{"id":1686,"date":"2026-03-12T22:49:17","date_gmt":"2026-03-13T01:49:17","guid":{"rendered":"https:\/\/flipper.unielo.com.br\/?page_id=1686"},"modified":"2026-03-13T17:08:57","modified_gmt":"2026-03-13T20:08:57","slug":"politicas-empresariais-e-esg","status":"publish","type":"page","link":"https:\/\/www.grupoflipper.com.br\/en\/politicas-empresariais-e-esg\/","title":{"rendered":"Corporate Policies and ESG"},"content":{"rendered":"
\n\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Governance, compliance and integrity guidelines<\/p>\r\n \t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
Conduct, decisions and controls<\/h6>\n

\n COMPANY POLICIES<\/span>\n <\/h2>\n \t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Grupo Flipper Policies establish governance guidelines that direct conduct, decisions, and controls to ensure legal compliance, integrity, operational continuity, and excellence in service delivery. They apply to all Employees, Directors, interns, third parties, partners, and suppliers when acting on behalf of the Grupo Flipper, on company premises or in its digital environments.<\/p>

These Policies are complementary to the Business Principles \u2013 Code of Ethics, Conduct and Relationship with Third Parties, and are broken down into Standards (NOR), Procedures (PRO), Work Instructions (INS), Flows (FLU) and Documents\/Templates (DOC). Any exception must be formally justified, recorded and approved by the responsible Directorate, with the knowledge of the Compliance Cell.<\/p>

Governance Architecture (QSMS-RS+):<\/strong> Quality, Safety, Environment, Health and Social Responsibility, plus Ethics and Conduct, Anti-Corruption, Compliance and Information Security, aligned with the Group's governance model and best market practices (including applicable certification requirements and the AEO Program).<\/p>

Review and continuous improvement:<\/strong> Policies should be reviewed at least annually or whenever there is a relevant regulatory change, material incident, process\/system change, recurring non-compliance, or emerging risk.<\/p>

\u00a0<\/strong><\/p>

Quality policy<\/strong><\/h4>

Guideline: Develop innovative, creative, and customer-focused logistics and customs solutions, emphasizing predictability, traceability, agility, and continuous improvement. Evidence: GF Learning Program \/ Major's Library (training and learning culture) and GF Quality Program (document regularity, indicators, internal audits, and process\/technology improvements).<\/p>

\u00a0<\/p>

Security Policy<\/strong><\/h4>

Guideline: Ensure a safe environment for employees, visitors, customers, suppliers, and partners through occupational risk management and physical and operational controls commensurate with the criticality of the business. Evidence: GF Safe & Secure Program (PGR, LTCAT, CIPA, and other prevention actions), operational controls associated with OEA\/insurance, and enhanced information security for communications and sensitive data.<\/p>

\u00a0<\/p>

Environmental Policy<\/strong><\/h4>

Guideline: to advocate for the conscious use of natural resources, encourage environmental preservation and sustainability, and conduct operations with clients and partners, promoting practices that avoid harming the environment.<\/p>

Evidence: GF Sustainability Program (awareness, reduction of printing and waste, digitization of processes, recycling, rational use of water and other internal initiatives).<\/p>

\u00a0<\/strong><\/p>

Health Policy<\/strong><\/h4>

Guideline: Ensure a healthy, safe, and productive environment through occupational health programs and wellness initiatives, encompassing physical, mental, and emotional health. Evidence: GF Health Program (PCMSO, legal and corporate benefits, and structured actions to promote health and well-being).<\/p>

\u00a0<\/p>

Social Responsibility Policy<\/strong><\/h4>

Guideline: To promote sustainable development, respect for diversity, and reduction of inequalities through non-discriminatory actions, informed consent, training, volunteering, and monitored donations. Evidence: GF People Program and GF Sustainability Fund (fundraising and monitored donations), in addition to social projects supported by the Grupo Flipper.<\/p>

\u00a0<\/strong><\/p>

Compliance Policy<\/strong><\/h4>

Guideline: To guide and ensure ethical, compliant, and integrity practices in internal relationships and with third parties, preventing, detecting, and correcting deviations, with records and traceability. Evidence: Business Principles, training, periodic communications, and supporting documentation for routines (standards, procedures, and records).<\/p>

\u00a0<\/strong><\/p>

Anti-Corruption Policy<\/strong><\/h4>

Guideline: Maintain zero tolerance for bribery, corruption, and any undue advantage, in the public or private sphere, nationally or internationally, including offering, soliciting, promising, authorizing, or receiving. Evidence: Anti-corruption clauses in contracts, commitment agreements with third parties, training, and internal investigations when applicable, with proportionate disciplinary measures.<\/p>

\u00a0<\/strong><\/p>

Physical Access Control Policy<\/strong><\/h4>

Guideline: Maintain clear rules for access and circulation within company premises for employees and third parties, prioritizing security, asset integrity, and information protection. Evidence: biometric\/password control according to areas, reception with assisted service, and continuous monitoring by CCTV (Closed Circuit Television) with image storage for a period defined in internal regulations.<\/p>

\u00a0<\/strong><\/p>

Data Control and Access Policy<\/strong><\/h4>

Guideline: Ensure that access to data and systems is granted according to the principle of least privilege, in accordance with Prerequisite Sheets (PRS), job functions, and business needs. Minimum controls: verticalization of access by sector\/subdirectory; creation and revocation of access during the hiring\/termination process; logs and traceability in systems; rules for the use of corporate email; and compliance with the LGPD (Brazilian General Data Protection Law) and commitments to Security, Ethics, Compliance, and Anti-Corruption.<\/p>

\u00a0<\/strong><\/p>

Governance, Risk Management and Internal Controls (ERM) Policy<\/strong><\/h4>

Guideline: Identify, assess, treat, and monitor risks (strategic, operational, financial, compliance, security, and IT) with defined risk tolerance, segregation of duties, key controls, and periodic reporting to the Board of Directors. Evidence: OEA\/Risk Management Committee, risk map, critical indicators (KRIs\/KPIs), internal audits, and action plan with responsible parties and deadlines.<\/p>

\u00a0<\/strong><\/p>

Business Continuity, Disaster Recovery and Crisis Management (BCP\/DRP) Policy<\/strong><\/h4>

Guideline: Ensure customer service resilience and preservation of critical operations in the face of incidents (system failures, facility unavailability, weather events, cyber incidents, reputational crises). Evidence: Business Continuity Plan\/Disaster Recovery Plan\u00a0(Business Continuity Plan and Disaster Recovery Plan)<\/em>\u00a0with RTO\/POR\u00a0(Recovery Time Objective and Recovery Point Objective)<\/em>, periodic testing, a communication chain, and a crisis roadmap with spokespeople and approvals.<\/p>

\u00a0<\/strong><\/p>

Document Management, Retention and Confidentiality Policy<\/strong><\/h4>

Guideline: Define classification, retention periods, confidentiality, secure disposal, and traceability of physical and digital documents, including operational records and compliance evidence. Evidence: Retention matrix, naming convention, audit trail, and access controls, aligned with legal requirements and client\/regulatory body requirements when applicable.<\/p>

\u00a0<\/strong><\/p>

Information Security Policy (ISP) and Privacy<\/strong><\/h4>

Guideline: To protect the confidentiality, integrity, and availability of information belonging to the Grupo Flipper and its clients\/third parties, preventing leaks, unavailability, and misuse. Minimum scope: Identity and Access Management (IAM), passwords and MFA (Multi-Factor Authentication), information classification, devices and media, backups, logs and incident response, in addition to privacy guidelines (LGPD).<\/p>

\u00a0<\/strong><\/p>

Identity and Access Management (IAM) Policy<\/strong><\/h4>

Guideline: Standardize the creation, modification, periodic review, and revocation of access; adopt least privilege; segregate critical profiles; and ensure immediate logical disconnection upon offboarding. Evidence: Quarterly\/semi-annual access reviews, manager approval, and audit trail maintained by the IT Cell.<\/p>

\u00a0<\/strong><\/p>

Password and Authentication Policy (MFA)<\/strong><\/h4>

Guideline: Establish objective rules for passwords and strong authentication (MFA) in systems, email, and remote access; prohibit the sharing of credentials; and adopt blocking and limited attempts.<\/p>

Evidence: technical standard defined by IT, awareness campaigns, and compliance audit.<\/p>

\u00a0<\/strong><\/p>

Information Classification and Acceptable Use Policy<\/strong><\/h4>

Guideline: classify information (Public, Internal, Confidential, Restricted), define handling\/sharing and rules for acceptable use of email, internet, messaging and devices (including BYOD \u2013 Bring Your Own Device \u2013 when and if authorized). Evidence: terms of responsibility, periodic training and review of access\/sharing.<\/p>

\u00a0<\/strong><\/p>

Backup Policy, Logs, Monitoring and Incident Response<\/strong><\/h4>

Guideline: Define the frequency and scope of backups, log retention, monitoring, vulnerability handling, and incident response (containment, eradication, recovery, lessons learned). Evidence: restore tests, incident and post-incident reports, and internal service level agreements (SLAs).<\/p>

\u00a0<\/strong><\/p>

Sustainable Procurement Policy and Third-Party Management (Due Diligence<\/em>)<\/strong><\/h4>

Guideline: contract and maintain suppliers\/partners with objective criteria for quality, sustainability, safety, compliance, and continuity; prioritize Authorized Economic Operator (AEO) partners when applicable; and document approval and reassessments. Evidence: third-party approval and qualification matrix, contractual clauses (LGPD, anti-corruption, security), and periodic performance evaluations\/SLAs.<\/p>

\u00a0<\/p>

Contract Management Policy and SLA with Third Parties<\/strong><\/h4>

Guideline: Standardize the creation, review, approval, storage, and management of contracts; define SLAs (Service Level Agreements) <\/em><\/strong>and responsibilities; and handle non-conformities and penalties with traceability. Evidence: Controlled contract repository, approval workflow, and registration of addenda and renewals.<\/p>

\u00a0<\/strong><\/p>

People Policy: Human Rights, Diversity, Harassment and Training<\/strong><\/h4>

Guideline: Ensure a dignified, safe, inclusive, and high-performance work environment with zero tolerance for harassment, discrimination, and retaliation; and guarantee training for critical roles (including Authorized Economic Operator, information security, and compliance). Evidence: Internal codes and standards, reporting channels, investigation processes, and mandatory training pathways with documentation.<\/p><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

Diretrizes de governan\u00e7a, compliance e integridade Condutas, decis\u00f5es e controles POL\u00cdTICAS DA EMPRESA As Pol\u00edticas do Grupo Flipper estabelecem diretrizes de governan\u00e7a que orientam condutas, decis\u00f5es e controles para assegurar conformidade legal, integridade, continuidade operacional e excel\u00eancia na presta\u00e7\u00e3o de servi\u00e7os. Elas se aplicam a todos os Colaboradores, Diretores, estagi\u00e1rios, terceiros, parceiros e fornecedores quando […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-templates\/full-width.php","meta":{"footnotes":""},"class_list":["post-1686","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.grupoflipper.com.br\/en\/wp-json\/wp\/v2\/pages\/1686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.grupoflipper.com.br\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.grupoflipper.com.br\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.grupoflipper.com.br\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.grupoflipper.com.br\/en\/wp-json\/wp\/v2\/comments?post=1686"}],"version-history":[{"count":37,"href":"https:\/\/www.grupoflipper.com.br\/en\/wp-json\/wp\/v2\/pages\/1686\/revisions"}],"predecessor-version":[{"id":2363,"href":"https:\/\/www.grupoflipper.com.br\/en\/wp-json\/wp\/v2\/pages\/1686\/revisions\/2363"}],"wp:attachment":[{"href":"https:\/\/www.grupoflipper.com.br\/en\/wp-json\/wp\/v2\/media?parent=1686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}