Code of Conduct

Ethics, Innovation, and Responsibility: Our Core Commitment

At ORAEX, we believe that integrity and excellence go hand in hand. Our Code of Conduct is more than just a document—it is a reflection of our culture, our values, and the way we conduct business with ethics, respect, and commitment.

1. Introduction

This Code must be guided by ORAEX’s core values. It is important to emphasize that 'we are ORAEX,' and as the individuals who shape this company, this Code is ours, it is an internal commitment, not an external imposition.

This Code expresses the commitment of ORAEX, its employees, and service providers to comply with the laws, regulations, and standards applicable to our activities. It emphasizes respect for others and the ethical posture that must guide both personal and professional conduct. The daily practice of these principles will foster a continuous learning process, encouraging dialogue as a key factor in resolving conflicts and ethical dilemmas that may arise, ultimately leading to ORAEX’s organizational evolution.

ORAEX focuses its strategic growth on two pillars: INTEGRITY and PROSPERITY. This Code promotes integrity as a catalyst for prosperity, reflecting our belief that trust and commitment are the foundations of our purpose.

II- Core Principles of Our Code

  • Upholding and enhancing professional excellence, innovation, and human respect in every action, according to the law. ORAEX is committed to conducting business with the highest standards of integrity, ensuring the consistent delivery of high-impact solutions to all our stakeholders.
  • To conduct our activities with impartiality and through a broad range of meritoriously qualified partners, aiming for the highest performance and the company’s maximum competitiveness.
  • To respect human rights, while promoting diversity, well-being, and safety. We do not tolerate discrimination, harassment, or persecution of any kind.
  • To act with the goal of preserving the environment and ensuring its sustainability.
  • To promote social inclusion.
  • To manage and treat with confidentiality and diligence all information and intellectual property acquired during our professional activities, as well as to use the resources provided by ORAEX to ensure full organizational performance.
  • To handle all information in accordance with ORAEX’s Information Security Policy, respecting its classification (PUBLIC, INTERNAL, or CONFIDENTIAL) to ensure the confidentiality, integrity, and availability of our internal and client data.
  • To use the resources and information provided by ORAEX exclusively for professional purposes, in compliance with information security and protection guidelines, reinforcing our commitment to secure and reliable processes.
  • To never conduct or participate in any illegal or unethical dealings or transactions, regardless of whether they offer personal gain.
  • To prioritize public and collective interests whenever they conflict with private or individual interests.
  • To accept or offer gifts, benefits, or entertainment only within the scope deemed appropriate by ORAEX’s rules and in full compliance with applicable laws.
  • To maintain a resolute stance and refuse any demands that may influence or threaten social order or the safety of individuals and society.
  • To report to the relevant ORAEX point of contact any acts conflicting with this Code, whether discovered or committed through oversight, lack of awareness, or error.

III- Scope and Applicability

This Code of Conduct must be observed by Board members, employees, interns, temporary contractors, outsourced staff, and any individual or legal entity acting on behalf of ORAEX—including startups in which ORAEX is an investor or supporter. It takes precedence over all other ORAEX policies and regulations.

The Board of Directors, supported by the Compliance Committee, is responsible for maintaining the company's Code of Conduct. Each operational unit is responsible for implementing the established practices.

The Compliance Committee is the entity responsible for receiving notifications and taking appropriate action regarding any deviation from the Code of Conduct.

IV- Standards of Professional Conduct

At ORAEX, we believe our collaborators are responsible, skilled, and mindful individuals. This partnership between the individual and the corporation carries shared responsibilities: we seek professionals who lead by example as citizens. Because our reputation is built by our people, a mutual commitment is essential.

Therefore, adherence to our Information Security Policy is mandatory to ensure data is treated according to its classification. Your role is vital in safeguarding the confidentiality, integrity, and availability of our information against unauthorized access or misuse.

Below, we outline several critical areas that require your utmost attention.

A. RESPECT FOR DIVERSITY AND INCLUSION

Our employees form a talented and diverse workforce, and ORAEX leverages the full potential of this diversity to drive organizational success. We recognize and respect the plurality of the society in which we operate, which both influences and is influenced by our beliefs, behaviors, and attitudes.

Accordingly, we are committed to conduct free from prejudice, treating everyone with equity and fairness. Hiring, promotion, compensation, recognition, and all internal and external relationships must be conducted with impartiality, discernment, and common sense, guided solely by ORAEX’s core values.

For us, respecting diversity means more than just obeying the Constitution and the law. It is the belief that every human being is worthy of respect and that our differences have the potential to spark the best solutions for the world.

We are committed to respecting and promoting human rights to ensure that technology plays a positive role across the globe.

B. SOCIAL AND ENVIRONMENTAL GOVERNANCE

ORAEX believes its actions have the power to improve society and is committed to the sustainability of the communities in which we operate. To this end, we actively promote social inclusion and environmental preservation agendas that align with our business activities.

C.EXCELLENCE, QUALITY, AND INNOVATION

Our team strives for excellence in every task, committed to consistently delivering high-quality, effective solutions for both internal and external clients.

At ORAEX, the pursuit of excellence is driven by the constant application of methods and technologies that provide distinctive solutions for our clients. Consequently, we foster a culture of engagement where employees are encouraged to develop and implement innovative ideas.

D. INTERNAL AND EXTERNAL RELATIONSHIPS

ORAEX employees hold the following relationship premises:

  • Unwavering Commitment
  • Unconditional Respect for individual dignity
  • Continuous Professional Development

These premises require transparency in relationships, the building of an environment of mutual trust, awareness and responsibility at all levels of the company, as well as behaviors guided by courtesy, respect, honesty, ethics, and impartiality. Any and all acts of harassment and disrespect toward human beings are repudiated.

ORAEX's relationships with its clients, suppliers, and business partners include acts, operations, deals, or commercial transactions, as well as actions following the completion of operations, requiring ORAEX employees to adopt attitudes that seek the best alternative for the parties involved, in a service standard that aims, primarily, at the full satisfaction of clients and ORAEX itself for the maintenance of long-lasting relationships.

ORAEX's competitiveness is based on its business management and negotiation capacity with clients, suppliers, and business partners.

We believe that a competitive market is capable of fostering the growth, development, and maintenance of our activities.

ORAEX also prohibits and repudiates the performance of acts aimed, in any way, at corrupting market representatives, with the purpose of obtaining undue advantages or benefits through the celebration, amendment, extension, or termination of public or private contracts.

ORAEX respects the individual right of ORAEX employees to involve themselves in civic matters and encourages them to exercise their right to vote and participate in the political process. Such activities must be developed on a personal basis and in a way that does not interfere with corporate activity.

E. THE ROLE OF MANAGERS

As a leader, you play a vital role in establishing the culture and work environment of your team. The way you make decisions and handle challenges builds the foundation of trust with your team, clients, and stakeholders.

To foster a culture of trust and integrity within your team:

  • Talk to everyone about ethics and integrity, making it clear that you expect all work to be conducted in accordance with ethical principles.
  • Lead by example, acting as a role model for your entire team.
  • Ensure your team knows that you are always ready to listen to what they have to say.
  • Ensure that all results are achieved with integrity and in the correct manner.
  • Guarantee that your teams comply with the Security and Privacy guidelines established in internal policies.

Part of building a culture of trust is learning to speak up when something is not right, so that we can address the problem together.

If someone comes to you with a concern, you have a special responsibility to listen and act. Addressing issues appropriately is essential to preserving trust and protecting ORAEX.

F. USE AND PRESERVATION OF COMPANY ASSETS

ORAEX’s assets include tangible or physical assets, such as computers, documents, etc., as well as intangible values, such as corporate identity, company reputation, software, methodologies, and processes developed by ORAEX employees to support the organization's business.

ORAEX’s intellectual property consists of patents, trademarks, know-how, ideas, inventions, improvements, formulas, processes, original works of authorship, technologies, methodologies, programs, plans and projects, proposals and concepts, copyrights, trade secrets, domain names, industrial designs, logos, technical data, process and market information, databases, current or future products, services, or research; business or marketing plans and projections, trade secrets, and client lists, as well as any information developed or obtained by the company.

Employees have the obligation to protect ORAEX’s intellectual property from misuse, misappropriation, or use for personal gain; its use for private purposes or disclosure to third parties is not permitted. The same care and respect must be practiced regarding the intellectual property of third parties.

For any purpose, it must be governed by the principle of commitment.

G. CONFIDENTIALITY, USE, AND MONITORING OF INFORMATION

All information used within ORAEX’s professional environment—whether by our team, clients, partners, or third parties, and regardless of whether it is physical, digital, or verbal—IS CONFIDENTIAL, except for that which is explicitly designated as public domain by ORAEX’s Board of Directors, or information already in the public domain at the time of its use within the company. Accordingly, the entire ORAEX team commits to MAINTAINING CONFIDENTIAL any and all information used in their daily professional routine, with authorization for use granted only within the necessary circle of people relevant to the subject. This protocol aims to reiterate the commitment of the entire ORAEX team to the primary asset of our Clients and the market in which we operate:

In addition to the obligation to protect ORAEX information against unauthorized disclosure, ORAEX employees must use this information solely for the company's business purposes. This obligation applies regardless of how the employee became aware of the information or whether or not they are directly responsible for its production, custody, and protection.

Electronic communication tools are company property; therefore, ORAEX reserves the right to monitor any transaction (accesses and receipts) carried out on its information systems and the Internet. This rule covers information written or stored in electronic systems and any other associated media. It also includes information developed technically, acquired through associations, acquisition, licensing, purchase, or entrusted to the company.

ORAEX will not disclose any information regarding its employees, clients, and business partners unless duly and formally authorized by the individuals involved, or in compliance with legal and/or judicial requirements or determinations.

We store and process personal data in various ways to fulfill our contractual, legal, and regulatory obligations, in full compliance with the General Data Protection Law (Law No. 13.709/2018).

Personal data will be retained by ORAEX only for as long as necessary to satisfy a legitimate business purpose or to comply with a legal or regulatory obligation

You must take all reasonable and necessary measures to ensure that personal data is accessed only by individuals who need this information to perform their tasks.

H. MAINTENANCE OF CLEAR AND ACCURATE RECORDS

Our records are clear, accurate, complete, and easily understandable to reflect our financial results and to preserve trust in our management. Maintaining accurate records is fundamental to sustaining the trust of our partners and employees.

We honestly and accurately record and report all financial transactions and business information, complying with applicable laws, regulations, and accounting practices.

We are transparent about our commitments to our partners and clients, and our written contracts accurately reflect the actual economic terms of the transaction.

V. Conflict of Interest

ORAEX believes that collective interests, aligned with organizational principles and subordinated to the interests of society, must prevail over individual interests.

It is legitimate for ORAEX employees to act on and defend personal and individual interests, provided these do not conflict with the legitimate interests of the group, the corporation, and society.

Therefore, employees must use their influence—whether positional, situational, or personal, in public or in private—with discretion and for the benefit of the collective, avoiding any enjoyment of private benefits that conflict with broader interests.

Should you experience a situation that causes, or could potentially cause, a "conflict of interest," communicate it immediately to your direct supervisor.

VI - Anti-Corruption Policy

ORAEX stands against any and all forms of corruption; therefore, it will not tolerate, on the part of any employee or anyone acting on behalf of the company, any attitude that might cast doubt on the integrity of the relationship.

We value our reputation for conducting business with honesty, integrity, and transparency. Maintaining this reputation is of paramount importance as it builds trust in our business with clients, shareholders, investors, suppliers, competitors, and others, which translates to being good for business.

It is strictly forbidden to promise, offer, or give, directly or indirectly, any undue advantage to individuals, legal entities, public officials, or any related third parties. We have zero tolerance for situations involving corruption, bribery, or any other forms of financing, funding, sponsorship, or incentive for illicit acts.

ORAEX seeks ethics and transparency in its relations with all stakeholders. Therefore, it is expected that no employee takes advantage of their position or authority within the company to obtain personal benefits from clients, suppliers, business partners, or competitors.

Any employee involved in practices aimed at concealing or facilitating bribes, kickbacks, or other illegal payments or receipts seriously damages ORAEX's reputation for ethical behavior and may subject the company and/or the employee to lawsuits and severe civil and criminal penalties and sanctions.

VII - On Privacy and Personal Data Protection

ORAEX operates in compliance with the General Data Protection Law (LGPD) and acts responsibly, adhering to the following principles:

  • Legality: processing personal data only in accordance with local laws and/or following the best international personal data protection regulations.
  • Purpose: performing data processing for specific, legitimate purposes, and ensuring that the data subject is fully informed.
  • Necessity: limiting the collection and use of data to what is essential for the purpose of the data processing.
  • Adequacy: ensuring the compatibility of data processing with the informed purpose. In other words, data will only be collected and used if it is necessary and essential for providing the company's services.
  • Transparency: providing clear and accurate information about the performance of data processing.
  • Free access: easy and free access for all individuals regarding how their data is processed.
  • Data quality: ensuring the accuracy, clarity, and updating of collected data, according to the need and to fulfill the purpose of its processing.
  • Confidentiality: guaranteeing data access only by authorized persons.
  • Data security and reliability: ensuring information security to prevent intrusions, illegal access, destruction, or loss of data.
  • Prevention: ensuring the adoption of measures to prevent damage to data subjects due to data processing.

  • Accountability and reporting: demonstrating the adoption of effective measures capable of proving compliance with personal data protection norms and ensuring their effectiveness.

  • Non-discrimination: impossibility of carrying out data processing for discriminatory, unlawful, or abusive purposes.

ORAEX has a firm commitment to privacy and is dedicated to protecting any personal data that may pass through the company.

Accordingly, it establishes obligations compatible with Brazilian legislation requirements, as well as internationally accepted best practices and standards, aiming to ensure adequate levels of protection for the personal data processed by the company. Obligations to be adopted by all persons linked to ORAEX:

  • Adopt best practices regarding the protection and processing of personal data, data origin, and quality, as well as preventing data leaks resulting from such processing.
  • To apply and respect the principles of loyalty and lawfulness, purpose limitation, transparency, free access, adequacy, necessity (minimization), deletion, quality, confidentiality, data security and reliability, prevention, and accountability at any time during the processing of personal data, in accordance with the provisions of Brazilian legislation. Additionally, to carry out normative self-regulation processes with measures that guarantee compliance with data protection standards.
  • To ensure that the respective shareholders, legal representatives, employees, suppliers, or third parties involved in data processing activities comply with the legal provisions applicable to the protection of personal data, including its non-disclosure or transfer, under the terms of the applicable law.
  • To not perform improper, irregular, or illegal personal data processing, whether directly, indirectly, actively, or passively.
  • To ensure that personal data processing activities observe good faith and the principles of purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, and accountability, as defined in the General Data Protection Law (LGPD).
  • To adopt personal data protection policies, personal data incident management plans—including the indication of possible remediation measures that may be applied—and internal training and communication plans regarding the processing of personal data.
  • Guarantee data subjects the exercise of their rights, allowing them at any time to request: confirmation of the existence of data processing;
  • access to their personal data; correction of incomplete, inaccurate, or outdated data; anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data under the General Data Protection Law; portability of their personal data to another service or product provider, without involving the disclosure of commercial or industrial secrets; information on public and private entities with which ORAEX has shared data; information on the possibility of not providing consent for the processing of their personal data; the right to revoke granted consent; the right to petition against the controller before the ANPD (National Data Protection Authority) and to oppose data processing.
  • Limit the collection, use, retention, disclosure, and transfer of personal data to the minimum necessary to achieve its purposes, covering pertinent, proportional, non-excessive, and legitimate data.
  • Implement all necessary measures to protect data, including but not limited to protection against accidental or unlawful destruction, accidental loss, data leakage, unauthorized alteration, or disclosure.
  • Apply appropriate information security standards to ensure the integrity of personal data, taking best practices on the subject as a reference.
  • Retain data for the period necessary to execute the purposes for which it was provided, ensuring its confidentiality; except when there is a contrary legal provision, an order from the National Data Protection Authority or any judicial authority, or a request from the data subject.
  • Block access to personal data and refrain from processing when the declared purposes expire, but the retention of personal data is required by current legislation.
  • Ensure that data subjects have the possibility to review and correct their personal data, provided their identity is proven.
  • Ensure that, in the event of a data protection incident, all interested parties are notified.
  • Immediately inform the other party and provide all necessary collaboration in the event of any investigation or inspection by the National Personal Data Protection Authority or the judiciary, prioritizing the security and integrity of personal data.
  • Continuously improve Personal Data Protection Management through the definition and systematic review of privacy and data protection objectives at all levels of the organization.
  • Guarantee non-discrimination in the processing of personal data, preventing it from being used for discriminatory, unlawful, or abusive purposes.
  • Provide the data subject with explanations about the purpose of their personal data processing and ensure the accuracy and quality of the processed data.
  • Include in contract drafts, when the contracted service requires data processing, a data protection, confidentiality, and secrecy clause.
  • Ensure the education and awareness of shareholders, legal representatives, employees, suppliers, consultants, third-party contractors and, when relevant, partners, clients, and consumers about the personal data protection practices adopted by ORAEX.

Contact related to privacy, personal data protection, and/or the General Data Protection Law must be made directly to the Compliance Committee by emailing compliance@oraex.com.

VIII - Penalties for Violation of the Code

Any proven violation of the laws or the guidelines and orientations of this code will result in various disciplinary actions, depending on the severity of the situation, ranging from warnings to termination of employment.

In the case of third parties who maintain any type of contractual bond with ORAEX, the proven disregard for the laws and this Code shall result in the immediate termination of the contractual relationship.

Given the peculiarities inherent to the business developed by ORAEX, all its employees are also required to comply with the United States Foreign Corrupt Practices Act (FCPA), which strictly prohibits the payment of bribes to government representatives anywhere in the world.

ORAEX is subject to severe criminal and civil penalties for violations of the FCPA and other applicable anti-corruption laws, and individuals may be subject to severe civil and criminal penalties for any violations, including imprisonment and substantial fines; should these occur, the company will not reimburse nor be held responsible for them.

Any violation of the FCPA by any employee will result in disciplinary action, which may even lead to dismissal and/or immediate termination of the existing contractual relationship with ORAEX.

IX - Commitment and Adherence

The commitment of employees is fundamental for the Code of Conduct to be a true instrument for guiding conduct on behalf of the company. Everyone is responsible for its application in their daily professional life.

Signing the Term of Commitment (Annex) is mandatory and represents an expression of free consent and agreement to comply with the principles and guidelines contained therein.