Notice of Privacy

IF YOU DO NOT AGREE WITH THIS PRIVACY NOTICE, PLEASE AVOID SHARING INFORMATION WITH US OF ANY KIND AND BY ANY MEANS.

This Privacy Notice is applicable to Data Subjects, persons located in the United Mexican States and any foreigner who hires services. We do not accept jurisdiction or legislation other than that applicable in Mexican territory. This Privacy Notice will only be applicable to Data Subjects who provide us with information.

1. Definitions

The terms described below shall have the meaning attributed to them, whether they are used in upper or lower case, in the singular or plural, or in abbreviated form.

“Database”.- The ordered set of personal data referring to an identified or identifiable person.

“Personal Data”.- Any information concerning an identified or identifiable natural person.

“Sensitive Personal Data”.- Those personal data that affect the most intimate sphere of its owner, or whose improper use may give rise to discrimination or entail a serious risk for the owner. In particular, those that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical and moral beliefs, union membership, political opinions, sexual preference are considered sensitive.

“Sensitive Personal Data”.- Those personal data that affect the most intimate sphere of its owner, or whose improper use may give rise to discrimination or entail a serious risk for him/her. In particular, those that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical and moral beliefs, union membership, political opinions, sexual preference are considered sensitive.

“Responsible”.- Private legal entity that decides on the processing of personal data.

“Third Party”.- The natural or legal person, national or foreign, other than the owner or the person responsible for the data.

“Owner”.- The natural person to whom the personal data corresponds. In this case and because the services provided are aimed at minors, the personal data of the minor students who take the services directly are included in the personal data.

2. Datos Personales

Para llevar a cabo las finalidades descritas en el presente Aviso de Privacidad utilizaremos datos personales de identificación y contacto. Adicionalmente, pudiéramos obtener información individualizada de fuentes de terceros que a su vez se obligan de cumplir con la legislación aplicable en materia de privacidad y se agrega a la información de usted que se mantiene en la Base de Datos.

3. Primary Purposes

Informs the Owner that their Personal Data and Sensitive Personal Data will be used for the following essential purposes:

I. Identification and contact of clients;

II. To prepare, organize, coordinate and any activity related to the services requested through official channels by the Client (Owner);

III. To provide the Owner with information on the status of services, as well as any

modification or update;

IV. To link the Owner with any professional or service provider, payment or contracting of any service, as well as the payment of said products or services.

V. To provide the Owner with assistance through the available channels.

VI. Preparation of invoices and/or receipts, returns, refunds;

VII. Preparation of profiles of students and their direct relatives or legal guardians;

VIII. For the application of surveys and evaluations to improve the quality of the products that the Controller offers;

IX. To create, send, manage and analyse monitoring reports for each client and/or holders, related to the provision of services requested by the Holder.

XI. In general, any action to carry out the commercial relationship that the Holder has with the Controller, including, but not limited to, the sending of any promotion or advertising of its own or information that may be of interest to you.

4. Secondary Purposes

We will use the personal data we collect from you for the following purposes, which are not necessary for the requested service, but which allow us to provide you with better service: Use the information of the Holder to inform about our activities, services, products, Programs and/or Promotions, which we consider may be of interest to the Holders. Create and use aggregated information of the Holder that is not individually identifiable to understand more about the common characteristics and interests of the Holders, whether prospects, clients, employees, suppliers, etc.; as well as create statistics, opinions and strategies based on the Holder's disaggregated data to understand market behavior, either through our own studies or those of third parties to whom the Holder's data has been transferred for processing in terms of this Privacy Notice.

Use the Owner's information to execute or enforce any contract with us or any Terms of relationship or link between us, and/or the terms of Use of our Sites, Social Networks or provide access or disclose information that, acting in good faith, we consider necessary to comply with applicable legislation; Transmit Owner's Information to another party that

acquires the business or shares to which the information relates, for which, the new responsible party is obliged to generate a new privacy notice, in terms of applicable legislation; Processing Owner's Information to our collaborators and subcontractors who manage any of our activities on our behalf or as we consider necessary to maintain, provide and improve services and communication. In the event that you do not wish your personal data to be processed for

these purposes, you may express your refusal within the following five days through hola@somostotters.com.

The refusal to use your personal data for these purposes cannot be a reason for us to deny you the services and products you request or contract with us, although in some cases, this refusal will prevent us from being able to provide the services that could be contracted.

5. Sending Advertising

The Controller may, if confirmed by the Owner, send advertising, once their Personal Data has been collected.

It is the Owner's obligation to inform the Controller if they are registered in the Public Registry to Avoid Advertising (REPEP) of the Federal Consumer Protection Agency (PROFECO), to avoid, where appropriate, the sending of advertising or information for marketing or advertising purposes. In the event that the Owner is not registered in the aforementioned registry and states that it is their wish not to receive advertising information via landline, cell phone, email or any other means, they must notify the email address hola@somostotters.com within 8 (eight) business days following the day on which this document has been made available to them, the above without preventing the Owner from activating or disabling the sending of advertising and/or notifications, automatically from their account or from the configuration of their device.

6. Security

We only collect information that we reasonably believe is necessary to serve the legitimate interests of our business and to comply with our legal obligations. We protect the Data Subjects regarding their disclosed information, under the principle of confidentiality, using current industry protection standards and in accordance with the Federal Law on the Protection of Personal Data Held by Private Parties and its Regulations. Regardless of the fact that there is no “guaranteed security” either on the Internet or off it, we make commercially reasonable efforts to ensure that the collection, processing, storage and safeguarding of information that we carry out is done in accordance with all applicable legislation. At the moment, each means of collecting information, including our Sites, Social Networks, emails, among others, use a variety of security measures intended to protect the Information, to prevent unauthorized use by users either inside or outside the company, including the use of encoders and other administrative, technical and physical security measures established in the law on the subject. This is to protect against loss, damage, misuse, interception or sabotage of confidential information, such as confidential numbers, online requests and financial information. Our practices in communication systems, software and physical and electronic databases are designed to help us maintain the authenticity, integrity and confidentiality of such Information. It is important to note that regardless of whether we use all necessary means to maintain the security of information when it is transmitted through third parties (service providers), we do not guarantee the security of the Information in such transmissions, by any means or form.

7. What we will not do with the Information

Sell or rent the Information to other parties, or allow our partners to sell or rent the Information to third parties from current or former companies; act as an evaluation agency for services and activities with the Holders or provide any type of information related to the economic position, purchasing power, personality, reputation, personal characteristics or way of life of the Holder, to any service evaluation agency.

8. Transfers

We inform you that your personal data may be shared within and outside the country with our Partners, Subcontractors and/or Suppliers to maintain, provide and improve the contracted services, as well as for any of the purposes described above, especially with our regional, national or local offices to report, administer or manage the services contracted by the owner and/or the client, as well as the respective collection if necessary. Unless otherwise provided by law or by our contractual obligations, we may disclose personal information if required by law, court order, or by request of a government authority, or in good faith if we consider that the disclosure of such information is necessary or advisable, such as when we have reason to believe that disclosing the information is necessary to identify, contact or take legal action against anyone who causes or intends to cause interference with the ownership of our rights or may injure them, or of the products or our Brands, whether intentionally or otherwise, or when any other person could be harmed by such activities. In the event of a data transfer requiring your express consent, we will obtain it prior to the transfer.

9. Access, Rectification, Cancellation and Opposition

You have the right to know what personal data we have about you, what we use it for and the conditions of use we give it (access). Likewise, you have the right to request the correction of personal information if it is outdated, inaccurate or incomplete (rectification); to have it deleted from our records or databases when you consider that it is not being used in accordance with the principles, duties and obligations provided for in the regulations (cancellation); as well as to oppose the use of your personal data for specific purposes (opposition). These rights are known as “ARCO” rights. The Holder will have the obligation to update his/her Personal Data and Sensitive Personal Data, in order to avoid any conflict in the treatment of the same in the future. To exercise any of the “ARCO” rights, you must submit the request by contacting, through the email: hola@somostotters.com, indicating: (I) the name of the Owner and address or other means to communicate the response to your request, (II) the documents that prove the identity or, where appropriate, the legal representation of the Owner, (III) the clear and precise description of the personal data with respect to which you seek to exercise any of the aforementioned rights, and (IV) any other element or document that facilitates the location of the personal data. We will contact the Owner of the information, within a maximum period of 20 days, counted from the date on which the request for access, rectification, cancellation or opposition was received, to indicate the determination adopted, with respect to your request, in order that, if appropriate, it is made effective within 15 days following the date on which the response is communicated. The aforementioned periods may be extended once for an equal period, provided that the circumstances of the case justify it. However, we will continue to send you emails related to the relationship that is in force between us, until the end of the same. The Data Subjects may exclude themselves from all contact information, including email, direct messaging, facsimile and telephone. We maintain “do not call” and “do not send correspondence” lists. Requests to include your information in said lists are resolved within a maximum period of 20 business days following their receipt. If the request is appropriate, it will be effective within 15 days following the date on which the response is communicated. Both periods are extendable for the same time. Any Data Subject may choose not to receive certain information by contacting us via email. You may revoke the consent that, if applicable, you have given us for the processing of your personal data. However, it is important that you take into account that we will not be able to attend to your request or terminate the use immediately in all cases, since it is possible that due to some legal obligation we require to continue processing your personal data or that simply, your personal data has become public information, due to one of the services provided. Likewise, you must consider that for the main purposes, the revocation of your consent will imply that we cannot continue providing you with the service you requested or the conclusion of your relationship with us, a situation that will be reported within the resolution that we inform you within the previously established deadlines. The Controller may deny access to the "ARCO" rights, in the following cases based on article 34 of the Federal Data Protection Law

Personal Data Held by Private Parties:

I. When the applicant is not the Owner of the personal data or sensitive personal data, or the legal representative is not duly accredited to do so;

II. When the applicant's personal data are not in its database;

III. When the rights of a third party are violated;

IV. When there is a legal impediment, or a resolution from a competent authority that restricts Access to Personal Data or does not allow Rectification, Cancellation, or Opposition of the same;

V. When the Rectification, Cancellation, or Opposition has been previously carried out. In accordance with article 26 of the Federal Law on the Protection of Personal Data Held by Private Parties, the Controller will limit the use of Personal Data and Sensitive Personal Data at the written request of the Owner, and will not be obliged to cancel said data when:

VI. They refer to the parties of a private, social or administrative contract and are necessary for its development and fulfillment;

VII. They must be treated by legal provision;

VIII. They hinder judicial or administrative actions linked to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions;

IX. They are necessary to protect the legally protected interests of the holder;

X. They are necessary to carry out an action based on the public interest;

XI. They are necessary to comply with an obligation legally acquired by the holder.

[...]

Con objeto de que usted pueda limitar el uso y divulgación de su información personal, le ofrecemos el siguiente medio: Su inscripción en el Registro Público para Evitar Publicidad que está a cargo de la Procuraduría Federal del Consumidor, con la finalidad de que sus datos personales no sean utilizados para recibir publicidad o promociones de empresas de bienes o servicios. Para mayor información sobre éste registro, usted puede consultar el portal de internet de la PROFECO o bien ponerse en contacto con ésta.

10. Availability of Privacy Notice and Modifications

The Privacy Notice that is in effect at the time the information is shared will apply to such sharing. However, we may change or terminate the validity of this Privacy Notice, in which case we will let you know by: (I) on our Websites or (II) by sending you an email and providing you with the opportunity to opt out of any use, or anticipated use, of the information provided for in the new Privacy Notice. Please review our Privacy Notice each time you share information or more frequently if you are concerned about the use to which your Information will be put.

11. Confidentiality of Information

When Personal Information is requested, you will only share the information with us, unless otherwise indicated. If any Data Subject's Personal Information is shared with business partners or sponsors, the Data Subject will be notified before such information is collected or transferred. If the Holder does not wish for such information to be shared, he/she may refrain from requesting a specific service.

12. Contact Information

For any matter related to this Privacy Notice and in relation to your personal data, you may contact us at the email address hola@somostotters.com. In case of any concern regarding the processing of personal data, you may contact the National Institute for Access to Information (INAI) at www.inai.org.mx

NOTE: Distribution or reproduction of this document and/or the information it contains is prohibited. All rights reserved.

Date of preparation JUNE 2024.

Data of the accepting party who holds the rights:

Full name: ________________________________________

Address: ________________________________________

Date of acceptance: ________________________________________