Cybersecurity Risk Management Processes For Assessing Identifying And Managing Threats [Text Block]

Risk Management and Strategy

We maintain a comprehensive process for assessing, identifying and managing material risks from cybersecurity threats, including risks relating to disruption of business operations or financial reporting systems, intellectual property theft, fraud, extortion harm to employees or customers, violation of privacy laws and other litigation and legal risk, and reputational risk, as part of our overall risk management system and processes. Cybersecurity risks are considered in the risk management annual reports submitted to the Audit Committee.

Key components of our cybersecurity risk management processes include the following:

·

cybersecurity processes designed to conform to the National Institute of Standards and Technology Cybersecurity Framework,

·

a multidisciplinary Information and Technology (IT) team in charge of managing cybersecurity risk and responding to cyber incidents,

·

the IT team has been trained and has professional certifications in computer security,

·

a cyber incident response plan has been developed, which includes internal escalation towards senior management and the board of directors, as well as disclosure to the stock exchange, if necessary,

·

the cybersecurity processes are reviewed, tested, updated and approved, according to our internal policies, which include, among others, conducting assessment tests and disaster recovery plans to test the main components of our IT infrastructure, and

·

a third-party cyber risk management process for vendors that includes, among other things, a security assessment to determine whether they are aware of vulnerabilities and associated risks before engaging them and using their services. Additionally, we regularly conduct vulnerability scans, validation of anti-malware and anti-intrusion systems, as well as network segmentation and content filtering. If during our security assessments, we identify potential cybersecurity risks, we restrict the access to that provider to our systems.

Additionally, in connection with our cybersecurity risk management processes, our internal experts perform several tests aimed to validate the effectiveness of the cybersecurity risk management processes.

We engage with external legal counsel on any matters relating to cybersecurity risk management, and also engage third-parties to provide trainings or to facilitate tabletop exercises.

Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, including as a result of previous cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks and any future material incidents See “Risk Factors” in Item 3 of this Annual Report on Form 20-F for more information on our cybersecurity related risks.

Cybersecurity Risk Management Processes Integrated [Text Block]

We maintain a comprehensive process for assessing, identifying and managing material risks from cybersecurity threats, including risks relating to disruption of business operations or financial reporting systems, intellectual property theft, fraud, extortion harm to employees or customers, violation of privacy laws and other litigation and legal risk, and reputational risk, as part of our overall risk management system and processes. Cybersecurity risks are considered in the risk management annual reports submitted to the Audit Committee.

Cybersecurity Risk Third Party Oversight And Identification Processes [Flag]

true

Cybersecurity Risk Board Of Directors Oversight [Text Block]

Board of Directors

The board of director’s Audit Committee is primarily responsible for the oversight of risks from cybersecurity threats, as well as for the review and approval of cybersecurity-related policies. The Audit Committee has decided to retain the oversight of risks in connection with cybersecurity threats, due to the importance of cybersecurity-related risks to our stakeholders.

To fulfill this responsibility, the Audit Committee receives reports about cybersecurity incidents. Additionally, on a quarterly basis the Audit Manager and the external audit associate report to the Audit Committee any relevant cybersecurity risks and incidents identified during the relevant period. Finally, as part of the annual risk assessment, the Audit Committee reviews and approves the cybersecurity processes.

Cybersecurity Risk Process For Informing Board Committee Or Subcommittee Responsible For Oversight [Text Block]

To fulfill this responsibility, the Audit Committee receives reports about cybersecurity incidents. Additionally, on a quarterly basis the Audit Manager and the external audit associate report to the Audit Committee any relevant cybersecurity risks and incidents identified during the relevant period.

Cybersecurity Risk Management Positions Or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise Of Management Responsible [Text Block]

Chief Information Security Officer

Cybersecurity Risk Management Positions Or Committees Responsible Report To Board [Flag]

true