Procurement Policy

Click here to access the PDF.


Review History

Version: Date of Review: History: 
1 06/03/2013 Document creation
2 06/26/2015 Including the Items Scope (II), Additional Documents (III), Concepts and Acronyms (IV), Responsibilities (V), Management of Consequences (VII) and General Provisions (VIII).
Adjusting the Purpose (I) regarding the concept of sustainability.
Including the quote from the Policy PLT_001 Anti-Corruption in Items 5 and 8.
Including the provisions on the Supplier’s Code of Ethical Conduct in Item 8.
Updating Items 2, 7, 9, 10, 11 and 12.
3 08/01/2017 Including Sub-item 8.15 of VI. Guidelines;
Updating Items II. Scope and Subitems 2, 8, 8.1, 8.5, 8.6, 8.11, 8.12, 8.13, 9 and 11 of VI. Guidelines.
4 10/29/2019 Updating Items II. Scope, III. Guidelines, Sub-items 2 and 8.15, V. Responsibilities, VI. Additional Documents, VII. Concepts and Acronyms and VIII. General Provisions.
Including Item III. Guidelines Subitem 13.
5 11/25/2021 Changes to items: II. Scope, IV. Approval Authority, V. Consequence Management, VI. Responsibilities, VII. Supplementary Documentation and update of sub-items 1, 5, 8, 11 and 13 of III. Guidelines.


I. Purpose

Ensure, during the process of purchasing goods and services and supply chain management, the construction of ethical and transparent relationships seeking competitiveness, quality, speed, and sustainability. This relationship must ensure the perpetuity and legality of the operations, in addition to stimulating social and environmental responsibility and innovation in a continuous and evolving manner.

II. Scope

All members of the Board of Directors, Advisory Committees and Executive Board (“Officers”), members of the Audit Board and employees of Cielo S.A., Servinet Serviços Ltda., Aliança Pagamentos e Participações Ltda. and Stelo S.A., hereinafter referred to as “Cielo” or “Company”.

All the Company’s Subsidiaries must define their directions based on the guidelines set forth in this Policy, considering the specific needs and the legal and regulatory aspects to which they are subject.

With respect to the Affiliated Companies, the Company’s representatives who act in managing them must make every effort to ensure that their directions are defined based on the guidelines set forth in this Policy, considering the specific needs and the legal and regulatory aspects to which they are subject.

III. Guidelines

1. The relevant purchases and contracting are performed centrally by the Superintendency of Efficiency and Purchases, aiming to ensure consistency in the relationship between Cielo and its suppliers.

2. Potential suppliers must undergo the registration and financial, fiscal/tax, labor, and social and environmental evaluation processes, among others, according to internal procedures, in addition to being technically qualified by means of an evaluation by the areas requesting the acquisition.

3. The registration of companies in public registers will be taken into consideration in the supplier approval process.

4. The segregation of duties and traceability in the various operational and decision-making phases guarantee transparency in the contracting process.

5. The rights and responsibilities, both of Cielo and its partners in the contracting of relevant purchases, are formalized by means of legal instruments based on the Legislation in force and guided by the Company’s Code of Ethics and Anti-Corruption Policy.

6. Suppliers selected to bid for the supply of products and services specified and defined by the technical area are submitted to a transparent selection process, in which all participants must have equal conditions simultaneously.

7. Cielo values free and fair competition among its suppliers and the adoption of strictly ethical practices regarding the commercial relationship with its partners.

8. The precepts established in Cielo’s Code of Ethics apply to this Policy, which must be observed by its suppliers or potential suppliers, namely:

8.1. Search for the development of its employees by means of training for the job and stimulus to improve their levels of education;

8.2. No use of labor analogous to slavery;

8.3. No use of child labor;

8.4. Appreciation for diversity, promoting equality and fighting the practice of discrimination based on gender, disability, origin, religion, skin color, race, ethnicity, sexual orientation, marital status, age, health and/or social condition, or any other form of discrimination;

8.5. No conflict of interest with Cielo;

8.6. The acceptance and offering of courtesies, such as: perks, gifts, and invitations to events, must follow the usual market practices and the rules established in the Code of Ethics;

8.7. Compliance with the legislation in force, such as, but not limited to, anti-corruption, tax, labor, social security, and environmental legislation, among others;

8.8. Freedom of association;

8.9. Fair competition;

8.10. Information protection;

8.11. No practices that constitute or encourage sexual, moral, religious, economic, political, or organizational harassment;

8.12. Incorporation of voluntary commitments, aiming to contribute to the social, economic, and environmental development of the community in which it operates;

8.13. Preservation of the Environment;

8.14. Transparency in all relationships;

8.15. Communication of deviations through our Ethics Channel, whose contact is present in all of Cielo’s means of interfacing with its suppliers.

9. Cielo has an ongoing objective to expand its supplier base, without restrictions to suppliers by size or location, as long as they are able to offer their product or service in compliance with the needs and specifications disclosed by Cielo and are able to supply from an administrative and technical point of view.

10. In all contracting, Cielo uses compliance with social and environmental responsibility practices and dissemination of sustainability principles as a standard and mandatory condition.

11. The supplier base is monitored from the point of view of compliance with the relevant principles contained in the Code of Ethics, and suppliers considered critical have specific analysis criteria according to internal procedure.

12. A specific relationship channel, exempt and direct with suppliers, is maintained for the management of the principles of this Policy and disclosed to all suppliers as the “Ethics Channel”.

13. If it is identified that the demand will have an operation with relevant services (processing, data storage, and cloud computing), it will be automatically directed by the Purchasing tool for specific analysis by the responsible areas: Information Security Department, Business Continuity Coordination and Crisis Management. Once the scope is confirmed, the demand becomes relevant to Cielo and, therefore, the supplier to be contracted will be a Relevant Supplier, which must follow all the procedures in accordance with Central Bank Circular 3.909/18.

The Regulatory Legal Department will be informed through the Purchasing tool that there is a demand in progress and that it will need, within the deadlines established by the Circular and, after the signature of the agreement or amendment, to inform the Central Bank of Brazil (“Bacen”) regarding the existence of a new supplier classified as relevant to Cielo. The agreements for the relevant suppliers will be monitored by the Purchasing area, regarding their validity, addendums and/or termination. Any contractual changes to Relevant Suppliers must be informed to the Regulatory Legal Department in a timely manner, which in turn will evaluate the need for communication to the Central Bank of Brazil (“Bacen”).

13.1. The Legal Superintendency is responsible for assessing adherence to the standards and requirements of BACEN Circular no. 3.909/18, and the Superintendency of Efficiency and Purchasing and the Legal Superintendency are responsible for ensuring compliance with the governance required by the Company’s standards and by BACEN.

IV. Approval Authority

Purchases and contracting are made in compliance with the provisions of the Bylaws, Internal Regulations of the Board of Directors, Internal Regulations of the Executive Board, Purchasing Standard, and Approval Authority Standard, as applicable.

V. Consequence Management

Employees, suppliers or other stakeholders who observe any deviations from the guidelines in this Policy may report the fact to the Ethics Channel ( or 0800 775 0808), with the option of anonymity.

Internally, non-compliance with the guidelines of this Policy gives rise to the application of accountability measures to the agents that fail to comply with it, according to the respective severity of the non-compliance, and is applicable to all persons described in the item “Scope” of this Policy, including the leadership and members of the Executive Board.

VI. Responsibilities

  • Administrators, Managers and Employees: Observe and ensure compliance with this Policy and, when necessary, call the Superintendency of Efficiency and Purchasing for consultation on situations involving conflict with this Policy, or upon the occurrence of situations described herein.
  • Superintendency of Efficiency and Purchasing: Comply with the guidelines established in this Policy, keep it updated to ensure that any changes are incorporated hereto, and clarify any doubts regarding its content and application, as well as timely submission to the Legal Superintendency of the prior assessment and registration data for suppliers, in case the Company identifies the contracting of relevant processing, data storage, and cloud computing services.
  • Legal Superintendency: Once the Superintendency of Efficiency and Purchasing is activated, the Legal Superintendency must notify BACEN of the contracting of relevant services of processing, data storage, and cloud computing, observing the deadlines and information requested, under the terms of the regulations in force.
  • Information Security Department (Risk, Compliance, Prevention and Security Board): Evaluate the new demands for hiring and potential suppliers from the point of view of information and cyber security, according to good market practices and internal regulations.
  • Business Continuity and Crisis Management Coordination (Risk, Compliance, Prevention, and Security Board): Evaluate the new demands for hiring and potential suppliers from the point of view of business continuity, according to good market practices and internal regulations. The Business Continuity area must also prepare and keep the Cyber Risk Assessment Procedure for Relevant Suppliers updated, including with regard to the decision criteria for outsourcing services.

VII. Supplementary Documentation

VIII. Concepts and Acronyms

  • Affiliated Companies: companies in which the Company holds 10% (ten percent) or more of their capital, without, however, controlling them, under the terms of article 243, paragraph 1 of the Brazilian Corporation Law.
  • Subsidiaries: companies in which the Company, directly or indirectly, holds partner or shareholder rights that assure it, on a permanent basis, preponderance in the corporate decisions and the power to elect the majority of the managers, under the terms of article 243, paragraph 2 of the Brazilian Corporation Law.
  • Stakeholders: All relevant target audiences with interests pertinent to Cielo, as well as individuals or entities that assume some type of risk, direct or indirect, with respect to the Company. Among others, the following are highlighted: investors, employees, society, clients, suppliers, partners, creditors, governments, regulatory bodies, competitors, press, associations and class entities, users of electronic means of payment, and non-governmental organizations.

IX. General Provisions

Cielo’s Board of Directors is responsible for altering this Policy whenever necessary.

This Policy takes effect on the date of its approval by the Board of Directors and revokes any documents to the contrary.