the Data Protection Committee or the Data Protection or Person in charge/DPO.

7.7. Data Protection Impact Assessment and Legitimate Interest Assessment 

The Data Protection Committee shall prepare, with the assistance of the Person in Charge/DPO and the other business departments of Beontag, the report of the impact assessment of personal data protection for Beontag's data processing activities.  
Such evaluation aims at an in-depth analysis of the risks involved with the processing carried out by Beontag, as well as technical, administrative and legal measures that should be implemented for greater security of personal data processed in specific flows.  
The content of the report should include a description of the processing processes of “common” personal data and sensitive personal data that may present risks to civil liberties and fundamental rights, as well as the technical, administrative and legal measures that should be implemented to mitigate risks and greater security of personal data processed in specific flows.   
In cases where the legal basis of legitimate interest is attributed, it will be necessary to prepare an assessment so that it is possible to consider whether this basis is appropriate for the treatment or not, and must be duly approved or disapproved by the Person in Charge/DPO.  
This is documentation from the controller containing the Legitimate Interest Impact Assessment, where the processing of personal data is based on legitimate interest, assessing whether the processing may create risks to civil liberties and fundamental rights through its legitimacy, necessity, balancing, and safeguards.

7.8. Security Incidents

Any suspected violations and incidents related to the processing of personal data carried out by Beontag or by third parties on its behalf must be immediately reported to the Person in Charge/DPO, according to the internal communication channels and guidelines provided for in the Security Incident Crisis Management Procedure.  
The Person in Charge/DPO will take all relevant information about the incident to the Data Protection Committee, so that they analyze the criticality and complexity of the occurrence and take the relevant measures and decisions.  
The application aims to prevent and mitigate losses arising from information security incidents or service disruptions directly affecting your information assets, trust between stakeholders, damage to reputation or market value.  
All possible measures should be provided in order to minimize all impacts caused, as well as recover the integrity of the data and its confidentiality.

8. TECHNICAL STANDARDS

Beontag will follow the technical, physical and digital standards for the protection of personal data, its integrity and confidentiality.

9. SAFETY MEASURES

9.1. Educational Actions

In order to train its employees, Beontag will conduct annual training on privacy and data protection, prepared by the Data Protection Committee and coordinated by the Person in Charge/DPO.  
Employees who are hired will also receive training, in order to understand basic concepts and observe compliance with Beontag's Privacy and Personal Data Protection Program.  
In addition, with the assistance of the Human Resources Department, other actions will be carried out to raise awareness and ensure compliance with the guidelines, such as:  
   • sending emails with newsletters/content pills on privacy and data protection topics, applicable standards and the Company Program.

9.2. Risk supervision and mitigation

Beontag's Privacy and Personal Data Protection Program will be overseen by the Data Protection Committee, from:  
   • The annual review of this Policy;  
   • Constant monitoring of signs of security incidents and documentation of implemented adequacy measures.   
The Compliance, Information Technology and Legal areas will also contribute to the supervision and mitigation of risks, from:  
   • Continuous monitoring of Beontag's safety standards;  
   • Analysis of the technical aspects of evidence of security incidents;  
   • Constant review and implementation of tools and mechanisms that ensure the security of personal data processed by Beontag.

10. PRIVACY CHANNEL

The Channel is an easily accessible means of communication between the Data Protection Officer/Person in Charge of Beontag and the Data Subjects of personal data, so that they can exercise their rights in contact with the Company. Beontag makes efforts to comply with requests within legal limits and reasonable limitations, and is always committed to the transparency and protection of personal data.  
In addition, the Privacy Channel may be used to report any violations related to privacy and protection of personal data, so that the Company can take the appropriate investigation, risk mitigation and action in relation to the specific case.  
The Privacy Channel can be accessed via: [email protected].  
Any questions, queries, clarifications, exceptions, requests regarding the application of this International Data Transfer Policy may also be sent directly to the Data Protection Committee through the email [email protected] or to the Person in Charge by email [email protected].

11. INVESTIGATIONS AND SANCTIONS

Any complaints, even if suspected, of violations of this Policy will be forwarded to the Data Protection Committee and submitted to an internal investigation procedure by Beontag's Compliance Department. If it is found, after a robust investigation, that there has been a violation, sanctions may be applied by Beontag, proportional to the nature or severity of the infraction committed, according to resolution by the Data Protection Committee.  
Any Employee or Third Party that violates any provision of this Policy will be subject to disciplinary sanctions and related consequences, such as: (i) verbal or written warning; (ii) suspension; (iii) dismissal without cause; (iv) dismissal with cause; (v) exclusion of the Third Party from the Company's list of suppliers; (vi) filing of a relevant lawsuit.  
In addition, the person responsible for the practice of an unlawful act may suffer judicial and/or administrative punishments, in accordance with the legislation of the country in which there is jurisdiction.  
If Beontag is ordered to indemnify damages of a moral or material nature, proven in any judicial or administrative action of any nature, the harasser will be called to participate in the process or will be notified back to reimburse Beontag for the amounts spent, duly updated in the molds of current legislation.  
Failure to report violations of privacy or the integrity of personal data that represent a violation of Beontag's internal rules and applicable legislation constitutes non-compliance with this Policy and may be duly punished. Recklessness, negligence and willful failure are also considered violations of this Policy and may be subject to disciplinary sanctions.

12. FINAL PROVISIONS

This document must be read and interpreted in conjunction with the other Policies and Procedures adopted by Beontag related to Data Protection, as well as with related laws and regulations.  
This Policy, as well as the other documents that complement it, are available on the intranet or, in case of unavailability, may be requested from Beontag's Person in Charge/DPO.  
Any questions regarding this Policy should be addressed to the Data Protection Committee by email [email protected] or to the Person in Charge by email [email protected].  
This Law enters into force on the date of its publication.

Anti-Corruption Policy

 1. OBJECTIVE

Reinforce Beontag's, or "Company's" commitment to maintain the highest global standards of integrity, ethics and governance in the conduct of its business by establishing anti-corruption guidelines. This Policy reflects Beontag's commitment and commitment to be in full compliance with applicable Anti-Corruption Standards, as well as the United Nations Convention against Corruption, the United Nations Global Compact and Inter-American Convention against Corruption, the Convention on Combating Corruption of Foreign Public Officials in International Business Transactions of the Organization for Economic Cooperation and Development (OECD) and good market practices.

This Policy aims to ensure that all Beontag Employees and Third Parties understand and comply with all anti-corruption guidelines and rules, which must be followed, so that everyone observes the provisions to prevent, identify and combat situations prone to acts of corruption, money laundering, fraud and other illicit acts.

One of the pillars of Beontag's Compliance Program is the repudiation and prevention of corruption and this Policy was developed in order to assist our employees and third parties in understanding the types of corruption that exist, the impact on the Company's reputation and what should be done to avoid it.

2. SCOPE

This Policy must be known and fully complied with by all Employees, employees, service providers, interns, Beontag Senior Management and all its subsidiaries. In addition, this Policy shall be complied with by any Third Parties acting on behalf of, in the interest of or for the benefit of Beontag, as applicable.

It is the responsibility of each one to know and apply the rules and guidelines provided for in this Policy and, if necessary, to report inadequate situations so that they are properly treated by the Compliance Department.

3. TERMS AND DEFINITIONS

The terms set out below will be used throughout the policy with the following meanings:

Government Official: who exercises public function, temporarily or permanently, with or without compensation, by election, appointment, designation, hiring or any form of investiture or bond, mandate, position, employment or public function of any level of government, department, agency or national and foreign body. The person who works for a company contracted to provide a service for the execution of activities that are typical of the national or foreign Public Administration is considered to be a public agent. Also considered as Government Official occupying or candidate for public office; political party or member of political party; representatives of international public organizations; members of the royal family; and any person who carries out activities or represents any of the aforementioned persons or organizations.

Giveaways: it is a souvenir with a courtesy character, advertising purposes, usual disclosure, or on the occasion of events or commemorative dates, for historical or cultural tradition, distributed in a non-specific way and without commercial value, usually with the company logo.

Gifts: are any object or service for personal use or consumption that have a determined commercial value and do not fall within the definition of giveaways.

Corruption: is the act or effect of giving, promising, offering, authorizing, requesting or receiving in exchange, directly or indirectly, for yourself or others, an undue advantage (pecuniary or not) to a public official or the person equivalent to him/her lead to withdraw, act or fail to act in accordance with the law, morals, good customs.

Due Diligence: methodical procedure for analyzing information and documents with a predetermined objective of knowing the organization and its managers with which the Company intends to relate and interact, identify any risks related to it and, potentially, adopt measures to mitigate these risks.

Donations: the agreement in which the Company, by liberality, transfers from its assets, resources, services, products, assets or advantages to that of another company or individual.

Hospitality: includes expenses incurred in the professional context, arising from travel, such as travel (air, land and/or sea), accommodation and meals.

Anti-Corruption Standards: any and all national or international legislation that has been edited and promulgated to prevent and combat corruption and economic crime, such as: Foreign Corrupt Practices Act (FCPA) – Legislation on Corrupt Practices in the United States of America, with cross-border effect; Brazilian Anti-Corruption Law (Law No. 12.846/2013 and Decree 8.420/2015) - Compose the Brazilian anti-corruption legislation; United Kingdom Bribery Act (UKBA) – Anti-corruption legislation of the United Kingdom, being the most restrictive law on the subject; French Anticorruption Law (Sapin II - Law no. 2016-1691) - Legislation with international scope; Italian Anticorruption Legal Framework (Laws 11/06/2012, no. 190, 05/27/2015 no. 69, 01/09/2019 no. 3, 2016 no. 229 and Decrees 12/31/2012, no. 235, 03/14/2013, no. 33, 04/16/2013, no. 62, 08/04/2013, no. 39), Argentine Anticorruption Law (Law no. 27.401).

Relative: person with whom one has a family relationship up to the third degree. For example: parents, children, siblings, spouses, partners, uncles, nephews, grandparents and grandchildren. Additionally, we also consider as “Relatives” those relatives by affinity, such as stepfather, stepmother, stepchildren, in-laws, son-in-law/daughter-in-law, brother-in-law and brother-in-law.

Sponsorship: is the payment of financial amounts or exchange of goods and services to an institution or event organized by a third party, in order to publicize its brand and strengthen the company's communication with its customers, suppliers and society.

Politically Exposed Persons: It is Government Officials, former Government Officials or their families who carry out relevant public activities, representing, directly or indirectly, national or international governments, such as:

• Data Subjects of elective mandates of the Executive and Legislative Powers;
• The Data Subjects of offices in the Government Union, of:
• Minister of State or equivalent;
• President, vice-president and director, or equivalent, of indirect public administration entities; and
• The presidents and national treasurers, or equivalent, of political parties;
• Governors and Secretaries of State, State and District Deputies;
• Mayors, Councilors, Municipal Secretaries;
• Persons abroad who are (a) heads of state or government; (b) politicians of higher echelons; (c) occupants of governmental positions of higher echelons; (d) general officers and members of higher echelons of the Judiciary; (e) executives of higher echelons of public enterprises; or (f) leaders of political parties;
• Senior managers of public or private international law entities.

Close Relationship: person with whom one has an intimate and non-family or kinship relationship, such as corporate, loving, close friendship and other types of affinity.

Third Parties: Third Parties are the Company's suppliers, partners, consortiums, service providers, or subcontractors, including, for example, consultants, lawyers, agents, as well as individuals and legal entities that are commercial representatives of the Company.

Undue Advantage: is one that involves any type of illicit profit, gain, privilege or benefit, promised, given or offered for an individual to act contrary to moral, ethical or directly related to the exercise of their function. The concept should be understood broadly and not just the mere payment in cash. The advantage is anything that has any value to the Public or private Agent, even if it has no value to the grantor, such as money or in the form of goods, gifts, giveaways, job vacancies, lunches, dinners, expenses with travel or entertainment, provision of services, benefits and favors, donations, sponsorships.

4. GENERAL GUIDELINES

Beontag has zero tolerance for corruption, and any direct or indirect practice, private or public, of acts of corruption is prohibited. To this end, it is essential to understand the concept of corruption and which situations can be considered as corrupt practices, such as bribery and influence peddling.

Acts of corruption may occur in the public and private spheres, and both are strictly prohibited by Beontag and will be duly distinguished in this Policy.

It is not enough for us to be honest, we must also present ourselves as honest, so that there is no doubt about our values and posture. Be respectful, ethical, professional, transparent and accurate in all communications, recording whenever possible.

In the context of corruption, it is not necessary that the improper conduct is committed or the advantage actually received by the counterparty, in a way that is qualified by the mere promise, request or offer of the improper advantage.

Corruption manifests itself in different ways, being prohibited any and all practice of acts of bribery, payment of facilitation or receipt of bribes or any undue advantages, made directly or indirectly to the Public Administration, national or foreign.

All example lists in this Policy are not exhaustive, i.e. prohibited practices are not limited to what is listed only, but can occur in a number of ways. However, it is not always easy to identify an act of corruption. If you encounter a situation that generates discomfort, feeling or impression of inadequacy that does not have the model of expected conduct described in the Beontag Policies and Procedures, apply the general guidelines of this Policy, or seek guidance from the Compliance Department or the Company's Ethics Channel.

           i.  Corruption and bribery in the private sphere

Private corruption is one of the forms of corruption prohibited by Beontag, occurring in the private environment among individuals, whether individuals or legal entities. It is the use of power, position, function, authority to obtain advantage for oneself, other individuals, such as Relatives and Close Relationship, other companies and/or any other third parties with whom one has a relationship.

Beontag prohibits bribery, which is one of the types of corruption in the private sector and, thus, no employee or third party may offer, give, promise or receive money or any other undue advantage, directly or indirectly, to obtain an improper benefit.

Examples of practices that constitute private corruption:

• Divert information from competitors in the hiring procedure;
• Offer travel to Supplier and its family in exchange for signing a contract in favor of Beontag;
• Responsible for negotiation overcharges contract price, under promise of compensation of the difference in value to the Beontag Employee who ensures contract signing.

           ii.  Corruption and Bribery in the Public Scope

Corruption practiced in the public sphere is that which causes acts harmful to the Public Administration. It can be defined as the use of power, function or authority to obtain advantages for one's own interest, that of a family member, friend or any other party with whom one has personal, economic or political relations.

It is noteworthy that there is no definition for corruption that covers all practices that can configure it, so the principles and elements involved in specific situations must be observed.

• Bribe:

It is a form of corruption, which consists of the promise, agreement, offer or transfer of any form of undue advantage to a Government Official or third party related to it (relative, Close Relationship, partners, among others), with the objective or expectation that the individual acts or fails to act in accordance with its function, in an unlawful and/or immoral manner.

• Intends to induce or influence an agent to use his position, in any way, to obtain or retain business in an improperly directed manner.
• It is qualified by the payment of money (amounts in kind) or equivalent, but also any undue advantage capable of corrupting the intended agent, such as gifts, giveaways, job vacancies, lunches, dinners, travel or entertainment expenses, provision of services, benefits and favors, donations, sponsorships, among others.

Examples of bribery practices are:

• Offer money to a Government Official to stop applying a penalty resulting from an inspection procedure;
• Hire a relative of a Government Official in the Company to be hired to execute an administrative contract with the government;
• Difficulty in inspection by a responsible body;
• Make a donation to a non-profit organization appointed by a Government Official in exchange for tax exemption;
• Offer concert tickets or sporting events in exchange for false documentation for government license;
• Bank transfer to Government Official responsible for contracting to avoid termination of contract with the Government.   

Beontag also prohibits the practice of influence peddling, which consists of requesting, demanding or charging, advantage or promise of advantage, under the pretext of influencing an act practiced by a Government Official in the exercise of the function. It consists in the illicit practice of a person to use a privileged position in a company, or its connections with people in a position of authority, to obtain favors or benefits for himself or third parties, in exchange for favors or payment.

5. ATTENTION POINTS

Considering that the definition of corruption is not fixed and includes an unlimited number of practices that may qualify as corruption, there are situations that can be considered as alerts for greater risk of corruption.

Beontag expects everyone to be vigilant not to commit, as well as identify and report situations in which there is suspicion of practice. Thus, it is the responsibility of each one to carefully evaluate the context in which it is inserted and strive to identify indications that may result in misconduct or unlawful acts in all Beontag's negotiations, operations, transactions and relationships.

Warning signs may occur internally at Beontag, in interactions with the Government or the private sector, or during the performance and relationship with Third Parties, such as partners, service providers, suppliers, commercial representatives and any party acting for or on behalf of Beontag, therefore attention is required at all times.

Below we list common warning signs exemplary of high corruption risk. If you recognize one of these situations, immediately report to the Compliance Department or the Beontag Ethics Channel to be guided:

• Party that has as partner, director, main shareholder or administrator a Government Official;
• Party that has a personal, family or commercial relationship with a Government Official;
• Party recommended by a Government Official;
• Part has little or no reference to Third Parties;
• Third party requests payment of commission, fees or fee in excess of the market average or incompatible with the nature of the contract;
• Public or private agent provides confidential and privileged information and requests payment of amounts in return;
• Party does not have headquarters, fixed address, staff or adequate structure for the provision of service or product supply;     
  High discounts without commercial motivation;
• Vague description of the provision of Third Party services during negotiation and registered in contract;
• Third party acts in the provision of services in a business area significantly different from that which was contracted;
• Party that is introduced into negotiations or operations after an incisive insistence or explicit request by a Public or Private Agent;
• Party that is inserted in negotiations or operations for exerting influence on a Public or Private Agent;
• Party insists on the payment of success fees without success or provision expressed in contract;
• Party refuses to provide complete and accurate information about the reality of the company or the contract in question or provides it incompletely or inaccurately;
• Party avoids or refuses to attest to compliance with Beontag's internal rules and applicable legislation;
• Party has previous cases or notorious current involvement with corruption, bribery, money laundering, fraud or other unlawful acts;
• Part has a bad reputation for public knowledge before society and/or recognized media;
• Party provides data for payment in a bank account of an offshore company, bank account of an individual or company other than the contractor or in a country other than the provision of services, supply of products or agreed negotiation;
• Part was recently constituted or somehow does not have historical information;
• Party requests unusual contractual terms or that raise concerns such as cash payment, payment in another country's currency, payment to a third party that has no relation to the commercial operation, or advance payment without justification.
• Party requests payment of unusual expense, disproportionate to the services provided, high or in disagreement with the contract;

Reporting is Beontag's main way of becoming aware of corruption situations and identifying whether it is exposed to related risks, and may act to avoid or mitigate risks prior to any damages and losses arising, therefore, when identifying any act of corruption, even if suspected, immediately call the Compliance Department or the Beontag Ethics Channel.

6. SPECIFIC GUIDELINES

a. Relationship with Government     
Every relationship with the Government requires extreme caution, considering that it is a high-risk activity of corruption in its own right. Beontag is committed to its integral, ethical and transparent posture in its relationship with the Government and, thus, prohibits the practice of any acts of corruption, fraud, bribery and other illicit practices, directly or indirectly, in its relationship with a Government Official or a related Third Party, whether national or foreign.

Corruption can take many forms, so the provision of other undue advantages, even if not quantifiable, can constitute corruption. According to Transparency International, corruption is the abuse of a “trusted power” for private gain, that is, it is the behavior of an agent who seeks to enrich himself (enrichment), or to people close to him, through the misuse of his assignments. In this sense, donations, contributions, sponsorships and even offer of positions at Beontag to a Government Official, their relatives or other related Close Relationship may constitute an act of corruption, if these acts are seen as a way to influence the Government Official or obtain something in return (“quid pro quo”). Even if the act was committed with the intention of benefiting a company and not an individual, corruption is configured and Beontag does not tolerate that such practice occurs.

All Beontag employees and Third Parties acting on behalf of or for the benefit of the Company are prohibited from offering, promising, authorizing or receiving (directly or indirectly) any undue advantage to Government Officials in order to induce, influence, facilitate or reward any official action or decision for the benefit of Beontag, own or others.

All legitimate and lawful payment or exchange of information with the Government, such as taxes, fees, contributions, fines, participation in bidding, must always be carried out formally, through official channels and through registered governmental documentation, always having as beneficiary legal entities governed by public law, and never individuals, even if it is the Government Official responsible for the entity.

Communications made with the Government should always take place in a clear, transparent and objective manner. There should always be caution in how to communicate so that there is no appearance of irregularity. The most appropriate form of communication with the Government is the official email of both interlocutors.

Meetings with Government Officials should only deal with matters of interest to Beontag, in accordance with all legal and internal limitations provided for by Beontag. Such meetings may take place in person or virtually and as a general rule should follow the following guidelines:

• Prior and formal scheduling, through an official agenda, indicating which subject will be discussed, name and contact of the participants, date and time, place of performance and to which Public Administration body is related, with the name and contact of the Government Official(s) who will conduct the meeting;
• Scheduling via official email from Beontag or, when initially carried out by telephone, formalize what is agreed by email;
• Presence of at least 2 (two) Beontag employees;
• Occurrence in the official premises of the Public Administration or Beontag, and should not occur in places such as restaurants, bars or residences;
• Record in minutes;
• Formalization after the meeting, by official email from Beontag, briefly containing the place and date of the meeting, full name and position of the participants, description of the subject matter, description of the deliberations taken and what will be the next steps, when applicable.

The documents related to these meetings must be sent to the Compliance Department. It is not necessary to have a complete formal record of interactions with the Government that are merely routine and bureaucratic regarding Beontag's activities, such as the execution of protocols or orders.

If any Government Official acts improperly or requests any undue advantage in exchange for any benefit or favor to Beontag or the employee, which causes embarrassment or has the potential to constitute unlawfulness or irregularity, you must immediately refuse the request, inform that the conduct is prohibited by law and by the Beontag Compliance Program and report the situation to the Compliance Department or Beontag Ethics Channel.

b. Relationship with Third Parties     
All suppliers, partners, service providers, intermediary agents and other partners conducting business with Beontag, by Beontag or on behalf of Beontag must act with the highest level of integrity, as Beontag may be held liable for acts of Third Parties, regardless of knowledge or consent to the practice of irregularities. We must ensure that all Third Parties with whom we engage are upstanding for best business practices.

In this way, Beontag will conduct a compliance risk evaluation of its Third Parties, according to a risk classification that will be assigned to them, through the performance of an integrity due diligence procedure, whose objective is to know and evaluate the integrity risks to which it may be exposed in its relationships with Third Parties, including so that, eventually, measures are taken to mitigate the identified risks. For more details regarding the complete flow of procedures prior to hiring a Third Party, please refer to Beontag's Third Party Hiring Policy.

All Third Parties hired by Beontag shall undertake to act in an integral and ethical manner in the business to be conducted with Beontag, formally expressing the commitment to comply with all anti-corruption rules and clauses, as well as the applicable guidelines of the Beontag Compliance Program. All Beontag contracts must contain compliance and anti-corruption clauses.

Examples of prohibited practices, which constitute acts of corruption practiced by Third Parties, are:

• Third party hired by Beontag bribes a Government Official to obtain a license, even if it does not meet the legal requirements, on behalf of Beontag;
• A third party hired by Beontag subcontracts a company during the provision of services to Beontag without Beontag's knowledge and authorization and the subcontractor makes improper payment to a Government Official on behalf of Beontag.

It is forbidden for Beontag Employees, therefore, to request, suggest or demand a Third Party to engage in or tolerate any conduct that the employee himself is prohibited from practicing, under the terms of this Policy, other internal rules of Beontag or applicable legislation. All Third Parties must act with the same degree of ethics that is expected of Beontag Employees.

c. Facilitation payment     
Facilitation payments are those made to both Public Officials and private sector officials to ensure or accelerate the execution of routine acts to which they are entitled.

It is important to understand the difference between bribery and facilitation payment, which is: bribery is offered with the intention of obtaining undue advantage/benefit from the Public or Private Agent by an individual or company that should not receive it in the first place, whereas facilitation payment aims to accelerate or facilitate the decision making, approval or expedition that the individual or company would be entitled and qualified to obtain.

An example of facilitation payment is an urgency fee for issuing authorizations, permits, licenses or official documents, in order to accelerate the process of obtaining, and there is no legal provision for the possibility of expediting.

Examples of routine actions are:

• Granting of permits, licenses, certifications or permissions
• Issuance of visas and residence and work permits
• Release of taxes
• Providing police protection services, collecting and delivering mail, or scheduling inspections
• Inspection and release of goods
• Internal procedure for the ratification of suppliers in a private company

The offer, agreement, promise or payment of facilitation to accelerate or favor the analysis and obtaining of routine actions to be carried out by its Employees and/or Third Parties is expressly prohibited.

d. Giveaways, Gifts and Hospitality     
Giveaways, gifts and hospitality can be configured as goods, services or experiences, which can be converted into monetary value, such as: movable goods, meals, concert tickets, air tickets, hotel nights, promotional products or discounts. Beontag allows the receipt or offer of giveaways, gifts and hospitality in accordance with internal rules, being restricted to the cultivation of good relationships with customers, suppliers, partners or other third parties, promotion of Beontag's image and brand, demonstration of Beontag's products and services or celebrations of special/relevant dates to the Company.

The offer or receipt of giveaways, gifts and hospitality must be in accordance with ethical standards, transparency, honesty and integrity, being forbidden to occur secretly or giving any appearance of irregularity and generate any embarrassments or risks to the image of Beontag. Any offer or receipt of these items must be duly registered by Beontag, in order to maintain transparency and adequate accountability.

Regardless of the value, giveaways, gifts and hospitality must follow the following rules, so that they cannot:

• Objective the influence in obtaining an undue advantage;
• Be offered or received in the form of cash or cash equivalents (cheque, transfer);
• Represent exchange of favors;
• Generate or cause the appearance of undue special/preferential treatment;
• Be offered or received on behalf of Beontag without the knowledge of Beontag.

Beontag Employees and Third Parties acting on their behalf or benefit are prohibited from accepting or offering any kind of advantage, such as giveaways, gifts and hospitality, to Government Officials, people close to them, or people under private law with the purpose of influencing their decisions or obtaining their own benefit or for Beontag, regardless of the minimum value. Such practice represents a form of corruption and is prohibited by Beontag. No offer of a giveaway, gift or hospitality by Beontag should be made expecting an advantage in return.

It is forbidden to receive or offer giveaways, gifts or hospitality to or from Third Parties (suppliers, partners, service providers) and/or candidates participating in Beontag's internal selection processes, hiring or any other decision-making, as well as in situations where Beontag is in the process of competing to obtain a contract or other commercial benefits.

Any offer or receipt of giveaways, gifts and hospitality must always be in accordance with the principles of transparency, integrity, honesty and ethics, avoiding any transaction carried out secretly or appearance of irregularity that may generate any kind of confusion, discomfort or irregularity to those involved.

The receipt or offer of gifts and hospitalities must be informed to the Compliance Department, so that, if necessary, some mitigating action is taken. It will only be allowed, without the need to report to the Compliance Department, the receipt or sending of institutional giveaways and without any commercial value (for example, pens, agendas, caps, calendars, among other promotional materials usual in the business environment).

The offer of gifts or hospitalities by Beontag will be analyzed by the Compliance Department, upon prior written request of the requesting department, with relevant justification, description of expenses, purpose of the offer, who will be the recipient and any other information specific to the case that is relevant for analysis.

If employees receive promotional giveaways or presents with commercial value, they must be delivered to the Compliance area for a draw among the Company's employees. The draws will be monitored by the Compliance area to ensure the integrity and transparency of the procedure. If a giveaways, gifts or hospitality is offered in disagreement with the guidelines of this Policy, and it is not possible to refuse or receive for reasonable reasons, specific to the context, such as the tradition of the local culture, the Compliance Department must be called immediately, so that the specific situation is evaluated and, if necessary, a formal response of refusal to the offeror is prepared, respecting good customs, in order to maintain the good relationship, good practices and transparency of Beontag.

Before offering or receiving a giveaways, gifts or hospitality on behalf of Beontag, some questions should be asked in order to assess the appropriateness of the situation. If any of the answers to the questions below are “yes”, do not make any immediate decisions and consult with Beontag's Compliance Department:

• In the event that the receipt or offer of the giveaways, gifts or hospitality is disclosed in mass media, would there be reason for personal or Beontag embarrassment?
• Is there any expectation of retribution or reciprocity in the situation?
• Is there/will there be any difference in the treatment accorded to you or the individual who will receive the giveaways, gift or hospitality compared to others in the same situation?
• Does the time of receipt or offering of the giveaways, gifts or hospitality include any negotiation or decision making that may influence or affect, in any way, the business of Beontag?
• Receiving or offering the giveaways, gifts or hospitality occurs on a recurring and habitual basis (more than twice in a year for each practice?)

The offer or receipt of hospitalities within the scope of Beontag must be in accordance with Beontag's standards of reasonableness, proportionality and transparency. There should be no ostentatious, exaggerated or luxurious expenses in the field of hospitality. All hospitality expenses must have a clear and explicit commercial purpose, being beneficial to Beontag and the parties involved, without violating any internal rules or applicable legislation.

Beontag will consider as misconduct, and, therefore, violation of internal integrity rules, the act of concealing the receipt or offer of giveaways, gifts and hospitality, subject to disciplinary action, in accordance with Beontag rules.

Hospitality must be exclusively related to the object of Beontag's contract, commercial negotiation or benefit, provided that there is no violation of applicable rules.

If the hospitality involves any Government Official, the prior authorization of the Compliance department will be essential.

The situations related to amounts related to the provision of hospitalities within the scope of Beontag are due and described in detail and regulated in the Expense Reimbursement Policy, which must be observed in addition to this Policy.

Beontag's Finance Department shall maintain an up-to-date and accurate record of all offers and receipts of giveaways, gifts and hospitalities from the Company in order to maintain accountability, accuracy, control and transparency with respect to practices. Such records shall be part of Beontag's books and accounting and financial records, in a reliable and complete manner.

e. Donations and Sponsorship     
Donations and sponsorship contributions will be made with the highest standard of transparency, integrity and legality. Beontag will only make donations or sponsorships that are in full compliance with national and international legal and constitutional provisions.

The granting of any donation or sponsorship does not guarantee authorization to use the Company's logos and brands. No donation or sponsorship may be granted without due diligence and knowledge and authorization from the Beontag Donations and Sponsorships Committee. It is forbidden for any employee, partner or third party with whom Beontag relates to make a donation or sponsorship in the name and/or interest of Beontag, without prior and express authorization.

Beontag and all companies in the group do not make electoral donations or for political movements and prohibit any form of support, donation or contribution of a political and electoral nature, directly or indirectly through third parties, whether financial or non-financial, on behalf of Beontag or expressing any link with the Company.

All donations and sponsorships made by Beontag must comply with our internal Policies and procedures, as well as with the company's values and mission. For more information, please refer to Beontag's Donations and Sponsorships Policy.

f. Conflict of Interests     
In order to avoid any conflicts of interest, Beontag expects that everyone does not practice any preferential treatment to anyone who is out of personal interest or aspiration. A distinction shall be maintained between the business of the Company and that of particular scope.

Beontag's interests must override personal interests in situations that may be conflicting. It is not allowed to use the position, function or position in Beontag and the confidential information to which you have access within the Company for your own benefit, relatives, close people or any other Third Parties, in order to harm Beontag. Beontag Employees shall not have direct or indirect involvement with businesses that may conflict with the interests of the Company.

g. Compliance and Anti-Corruption Clauses     
The inclusion of an anti-corruption clause in all contracts entered into between the Company and its Third Parties is mandatory, whereby the parties declare their knowledge of the Anti-Corruption Rules and undertake to comply with them in full, by abstaining from any activity that constitutes or may constitute a violation of applicable law.

The refusal or non-compliance with the aforementioned clauses, especially with regard to anti-corruption aspects, may generate strict sanctions to Third Parties, and it is possible that there is a request for clarification, the suspension or termination of the contract, and even the exclusion from Beontag's list of suppliers, without prejudice to other applicable legal measures, including the filing of a lawsuit.

h. Mergers, Acquisitions and Other Corporate Transactions     
At any time when Beontag seeks to carry out new business through merger, incorporation, acquisition, among other economic operations, an integrity Due Diligence procedure must be carried out prior to the closing of the operation, to identify the history of involvement with corruption, fraud, money laundering or other illegal conduct involving the other company that is involved in the economic operation. Beontag undertakes to carry out adequate and reasonable Due Diligences on the reputation and integrity of any companies in which it invests or carries out any corporate operation, adopting risk mitigation measures or even giving up for the continuation, whenever necessary.

After the Due Diligence procedure and decision to continue the corporate operation, in compliance with the rules of Beontag's Compliance Program, the contracts resulting from the negotiations must contain the appropriate compliance and anti-corruption clauses.

Subsequently, in cases where the corporate operation is concluded, Beontag will conduct an analysis as to the degree of compliance of the organization with the Anti-Corruption Standards and, when necessary, will conduct an improvement or implementation process for the effective adaptation to applicable legislation and Beontag's internal Policies and Procedures.

i. Accounting and Financial Books and Records     
Beontag shall keep all its books and accounting and financial records updated, in a complete, detailed, transparent and accurate manner, in order to meticulously reflect the economic and financial reality of Beontag's business.

Beontag's business transactions must be faithfully recorded, including proper supporting documentation, the nature of the assets involved, all parties, amounts, dates and any other relevant information specific to each case, so that the Company's books reflect the economic and financial reality of Beontag.

This includes, for example, the accurate identification of all payments to third parties acting for or on behalf of Beontag, as well as donations, sponsorships, gifts, meals, entertainment or other hospitality involving public entities, individuals or private legal entities.

It is forbidden to perform any act of falsification of documents, financial records and approval of reports and other internal controls of Beontag.

It is not allowed to record false, fraudulent, incomplete or erroneous financial information with respect to Beontag's business, even if unintentionally.

j. Participation in Public Tenders and Execution of Administrative Contracts     
If the Company or any Third Party acting on behalf of Beontag will participate in public bids or execute administrative contracts, it will be subject to and must comply with the legal provisions of local legislation that provides for bidding procedures and administrative contracts and other anti-corruption rules.

The practice of any acts with the objective of obtaining undue advantages in the course of bidding procedures or administrative contracts is absolutely prohibited.

It is prohibited, within the scope of participation in bids and execution of administrative contracts:

• Fraud, in any way, public bidding or contract arising therefrom;
• Prevent, disturb or defraud the performance of any act of public bidding process;
• Act fraudulently to obtain undue benefit arising from the execution, extension, amendment or termination of a contract with the Government;
• Manipulate or defraud the economic and financial balance of contracts with the Government;
• Agree prices with other participants;
• Act to frustrate or commit fraud against competitive bidding character;
• Influence, directly or indirectly, the definition of the terms used in the call document, in order to avoid or hinder the participation of competitors or gain an advantage to Beontag;
• Offer advantage or defraud process so that other bidders are removed from the procedure;
• Create a legal entity through fraud to participate in public bidding or enter into a contract with the Government.

Beontag categorically repudiates any illicit way to influence or harm bids or contract celebrations with the Government. Beontag's Compliance Department or Ethics Channel must be called immediately if it is identified that there is, has been or will be any act detrimental to the integrity of bids and execution of administrative contracts.

 7. ETHICS CHANNEL

In case of any suggestions or doubts about this Anti-Corruption Policy, access the Beontag Ethics Channel.

It is the duty of all Employees and Third Parties to immediately report any and all acts or indications of corruption, fraud, misconduct, violations of Beontag's internal Policies or applicable legislation, to the Beontag Ethics Channel, in order to ensure the protection of the ethical and legal principles adopted by the Company and preserve its image in the market.

The Ethics Channel can be accessed via:

• Telephone 0800 512 7702;
• Website https://www.contatoseguro.com.br/beontag

This channel is managed by a specialized company, being an independent, secure, confidential and impartial tool, available 24 hours a day, 7 days a week and 365 days a year to the internal and external public of Beontag. It is possible to make anonymous reports when using the Channel, always maintaining responsibility, ethics and good faith when making reports, which must be consistent and true. There will be no retaliation for sending reports in good faith, and it will be guaranteed that no individual, including Beontag employees, will be exposed or punished for using the channel tool or for participating in investigation processes arising from the reports. Any type of retaliation against whistleblowers, victims and witnesses of any case reported to the Channel or the Compliance Department is prohibited.

Any situations, doubts, questions, exceptions and/or clarifications on the application of this Policy should be directly to the Compliance Department, through the email: [email protected].

8. INVESTIGATIONS AND SANCTIONS

Any complaints, even if suspected, of violations of this Policy will be forwarded to the Data Protection Committee and submitted to an internal investigation procedure by Beontag's Compliance Department. If it is found, after a robust investigation, that there was misconduct, sanctions may be applied by Beontag, proportional to the nature or severity of the infraction committed.

Any Employee or Third Party that violates any provision of this Policy will be subject to disciplinary sanctions and related consequences, such as: (i) verbal or written warning; (ii) suspension; (iii) dismissal without cause; (iv) dismissal with cause; (v) exclusion of the Third Party from the Company's list of suppliers; (vi) filing of a relevant lawsuit.

In addition, the person responsible for the practice of an unlawful act may suffer judicial and/or administrative punishments, in accordance with the legislation of the country in which there is jurisdiction.

The act of not reporting acts of corruption, fraud or other misconduct that represent a violation of Beontag's internal rules and applicable legislation constitutes non-compliance with this Policy and may be duly punished. Recklessness, negligence and willful failure are also considered violations of this Policy and may be subject to disciplinary sanctions.

Policy with Customers and Suppliers

1. OBJECTIVE

Reinforce the commitment of Beontag, or “Company” to maintain the highest standards of integrity, ethics and governance in the conduct of its business by establishing lawful relationship guidelines with competitors, suppliers and customers.

The purpose of this Policy is to ensure that all Employees and Third Parties understand the guidelines of this Policy and the applicable legislation, especially in relation to national and international laws and good practices in defense of competition and prevention of crimes against the economic order. Compliance with this policy by everyone involved in the Company's business is essential to ensure the sustainability and protection of the Company's reputation.

2. SCOPE

This Policy must be known and fully complied with by all Employees, employees, service providers, interns and Senior Management of Beontag and all its subsidiaries, especially by those who relate directly to competitors, customers and suppliers. In addition, this Policy shall be complied with by any Third Parties acting on behalf of, in the interest of or for the benefit of Beontag, as applicable.

3. TERMS AND DEFINITIONS

For the purposes of this Policy, certain terms must be understood as follows:

Government Official: who exercises public function, temporarily or permanently, with or without compensation, by election, appointment, designation, hiring or any form of investiture or bond, mandate, position, employment or public function of any level of government, department, agency or national and foreign body. The equivalent of a Government Official is anyone who works for a company providing a service contracted or associated with the execution of a typical activity of the Public Administration. Also considered as Government Official occupying or candidate for public office; political party or member of political party; representatives of international public organizations; members of the royal family; and any person who carries out activities or represents any of the aforementioned persons or organizations.

Relative: person with whom one has a family relationship up to the third degree. For example: parents, children, siblings, spouses, partners, uncles, nephews, grandparents and grandchildren. Additionally, we also consider as “Relatives” those relatives by affinity, such as stepfather, stepmother, stepchildren, in-laws, son-in-law/daughter-in-law, brother-in-law and brother-in-law.

Third Parties: Third Parties are the Company's suppliers, partners, consortiums, service providers, or subcontractors, including, for example, consultants, lawyers, agents, as well as individuals and legal entities that are commercial representatives of the Company.

Undue Advantage: is one that involves any type of illicit profit, gain, privilege or benefit, promised, given or offered for an individual to act contrary to moral, ethical or directly related to the exercise of their function. The concept should be understood broadly and not just the mere payment in cash. The advantage is anything that has any value to the Public or private Agent, even if it has no value to the grantor, such as money or in the form of goods, giveaways, gifts, job vacancies, lunches, dinners, expenses with travel or entertainment, provision of services, benefits and favors, donations, sponsorships.

4. GENERAL GUIDELINES

Beontag aims to apply ethics, transparency and integrity to its internal and external reality, in the activities it provides and in all the relationships it cultivates, these are fundamental principles and indispensable for maintaining the trust and respect that the Company has earned. Thus, all relationships with competitors, customers and suppliers should be guided by these principles.

We encourage and value the practice of free competition and initiative, considering that they are extremely relevant factors for a balance of the market in which Beontag is inserted. In this way, Beontag encourages its Employees, suppliers and even competitors to act competitively, provided that all applicable antitrust legislation is strictly respected. Any interaction with a competitor must occur lawfully and for legitimate reasons, and the practice of anti-competitive conduct is absolutely prohibited.

All Beontag suppliers are expected to act with the same degree of ethical rigor required internally. These third parties must be aware of and undertake to comply with Beontag's Code of Ethics and Conduct and all other policies and procedures related to the products or activities they offer or provide to the Company.

To maintain the reputation, primacy and trust earned by Beontag, we must always act in an integral, respectful and appropriate manner before customers, serving everyone with promptness, technical quality, transparency and ethics.

5. RELATIONSHIPS WITH COMPETITORS

In the normal course of the Company's business, Employees, depending on their functions, may maintain legitimate relationships and interactions with competitors at meetings or in the context of professional associations or unions. On these occasions, the exchange of information that could harm free competition, in order to favor or harm the Company or a competitor, is prohibited.

In addition, exposure to risks related to interactions with competitors should be avoided, especially in contexts that may entail sharing sensitive and confidential information or coordinating any joint initiative in the market that may hurt competitiveness.     
             
The Company's competitors may also be its customers, partners or suppliers. In this case, communications with competitors will be strictly limited to those that are connected with the relationship in question.

To ensure that interaction with a competitor is in accordance with applicable competition protection and free enterprise legislation, the general relationship and any interaction of Employees with competitors must comply with the following parameters:

It is prohibited to agree, combine, manipulate, adjust or allow to be agreed, combined, manipulated or adjusted with a competitor, tacitly or expressly, formally or informally, in writing or verbally, in order to:

1. Limit competition;
2. To agree, negotiate or give access to information regarding specific actions related to market trends, discounts, current or future pricing, commercial variables, confidential business strategy plans, profit calculations, innovations, expansion projects;
3. To divide or allocate customers, suppliers, regions or periods;
4. To discriminate purchasers or suppliers of goods or services by means of differentiated pricing, or operational conditions of sale or provision of services;
5. To impose, in the trade in goods or services, distributors, retailers and representatives, resale prices, discounts, payment terms, minimum or maximum quantities, profit margin or any other marketing conditions relating to their business with third parties;
6. To coordinate acts with competitors with the objective of setting prices and remuneration; boycott suppliers or customers; limit access or development of new companies in the market; exclude customers, suppliers or other competitors from the market; impose difficulties and obstacles to the constitution, development, operation or evolution of competitors;
7. To refuse, without commercial, reputational, economic or strategic justification, the provision of services to customers;
8. To refuse the sale of goods or the provision of services, within normal commercial payment conditions;
9. To condition the sale of a good on the acquisition of another good or the use of a service, or to condition the provision of a service on the use of another good or the acquisition of a good.

The above list is merely exemplary and it is not necessary that it is achieving the intended result for qualification of prohibited and anti-competitive practice. The attempt, even if it fails, to enter into an agreement to harm competition may constitute an unlawful act between competitors, subject to punishment.

The exchange of information and/or discussion of competitive and commercially sensitive matters such as: prices, pricing or discount policies, terms or conditions of sale (including promotions, promotion scheduling and discounts), credit terms and collection practices, terms and conditions offered by suppliers, profit margin or profit, commission amounts, costs, business and investment plans, expansion plans, marketing strategy, matters related to bids (including the intention to participate or not in a bid for a particular contract or project), warranty terms, among other practices that may, directly or indirectly, interfere in the market.

Be very careful when participating in fairs, meetings or any events where competitors are present. Employees are prohibited from participating in meetings where prices or other sensitive information are discussed by competitors. If during a meeting, event or any form of legitimate interaction a discussion arises about prices or any of the matters mentioned above, the Employee must leave and record their departure in the minutes, as applicable. In no event is it allowed that, in the position of representative of Beontag, an individual associates with other entities or individuals for the purpose of coordinating, discussing, sharing or giving access to information that generates prohibited activities with other competitors.

No Employee is allowed to authorize the provision of services at excessively low prices (with the purpose of harming competition or eliminating a competitor. Under no circumstances may an Employee set prices below the cost of production to "punish" or "retaliate" a competitor, with the aim of eliminating, harming or forcing him to adopt a certain pricing policy or competition policy.

In the face of bidding procedures with the Government or competition procedures conducted by private entities, the following conducts between the Company and one or more competitors are strictly prohibited:

1. Previously discuss or exchange specific information about the bidding process;
2. Reveal or discuss participation in a specific bidding procedure;
3. Submitting bids that are fictitious, "pro forma", very high or that contain specific conditions that make them unacceptable, although presented as genuine ("hedging bids");
4. Rotation of winning bids, whereby competitors agree to alternate between the company that will present the winning bid;
5. To suppress or limit the bid, when bidders agree to abstain from submitting a bid or withdraw their respective bids so that the bid submitted by another bidder is declared the winner;
6. Signing of subcontracting contracts, through which the bidders agree that, if the other bidder abstains from submitting a proposal or presenting a coverage proposal, the latter will be subcontracted to provide some type of service by the company that wins the bid.

6. CUSTOMER RELATIONS

The relationship with customers is one of the pillars of Beontag, and should be respected and valued. All customer service must be carried out with excellence, including as a way to protect and watch over the image of Beontag. To ensure that customer relations are in accordance with current legislation and good market practices, as well as aligned with Beontag's values and mission, Employees must proceed in accordance with the following guidelines:

• Beontag must provide any and all services, as well as offer any product with a very high level of excellence, respect, differentiated technical quality, precision, transparency and speed. Customers should be treated fairly and equitably.
• Beontag Employees should only offer or recommend products and services appropriate to the needs, objectives and reality of customers, so as not to unfairly harm or influence customers. In any relationship, true and accurate information must be provided, through which customers can make free and informed choices.
• Employees must inform customers of their rights and responsibilities in the business relationship, clearly describing the costs, burdens and possible risks involved in each transaction. Such practices aim to maintain dialogue and trust with customers and preserve Beontag in these relationships.
• Under no circumstances will Employees attempt to coerce customers into hiring competing Beontag companies or any other form of imposition on customers that limits their power of freedom or choice. It is absolutely forbidden to impose conditions, barriers or geographical divisions that negatively impact the market, and must serve everyone equally.
• It is strictly prohibited to prevent access to sources of input, raw materials, equipment or technology, as well as to distribution channels.
• It is forbidden to reject contracts signed with customers without reasonable commercial, reputational or legal justification, as well as without the appropriate economic basis. To ensure that termination of business relationships with the customer is lawful, the decision to terminate a business relationship must be based on sound business or business reasons. Such practice may constitute an act harmful to free initiative, and may be subject to legal punishment. All information regarding commercial negotiations and initiatives, including those that have not continued, must be rigorously recorded by Beontag, in order to ensure transparency and accountability.
• Under no circumstances may an Employee engage in agreements with any customer to terminate a business relationship with another customer, including when entering into exclusivity agreements that may harm other customers or the balance of the market.
• The practice of conditioning, explicit or implicit, the acquisition of a service or product to the purchase of another service or product is prohibited.           

It is Beontag's duty to protect the confidential information and personal data of its customers that are under its ownership and responsibility, so that it is not allowed to disclose or share this information without the prior formal authorization of the customer, except in cases where the information is previously identified as “public” or where there is a legal basis.

All Beontag Employees are prohibited from sharing any commercial information of customers for personal advantage, relatives, close persons or third parties, to any party, such as competitors, partners or third parties that may benefit from the information directly or indirectly.

If the Company evaluates the possibility of agreeing an exclusivity or non-competition clause in a given contract with customers, the Legal Department must be consulted in advance, in order to verify the legality of the contract and the clause, as well as the need for prior notice to specific regulatory and/or competitive agencies.

7. SUPPLIER RELATIONS

Any commercial transaction with suppliers must be carried out in a transparent and appropriate manner, always being necessary to adopt an ethical and integral posture. Any and all applicable legislation must be complied with.

Beontag's suppliers must act in order to ensure the name and reputation of Beontag, being prohibited from engaging in any unlawful conduct during the performance of the contract they have with the Company.

Every relationship with suppliers must be in accordance with Beontag's internal Policies and Procedures, such as the Third Party Contracting Policy, and observe the risks and mitigation measures identified in each specific case before entering into any contract.

Employees must not condition the acquisition of products or services on reciprocal negotiations by the provider of the Company's services. The term “reciprocal negotiation” or “reciprocity” refers to the use of the purchasing power of the manufacturer or service provider to coerce a supplier into granting its favor in selling the product or providing the service.

Employees can and must legally negotiate to obtain the best price, discount and purchase conditions. However, as purchasers, Employees must not intentionally induce prices, promotional discounts or services that constitute systematically unequal treatment, not justified by commercial or market reasons. Likewise, Employees must not mislead a supplier with false information, such as overestimated purchase volumes, for example, in order to obtain commercial offers on more competitive terms.

It is prohibited to offer, receive, grant or promise, directly or indirectly, payment of undue advantage to obtain, retain or renew business, guarantee commercial advantage or improperly influence any other decision making or action related to Beontag's suppliers.

Collective purchasing contracts can only be signed if the following conditions are met:

1. Existence of an economic reason to enter into the contract, such as better efficiency and better cost; and
2. The contract will not generate anti-competitive effects.

It is forbidden for Beontag to relate commercially to suppliers who employ, directly or indirectly, any form of forced, slave, slave or child labor.

Beontag suppliers are not allowed to subcontract activities related to the object of the contract with Beontag without the prior and formal authorization of Beontag. Any claim for subcontracting must be communicated to Beontag by the supplier, so that the intended subcontractor is subject to Beontag's internal controls and rules.

8. ETHICS CHANNEL

In case of any suggestions or doubts about this Relationship Policy with Competitors, Customers and Suppliers, access the Beontag Ethics Channel.

It is the duty of all employees and Third Parties to report any and all acts or evidence of anti-competitive practices or violations of this policy in the Company's whistleblower channel, in order to ensure the protection of the ethical and legal principles adopted by the Company and preserve its image in the Marketplace.

The Ethics Channel can be accessed through:

• Telephone 0800 512 7702;
• Web site: https://www.contatoseguro.com.br/beontag

This channel is managed by a specialized company, being an independent, secure, confidential and impartial tool, available 24 hours a day, 7 days a week and 365 days a year to the internal and external public of Beontag. It is possible to make anonymous reports when using the Channel, always maintaining responsibility, ethics and good faith when making reports, which must be consistent and true. There will be no retaliation for sending reports in good faith, and it will be guaranteed that no individual, including Beontag employees, will be exposed or punished for using the channel tool or for participating in investigation processes arising from the reports. Any situations, doubts, questions, exceptions and/or clarifications on the application of this Policy should be directly to the Compliance Department, through the email: [email protected].

9. INVESTIGATIONS AND SANCTIONS

Any complaints, even if suspected, of violations of this Policy will be forwarded to the Data Protection Committee and submitted to an internal investigation procedure by Beontag's Compliance Department. If it is found, after a robust investigation, that there was misconduct, sanctions may be applied by Beontag, proportional to the nature or severity of the infraction committed.

Any Employee or Third Party that violates any provision of this Policy will be subject to disciplinary sanctions and related consequences, such as: (i) verbal or written warning; (ii) suspension; (iii) dismissal without just cause; (iv) dismissal with just cause; (v) exclusion of the Third Party from the Company's list of suppliers; (vi) filing of the pertinent lawsuit.

In addition, the person responsible for the practice of an unlawful act may suffer judicial and/or administrative punishments, in accordance with the legislation of the country in which there is jurisdiction.

If Beontag is ordered to indemnify damages of a moral or material nature, proven in any judicial or administrative action of any nature, the harasser will be called to participate in the process or will be notified back to reimburse Beontag for the amounts spent, duly updated in the molds of current legislation.

Third Party Contracting Policy

 1. OBJECTIVE

Establishing the guidelines, processes, responsibilities and controls in hiring Third Parties for the acquisition of items and services by Beontag, or "Company", preventing, identifying and mitigating material and reputational risks that can be imputed to Beontag due to possible committing, by Third Parties, acts of corruption, fraud, embezzlement, and other related illegalities).

This document also establishes guidelines to ensure the transparency and security of transactions, so that the Third Parties contracted by the Company are aware of and act in strict compliance with applicable laws, codes, rules and regulations.

2. SCOPE

This Policy must be known and fully complied with by all Employees, employees, service providers, interns, Senior Management of Beontag and all its subsidiaries, especially by those who participate, directly or indirectly, in the flow of hiring Third Parties by Beontag. In addition, this Policy shall be complied with by any Third Parties acting on behalf of, in the interest of or for the benefit of Beontag, as applicable.

3. ASSIGNMENTS

1. Purchasing Department: It is the responsibility of the Purchasing Department to ensure that the criteria defined in this Policy are fully met.
2. Employees: It is the responsibility of employees to follow the criteria defined in this policy.
3. Compliance Department: It is the responsibility of the Compliance Department to conduct the Third Party Due Diligence procedure, and to review and monitor, in accordance with the guidelines and in the specific situations identified in this Policy, the hiring of Third Parties identified as Medium and High Risk. After evaluating the risks involved with the Third Parties, the Compliance Department may recommend the approval or disapproval of the contract, duly recording the reasons and evidence for each opinion.     
   The Compliance area may, in specific situations, adopt stricter procedures than those provided for in this policy for contracting Third Parties, when it deems them appropriate based on a risk assessment. In these situations, the Compliance Department will bring such procedures to the attention of the Employees involved in the hiring so that they are fully complied with.

3.4. Financial Department

It is the responsibility of the financial area to request and analyze the financial documentation for Third Parties contracting, according to the value of the services that will be contracted.

4. RESPONSIBILITIES

a. Responsible for the execution of the Policy's attributions

Purchasing: ensuring the application of the policy in full, making purchases in accordance with this policy, approving, researching, developing and evaluating suppliers in accordance with the legal and ethical principles that govern the Company's activities, in addition to providing support for defining purchasing strategies;

Requester: Correctly specify the material/service to be purchased in accordance with the guidelines and procedures indicated in this policy;

Compliance Department: Conduct Third Party Due Diligence procedure in accordance with this Policy, review and evaluate situations in which warning signs are identified (according to item 7 below), as well as carry out approvals (or disapprovals, if applicable) of the hiring of a Third Party identified as “Medium Risk Third Party” and “High Risk Third Party”, guide the Requestors and the Purchasing Department when necessary and periodically monitor the compliance and effectiveness of this Policy. In case of doubt, guidance is the responsibility of the Compliance area.

b. Responsible for monitoring the execution of the Policy assignments

It is the responsibility of the Purchasing and Compliance area to ensure compliance with this policy's activities through periodic monitoring. The respective duties of the Purchasing and Compliance Departments in monitoring activities related to the hiring of Third Parties will comply with the classification criteria of the Third Parties established in item 7 of this Policy.

c. Responsible for maintaining the Policy

The Compliance area will be responsible for maintaining and updating this policy.

5. TERMS AND DEFINITIONS

The terms set out below will be used throughout the policy with the following meanings:

Government Official: who exercises public function, temporarily or permanently, with or without compensation, by election, appointment, designation, hiring or any form of investiture or bond, mandate, position, employment or public function of any level of government, department, agency or national and foreign body. The equivalent of a Government Official is anyone who works for a company providing a service contracted or associated with the execution of a typical activity of the Public Administration. Also considered as Government Official occupying or candidate for public office; political party or member of political party; representatives of international public organizations; members of the royal family; and any person who carries out activities or represents any of the aforementioned persons or organizations.

Due Diligence: methodical procedure for analyzing information and documents with a predetermined objective of knowing the organization and its managers with which the Company intends to relate and interact, identify any risks related to it and, potentially, adopt measures to mitigate these risks.

Anti-Corruption Standards: any and all national or international legislation that has been edited and promulgated to prevent and combat corruption and economic crime, such as: Foreign Corrupt Practices Act (FCPA) – Legislation on Corrupt Practices in the United States of America, with cross-border effect; Brazilian Anti-Corruption Law (Law No. 12.846/2013 and Decree 8.420/2015) - Compose the Brazilian anti-corruption legislation; United Kingdom Bribery Act (UKBA) – Anti-corruption legislation of the United Kingdom, being the most restrictive law on the subject; French Anti-Corruption Law (Sapin II - Law No. 2016-1691) – Legislation with international coverage; Italian Anti-corruption Legal Framework (Laws 11/06/2012, nº 190, 05/27/2015 No. 69, 01/09/2019 No. 3, 2016 No. 229 and Decrees 12/31/2012, No. 235, 03/14/2013, No. 33, 04/16/2013, No. 62, 08/04/2013, No. 39), Argentina Anticorruption Law No. 27.401).

Politically Exposed Persons: It is Government Officials, former Government Officials or their families who carry out relevant public activities, representing, directly or indirectly, national or international governments, such as:

• Holders of elective mandates of the Executive and Legislative Powers;
• The holders of offices in the Government Union:
• Minister of State or equivalent;
• President, vice-president and director, or equivalent, of indirect public administration entities; and
• The presidents and national treasurers, or equivalent, of political parties;
• Governors and Secretaries of State, State and District Deputies;
• Mayors, Councilors, Municipal Secretaries;
• Persons abroad who are (a) heads of state or government; (b) politicians of higher echelons; (c) occupants of governmental positions of higher echelons; (d) general officers and members of higher echelons of the Judiciary; (e) executives of higher echelons of public enterprises; or (f) leaders of political parties;
• Senior managers of public or private international law entities.

Third Parties: Third Parties are the Company's suppliers, partners, consortiums, service providers, or subcontractors, including, for example, consultants, lawyers, agents, as well as individuals and legal entities that are commercial representatives of the Company.

Undue Advantage: is one that involves any type of illicit profit, gain, privilege or benefit, promised, given or offered for an individual to act contrary to moral, ethical or directly related to the exercise of their function. The concept should be understood broadly and not just the mere payment in cash. The advantage is anything that has any value to the Public or private Agent, even if it has no value to the grantor, such as money or in the form of goods, giveaways, gifts, job vacancies, lunches, dinners, expenses with travel or entertainment, provision of services, benefits and favors, donations, sponsorships.

6. GENERAL GUIDELINES

This Policy has as its main guideline to curb acts of corruption committed by Third Parties contracted by Beontag. Thus, all Company employees must ensure the execution of business, including the contracting of any Third Parties, seeking to safeguard the legal and ethical principles that govern the Company's activities, without granting privileges or benefits of any kind.

For this reason, Employees must conduct due diligence prior to hiring these Third Parties, strictly complying with the procedure and requirements established in item 8 of this Policy, according to the risk classification of the Third Party to be hired.

One of the items to be evaluated as a way to mitigate any risks involved with Third Parties that may relate to Beontag is to identify whether they have mechanisms, procedures and integrity controls implemented internally to prevent any irregularities, especially related to the prevention of acts of corruption and fraud, from occurring within the scope of the provision of services. All Third Parties must be aware of and agree to comply with Beontag's internal rules of ethics and integrity.

In addition, the Beontag has strict rules provided for in its Anti-Corruption Policy regarding payments of any kind made by its employees to intermediaries, Third Parties and Government Officials. Any contracts or commercial relationships maintained with Third Parties must meet the following guidelines:

• Adoption of objective criteria for conducting business (technical, commercial, economic, reputational or legal);
• Legitimate Business Reason: there must be a real and legitimate business reason for engaging the Third Party;
• Quotation: the selection of the Third Party must have been preceded by a quotation process by at least 2 (two) Third Parties;
• Contract: the Third Party must sign a contract (when applicable) describing its attributions and obligations in a clear, specific and transparent manner;
• Compensation: the compensation of the Third Party must not be excessive in view of its functions and compatible with the market value, and payment must be made via transfer to the bank account held by the Third Party;
• Adequate records: the Third Party must present proof with the real value of the service provided and other information necessary for the proper registration of the transaction;
• Anti-Corruption Clause: contracts entered into with Third Parties must contain the Anti-Corruption Clause, by which they undertake to fulfil their obligations in compliance with the Anti-Corruption Standards and act in accordance with the Company's policies.

As a rule, the following hypotheses make the hiring of Third Parties or subcontracting unfeasible and not allowed by Beontag:

• Contracting a Third Party that does not have the technical capacity to meet Beontag's requirements and needs;
• Contracting a Third Party that refuses to observe anti-corruption laws and other applicable laws, rules and internal Policies of Beontag;
• Contracting a Third Party that refuses to adopt recommended mitigation measures after carrying out a Due Diligence procedure;
• Contracting a Third Party that has points of attention and refuses to assume the obligation in relation to the promise, offer or give undue advantage to Public or Private Agents;
• Contracting a Third Party that has points of attention and refuses to assume the obligation not to commit acts of corruption, especially during performance on behalf, benefit or interest of Beontag;
• Contracting a Third Party that may have the objective of obtaining an undue advantage to the detriment of Beontag;
• Contracting a Third Party that provides incomplete, misleading or insufficient information that impairs the proper risk assessment of the Third Party.
• Contracting a Third Party or its partners/main shareholders/directors who have been tried and convicted in a judicial proceeding with res judicata for crimes of corruption, money laundering, fraud, illicit enrichment, environmental crime, use of forced labor, child labor or analogous to slavery, violence, or other crimes provided for in applicable local legislation.

Contracts will only be allowed in disagreement with the provisions of this Policy, in cases of emergency purchases (material or service not planned and necessary to solve an emergency situation, which cannot be postponed), after due analysis as to the urgency and prior approval of the emergency contracting procedure by the Board of Directors of the Department responsible at Beontag, under penalty of immediate termination of the contract between the Company and the Third Party and the imposition of internal sanctions applicable to Employees.

In case of any doubt, situation that generates discomfort, potential warning signs or identified risks, the Compliance Department must be called immediately to assess the situation and provide appropriate guidance.

The renewal of the Due Diligence procedure must occur on a periodic basis of 1 (one) year for Third Parties that have a contract with a term of more than 1 (one) year with Beontag or when new risks or warning signs are identified. If the Requestor requests the Compliance Department, the renewal must be carried out on an exceptional basis.

7. INITIAL RISK CLASSIFICATION

Beontag Third Parties, in accordance with the guidelines of this Policy, will initially be classified into the categories “Low Risk Third Parties”, “Medium Risk Third Parties” and “High Risk Third Parties”, being:

       5.1. Low Risk Third Parties: any Third Parties contracted by Beontag for the acquisition of items or services (e.g., raw material suppliers, hiring of painters, etc.) up to the annual amount of R$ 100,000.00 (one hundred thousand Brazilian reais) or US$ 120,000.00 (one hundred and twenty thousand American dollars) and that do not involve any interaction with a Government Official on behalf of the Company or its commercial representatives;

       5.2. Medium Risk Third Parties: any Third Parties hired by the Company that provide advisory or consulting services to the Company, including economic, financial, legal, marketing, and communication consulting services, as well as any Third Parties that in any way interact with Government Officials on behalf of the Company, such as its commercial representatives, whose hiring is limited to the annual amount of R$ 150,000.00 (one hundred and fifty thousand Brazilian Reais) or US$ 200,000.00 (two hundred thousand American dollars);

       (iii) High Risk Third Parties: High Risk Third Parties are considered to be:

1. Any Third Parties hired by the Company that provide advisory or consulting services (indicated above) to the Company in an annual amount greater than R$ 150,000.00 (one hundred and fifty thousand Brazilian reais) or greater than US$ 200,000.00 (two hundred thousand American dollars);
2. Any Third Parties whose services to be provided involve interaction with Government Officials on behalf of the Company, such as commercial representatives, and the contracting is in an annual amount greater than R$ 250,000.00 (two hundred and fifty thousand Brazilian reais) or US$ 250,000.00 (two hundred and fifty thousand American dollars);
3. Any Third Parties whose services to be provided involve obtaining licenses, permits, authorizations, permits or approvals of any nature with approval before Agents or Government on behalf of Beontag;
4. Any Third Parties or their partners/main shareholders/directors hired by the Company that, regardless of the type of service provided, fall within the definition of Government Official or Politically Exposed Persons defined in this Policy;
5. Any Third Parties that are headquartered or operate in countries that are subject to international financial sanctions published by government agencies or international organizations, such as: OFAC List, United States Treasury, United States Financial Intelligence Unit List. List of the United Nations, List of the European Union, List of the United Nations Security Council, among others;
6. Any Third Parties that list bank accounts for payment located in countries that are subject to international financial sanctions published by government agencies or international organizations;
7. Any Third Parties or partners/main shareholders/directors who are being investigated, prosecuted or judged without final conviction for any crime;
8. Any Third Parties recommended by Government Officials or Politically Exposed Persons; and
9. Third parties or their partners/main shareholders/directors who notoriously have a questionable or disreputable reputation.

As a rule, Third Parties classified as High Risk are not allowed to subcontract under the contract with Beontag. If subcontracting is essential for the fulfilment of the object of the contract with Beontag, the subcontracting request must be approved by the Board of the requesting Department and, subsequently, the subcontractor must go through the Third Party contracting procedure provided for in this Policy, and the subcontractor's disapproval is possible.

8. DUE DILIGENCE

The objective of this mechanism is to minimize the Company's liability for the irregular conduct of Third Parties in conducting its business. The due diligence process involves collecting relevant information from the Third Party by sending a questionnaire to be completed by the Third Party after it has been selected by the Company (i.e., after the quotation process) and prior to signing the contract with the Company.

Beontag has two types of questionnaires, and the questionnaire corresponding to the initial risk classification of the Third Party must be sent in accordance with the guidelines of this Policy, after the Purchasing Department must approve, research and evaluate the third party in accordance with the legal and ethical principles that govern Beontag's activities. If the answers presented by the Third Party indicate possible vulnerabilities, points of attention or irregularities related to corruption or fraud, integrity, ethics or reputation issues, the Purchasing Department, together with the Compliance Department, must evaluate (i) the adequacy of the risk classification of this Third Party; and (ii) the viability of the business, in order to identify any reputational and legal damages that the contracting may bring to Beontag.

If it is identified that the Third Party's classification is inadequate, the risk classification of this Third Party may be changed by the Purchasing area, after validation with the Compliance area. For example, if the Company sent the Third Party a questionnaire of "Low Risk Third Party" and the analysis of the responses presented revealed that the Third Party has a "High Risk Third Party" profile, the risk profile of this Third Party must be changed and should documentation and information contained in the questionnaire for “High Risk Third Party” will be requested.

The identification of Compliance risks in Beontag's relationship with Third Parties does not necessarily mean that the contracting cannot proceed, but that it may be necessary to request additional information, greater robustness in the analysis of the Third Party or there are measures implemented so that there is due mitigation of the identified risks and specific precautions to avoid that these risks imply violation of applicable legislation, internal rules of Beontag or ethical and legal principles that govern Beontag's activities. As such, the absence of identification of risk factors after carrying out the Due Diligence procedure does not guarantee that the relationship with the Third Parties will be absolutely risk-free.

In the event that the responses presented by the Third Party lead to the conclusion that its hiring brings risks to Beontag, damages the Company's image or violates any of the legal and ethical principles that govern Beontag's activities, the Compliance Department may suggest that the hiring of this Third Party be prevented, in a justified and written manner.

a. Stages     
The Due Diligence process will involve the following stages:

(i) Questionnaire: before contracting any Third Party, the Purchasing area must request the Third Party to complete a questionnaire, the answers of which will assist the Company in identifying and adapting the risk of corruption and reputation related to that Third Party. The Company has developed two questionnaires, namely (a) a questionnaire for Third Parties identified as “Medium Risk Third Parties” or “High Risk Third Parties”, according to the classification of this Policy; and (b) a questionnaire for Third Parties identified as “Low Risk Third Parties”.

(ii)  Independent research: after analyzing the questionnaires corresponding to each Third Party, the Medium and High Risk Third Parties must be submitted to independent research by the Compliance Department in order to identify the history of the Third Party and its main officers/partners about any involvement with wrongdoing or irregularities, including presence in lists of international financial sanctions as well as verification of the reputation of the Third Party and confirmation of the information stated in the questionnaire. The information provided in the questionnaires will be used for consultations in media, government agencies, restrictive lists and other public databases relevant to such verification. It is possible to use corporate tools to collect information about the Third Party and its officers/partners.

(iii) Warning Signs/Red Flags: During the Due Diligence process, special attention should be paid to “warning signs” or “red flags”, that is, any facts or circumstances that may demonstrate a concern with the way the Third Party acts improperly. It is possible that warning signs are identified at any time in the process of hiring Third Parties, even if previously or in the previous analysis they have not been considered warning signs, and must be immediately informed to the Compliance Department for evaluation.

Below are the main warning signs that should guide the analysis of the information sent by the Third Party in response to the questionnaire:

1. Reputational risk: the Third Party has a history of public or private bribery practices, or has been the target of criminal or civil actions for any acts of corruption, bid fraud, acts of administrative improbity, money laundering, conflict of interest;
2. Links with government or government representatives: the Third Party falls within the definition of a Government Official or Politically Exposed Person, or makes high value and frequent political contributions to candidates and political parties, or has been recommended by a government representative or Government Official;
3. Insufficient skills: the Third Party does not have technical experience in the intended business or does not have adequate facilities and/or teams to carry out the work;
4. Atypical compensation: the Third Party requests commission, success fees, or substantial anticipation of payments or other substantial payments above market value; or the Third Party requests that an additional amount be added to the price without reasonable justification; or the Third Party requests that payment be made in cash or by bearer check or to another person's account, individual or legal, or to an account outside the country; or the Third Party refuses to document expenses properly; or the Third Party requests donation to a certain philanthropic institution or sponsorship as a condition of the provision of the service.
5. Atypical situations: the Third Party refuses to sign an anti-corruption clause in contracts, or refuses to answer the due diligence questionnaire or refuses/creates difficulties in making statements, among other situations provided for in the Company's Anti-Corruption Policy.
6. Attempted interference or influence: the Third Party promises or acts to influence the hiring, such as offering meals of excessive value, travel, entertainment to the person responsible for hiring at Beontag and/or its relatives.

(iv) Evaluation: upon receipt of the information and documents requested in the questionnaire, the Purchasing Department will carry out, together with the Company's Compliance Department, an analysis of the information and documents sent to verify that (a) the documentation sent meets all the necessary requirements for the evaluation; (b) the risk initially identified to that Third Party is adequate and (c) if there are warning signs that deserve additional diligence.

(v)  Approval: the approval process may follow different rites, depending on the risk involved to that Third Party:

1. If it is a Low Risk Third Party where no warning signs related to the reputation and integrity of that Third Party have been identified, the Procurement Department, after the previous steps indicated above have been completed, will store the file of the Third Party procurement process and approve the contracting.
2. In the event that a warning sign related to the reputation and integrity of the Third Party has been identified, the Purchasing area, after completing the previous steps indicated above, will forward the Third Party's contracting process file to the Compliance area for evaluation and approval (or disapproval, if applicable). In all situations where there is a disapproval in the contracting of a Third Party, the Compliance area must justify the refusal in writing and inform the requester of the item / service about the refusal;
3. In the case of a Medium Risk Third Party or High Risk Third Party, the Purchasing Department, after complying with the previous steps indicated above, will forward the file of the Third Party's hiring process to the Compliance Department to conduct independent research as additional risk mitigation diligence, followed by evaluation and approval (or disapproval, if applicable). In all situations in which there is a recommendation for disapproval in the hiring of a Medium Risk Third Party or High Risk Third Party, the Compliance Department must justify the refusal in writing and inform the Purchasing Department and the requester of the item / service about the refusal.

b. Financial Due Diligence:     
The performance of Integrity Due Diligence does not exempt or replace the possibility of carrying out Financial Due Diligence, in order to identify financial health issues, history, books and records related to Third Parties that Beontag seeks to contract or develop a relationship. The Purchasing Department will contact the Finance Department, which will request and analyze the Third Party's documentation, according to the values below:

   • Up to R$ 50,000.00 (fifty thousand Brazilian reais) or up to US$ 25,000.00 (twenty-five thousand American dollars):

• Registration form;
• Articles of Incorporation and latest amendments or consolidated contract.

• From R$ 50,000.00 (fifty thousand Brazilian reais) – Up to R$ 500,000.00 (five hundred thousand Brazilian reais) or from US$ 25,000.00 (twenty-five thousand American dollars) – Up to US$ 250,000.00 (two hundred and fifty thousand American dollars):

• Registration form;
• Billing list for the last 12 months (Signed by the accountant); 
• Articles of Incorporation and latest amendments or consolidated contract.

• Above R$ 500,000.00 (five hundred thousand Brazilian reais) or above US$ 250,000.00 (two hundred and fifty thousand US dollars): 

• Registration form; 
• Balance Sheet and Income Statement (DRE) for the last three years;
• Billing list for the last 12 months (Signed by the accountant);
• Articles of Incorporation and latest amendments or consolidated contract.

c. Privacy and Personal Data Protection     
In the case of contracting Third Parties whose provision of services/supply of products to Beontag includes the processing of personal data or sensitive personal data, especially in cases involving the processing of data of children and adolescents, systematic analysis of holders with automated processing, treat sensitive personal data or on a large scale, carry out systematic monitoring on a large scale of publicly accessible area and/or treatment based on legitimate interest, specific privacy and data protection Due Diligence must be done in order to identify possible risks and ensure that the Third Party's standards are in accordance with those of Beontag regarding the Data Protection Program.

This Due Diligence will aim to identify whether the Third Party has mechanisms in place to protect the personal data processed and the privacy of the holders involved and will be conducted by the Compliance Department.

9. RATIFICATION

This policy integrates the Company's mechanisms for preventing and combating corruption and the rules relating to the due diligence process prior to contracting a Third Party, provided for in this policy, will be conditions for the ratification of the supplier referred to in the Company's purchase policy.

This policy does not revoke or change the other provisions contained in the Company's policies and procedures.

10. RECORDS

All documentation related to the Third Party contracting process must be filed on the network electronically in the exclusive directory on the network destined to the Purchasing and Compliance Departments, following the criterion defined internally (i.e., creation of specific folders, by diligence, in the internal network of Beontag), and there must be login control and access so that there is no undue access to confidential information about the Company's internal procedures.

11. EXCEPTIONS

Exceptions to this policy must be approved and signed in advance by the Compliance area.

The Requestor or the Purchasing Department, as applicable, will be responsible for the regularization and renewal of the process by sending the questionnaire, entering into a contract, amendment, and any pending documentation existing in relation to the Third Parties.

12. PAYMENT

Full compliance with the rules contained in this policy, in particular the submission, by the Third Party, of the completed questionnaire and other requested information, is a condition for the Company to make any payment to this Third Party.

13. ETHICS CHANNEL

In case of any suggestions or doubts about this Anti-Corruption Policy, access the Beontag Ethics Channel.     
It is the responsibility of everyone at Beontag to immediately report any acts or suspicions of non-compliance with this Donation and Sponsorship Policy, as a way to promote ethics and integrity within Beontag, assisting in the detection, prevention and mitigation of any acts of corruption, fraud and other illicit acts, in order to preserve Beontag's image and brand before society, the market and its partners.

The Ethics Channel can be accessed through:

• Telephone 0800 512 7702;
• Web site: https://www.contatoseguro.com.br/beontag

This channel is managed by a specialized company, being an independent, secure, confidential and impartial tool, available 24 hours a day, 7 days a week and 365 days a year to the internal and external public of Beontag. It is possible to make anonymous reports when using the Channel, always maintaining responsibility, ethics and good faith when making reports, which must be consistent and true. There will be no retaliation for sending reports in good faith, and it will be guaranteed that no individual, including Beontag employees, will be exposed or punished for using the channel tool or for participating in investigation processes arising from the reports.

Any situations, doubts, questions, exceptions and/or clarifications on the application of this Policy should be directly to the Compliance Department, through the email: [email protected].

14. INVESTIGATIONS AND SANCTIONS

Any complaints, even if suspected, of violations of this Policy will be forwarded to the Data Protection Committee and submitted to an internal investigation procedure by Beontag's Compliance Department. If it is found, after a robust investigation, that there was misconduct, sanctions may be applied by Beontag, proportional to the nature or severity of the infraction committed.

Any employee, third party or partner who violates any provision of this Policy will be subject to disciplinary sanctions, such as:

• Verbal or written warning;
• Suspension;
• Dismissals without due cause;
• Dismissals with cause;
• Exclusion of the Third Party from Beontag's list of suppliers;
• Application of contractually provided sanction, termination of the contract or termination of the commercial relationship with the Third Party;
• Filing of appropriate lawsuit.

The act of not reporting acts of corruption, fraud or other misconduct that represent a violation of Beontag's internal rules and applicable legislation constitutes non-compliance with this Policy and may be duly punished. Recklessness, negligence and wilful failure are also considered violations of this Policy and may be subject to disciplinary sanctions.

15. ANNEXES

ANNEX I – Low Risk Third Party Questionnaire – Brazil     
ANNEX II – Low Risk Third Party Questionnaire – Global     
ANNEX III – Medium and High Risk Third Party Questionnaire – Brazil     
ANNEX IV – Medium and High Risk Third Party Questionnaire – Global 

Code of Ethics and Conduct

1. OBJECTIVE

With the commitment and corporate responsibility, the Code of Ethics and Conduct of Beontag, or "Company", has as its main objective the construction of trust with all employees, third parties, partners, customers and government entities, establishing the standards of integrity and conduct expected by Beontag. This Beontag Code of Ethics and Conduct aims to assist all those who represent or act on its behalf to adopt a uniform global approach to ethical issues in the conduct and development of the Company's business, contributing to its sustainability.

The Code of Ethics and Conduct is one of the documents that make up the Beontag Compliance Program, guiding other Policies and Procedures that complement and deepen the guidelines provided for in this Code.

2. SCOPE

This Policy must be known and fully complied with by all Employees, employees, service providers, interns, Senior Management of Beontag and all its subsidiaries, especially by those who participate, directly or indirectly, in the flow of hiring Third Parties by Beontag. In addition, this Policy shall be complied with by any Third Parties acting on behalf of, in the interest of or for the benefit of Beontag, as applicable.

3. PURPOSE AND VALUES

Beontag's purpose is to empower companies, brands and people to express their unique identity.

Beontag's vision is to give voice to trillions of everyday items in a sustainable way.

Our values, which should guide all Beontag's day-to-day decisions, are:

• Respect;
• Commitment; 
• Integrity;
• Environmental protection;
• Innovation.

4. GENERAL GUIDELINES

Beontag understands that each one has responsibilities for their acts and omissions, however, ethics, integrity, transparency and good faith are principles that must always govern any act and, within the scope of Beontag, it is expected that all decision-making respects such principles, as well as the legislation applicable to the context and our internal rules. We value full respect for human rights, privacy and the environment. We expect from everyone at Beontag exemplary behavior regarding the behavior patterns provided herein.

The standard of conduct to be followed is always the most honest, just, and lawful. It should be taken into account that everyone is, in some way, a representative of Beontag, and that their image and reputation are directly impacted by the acts performed by their Employees, thus, everyone must act professionally at all times.

Beontag does not tolerate any conduct contrary to ethical and integrity principles, which is discriminatory, anti-competitive, violates human rights and the right to privacy, presents a risk to the environment or represents any non-compliance with applicable laws or standards.

Any type of exception, non-compliance or negotiation regarding compliance with applicable laws and the rules contained in this Code will not be accepted, regardless of the position, responsibilities and hierarchical position of the Beontag professional.

It is everyone's responsibility to report immediately and in as much detail as possible, depending on the context, even if suspected, of any situation that may represent or be interpreted as non-compliance with Beontag's internal rules, misconduct, or violation of applicable laws.

The Compliance Department is available to clarify any doubt about the content of this Code or Beontag's internal Compliance Policies and Procedures, so that there is no misinterpretation of the rules that may lead to misbehavior. It is also possible to use the Beontag Ethics Channel to send complaints, resolve doubts, suggestions or request clarifications about our Code of Ethics and Conduct and other Compliance Program Policies and Procedures.

5. FUNDAMENTAL PRINCIPLES

Some principles are fundamental to govern Beontag's activities, demonstrating the minimum, non-negotiable and indispensable standards that the Company values, encourages and expects from everyone who relates to it, in order to ensure that there is a general and common identity to all the companies that make up the Group. Thus, the following principles are mandatory in the exercise of Beontag's professional activities:

• Always act ethically, with integrity, honesty and fairness;
• To cherish the dignity of the human person;
• To respect human rights and the environment;
• Do not practice any discriminatory act;
• To comply with all legal and moral standards related to the specific professional activity;
• To preserve the integrity and reputation of Beontag in the conduct of all its business;
• To comply with all applicable laws, rules, rules and regulations in the countries in which Beontag operates.

6. CULTURE

Everyone is responsible for maintaining a culture that values ethics and integrity, and there must be commitment and engagement on the part of Beontag Employees.

We have listed some measures to be adopted on a daily basis that can help disseminate Beontag's standards of conduct:

• To act as an example for staff and colleagues with ethical performance;
• Never ignore or cover up integrity or ethical issues, and it is mandatory to promptly deal with situations when identifying them, even if only requesting help or forwarding it to the person responsible;
• To use Beontag's Ethics Channel for complaints, questions, clarifications and suggestions in all matters related to the Compliance Program;
• To communicate with the Compliance Department for greater understanding and clarification regarding Beontag's Compliance Policies and Procedures;
• To ensure open communication with staff and other co-workers to seek guidance and report on ethical and integrity related situations;
• Do not commit acts of reprisal against colleagues who act in favor of ethics and integrity within Beontag;
• To value and actively participate in actions that promote ethics and integrity within Beontag;
• To encourage self-disclosure by becoming aware that a colleague has committed a violation of Beontag's internal rules, as voluntary reporting may be taken into account when applying disciplinary measures.

7. STANDARDS OF THE CODE OF ETHICS AND CONDUCT

a. Corporate Social Responsibility

Below are the standards, rules and guidelines that represent Beontag's commitment to corporate social responsibility globally, which must be followed by all Employees and Third Parties that apply to the reality of Beontag in their daily lives:

• Equality and Non-Discrimination

Beontag does not tolerate any form of discrimination. We encourage that a healthy and harmonious work environment be cultivated, full of diversity and free of any segregation, all of which must be equal in employment relationships, which includes any relationships within the scope of Beontag.

As part of Beontag's reality, it is essential to respect human rights and not to practice any form of discrimination, regardless of age, gender, sexual orientation, marital status, family situation, physical condition, nationality, ethnic origin, religion, language, race, level of education, economic situation, origin or social condition, political or ideological beliefs. We must effectively promote the inclusion of all people, without any kind of discrimination.

Everyone must be treated with the appropriate respect, in a dignified and integral manner, without any form of discrimination, regardless of the degree of relationship, whether customers, co-workers, hierarchical superiors, subordinates, competitors, suppliers, service providers, business partners or any other third parties.

• Human Rights

Beontag is committed to absolute respect for human rights, such as dignity, equality, freedom, the right to life, health, privacy, the environment, among others. Thus, any form of child, forced, slavery, slave or any other form of illegal labor exploitation that represents a violation of human rights in its operations will not be accepted.

We encourage everyone who interacts on behalf of Beontag or for its benefit, as well as customers and Third Parties, to be committed to the same principle. There will be no relationship between Beontag and companies that are suspected or proven to be involved in human rights violations.

Beontag supports the provisions of the Universal Declaration of Human Rights of the United Nations by ensuring that it does not participate in or participate in, encourage or practice any act that violates the inviolable principles of the human being.

• Harassment

Harassment can occur in different forms, such as moral and sexual harassment, which are prohibited by Beontag. Beontag is committed to promoting a work environment of absolute intolerance to violence and harassment, preventing the behaviors and practices that generate or encourage such conduct. Everyone must abstain, prevent and combat violence and harassment with the utmost commitment.

• Environment

Respect for the environment is one of Beontag's values, so everyone must give due importance to environmental aspects in the conduct of business operations and fully comply with treaties, laws and regulations related to the environment.

We must always consciously and optimally use the available resources, seeking to avoid wear, waste and improper use. All Beontag activity must be properly evaluated so that the option with the lowest possible impact on the environment and greater conservation of the fauna, flora and resources used is chosen and applied.

• Privacy, Personal Data Protection and Intellectual Property

It is everyone's right to the protection of your personal data, therefore, in the context of Beontag, we must properly use Beontag's personal data and confidential and proprietary information protecting them from any form of infringement, leakage, theft, loss, degradation, diversion, disclosure, reproduction, falsification, improper access and use for non-professional purposes or appropriate to the applicable legislation.

Beontag is committed to respecting the privacy and protection of all personal data that may be processed, always observing the specific purpose suitable for carrying out the treatments, in a legal, transparent and secure manner, especially sensitive personal data.

Any processing of personal data must be carried out in accordance with the principles, rules, legal bases and rights provided for in applicable legislation regarding the protection of personal data and information security.

It is forbidden to use Beontag's trademarks, logos and any other intellectual property rights, in whole or in part, without its prior and express authorization.

We are all responsible for protecting the confidentiality, integrity and availability of confidential and personal information, regardless of whether it belongs to Beontag, our employees, suppliers, partners or others with whom we do business. We must ensure that data is treated and protected in accordance with privacy and security requirements, standards and regulations worldwide.

All forecasts, directions and responsibilities on the subject can be accessed in Beontag's Privacy and Personal Data Protection Policy, as well as in other specific policies and procedures related to the subject.

• Social Media and Communications

Beontag's values and principles must always be observed when using social networks, virtual communities and other digital media using the name or referring to the Company, and it is forbidden to post information in a discriminatory manner, criticism of competition, incitement to violence, political demonstrations, or that may harm the image of Beontag and any companies of the Group, in any type of social or digital media that may be part.

All communication on behalf of Beontag must be respectful, cordial and professional, using objective and clear vocabulary, in order to avoid any negative reading or confusing interpretation. The use of disrespectful, inappropriate or aggressive language is prohibited.

It is not allowed to use the name of Beontag or put yourself in the position of official representative of the Company during the use of social or digital media, except when there is prior and express authorization to do so.

Attention must be paid not to share unnecessary Beontag data, use the Company name or images of the Beontag environment when using social networks. Any conduct on social media or during communications that inappropriately exposes the image of Beontag, our Employees, customers, partners or third parties, as well as the services and products we offer is punishable.

• Political Participation and Social Organizations

During their free time, Beontag Employees may freely participate in political actions and social or non-governmental organizations, as well as act in favor of social causes of their choice, provided that the performance or positioning is not linked in any way to the image and name of Beontag.

• Safety

Beontag understands that a safe work environment is essential for a healthy functioning of the Company, thus, we value the safety of our Employees, acting in the prevention of exposure to undue risks, harmful or unhealthy activities.

Employees must follow all work safety rules in the corporate environment, being prohibited from being exposed to dangerous, degrading or illegal forms of work.

• Freedom of collective association

Beontag recognizes and respects the fundamental right of freedom of association of all its employees. This includes the right to join or affiliate with any organization of your choice, including trade unions and other professional associations.

Any form of intimidation, threat or retaliation against employees who exercise their right to freedom of association is prohibited. Furthermore, Beontag will not discriminate or offer preferential treatment based on membership or non-affiliation with an organization.

Any violation of this internal policy will be taken seriously and the Company will take appropriate disciplinary action against any employee who engages in intimidation, threats or retaliation against an employee who exercises his right to freedom of association.

Freedom of association is a fundamental right and Beontag is committed to protecting and promoting this right for all of its employees.

b. Corruption and bribery

Beontag is actively committed to fighting corruption. Any acts, even if only attempts, of corruption, bribery or other attempts to obtain undue advantages will not be admitted.

In order to configure corruption and related practices, it is not necessary that the intended advantage is effectively obtained, or that the conduct is practiced, since the mere request or offer of advantage already qualifies an irregularity and is prohibited by Beontag.

If any Beontag Employee is in a situation where the other party, as a Public or Private Agent, requests any undue advantage in exchange for Beontag's favor in an undue manner, the request must be refused immediately and expressly. The Employee must inform the party that the conduct is illegal by law and prohibited by the Beontag Compliance Program and, finally, promptly report the situation to the Beontag Ethics Channel or directly to the Compliance Department so that appropriate measures are taken.

c. Giveaways, Gifts and Hospitality

Beontag allows the receipt or offer of giveaways, gifts and hospitality in accordance with internal rules, being restricted to the cultivation of good relationships with customers, suppliers, partners or other third parties, promotion of Beontag's image and brand, demonstration of Beontag's products and services or celebrations of special/relevant dates to the Company.

The offer or receipt of giveaways, gifts and hospitality must be in accordance with ethical standards, transparency, honesty and integrity, being forbidden to occur secretly or giving any appearance of irregularity and generate any embarrassments or risks to the image of Beontag.

It is forbidden to offer giveaways and gifts to Government Officials and/or third parties related to it (relatives, people of close relationship).

d. Donations and Sponsorship

Donations and sponsorship contributions will be made with the highest standard of transparency, integrity and legality. Beontag will only make donations or sponsorships that are in full compliance with national and international legal and constitutional provisions.

The granting of any donation or sponsorship does not guarantee authorization to use the Company's logos and brands. No donation or sponsorship may be granted without due diligence and knowledge and authorization from the Beontag Donations and Sponsorships Committee. It is forbidden for any employee, partner or third party with whom Beontag relates to make a donation or sponsorship in the name and/or interest of Beontag, without prior and express authorization.

Beontag and all companies in the group do not make electoral donations or for political movements and prohibit any form of support, donation or contribution of a political and electoral nature, directly or indirectly through third parties, whether financial or non-financial, on behalf of Beontag or expressing any link with the Company.

e. Conflict of Interests

Beontag expects that no one will practice any preferential treatment to anyone for personal interest or aspiration. A distinction shall be maintained between the business of the Company and that of particular scope.

f. Relationship with Government

Beontag expressly prohibits any act of corruption, bribery, fraud and other illegalities during the interaction with the Government.

All performance of Beontag with respect to Government Officials must be professional, respectful, transparent, honest and integral at all times.

All Beontag employees, third parties and business partners must comply with the provisions of the applicable Anti-Corruption Rules, such as the Brazilian Anti-Corruption Law No. 12.846/2013, the United States Foreign Corrupt Practices Act (“FCPA”), the United Kingdom Anti-Corruption Law of 2010 (“UKBA”), and other laws of the countries in which we operate and internal rules and procedures, such as the Beontag Anti-Corruption Policy, which must be our guide on a day-to-day basis.

g. Commercial relationships

All Beontag business relationships must follow the principles of ethics and integrity required internally by the Company. Loyal business practices and compliance with Beontag's trade rules, policies and internal rules should be promoted. If there is any conflict between Beontag's standards of ethics and integrity and the business practices we intend to adopt, the ethical principles and guidelines must overlap and be prioritized.

No discrimination is allowed in relation to Beontag's customers, suppliers, partners or third parties. Even so, Beontag has the right not to engage, negotiate or enter into any commercial relationship in which it does not have interests or when it identifies risks arising from the relationship, such as legal, ethical, image, reputational, environmental and social, and it is even possible to terminate such relationships under these justifications. All business decisions must be based on objective, technical, economic and legal criteria.

It is not permitted to accept or offer any assets to assist in obtaining business, undue benefits or securing special concessions to Beontag.

h. Relationships with Competitors

We encourage and value the practice of free competition and initiative, considering that they are extremely relevant factors for a balance of the market in which Beontag is inserted. In this way, Beontag encourages its Employees, suppliers and even competitors to act competitively, provided that all applicable antitrust legislation is strictly respected. Any interaction with a competitor must occur lawfully and for legitimate reasons, in a respectful and cordial manner, and the practice of anti-competitive conduct is absolutely prohibited.

No practices will be admitted, in any degree of relationship of Beontag, that violate the principles and guidelines of free initiative and competition, which may harm the balance of the market and represent illegal practices.

i. Accounting and Financial Books and Records

Beontag shall keep all its books and accounting and financial records updated, in a complete, detailed, transparent and accurate manner, in order to meticulously reflect the economic and financial reality of Beontag's business. Beontag's business transactions must be recorded reliably, so that the Company's books reflect its economic and financial reality.

j. Corporate Assets

The corporate assets provided by Beontag to its Employees are its property. The use of these goods by Employees during working hours, especially electronic goods, must occur exclusively for professional use.

The conservation of corporate equipment is the full responsibility of Employees who make use of them, and must ensure their integrity and proper functioning. Failures, breaks, malfunctions, losses and other hypotheses that are caused by misuse by the Employee will be your responsibility.

Electronic corporate goods provided by Beontag to its Employees are subject to access, monitoring, requisition and/or audit without prior notice, depending on Beontag's demand and needs.

k. Confidentiality and Intellectual Property

All information processed by Beontag, even if by related third parties, must be treated carefully, transparently, ethically and in good faith, always in accordance with the mission and values, Group's internal Policies and Procedures and applicable legislation.

The disclosure of information classified as confidential property or under the responsibility of Beontag is prohibited without prior formal and express authorization.

It is not allowed to make use of internal Beontag information of a technical, operational, commercial, financial or legal nature, such as know-how, processes, formulas, forms, spreadsheets, terms, reports, production systems, logistics and layouts, business plans, accounting methods, techniques and accumulated experiences, documents, files, contracts, papers, studies, opinions, research, for personal or third party advantage.

It is also prohibited to share, for personal or third party advantage, any confidential information of Beontag to any other partners, suppliers, third parties, competitors, or any individual or legal entity that is part of the Beontag branch that may make direct or indirect use of the information.

l. Investigations and Audit

All Beontag Employees must fully cooperate with any form of investigation or audit carried out within the Company. It is prohibited to obstruct, perform acts that impair the integrity of the investigation or audit, provide false statements or any act that unduly hinders investigation or audit, being subject to the application of Beontag's internal disciplinary measures and applicable legislation.

8. ETHICS CHANNEL

It is the duty of all Employees and Third Parties to immediately report any and all acts or indications of corruption, fraud, misconduct, violations of Beontag's internal Policies or applicable legislation, to the Beontag Ethics Channel, in order to ensure the protection of the ethical and legal principles adopted by the Company and preserve its image in the market.

The Ethics Channel can be accessed through:

• Telephone 0800 512 7702;
• Website https://www.contatoseguro.com.br/beontag

This channel is managed by a specialized company, being an independent, secure, confidential and impartial tool, available 24 hours a day, 7 days a week and 365 days a year to the internal and external public of Beontag. It is possible to make anonymous reports when using the Channel, always maintaining responsibility, ethics and good faith when making reports, which must be consistent and true. There will be no retaliation for sending reports in good faith, and it will be guaranteed that no individual, including Beontag employees, will be exposed or punished for using the channel tool or for participating in investigation processes arising from the reports. Any type of retaliation against whistleblowers, victims and witnesses of any case reported to the Channel or the Compliance Department is prohibited.

Any situations, doubts, questions, exceptions and/or clarifications on the application of this Policy should be directly to the Compliance Department, through the email: [email protected] or access the Beontag Ethics Channel.

9. INVESTIGATIONS, DISCIPLINARY MEASURES AND SANCTIONS

Any complaints, even if suspected, of violations of this Policy will be forwarded to the Data Protection Committee and submitted to an internal investigation procedure by Beontag's Compliance Department. If it is found, after a robust investigation, that there was misconduct, sanctions may be applied by Beontag, proportional to the nature or severity of the infraction committed.

The person responsible for committing an illicit act may be subject to judicial and/or administrative punishment, in accordance with the legislation of the country in which it has jurisdiction.

Prevention of violence and moral or sexual harassment 

1. OBJECTIVE

Establish guidelines for the identification and prevention of practices of violence and moral or sexual harassment, which may pose risks to the maintenance of harmony, respect and hygiene in the workplace, in accordance with applicable legislation and the International Convention on the Elimination of Violence and Harassment at Work (Convention No. 190 of 2019), as well as in accordance with the values of Beontag, or “Company”, especially in relation to the conduct expected of its professionals to promote a work environment free from violence and harassment.

2. SCOPE

This Policy must be known and fully complied with by all Employees, employees, service providers, interns, Beontag Senior Management and all its subsidiaries. In addition, this Policy shall be complied with by any Third Parties acting on behalf of, in the interest of or for the benefit of Beontag, as applicable.

This Policy aims to protect workers and related persons in the work environment, including formal workers defined in applicable legislation, service providers, individuals working regardless of contractual status, persons in training (trainees and apprentices), candidates for vacancies, workers in telepresence, and any other persons who exercise a worker's function, authority, responsibilities or duties.

3. GENERAL GUIDELINES

Beontag believes that all human beings, regardless of ethnicity, belief, gender, political opinions, social conditions have the right to seek material well-being and development in conditions of freedom and dignity, security and equal opportunities. The right to equality and non-discrimination at work must be guaranteed to all workers, especially those belonging to vulnerable groups.

In general, the terms "violence" and "harassment" in the scope of work are the set of unacceptable behaviors and practices, even if only insinuated or threatened, occurring punctually or continuously, that aim or concretely cause physical, psychological, sexual or economic damage.

A healthy, respectful and ethical work environment and routines are essential for productivity and harmony.

Beontag is committed to promoting a work environment of absolute intolerance to violence and harassment, preventing the behaviors and practices that generate or encourage such conduct.

We recognize that violence and harassment can occur both in face-to-face and formal work, as well as in remote or remote work situations. Attention should be paid to occurrences on the site and workstation, Company facilities, during commuting, travel, events, training and other work-related social activities and also in the virtual environment, such as in work-related communication tools.

Practices that may lead to episodes of abuse or violence, generating exposure to the risk of humiliation, discrimination, aggression to honor and dignity must be faced with discernment, seriousness and commitment, in order to build and maintain a balanced work environment.

3.1. CONCEPTS

•  Violence is considered to be any voluntary practice in the work environment of an individual or group against another individual or group that aims and/or results in physical and/or psychological damage. In addition, any form of deprivation and rejection of rights and principles are considered forms of violence.
• Moral harassment is characterized when there is any abusive conduct in the workplace against a specific individual, occurring repeatedly and resulting in humiliation, embarrassment and damage to the dignity and psychological and/or physical integrity of the person. Some specific and isolated situations may result in moral damage, however, they do not necessarily constitute moral harassment. For behaviors to be considered moral harassment, there must be repetition, reiteration, systematization and prolongation of the practice.
• Sexual harassment occurs with the practice of conduct of a sexual nature, with verbal, physical manifestation, gestures, insinuations and other means, so that it is imposed or suggested to the individual against their will, causing embarrassment and violating their sexual freedom.

When identifying any of the practices listed in this Policy, even if there is no certainty, there must be immediate reporting to the appropriate Beontag channels, whether the Ethics Channel or directly to the Compliance Department, following the guidelines of this Policy, so that preventive, remedial or awareness-raising measures can be adopted immediately.

4. EXAMPLES

For the purposes of this policy, the following are, by way of example, situations that may constitute harassment practice, expressly prohibited within the scope of the Company.

Violence:

Examples:

• Physical assaults on workers in the workplace;
• Deliberately expose workers to unsafe, unhealthy working conditions and physical risks;
• Slander or insult the worker deliberately, with the purpose of harming and causing damage to the image and integrity of the worker;
• Obligate the worker to perform an unlawful act, under threat, in the work environment;
• Forcing the worker to work in an unsafe situation, putting his health at risk.

Moral Harassment:

Moral harassment can occur in several ways, such as directly through name-calling, insults, public humiliations and accusations, or indirectly, through gossip, rumor propagation, isolation or exclusion of the individual, among others.

There are three ways moral harassment occurs:

• Vertical harassment: occurs between people of different hierarchical level, such as bosses and subordinates, not necessarily being characterized as the actions only of the superior, and may occur on the part of the subordinate;
• Horizontal harassment: occurs between people of the same hierarchical level, when there is a context of competition and intimidation between co-workers;
• Mixed moral harassment: When the individual suffers vertical and horizontal harassment.

Examples of concrete practices of moral harassment, which are absolutely prohibited by Beontag:

• Threatening or blackmailing a worker, whether subordinate, superior or co-worker, using any means that may exert physical or moral pressure on him;
•  Threatening a subordinate worker regarding the termination of the employment relationship, due to impasses occurred during the execution of the employment contract;
• Repeating the same order for repetition or redoing of tasks considered simple, in order to obtain the worker's emotional destabilization;
• Overburden the worker by assigning tasks or unattainable goals, or even preventing the continuation of the development of activities, denying information or inducing him into error;
• Diverting the worker from his role; withdraw or not provide you with material necessary for the execution of tasks;
• Taking the autonomy of the worker to perform their tasks;
• Order the execution of tasks that are not compatible with the technical knowledge or physical and/or intellectual aptitude of the worker;
• Ordering the execution of tasks that can be considered humiliating in the face of common sense;
• Demanding the execution of urgent tasks on a permanent basis, even if there is no proof of urgency or real need for the service;
• Delegating dangerous tasks that are not provided for in the employment contract, and for which the worker has not been properly trained;
• Systematically contradict all opinions expressed by the worker, or even criticize the work in an exaggerated or unfair way, publicly or in private situations;
•  Hindering or preventing the realization of promotions or the exercise of differentiated functions that can be achieved by the employee;
• Putting pressure on the worker not to exercise his legal or normative rights, or to give up more advantageous conditions naturally obtained in the course of the employment contract;
• Interfering with the worker's family planning, preventing or otherwise pressuring, for example, the occurrence of pregnancies or adoptions, marriage, social practices, etc.;
• Damaging the workplace or the worker's belongings;
• Prohibiting communication between co-workers;
• Controlling bathroom usage time;
• Determining that the worker undergoes a search procedure that may be considered vexatious or invasive;
• Abusing verbally or physically, directing contemptuous gestures, changing the tone of voice or threatening other forms of violence, physically or morally
• Publicly demoralize the worker, through rumors or acts that are not consistent with the ethics and respect necessary in a work environment;
• Criticizing an employee's private life, personal, physical, emotional or sexual preferences, political or religious convictions, or of any other nature, whether expressed or not;
• Making fun of physical attributes or the socioeconomic and regional origin of the worker, through imitations, nicknames or other actions that are not consistent with the ethics and respect required in a work environment;
• Insinuate activities of a sexual nature, violence or that may imply an affronting act or disrespect for the worker through the use of gestures, words and other forms of communication;
• Deliberately ignoring the worker's presence or the role played by him in the context of teamwork, denying him the word or even failing to greet him or address him;
• Determining espionage or other form of invasion of the worker's privacy;
• Depriving the worker of participating in social gatherings, lunches and activities developed together with other co-workers;
• Segregating the worker from the work environment, either physically or by refusing to communicate;
• Deliberately ignore health problems that affect the worker or medical recommendations in the distribution of tasks, collection of attendance and delivery of activities;
• Making it difficult or prevent the worker from attending medical appointments, and
• Practicing any other conduct that seeks to demotivate, depreciate, threaten, make work difficult, isolate or attack a certain worker, which may be considered unreasonable and not compatible with the company's policies and values.

Sexual Harassment:

Sexual harassment can be explicit or subtle, and there is no need for physical contact between the individual who is embarrassing and the one who is being embarrassed. The main characteristic of sexual harassment is that the conduct is unwanted by the victim, and it is not allowed to consider that the silence of the individual before the conduct is a form of consent.

Examples:

• Promising differentiated treatment or benefits under the condition of participating in meetings, performing sexual favors, or maintaining sexual relations, or any other activity of a sexual nature;
• Blackmailing the worker for permanence or promotion in employment under the condition of participating in meetings, performing sexual favors, or maintaining sexual relations, or any other activity of a sexual nature;
• Threatening the worker, covertly or explicitly, with regard to the adoption of reprisals, such as the loss of a job or any other, in the event of a negative attitude of the worker regarding participation in meetings, carrying out sexual favors, or even maintaining a specific relationship sexual, or any other activity of a sexual nature;
• Narrating jokes or using expressions of sexual content, with the intention of embarrassing the worker or forcing him to agree with libidinous and unreasonable speech in the work environment;
•  Promoting unwanted physical contact;
• Delivering disrespectful sexual praise;
• Making impertinent invitations that expose the worker to embarrassment in terms of his or her intimacy;
• Practicing erotic or sexual exhibitionism;
• Creating a pornographic environment, not compatible with the seriousness and lightness of the routines in the work environment;
• Sending gestures, messages of any kind, words or any other type of contact that may be considered obscene or that has the power to invade the worker's privacy;
• Promoting unwanted conversations about sex;
• Practicing any other conduct aimed at embarrassing, forcing or humiliating a certain worker regarding their sexual intimacy, which may be considered unreasonable and not compatible with the company's policies and values.

In general terms, all prohibitive conducts, described as examples in this session, are liable to be incurred by any hierarchical level of workers, so that the observance of such conducts must be rejected by all professionals affected by the policy, under penalty of punishment. Conduct that constitutes sexual harassment and that has not been listed as examples may also be sanctioned by Beontag.

5. RESPONSIBILITIES

It is the responsibility of everyone at Beontag not to practice, repudiate and denounce any form of violence and harassment they witness. The practices are unacceptable, harming not only those involved, but the work environment and the culture of integrity that has been established within the Company.

The episodes of violence and harassment will only be investigated and duly penalized if there is a complaint, therefore the importance of the group's participation within the Company, identification of the situation and healthy intervention.

Everyone must maintain a professional posture in the work environment, without making improper jokes or offenses to colleagues, partners or third parties. Care should be taken to note if any colleagues in the Company are experiencing forms of violence or harassment by their peers, subordinates or superiors. It is individual responsibility to serve as an example at Beontag.

Beontag encourages and expects its employees to report cases of harassment and violence, offer support to individuals who have been victims of such conduct, whether positioning themselves at the time it occurs or making themselves available as a witness for investigation of the conduct.

If you are a victim of harassment or violence, Beontag is available to receive the complaint, investigate it and duly penalize the culprits. If possible, in the victim position, gather evidence such as emails, notes, videos, write down details of the harassment (when it occurred, where, who was gifts) and seek support to support the situation.

The person who reports a situation of harassment or violence will be guaranteed confidentiality with respect to their report and will not suffer any type of reprisal due to the report. The Compliance Department and the Ethics Channel are available to receive any report.

6. ETHICS CHANNEL

In case of any suggestions or doubts about this Policy for the Prevention of Violence and Moral or Sexual Harassment, access the Beontag Ethics Channel.

It is the responsibility of everyone at Beontag to immediately report any acts or suspicions of non-compliance with Beontag's Code of Ethics and Conduct and this Policy for the Prevention of Violence and Moral or Sexual Harassment, as a way to promote ethics and integrity within Beontag, assisting in the detection, prevention and mitigation of any acts of violence and harassment.

The Ethics Channel can be accessed through:

   • Telephone 0800 512 7702;     
   • Web site https://www.contatoseguro.com.br/beontag     
   • Safe Contact app for Mobile (Android or iOS)

This channel is managed by a specialized company, being an independent, secure, confidential and impartial tool, available 24 hours a day, 7 days a week and 365 days a year to the internal and external public of Beontag. It is possible to make anonymous reports when using the Channel, always maintaining responsibility, ethics and good faith when making reports, which must be consistent and true.

There will be no retaliation for sending reports in good faith, and it will be guaranteed that no individual, including Beontag employees, will be exposed or punished for using the channel tool or for participating in investigation processes arising from the reports. Any type of retaliation against whistleblowers, victims and witnesses of any case reported to the Channel or the Compliance Department is prohibited.

In the event of any doubts regarding the interpretation of this policy or the need for confirmation regarding the adequacy of any hypothesis to the terms of this document, the employee must contact the Compliance area or the Human Resources Department via email: [email protected].

7. INVESTIGATIONS AND SANCTIONS

Any complaints, even if suspected, of violations of this Policy will be forwarded to the Data Protection Committee and submitted to an internal investigation procedure by Beontag's Compliance Department. If it is found, after a robust investigation, that there was misconduct, sanctions may be applied by Beontag, proportional to the nature or severity of the infraction committed.

The harassing person or who has committed violence will be subject to disciplinary measures, which may be applied by Beontag after a verification procedure that confirms its occurrence, such as: (i) verbal or written warnings; (ii) suspensions and (iii) dismissal for just cause.

Any injuries and/or damages suffered by the harassed person, whether of a moral or material nature, proven by internal investigation, will be subject to compensation by the harassing person, in accordance with current legal provisions.

In addition, the harassing person may suffer judicial and/or administrative penalties in accordance with the legislation of the country in which the acts took place.

If Beontag is ordered to indemnify damages of a moral or material nature, proven in any judicial or administrative action of any nature, the harasser will be called to participate in the process or will be notified back to reimburse Beontag for the amounts spent, duly updated in the molds of current legislation.

In case of refusal or impossibility of such regressive procedure, still in accordance with the legislation in force, Beontag reserves the right to sue the harasser to collect the amounts it may disburse, duly updated and plus other ancillary expenses.

8. GENERAL PROVISIONS

Upon receiving this policy, our employees are expected to sign the Term of Commitment and Adhesion, as per the attached draft, expressly adhering to its terms and conditions.

Sustainable Procurement Policy

Beontag is committed to the sustainable development of its business. We recognize that by respecting the environment and communities in which we operate, as well as respect for human rights of our people and those we do business with, we can create long term value for our shareholders. 
With the aim of continuous improvement toward sustainable purchasing practices and mitigating the socio-environmental impacts arising from these activities, Beontag has established essential principles related to supplier management. The following principles outline the expectations and practices employed to ensure legal compliance and effective management of environmental and social impacts as well as to foster a relationship of trust, open dialogue, and respect for fair competition between Beontag and its stakeholders. 
This policy aims to promote the adoption of sustainable procurement practices in Beontag´s global purchasing and supply chain processes. 
This Policy applies to all group units and staff involved in making procurement decisions as well as all our suppliers, and it should be adopted in conjunction with the Beontag Code of Ethics and Conduct and Customers and Suppliers Policy. For more information on Beontag´s policies - Beontag | Policy and Compliance.

It is Beontag´s responsibility to make its staff and external parties aware of this policy to ensure full compliance.

   • Ensure all existing and prospective suppliers are informed about Beontag´s Code of Ethics and Conduct;
   • All our suppliers are expected to respect the Ten Principles of the United Nations Global Compact on areas of human rights, labour, environment, anti-corruption, as well as community. For more information on Ten Principles of the United Nations Global - The Ten Principles | UN Global Compact
   • Ensure an adequate control process to identify and manage potential sustainability risks in Beontag´s supply chains, including critical suppliers;
   • Critical suppliers are defined based on factors such as, high purchase volumes, criticality of supply, product quality;
   • When selecting suppliers, preference should be given to suppliers that:  
    - Are compliant with local relevant environmental, social and governance (ESG) regulations.
    - Have internationally recognised management systems implemented, such as ISO 14001 Environmental Management System, Forest Stewardship Council (FSC), ISO 45001 Occupational Health and Safety Management System.
    - Can offer material with reduced environmental impact and/or can enable us to improve the environmental sustainability credentials of products in our portfolio, such as recycled content, certified source.

We understand that procurement performance improvement is a continuous process and recognize the contribution of our suppliers in our journey to become more sustainable.

We may ask suppliers to complete checklists and/or provide ESG-related information on their corporate actions, programs, strategy, policies, when necessary.

For any grievances or suggestions regarding sustainable procurement practices, please write to [email protected]. Strict confidentiality will be maintained.