SOLINOFF CORPORATION S.A.S., identified with NIT 800.134.773-2, in order to guarantee the protection of the rights to privacy, intimacy, good name, image, transparency, and the freedom of personal data of natural or legal persons that are within our databases, for this purpose all actions and Data Processing policies will be governed by the principles of good faith, law, guarantees and procedures provided for in our National Constitution, Law 1581 of 2012, Regulatory Decree 1377 of 2013 and concordant regulations. According to the requirements established in the personal data treatment and protection policy, by registering your personal data, you authorize SOLINOFF CORPORATION S.A.S. for the collection, storage and use of the same for the purpose of carrying out the pertinent procedures according to the type of request. As the owner of the information, you have the right to know, update and rectify your personal data, request proof of the authorization granted for its processing, be informed about the use that has been given to it, revoke the authorization and/or request the deletion of your data in cases where it is appropriate and access them free of charge.

Objective

This policy outlines the general guidelines for the protection and processing of personal data by SOLINOFF CORPORATION S.A.S., in accordance with its commitment to ensure the security and proper use of the information of the Data Subjects.

Scope of the data protection policy

The Personal Data Treatment and Protection Policy presented below applies to all personal data or any information that is stored in the databases of SOLINOFF CORPORATION S.A.S. It will be applied to all Databases and Files that contain personal data and that are subject to processing, considering the company as responsible or in charge of processing personal data. All officers, Contractors, and third parties that have a relationship with SOLINOFF CORPORATION S.A.S. and that process personal data must comply with this policy and the procedures established for the processing of personal data. This manual follows the guidelines established by Law 1581 of 2012 and Decree 1377, with the purpose of establishing the responsibilities of the personnel who handle and process the data of CUSTOMERS, SUPPLIERS, EMPLOYEES, PROSPECTS of these, and THIRD PARTIES.

Use and purpose of the collection and processing of personal data

The personal data and information found in our databases of end customers, suppliers, contractors, and employees will be used for the development of the corporate purpose of SOLINOFF CORPORATION S.A.S., as well as for the development of its legal, administrative, operational, contractual, and mission-related obligations. Therefore, it will safeguard the databases that contain the collected information and will not allow access to unauthorized personnel, except for the constitutional and legal exceptions in force and applicable to the matter. In this sense, it will take all necessary precautions and measures to guarantee the confidentiality of the information, in accordance with the principle of confidentiality set forth in Law 1581 of 2012 and other information in force on the matter. The processing that SOLINOFF CORPORATION S.A.S. will carry out will be to collect, store, process, use, and transmit or transfer (as appropriate) personal data, strictly adhering to the security and confidentiality duties ordered by Law 1581 of 2012 and Decree 1377 of 2013.

Purpose

Vendors, contractors, customers and/or employees and former employees: Conduct data analysis, evaluations, and selection of potential vendors and/or contractors. Communicate our policies and procedures for onboarding vendors. Analyze information on the quality and level of service received from vendors. Ensure compliance with tax, customs, and commercial laws with administrative and judicial entities. Initiate business agreements to acquire goods or services. Control and pay for goods and services received. Monitor, control, and record accounting obligations with vendors. Conduct inquiries, audits, and reviews arising from agreements with vendors and/or contractors. Control and prevent fraud in any of its forms, especially by complying with obligations on the Prevention of Money Laundering and Terrorism Financing, as applied to gambling and gaming companies. Some of these tasks are carried out in compliance with a legal and contractual obligation, and therefore the processing of personal data is understood to be included in them.

Definitions

Data: Any numerical, alphabetical, graphic, photographic, acoustic, or other type of information that is susceptible to processing and that relates to identified or identifiable natural persons (such as name, surname, marital status, sex, age, address, social security number, employee ID number, personal ID, phone number, email, etc.). Databases: An organized set of personal data that is subject to Processing. Data Subject: The natural person whose personal data is subject to Processing. Personal data: Personal data is any information relating to an identified or identifiable living natural person. Data analysis: The comprehensive study of a set of information with the aim of obtaining conclusions that allow a company or entity to make a decision. AUTHORIZATION Without prejudice to the exceptions provided by law, Processing requires the prior and informed authorization of the Data Subject, which must be obtained by any means that can be the subject of subsequent consultation. The authorization for the processing of personal data will be obtained by SOLINOFF CORPORATION S.A.S through one of the following mechanisms: In writing, through forms, electronic tools, personalized attention point, landline phone. Through unequivocal conduct of the Data Subject that allows to reasonably conclude their authorization. For example, and without limitation to these, the purchase or sale of products and/or services, the request for the provision of services, the submission of requests, complaints and/or claims.

Data Controller

SOLINOFF CORPORATION S.A.S will be responsible for the processing of personal data and databases. Head office: KM 3 VIA FUNZA SIBERIA MZ A BG 6 PARQUE IND GALICIA Contact phone number: (601) 4463822 Email: servicioalcliente@solinoff.com

Handling of sensitive personal data

Here is the translation of the text into English: Sensitive data is understood to be any data that affects the Data Subject's privacy or whose misuse may lead to discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or that promotes the interests of any political party or guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data. In this sense, SOLINOFF CORPORATION S.A.S will not collect, use, or process sensitive data unless the Data Subject expressly authorizes such processing, or in cases where the law determines that such authorization is not required.

Rights of data subjects

Sure, here is the translation of the text into English: Data Subjects are the natural persons whose data is processed by SOLINOFF CORPORATION S.A.S. In accordance with the provisions of the applicable data protection regulations, the following are the rights of Data Subjects: To know, update, and rectify their personal data. This right may be exercised, among others, in respect of data that is partial, inaccurate, incomplete, fragmented, misleading, or whose processing is expressly prohibited or has not been authorized. To request proof of the authorization granted, except when expressly excepted as a requirement for processing, in accordance with the provisions of Article 10 of Law 1581 of 2012. To be informed, upon request, of the use that has been made of their personal data. To file complaints with the Superintendency of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other regulations that modify, add to, or supplement it. To revoke authorization and/or request the deletion of data when the processing does not respect constitutional and legal principles, rights, and guarantees. Revocation and/or deletion shall proceed when the Superintendency of Industry and Commerce has determined that the Data Controller or Data Processor has engaged in conduct contrary to this law and the Constitution in the processing. To consult or access free of charge their personal data that has been processed.

Database confidentiality and security

SOLINOFF CORPORATION S.A.S. will implement best practices for the security, discretion, protection, storage, and confidentiality of the Personal Data of the data subjects. It will verify, when appropriate, the origin of the legal exceptions to provide personal data to the authorities and in relevant cases.

Policy effectiveness

This policy is effective from the date of its publication. Any information not covered by this policy will be governed by the General Regime for the Protection of Personal Data in force in Colombia. The update of the Personal Data Protection Policies will depend on the instructions and guidelines of the Executive Directorate of SOLINOFF CORPORATION S.A.S., as well as the regulatory extensions of the supervisory and control entity, the Superintendency of Industry and Commerce. Any additional questions can be written to the email address servicioalcliente@solinoff.com, and messages will be answered as soon as possible.