At LinkTIC S.A.S. (“LinkTIC”), we value the protection of your personal data. Therefore, we make this Policy available to you so that you may clearly understand how, when, and for what purposes your personal data is collected, stored, used, and processed, as well as the mechanisms and procedures through which you may exercise your rights as a data subject.

1. INTRODUCTION

LinkTIC is a company with over 19 years of experience in the development of high-quality and profitable technological and innovative projects. Its solutions are designed to meet both client needs and the objectives of their brands, products, and services, with a continuous focus on reducing the digital divide. LinkTIC specializes in the commercialization and management of technology projects within the ICT framework, with emphasis on software development, information process consulting, and digital marketing.

2. PURPOSE

The purpose of this Policy is to establish and ensure the adoption of guidelines and procedures for the collection, storage, use, processing, circulation, and deletion of personal data provided by clients, users, suppliers, contractors, employees, and/or the general public, which is processed by LinkTIC in connection with commercial, contractual, labor, or other types of relationships. This Policy is issued in accordance with Ley 1581 of 2012, Decreto 1377 of 2013 and 886 of 2014, and any regulations that amend, supplement, or regulate them, as well as in accordance with the company’s corporate governance practices.

3. SCOPE

This Personal Data Processing and Protection Policy applies to all databases and/or physical or digital files and any other media containing personal data that is subject to processing by LinkTIC, acting as the Data Controller of personal data provided by or collected from employees, contractors, current, past, and prospective clients, suppliers, business partners, and any other stakeholders (hereinafter, the “Data Subjects”).

This Policy sets forth the scope, definitions, data controller, purposes, measures, and procedures applicable to LinkTIC’s databases, as well as the mechanisms available to Data Subjects to access, update, rectify, delete their personal data, or revoke authorization for its processing, in accordance with applicable law.

Authorization from the Data Subject shall be deemed granted upon acceptance of this Policy and through contracts, forms, terms and conditions, or other legal documents executed with LinkTIC, without prejudice to cases where such authorization is not required by law.

4. PRINCIPLES GOVERNING THE PROCESSING OF PERSONAL DATA

All activities related to the processing of personal data carried out by LinkTIC shall comply with the principles established by applicable law and the jurisprudence of the Colombian Constitutional Court. These principles shall be applied comprehensively and are summarized as follows:

a) Purpose Limitation Principle: The processing of personal data must serve a legitimate purpose in accordance with the Constitution and the law. Such purpose must be previously, clearly, and sufficiently communicated to the Data Subject. Personal data may not be collected without a specific purpose.

b) Necessity and Proportionality Principle: Personal data collected must be strictly necessary to fulfill the purposes of the processing. Accordingly, such data must be adequate, relevant, and aligned with the purposes for which it was collected.

c) Storage Limitation Principle: Personal data shall be retained only for the time necessary to fulfill the purposes for which it was collected.

d) Consent Principle: Except where otherwise provided by law, personal data processing may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without such authorization, unless required by law or judicial order.

e) Data Quality and Accuracy Principle: Data subject to processing must be accurate, complete, up-to-date, verifiable, and understandable. The processing of partial, incomplete, or misleading data is prohibited. Reasonable measures shall be adopted to ensure data accuracy and, where appropriate, to update, rectify, or delete such data.

f) Transparency Principle: The Data Subject has the right to obtain from LinkTIC, at any time and without restriction, information regarding the existence of personal data concerning them.

g) Restricted Access and Circulation Principle: Except for public information, personal data may only be disclosed where access is technically and administratively controlled, limiting knowledge of such data to authorized persons.

h) Security Principle: Appropriate technical, administrative, and organizational measures shall be implemented to protect personal data against unauthorized access, loss, alteration, or misuse.

i) Confidentiality Principle: All persons involved in the processing of non-public personal data are obligated to maintain confidentiality, even after the termination of their relationship with LinkTIC.

5. OBLIGATION TO COMPLY WITH THE POLICY

Compliance with this Policy is mandatory for LinkTIC S.A.S.

6. DEFINITIONS

For purposes of this Policy, the following terms shall have the meanings set forth below:
a) Authorization: Prior, express, and informed consent granted by the Data Subject for the processing of personal data.

b) Authorized Party: LinkTIC and any data processors acting on its behalf, authorized to process personal data in accordance with this Policy.

c) Delegated Data Protection Function: The Legal Department of LinkTIC is the unit responsible for handling PQRS (petitions, complaints, claims, and requests), as well as for overseeing and ensuring compliance with the Personal Data Protection Policy. It is also responsible for addressing petitions, complaints, claims, and inquiries submitted by data subjects through the email address [email protected].

d) Database: An organized set of personal data subject to processing.

e) Personal Data: Any information relating to an identified or identifiable natural person.

f) Private Data: Personal data that, due to its nature, is of an intimate or reserved character.

g) Semi-Private Data: Data that is not intimate, but whose disclosure may be of interest to a specific group or the general public (e.g., financial or commercial data).

h) Sensitive Data: Data that may affect a person’s privacy or lead to discrimination (e.g., health data, biometric data, political views).

i) Public Data: Data classified as public by law or not considered private or sensitive.

j) Data Processor: A natural or legal person that processes personal data on behalf of the Data Controller.

k) Data Controller: LinkTIC, acting independently or jointly with others, determines the purposes and means of the database and/or the processing of personal data.

l) Data Subject: A natural person whose personal data is subject to Processing.

m) Processing: Any operation or set of operations performed upon personal data, such as collection, storage, use, circulation, transfer, transmission, updating, or deletion of Personal Data, among others.

n) Transmission: The processing of personal data involving the communication of such data, within or outside the territory of the Republic of Colombia, where such communication is intended for the Data Processor to carry out processing on behalf of the Data Controller.

o) Transfer: The processing of personal data that occurs when the Data Controller and/or Data Processor discloses or sends personal data to a third-party recipient, who assumes the role of Data Controller, and who may be located within or outside the territory of the Republic of Colombia.

p) Privacy Notice: A written communication issued by the Data Controller, addressed to the Data Subject for the processing of their personal data, informing them of the existence of the applicable data processing policies, how to access them, and the purposes for which the personal data will be processed.

*These definitions correspond to those established under Ley 1581 of 2012.

7. CONTACT INFORMATION OF THE DATA CONTROLLER AND/OR DATA PROCESSOR

The Data Controller of personal data and related information of the Data Subjects covered by this Policy is LinkTIC, identified with ID No. 900.037.743-9, domiciled at Carrera 53 #100–25, Floor 3, Bogotá D.C., Colombia. Telephone: +57 (601) 7702692. Email: [email protected].

8. PURPOSES AND COMPREHENSIVE PROCESSING OF PERSONAL DATA

The personal data included in the Databases and processed by LinkTIC originates from information collected during its corporate activities and pursuant to commercial, contractual, employment, or any other type of relationship with users, clients, suppliers, contractors, employees, and/or the public. Accordingly, LinkTIC manages various Databases classified according to their nature, origin, structure, composition, storage medium, and processing purposes.

The information provided by the Data Subject shall only be used for the purposes set forth in this Policy. Once the need for processing the Personal Data ceases, such data may be deleted from LinkTIC’s Databases or securely archived, such that it may only be disclosed when required by law.

LinkTIC shall process databases by collecting, compiling, storing, processing, using, managing, and transmitting or transferring (as applicable) personal data, in strict compliance with the duties of security and confidentiality required by applicable law.

All processing shall be preceded by the Data Subject’s authorization, whereby the Data Subject voluntarily, prior to, expressly, and in an informed manner authorizes the processing of their personal data and/or sensitive data in accordance with Law 1581 of 2012 and its regulatory decrees (including Decree 1074 of 2015), as well as any regulations that amend or supplement them, and this Policy. Where applicable, LinkTIC shall also comply with foreign regulations, such as the General Data Protection Regulation (GDPR) of the European Union, and any other applicable legal frameworks, clearly defining roles and responsibilities and implementing appropriate safeguards such as contractual agreements, standard contractual clauses, certification mechanisms, or other legally recognized instruments.

Data Processors and authorized third parties shall process personal data exclusively to fulfill the following purposes:

A. CLIENT DATA

Databases containing information on legal entities and/or individuals who have acquired or are interested in acquiring LinkTIC products or services:

1. Fulfillment of LinkTIC’s corporate purpose.
2. Execution and performance of contractual relationships.
3. Compliance with legal, accounting, commercial, and regulatory obligations.
4. Conducting statistical, commercial, financial, and technical analyses.
5. Providing information regarding services and monitoring their delivery.
6. Confirming data necessary for product delivery and service provision.
7. Handling petitions, complaints, claims, and requests (PQRS).
8. Ensuring security through verification against databases (e.g., law enforcement, Interpol, FBI, sanctions list, credit bureaus, and social media).
9. Conducting due diligence and risk analysis, including reputational risk assessments.
10. Providing products and services and receiving feedback.
11. Confirming purchases made via web or non-traditional channels.
12. Evaluating service quality.
13. Conducting satisfaction surveys.
14. Performing market research and consumer behavior analysis.
15. Conducting geolocation and statistical studies.
16. Identity and background verification (criminal, financial, credit).
17. Transferring or sharing data with partners and third parties.
18. Internal and external audits.
19. Sharing data with commercial partners for marketing purposes.
20. Data transfers in corporate transactions (mergers, acquisitions, etc.).
21. Credit and risk assessments.
22. Billing and collection management.
23. Data verification through public or credit databases.
24. Reporting obligations to credit bureaus.
25. Loyalty programs.
26. Sending information about services, events, and activities.
27. Marketing and promotional campaigns.
28. Commercial agreements and institutional programs.

B. EMPLOYEE, FORMER EMPLOYEE, CONTRACTOR, RETIREE, AND APPLICANT DATA

Databases containing information on employees, former employees, contractors, retirees, individuals who have terminated their relationship with the Company, and candidate profiles for objective selection processes (bidding procedures and calls for applications), or any type of contracting.

This database includes information on employees, contractors, and applicants whose résumés are submitted in objective selection processes and/or calls for applications before public entities, private companies, international organizations, or multilateral banks, including:

1. Personal data such as: full name, nationality, marital status, domicile, type and identification number, professional license, military service record (if applicable), fingerprint, handwriting, date and place of birth, mailing address, contact phone number, email address, employment history, clinical or health records, academic and financial background, work experience, professional experience and/or trades, references, information regarding potential disqualifications, incompatibilities, and/or conflicts of interest in the public sector, commercial background or financial information, judicial and disciplinary records, family relationships with other companies or public entities, recent photographs, surveillance camera images, occupational medical records; as well as name, identification number, phone number, gender, date and place of birth, workplace, position or profession of the spouse or permanent partner of employees and contractors, and of their relatives up to the fourth degree of consanguinity, second degree of affinity, and/or first civil degree, and any other data necessary to fulfill the purposes described herein.
2. To preserve LinkTIC’s security and to analyze and verify the information of employees, collaborators, contractors, and candidates participating in selection processes.
3. To retain and manage information related to the employment or contractual relationship with the Data Subjects.
4. To comply with legal, accounting, commercial, and regulatory obligations.
5. To control and preserve the security of persons, assets, and information of LinkTIC.
6. To fulfill the purpose of the employment, civil, or contractual relationship established with the Data Subjects.
7. To protect the health of LinkTIC employees and contractors.
8. To prevent and verify the alleged commission of crimes and/or infractions by employees, contractors, and applicants, including consultation of various databases and sources such as National Police databases, Comptroller’s Office, Interpol, FBI, SDNT List (Clinton List), SARLAFT, and relevant social media platforms, as available.
9. To prevent and mitigate potential reputational risks that may affect LinkTIC, through due diligence and verification processes using databases and sources such as those mentioned above.
10. Personnel selection, contract administration, management of labor relations, and compliance with related obligations, including the granting of employee benefits directly or through third parties, as well as enabling employee access to the Company’s IT resources.
11. Selection of profiles for bids and procurement processes in which LinkTIC participates.
12. Maintaining records of disciplinary sanctions, fines, and/or monetary penalties imposed on employees and contractors.
13. Conducting statistical, commercial, financial, social, and technical analyses.
14. Verification of identity and criminal, disciplinary, financial, and credit background of Data Subjects.
    Additionally, personal data may be transferred or disclosed to third parties responsible for administering the social security system in Colombia, as well as insurance companies.
15. To transfer, transmit, and provide personal data to third parties in cases of employer substitution or assignment of contractual position by LinkTIC.
16. To transfer, transmit, and provide personal data to third parties for the purpose of providing employment and/or professional references regarding the Data Subjects.
17. Administration of the existing employment relationship.
18. Issuance and delivery of payroll statements, reports, and certifications.
19. Provision of information regarding benefits derived from the employment relationship, whether granted by LinkTIC or by third parties with whom it has agreements.
20. Consultation of public databases for background verification.
21. Monitoring of employee attendance and working hours.
22. Processing of payments, contributions, and reporting to social security entities, pension and severance funds, insurance companies, and family compensation funds.
23. Conducting disciplinary proceedings, warnings, and termination of employment relationships.
24. Sending information regarding job openings and recruitment processes.
25. Conducting interviews, surveys, psychometric testing, medical evaluations, and other assessments required for employment validation purposes.
26. Monitoring attendance at events, meetings, and training sessions.
27. Sending information through various channels regarding events, activities, products, services, and, in general, information related to the Company’s business activities.
28. Evaluating the quality of products and services.
29. Any other purposes not expressly listed above that are necessary and arise from the existence of an employment relationship, including after its termination.

C. SUPPLIERS AND BUSINESS PARTNERS DATA

1. Databases containing information of suppliers and business partners providing any type of goods and services to LinkTIC:
2. Preparation of contracts, purchase orders or service orders, reports, invoices, and other documentation related to the commercial relationship between the parties.
3. Data verification through consultation of public databases, restricted lists, or credit bureaus.
4. Management of advances, invoices, and billing accounts.
5. Sending information through various means regarding events, activities, products, services, and, in general, information related to the Company’s business activities.
6. Conducting advertising and marketing campaigns to offer discounts or promotions on products or services, whether offered directly by the Company or by third parties with whom the Company has entered into agreements.
7. Entering into commercial agreements, events, or institutional programs, either directly or in partnership with third parties.
8. Sending information regarding benefits, events, new products and services, procedures, calls for proposals, invitations to bid, and, in general, information related to the Company’s activities.
9. Conducting satisfaction surveys, market research, and studies related to the contractual relationship.
10. Use of certifications or similar documents in procurement processes and/or public, private, or multilateral bidding procedures.
11. When LinkTIC carries out commercial or advertising communications through phone calls, text messages, messaging applications, emails, or other means, it shall do so in accordance with the schedules and conditions set forth under Law 2300 of 2023. LinkTIC provides simple and free mechanisms for the Data Subject to request the cessation of such communications, without affecting the provision of services when such communications are not strictly necessary for the contractual and/or commercial relationship.
12. Any other purposes not expressly listed above that are necessary for the exercise of all rights and obligations established in the respective contracts entered into with suppliers.

D. CORPORATE RELATIONS DATA

Databases containing information on stakeholders such as members of the board of directors, employees’ family members, visitors, guests, and participants in innovation activities, among others:

1. Identification and due diligence of third parties with whom the Company maintains relationships and conducts transactions, in order to comply with regulations on the prevention of money laundering and terrorist financing (AML/CFT).
2. Administration of the contractual, legal, or commercial relationship between LinkTIC and the Data Subject.
3. Compliance with legal reporting obligations to administrative entities and competent authorities, as required.
4. Sharing information with third parties that support the Company’s operations and, for the performance of their functions, require access to such information, including courier service providers, advertising agencies, contact centers, security and surveillance companies, software service providers, among others. Such third parties are contractually bound to maintain the confidentiality of the information to which they have access.
5. Supporting the Company’s internal and external audit processes.
6. Monitoring visits to the Company’s facilities.
7. Verification of information through public databases for security validation purposes.
8. Conducting surveys and market research.
9. Sending information through various channels regarding events, activities, products, services, and, in general, information related to the Company’s business activities.
10. Conducting advertising and marketing campaigns to offer discounts or promotions on products or services, whether offered directly by the Company or by third parties with whom it has entered into agreements.
11. Entering into commercial agreements, events, or institutional programs, either directly or in partnership with third parties.

F. SENSITIVE PERSONAL DATA

In light of the nature of LinkTIC’s business activities and the purposes set forth in this Policy, the processing of sensitive personal data may exceptionally be required. Such processing shall be carried out only when strictly necessary, under the conditions, safeguards, and limitations established by applicable law, and in accordance with the principles of legality, purpose limitation, necessity, proportionality, security, and confidentiality, as set forth below:

1. Sensitive health-related information. LinkTIC shall collect and process health-related data of its employees and contractors. Such data is considered sensitive; therefore, in accordance with applicable law, Data Subjects are informed that they are not obligated to provide such data or to authorize its processing. Once such data is provided and the corresponding consent is granted, it shall be collected and processed solely for the purpose of preserving and ensuring the well-being of the Data Subjects.
2. Biometric Data, Photographic Records, and Image Capture through Surveillance Systems. LinkTIC shall collect biometric data, photographic records, and images captured through surveillance systems from its employees, contractors, and collaborators, including, but not limited to, fingerprints and images. Such data is considered sensitive, and Data Subjects are not obligated to provide it. LinkTIC shall ensure that the processing of such data is carried out in accordance with applicable law and under strict security measures.
3. Data related to minors. LinkTIC shall only use, store, and process personal data of minors who are children, dependents, or under the care of LinkTIC’s employees or contractors, and only where such data is of a public nature. The purpose of such processing shall be strictly limited to planning and carrying out activities related to the personal and family well-being of employees and minors. For these purposes, the Company shall ensure respect for and the primacy of minors’ rights, their best interests, and their fundamental rights. Photographs, videos, or similar materials of minors may only be used with the prior written and express authorization of their legal representatives.

H. PERSONAL DATA STORED IN LINKTIC REPOSITORIES AND DATABASES

LinkTIC shall only use, process, and circulate personal data and other information of the Data Subjects for the purposes described herein and for the processing activities authorized under this Policy or applicable law. Additionally, the Data Subject expressly authorizes LinkTIC to collect, use, and circulate their personal data and other information for the following purposes and under the following circumstances:

1. To establish communication between LinkTIC and the Data Subjects for any purpose related to the objectives set forth in this Policy, whether through phone calls, text messages, emails, and/or physical communications.
2. To audit, review, and analyze information contained in the Databases in order to design and implement administrative, labor, security, and financial strategies related to LinkTIC personnel.
3. To provide personal data and information of Data Subjects to business partners or other entities or individuals engaged by LinkTIC to process such information and fulfill the purposes described in this Policy and the objectives of the employment or civil relationship with the Data Subjects.
4. To preserve LinkTIC’s security by analyzing and verifying information related to employees, collaborators, and individuals participating in selection processes.
5. To transfer, transmit, and provide, whether on a gratuitous or remunerated basis, personal data and information of Data Subjects to domestic and/or international business partners so that they may contact Data Subjects to offer products, information, or services that LinkTIC considers may be of interest to them.
6. To transfer, transmit, and provide personal data and information of Data Subjects to third parties in cases where LinkTIC participates in merger, integration, spin-off, and/or liquidation processes.
7. To verify conflicts of interest or potential irregularities involving new contractors and/or employees of LinkTIC.
8. To conduct financial, legal, commercial, and security risk assessments.
9. To access, store, and use financial information obtained from third-party database administrators, subject to prior authorization from the Data Subject.
10. To combine personal data with information obtained from other partners or companies, or to share such data with them, for the purpose of implementing joint commercial strategies.
11. To disclose information when required to comply with laws, regulations, or legal processes; to enforce terms and conditions; to prevent or address fraud or security incidents affecting LinkTIC or third parties; to resolve technical issues; or to protect the rights of others.
12. To audit, review, and analyze database information in order to design commercial strategies and improve LinkTIC’s products and services.
13. To audit, review, analyze, and use database information to design, implement, and develop programs, projects, and events.
14. To audit, review, analyze, and use database information for the dissemination of policies, projects, programs, results, and organizational changes.
15. To transfer, transmit, and provide personal data and information of Data Subjects to domestic and/or international strategic partners so that they may contact Data Subjects to offer goods and services of interest, receive offers from Data Subjects, invite participation in programs, projects, and events, and communicate policies, programs, results, and organizational changes.
16. To assign or transfer personal data to domestic and/or international third parties in cases such as employer substitution and/or outsourcing of Company activities, in all cases in compliance with this Policy and applicable law.
17. To manage website navigation information in order to maintain access, remember preferences, and provide relevant content, including through the use of cookies.
18. Any other purposes necessary to fulfill the objectives described in this Data Processing Policy.

Based on the purposes set forth above, the comprehensive processing of such data shall be carried out as follows:

A. Authorization for the Collection and Processing of Personal Data and Other Information.

By voluntarily providing their personal data, in whole or in part, whether in the manner indicated above and/or through express authorization given verbally or in writing, the Data Subject expressly and unequivocally authorizes LinkTIC to collect, store, process, and use such personal data and any other information provided, as well as to carry out the processing of such data in accordance with this Policy and applicable law.

B. Request for Authorization for New Uses. LinkTIC may request authorization from Data Subjects for the use or circulation of their data or information for purposes other than those set forth in this Privacy Policy and in the Terms and Conditions. For such purposes, LinkTIC shall publish any changes to this Data Processing Policy on its website at www.linktic.com or through any other means it deems appropriate.

C. Storage of Personal Data.

The Data Subject expressly authorizes LinkTIC to store their personal data in the manner it deems most appropriate, provided that it complies with the security measures required to protect such data.

D. Personal Data Provided and Means of Collection.

LinkTIC may expressly request information from Data Subjects in order to collect, store, compile, analyze, and retain the data necessary to fulfill the purposes of the databases described above.

Likewise, Data Subjects may provide authorization for data processing not only in writing but also orally or through unequivocal conduct that reasonably allows the Data Controller to conclude that authorization has been granted. In all cases, evidence or proof of such authorization must be retained.

E. Security Measures for the Protection of Personal Data and Other Information.

The security measures implemented by LinkTIC are intended to protect Data Subjects’ information in order to prevent its alteration, loss, unauthorized use, or access. To this end, LinkTIC diligently implements human, administrative, and technical safeguards that are reasonably available to it. The Data Subject expressly accepts these protection measures and acknowledges that they are adequate and sufficient for all purposes.

9. DATA SUBJECT RIGHTS

In accordance with applicable law, Data Subjects have the right to access, update, and rectify their personal data, and/or revoke authorization for its processing. In particular, Data Subjects are entitled to the following rights as set forth in Article 8 of Law 1581 of 2012:

1. To access, update, and rectify their personal data. This right may be exercised with respect to partial, inaccurate, incomplete, fragmented data, data that may lead to error, or data whose processing is prohibited.
2. To request proof of the authorization granted for the processing of their personal data.
3. To be informed, upon request, regarding the use that has been made of their personal data.
4. To file complaints before the Superintendence of Industry and Commerce (Superintendencia de Industria y Comercio) or the authority acting in its place, for violations of applicable law.
5. To revoke authorization and/or request the deletion of their personal data at any time, or when the processing does not comply with constitutional and legal principles, rights, and guarantees. Such request shall proceed when the competent authority has determined that the Company has engaged in improper data processing and/or has acted in violation of applicable law. The request for deletion and revocation shall not proceed where the Data Subject has a legal or contractual obligation to remain in the Data Controller’s or Data Processor’s database.
6. To access their personal data that has been subject to processing, free of charge.
7. To be informed of the Company’s data processing policy and, through its website, the purposes for which their personal data will be used.
8. To identify the person within LinkTIC responsible for handling and responding to their requests.

10. CASES WHERE DATA SUBJECT AUTHORIZATION IS NOT REQUIRED

In the following cases, it is not necessary to obtain the Data Subject’s express authorization; however, all other legal obligations set forth by law must still be fulfilled:

1. When the information is required by a public or administrative entity in the exercise of its legal functions or by court order.
2. When processing data of a public nature.
3. In cases of medical or health emergencies.
4. For the processing of information authorized by law for historical, statistical, or scientific purposes.
5. When dealing with data related to civil registry records.

11. PROCEDURE FOR EXERCISING HABEAS DATA RIGHTS

Data Subjects may, at any time, exercise their rights to access, update, rectify, and delete their personal data, as well as revoke the authorization granted to LinkTIC, and exercise any other rights related to the protection of their personal data (habeas data), through the following email address: [email protected]. For such purposes, the following rules shall apply:

Requests and inquiries regarding personal data: When Data Subjects or their successors wish to consult information subject to processing by LinkTIC, they may submit any inquiries they deem appropriate. LinkTIC shall respond within a maximum period of ten (10) business days. In accordance with Law 1581 of 2012, if it is not possible to respond within this timeframe, the Data Subject shall be informed of the reasons for the delay and the date on which the inquiry will be addressed, which shall not exceed five (5) additional business days following the expiration of the initial term.

Revocation of authorization, withdrawal, deletion from databases, and claims regarding personal data: When Data Subjects or their successors consider that the information contained in databases should be corrected, updated, or deleted, or when they identify a potential breach of any obligations set forth in Law 1581 of 2012, they may file a claim before LinkTIC.

The procedure for submitting such requests is as follows:

1. Requests must be sent to the email address: [email protected].
2. Data Subjects must submit their request with full identification and provide a clear description of the inquiry or claim.
3. Where supporting documents or additional information are required, the Data Subject must provide them along with the request. If not provided, LinkTIC shall request clarification or supporting documentation within five (5) days following receipt of the request.
4. If no response is received within two (2) months following the submission of the request, LinkTIC shall consider the request withdrawn.
5. Upon receipt of the request, LinkTIC shall process it internally and respond within the legal timeframes, namely: in the case of inquiries, within ten (10) business days, extendable by up to five (5) additional days if necessary, upon prior notice to the requester.
6. In the case of claims, LinkTIC shall process and respond within fifteen (15) days following submission, extendable by up to eight (8) additional days upon prior notice to the Data Subject.
7. Data Subjects may, at any time, request the deletion of their personal data and/or revoke the authorization granted for its processing by submitting a claim, in accordance with Article 15 of Law 1581 of 2012.
8. Requests for deletion and revocation shall not proceed when the Data Subject has a legal or contractual obligation to remain in the database. It should be noted that consent revocation may occur in two forms: (i) total revocation, affecting all authorized purposes, or (ii) partial revocation, affecting specific types of processing.

12. RETENTION PERIOD AND DATA STORAGE

Personal data incorporated into the Databases shall remain in force for the period necessary to fulfill the purposes for which it was collected; that is, for as long as the information is maintained and used for the purposes described in this Policy. Notwithstanding the foregoing, such data may be retained for a longer period when required to comply with legal or contractual obligations. Once the purposes have been fulfilled, and provided there is no legal or contractual duty to retain the information, the data shall be deleted from our databases.

13. TRANSFERS AND TRANSMISSIONS

LinkTIC shall use personal data solely in accordance with the authorization granted and may transmit such data to third parties for the purposes described herein, as well as to competent judicial and administrative authorities when required. For such purposes, LinkTIC shall enter into the appropriate data transfer or data transmission agreements, ensuring compliance with the obligations set forth in Decree 1074 of 2015 and implementing appropriate security measures in accordance with applicable law.

LinkTIC may transfer personal data to third-party controllers located abroad exclusively for processing or storage purposes. The authorization granted by the Data Subject shall constitute express, unequivocal, and informed consent for the international transfer of personal data for the purposes described herein.

14. USE OF COOKIES

LinkTIC may use cookies or similar technologies for the collection of personal data. These tools may be used to:

1. Improve the provision of services and optimize user experience.
2. Generate statistical information and usage analytics.
3. Personalize content and services offered to users based on their browsing behavior.

Cookies are files stored on a user’s device during internet browsing that contain a unique identifier allowing recognition of the device, even if its location or IP address changes.
Such cookies may be installed directly by LinkTIC’s websites or by third parties associated with them, and they allow the collection of information regarding user activity, including: access location, connection time, type of device (desktop or mobile), operating system and browser used, most visited pages, number of clicks, and browsing behavior patterns.
Access to LinkTIC’s websites does not require cookies to be enabled; however, disabling them may affect the proper functioning of certain features and services.
Additionally, LinkTIC collaborates with Microsoft Clarity and Microsoft Advertising to analyze how users interact with its website through behavioral metrics, heatmaps, and session replay. This enables the improvement and promotion of products and services, optimization of the website, fraud prevention, and security assurance. Data is collected through first-party and third-party cookies and other tracking technologies. For more information on how Microsoft uses data, please refer to its Privacy Statement available at: https://www.microsoft.com/es-mx/privacy/privacystatement.
Likewise, LinkTIC uses Google Analytics to analyze website usage. This tool collects data anonymously to improve the platform and does not allow for the personal identification of users. Tracking may be disabled through the Google Analytics opt-out browser add-on available on Google’s official website.

15. CHANGES TO THE PERSONAL DATA PROCESSING AND PROTECTION POLICY
LinkTIC reserves the right to modify this Policy at any time; however, any changes shall be duly notified and published in a timely manner through its website at https://linktic.com/, where the date of such modification shall also be indicated. This Policy was last updated on December 26, 2025.

16. LINKS TO OTHER WEBSITES

The website https://linktic.com/, among others, may contain links to third-party websites. If you choose to access any of these sites, you should be aware that each of them has its own privacy policy. Accordingly, we assume no responsibility for the information or personal data that you provide outside of our website.

17. APPLICABLE LAW
The applicable national legislation on personal data protection is set forth in Law 1581 of 2012, Law 1266 of 2008, Decree 1377 of 2013, and any other regulations that amend, supplement, or replace them.

18. EFFECTIVE DATE OF THE PERSONAL DATA PROCESSING POLICY

This Policy shall enter into force upon its update and publication through the Company’s communication channels.

LINKTIC S.A.S.

19. CHANGE CONTROL