INTELBRAS’ INTERNATIONAL DATA TRANSFER POLICY

Updated version in 07/06/2022.

INFORMAÇÕES IMPORTANTES

In the course of this Policy, we have adopted the terms listed below with their respective meanings:

1. POLICY APPLICABILITY

1.1. This policy is intended for all Intelbras suppliers who participate in the process of data international transfer.

1.2. Whenever you are a supplier of Intelbras, it is important to be aware of this Policy and to assume your conditions. But remember, this Policy applies only to vendors/partners who have access to personal data held by Intelbras or who treat data from Intelbras customers.

2. OBLIGATIONS OF THE THIRD PARTY IN THE PROCESSING OF PERSONAL DATA

2.1. The Partner is responsible toward Intelbras and group companies, their respective successors and assignees, to treat personals data according to the Brazilian law nº 13.709/2018 and other laws in force, and Third Party undertakes to indemnify, reimburse and keep such persons harmless from any Losses or Claims incurred or suffered, as a result of any breach of privacy and data protection obligations.

2.2. The Parties hereby acknowledge and declare that they are responsible for all costs and expenses arising from their activities performed under this Policy in compliance with the General Data Protection and Privacy Rules in force in Brazil.

3. PURPOSE OF DATA PROCESSING

3.1. The Third Party shall process personal data exclusively for the purposes permitted by law, and must ensure that such personal data will not be processed for any other activities and that no additional personal data will be treated differently from the limitations below:

a. Subjects of personal data – The transfer of personal data between the Parties may deal with the following categories of subjects: Collaborators, Legal Representatives, Directors, Customers, Users of products and software, Business Partners, including Commercial Representatives, Buyers, Suppliers and Service Providers.

b. Purpose of transfer – The transfer of data may only be carried out for the purposes authorized by law, in particular, for the execution of the contractual object signed between the Parties, compliance with legal obligations regarding the purchase and sale of products and services, supply of technologies and solutions necessary for the activities of Intelbras or a Third Party; provision of services on Intelbras premises or other premises; employment relationship, including the granting of benefits; commercial relationship of Retail, Resale, Distribution, and Commercial Representation, among other commercial partnerships, agreements, and other contractual agreements.

c. Data categories – The personal data transferred may have the following categories: Identification data, such as name, address, e-mail, telephone, RG, CPF, among others. Financial or banking data; Sensitive data, including health data; Product data, such as serial number and IP, among others.

d. Recipients/receivers – Personal data eventually transferred on account of this relationship between the Parties may only be shared with professionals directly involved in meeting the purposes highlighted above.

4. PRINCIPLES IN THE PROCESSING OF PERSONAL DATA

4.1. Without prejudice to the principles which governing the data processing activities, as provided by the art. 6 of the Brazilian General Data Protection Law, this relationship between the Parties is also governed by the following principles:

a. Purpose - Personal data may be processed for the purposes expressly authorized by their respective subject.

b. Data Quality and Adequacy - Personal data must be accurate and, when necessary, updated. Personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and subsequently processed.

c. Transparency - Data subjects must receive the necessary, clear, and accessible information about the processing of personal data and their respective responsible, either Controller or Operator.

d. Security and Confidentiality - The Parties must take appropriate technical and organizational security measures to the risks related to the processing of data object of this Agreement, in order to protect against risks such as accidental or illegal destruction, accidental loss, alteration, disclosure or unauthorized access, among others. Any person acting in name of the Parties, including an operator, shall not process the data, except with authorization and in accordance with the instructions of the Data Controller.

e. Rights of access, rectification, exclusion and opposition - As provided for in articles 6 and 7 of the Brazilian General Data Protection Law, subjects may request access to their personal data in accordance with applicable law and regulations, including the guidelines issued by ANPD.

5. PERSONAL DATA INCIDENTS

5.1. In the event of any incident, or even the threat of an incident, it is the Third Party's responsibility to immediately notify Intelbras via the e-mail. privacidade@intelbras.com.br, being the Third Party responsible for all legal and administrative actions to mitigate the risks and eventual damage.

5.2. For more details on Intelbras' Data Privacy Policy, consult the full text at the online address www.intelbras.com/pt-br/politica-de-privacidade

6. LAW COMPLIANCE AND ETHICAL STANDARDS

6.1. The Parties declare and guarantee that all activities and business carried out based on this contractual relationship will be conducted in compliance with applicable laws and regulations, including, but not limited to, health and safety regulations, labor, tax and environmental legislation, and, mainly, anti-corruption legislation, being responsible and indemnifying the innocent Party against any demands, actions or claims arising from violation of laws and regulations by acts of its employees or agents, also committing to indemnify for damages and losses, including moral , resulting from violation of laws.

6.2. The Third Party declares that it has read and undertakes to comply with the obligations established in the Intelbras Code of Conduct, Ethics and Compliance, available at the online address www.intelbras.com/pt-br/codigo-de-etica, committing to register any irregularities of its knowledge on the Intelbras Whistleblower Channel available at the online addres www.intelbras.com/pt-br/canal-de-denuncia.

7. CONFIDENTIALITY

7.1. The Parties undertake for themselves, their employees, agents, representatives, subcontractors, consultants, and other agents who, due to their activity, duty, and authority, have access to confidential information, not disclose any of the confidential information, and that the same will be used exclusively for the specific purpose of the contractual relationship between the Parties.

7.2. The information supplied or disclosed between the Parties within this Agreement, hereinafter referred to as “Confidential Information” and “Trade Secret” is described in general as being the intellectual property of each Party, its current or future products, maps, accounting and financial, technical, strategic or business information, names of customers and/or suppliers, addresses and other similar data, contracts, practices, procedures and other trade information, including, without being limited to, prototypes, devices, sketches, designs, component lists, electric diagrams, software, reports, strategies, plans, documents, drawings, machines, tools, models, patent descriptions, samples, materials and everything that may be disclosed between the Parties, by any channel of communication or acquired during visitation to either Party’s facilities.

7.3. Intellectual property of each Party shall mean the trademarks, patents, inventions, and any and all data, ideas, practices, routines, research, product components, products designs, as well as all forms of knowledge, whether in writing, stored or kept in electronic for, magnetic media or stored in any other media.

7.4. . Upon any breach of this articles will give the injured Party shall have the right to seek fair compensation and may even resort to injunctive relief and preliminary orders, without detriment to any other applicable measures.