Compliance
SMART DEVICE

POLICY 01

COMPLIANCE PROGRAM AND INTERACTION WITH THIRD PARTIES

The compliance program of SMART DEVICE is composed of nine (09) fundamental pillars, which are: 1) Support from Senior Management; 2) Risk Assessment; 3) Code of Conduct and Compliance Policies; 4) Internal Controls; 5) Training and Communication; 6) Reporting channels; 7) Internal Investigations; 8) Due diligence; 9) Monitoring and Auditing, prioritizing the formalization of the relationship between the parties in a written contract and other applicable documents and monitoring of their activities, especially when they represent the company before Public Administration bodies, Health Professionals, Health Organizations and/or Patients.

1.1 - Compliance Program

I) commitment from senior management leadership and a clearly articulated anti-corruption policy;

II) implementation of written policies and procedures, which aim to provide publicity and transparency to the relationships established between companies and health professionals;

III) appointment of a company integrity officer, with supervision, autonomy and the necessary resources, responsible for analyzing and enforcing the provisions prescribed in this program;

IV) periodic implementation of an effective training and education program for the employees and professionals linked to the company;

V) maintenance of written records that prove the disclosure and training of the integrity program, as well as its effective implementation;

VI) existence of a company’s internal, independent and autonomous Ethics Committee;

VII) development of a communication plan to disseminate a compliance culture inside the company;

VIII) implementation of standards of conduct, code of ethics, policies and integrity procedures applicable to all the employees and managers, regardless of their position or role;

IX) adoption of standards of conduct, code of ethics and integrity policies extended, when necessary, to third parties, such as suppliers, service providers, intermediary agents and associates;

X) conducting risk assessments, monitoring and internal audits;

XI) development of program execution standards, through widely disseminated disciplinary rules;

XII) taking quick action when problems are detected and taking corrective actions and/or disciplinary sanctions;

XIII) due diligence in its relations with third parties, as per item 1.2 below;

XIV) implementation of lines of communication, including a channel for receiving anonymous communications and complaints about any violation of program rules;

XV) internal audits and monitoring;

XVI) adoption of disciplinary measures applicable in the event of a proven violation of the Integrity rules, which shall be widely disclosed;

XVII) implementation of punishment procedures, development of specific procedures to prevent fraud and illicit activities in the context of bidding processes in the execution of administrative contracts or in any interaction with the public sector, even if intermediated by third parties, such as payment of taxes, subject to inspections, or obtaining authorizations, licenses, permissions and certificates.

1.1.2 - Term

This version of the Code of Conduct of SMART DEVICE will come into force as of the creation of the company.

1.1.3 - Interpretation and Amendments

The Compliance Sector will be responsible for resolving doubts, resolving conflicts with rules of other sectoral agreements (example: Health Ethics, ABRAIDI, ABIMED, INTERFARMA) with the company’s Code of Conduct and for interpreting omitted cases, as well as for proposing amendments to the company’s rules.

1.2 - Due Diligence of Third parties and in mergers, acquisitions and corporate restructuring.

Legal and natural persons (as applicable), who have a good commercial reputation, may be hired, merged, acquired or restructured (as applicable) by SMART DEVICE, and the interested parties must:

I) present a copy of their company’s Articles of Incorporation;

II) agree with the Code of Conduct and Policies of SMART DEVICE, in addition to the principles defined therein;

III) have moral integrity, ethics and unblemished reputation;

IV) answer the verification questionnaire, according to the company’s needs.

V) in addition to the documents presented, the following steps will be taken (due diligence):

a) not appearing in the Register of Employers who have submitted workers to the condition analogous to slavery from the Ministry of Labor and Employment (MTE), filing the evidence;

b) not appearing in the National Registry of Ineligible and Suspended Companies (CEIS) of the Office of the Federal Controller General (CGU) available at http://www.portaltransparencia.gov.br/sancoes/ceis, filing the evidence;

c) issue a negative certificate of Labor Debt from the Labor Court, available at http://www.tst.jus.br/certidao, filing the evidence;

d) must be aware of the Code of Conduct and Policies of SMART DEVICE, in addition to the commitments defined by the Due Diligence and Contract, for admission.

The employees must commit to keeping their registration data up to date with SMART DEVICE, including the contacts of professionals responsible, thus ensuring their permanence in the business relationship.

Reference: Code of Conduct of ETHOS Institute.

* Policy No. 01 approved by SMART DEVICE Senior Management on 07/13/2020.

July 14, 2020.

Let it be known and implemented.

SMART DEVICE SENIOR MANAGEMENT