1. PURPOSE

To establish and communicate a clear and transparent framework of the general conditions of the processing of personal data collected on the occasion of our working relationships and commercial ties with VOCE GROUP S.A.S.


2. SCOPE

It covers all activities of collection, storage, use, circulation and deletion of personal data carried out by VOCE GROUP S.A.S. in the context of business relationships, interactions with customers or users, marketing campaigns, internal processes, communications, physical and digital channels.

GLOSSARY

Processing of personal data: Operations performed on personal data such as collection, storage, use, circulation or deletion.

Data subject: Natural person whose personal data are subject to processing.

Habeas Data: Constitutional right of all persons to know, update and rectify the information collected about them in databases.

Sensitive data: Information that affects the owner’s privacy or whose improper use may lead to discrimination.

Revocation: Action to cancel the authorization previously granted for the processing of personal data.

Suppression: Elimination of personal data from the company’s databases.

Information security: Technical, administrative and human measures to protect personal data.

4. DATA PROCESSING POLICY

This policy is issued in order to ensure users, customers and potential customers of VOCE GROUP S.A.S. give a proper and correct treatment of personal data of those, collected on the occasion of our relationships and business relationships, and telemarketing or marketing efforts. In this way we comply with the provisions of Law 1266 of 2008, Law 1581 of 2012, regulated by Decree 1377 of 2013 and other rules that modify or add to the regime of protection of personal data.

INFORMATION OF THE PERSON RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA.

Company Name: VOCE GROUP S.A.S:
Address: Carrera 48 #19 south -100 Chelsea Building Office 707
Telephone: 6041491
Email: [email protected]

TREATMENT OF PERSONAL DATA. In exercise of its corporate purpose, VOCE GROUP S.A.S, performs the processing of personal data of its employees, suppliers, customers and users. Also, in compliance with applicable law, VOCE GROUP S.A.S., may require, transmit or transfer such data to the indicated platforms and / or security systems implemented by it.

Personal data are collected, stored, organized, used, circulated, transmitted, transferred, updated, rectified, deleted, eliminated and managed by VOCE GROUP S.A.S., according to the purpose of each type of treatment, as indicated in paragraph 5 of this Policy.

Except in cases expressly provided for by law, no personal data may be collected without the authorization of the owner.

**I have voluntarily provided the requested data. I accept the terms and conditions of the loyalty program and I expressly and voluntarily authorize through it to “treat, circulate, dispose and transfer” personal data for commercial purposes partially or totally to its subsidiaries, related companies, affiliated companies and/or entities, related and strategic allies for administrative, commercial and marketing and sales purposes, protecting the data provided by its customers under the provisions of the regulatory regulations of the right of HABEAS DATA. I know and accept that the information I have provided to one of the companies may be used by the others. This information will be stored in our database for 50 years. You may submit any request, complaint, claim or suggestion through: [email protected]

5. PURPOSE OF THE PROCESSING OF PERSONAL DATA. The purpose of the processing of personal data carried out by VOCE GROUP S.A.S., is aimed at the following:

– Inform customers about the services provided.
– Execute contracts of any nature.
– Customer service and marketing.
– Send information related to legal and regulatory developments, which are of interest to customers.
– Send information related to contractual relationships.
– Record customer information.
– Record information from suppliers and contractors.
– Record contractor employee information.
– Record contractual statistics and statistics of services offered or rendered.
– Communication, consolidation, organization, updating, control, accreditation, assurance, statistics, reporting, maintenance, interaction, and management of the actions, information and activities in which suppliers and contractors are related or linked to VOCE GROUP S.A.S.
– To comply with the obligations arising from labor relations, carry out procedures before authorities, the Social Security System, the National Tax and Customs Directorate (DIAN), or any other activity derived from the applicable legislation.
– To meet the requirements of the administrative and human resources area of VOCE GROUP S.A.S., such as full identification of the employee; filing and management of their contact information; filing and management of professional and academic information, among others.
– In case of emergencies at VOCE GROUP S.A.S. facilities, family members will be notified and emergency hotlines will be called.
– Communicate records, trainings, authorizations, activities or actions, in which employees and their relatives are related to VOCE GROUP S.A.S,
– To advance personnel and officer selection processes, in accordance with VOCE GROUP S.A.S. selection policies.
– Communication, registration, filing, organization, processing and management of actions, strategies and activities in which the shareholders of VOCE GROUP S.A.S. are involved,
– Investigate, verify and validate the information provided by its holders, with any information of which VOCE GROUP S.A.S

– Investigate, verify and validate the information provided by its owners, with any information that VOCE GROUP S.A.S. has.
– Consult, compare and evaluate all information about the holders is stored in the databases of credit, financial, judicial or security risk centers legitimately constituted, of state or private, national or foreign nature.
In the event that VOCE GROUP S.A.S. is not able to carry out the processing by its own means, it may transfer the data collected to be processed by a third party, after notifying the owners. Such third party must guarantee suitable conditions of confidentiality and security of the information.

6. TREATMENT OF PERSONAL DATA OF CHILDREN AND/OR ADOLESCENTS. The processing of personal data of children and / or adolescents who are of a public nature, shall comply, by VOCE GROUP S.A.S. with the following parameters and requirements:

a) Respect the best interests of children and adolescents.
b) Ensure respect for their fundamental rights.
c) To value the opinion of the minor when he/she has the maturity, autonomy and capacity to understand the matter.
Once the above requirements have been met, the legal representative of the child or adolescent may grant authorization for the processing of personal data.

7. TREATMENT OF SENSITIVE DATA. Sensitive data are understood as those
that affect the privacy of the owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life, and biometric data.

VOCE GROUP S.A.S, will strictly observe the legal limitations to the treatment of sensitive data, observing the following:

a) That the holder has given his explicit authorization to such processing, except in cases where the law does not require the granting of such authorization. When the processing is necessary to safeguard the vital interest of the holder and he/she is physically or legally unable to give his/her authorization, his/her legal representative(s) shall do so.
b) That the processing is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or trade union, provided that they refer exclusively to its members or to persons who maintain regular contacts by reason of their purpose. In these events, the data may not be provided to third parties without the owner’s authorization.
c) That the processing refers to data that are necessary for the recognition, exercise or defense of a right in a judicial process.
d) That the processing has a historical, statistical or scientific purpose. In this event, the measures leading to the suppression of the identity of the owners must be adopted.

8. VIDEO – SURVEILLANCE. VOCE GROUP S.A.S., The information collected will be used for security purposes of people, goods and facilities. This information may be used as evidence in any type of process and before any type of authority and organization.

9. RIGHTS OF THE OWNERS OF THE DATA. In accordance with the provisions of Article 8 of Law 1581 of 2012, regulated by Decree 1377 of 2013, the holder of the personal data has the following rights:

(a) To know, update and rectify their personal data. This right may be exercised against partial, inaccurate, incomplete, fractioned, misleading data or data whose processing is expressly prohibited or has not been authorized.
b) Request proof of the authorization granted by VOCE GROUP S.A.S., in its capacity as data controller, except when the law expressly exempts such authorization.
c) Be informed of the use that has been given to their personal data.
d) File complaints with the Superintendence of Industry and Commerce, for violations of the provisions of Law 1581 of 2012, regulated by Decree 1377 of 2013, once you have exhausted the process of consultation or complaint to VOCE GROUP S.A.S.
e) Revoke the authorization and/or request the deletion of the data at any time.
f) Access free of charge to your personal data, object of treatment.

10. PROCEDURE FOR EXERCISING THE RIGHTS OF DATA OWNERS.

10.1. PROCEDURE FOR ACCESS AND CONSULTATION. The owner of the data or their successors, may consult the information contained in the databases of VOCE GROUP S.A.S., for which the corresponding request must be made in writing and filed with the area responsible for the company, Monday through Saturday during business hours:

VOCE GROUP S.A.S:
Address: Carrera 48 #19 south -100 Chelsea Building Office 707
Telephone: 6041491
Schedule: Monday to Friday: 8:00 a.m. to 5:00 p.m. Continuous working day.

The application must contain the following information:

a) Signature, identification number and fingerprint of the holder and, if applicable, of his representative.
b) Documents proving the identity of the owner and, if applicable, of his representative.
c) Contact information (telephone numbers and physical and electronic address).
d) A clear and precise description of the personal data to which the request relates.
e) The description of the facts that give rise to the request or claim.
f) The documents that are intended to be used as evidence or annex.
g) Original filing.

If the request is incomplete, VOCE GROUP S.A.S. will inform the person concerned within five (5) days of receipt of the requirement to proceed to complete it. If two (2) months elapse without completing the information, the request shall be deemed withdrawn.
When the request is formulated by a person other than the owner and it is not accredited that such person is acting on behalf of the owner, it shall be deemed not to have been filed.

If the area that receives the request or claim is not competent to resolve it, it will transfer it to the appropriate person, within a maximum term of two (2) business days, informing the applicant or claimant.

The consultation will be answered within a maximum term of ten (10) business days, counted from the day following the date of receipt. When it is not possible to attend the consultation within such term, the interested party shall be informed, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

10.2. PROCEDURE FOR UPDATING, CORRECTION, DELETION OR REVOCATION OF THE AUTHORIZATION FOR THE PROCESSING OF PERSONAL DATA, OR TO FILE CLAIMS. When the holder or his assignees consider that the information contained in the databases of VOCE GROUP S.A.S, should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the legal duties of VOCE GROUP S.A.S may submit the corresponding request in writing to the area in charge of the company, Monday through Saturday during business hours:

VOCE GROUP S.A.S:
Address Carrera 48 #19 south -100 Chelsea Building Office 707
Telephone: 6041491
Schedule: Monday to Friday: 8:00 a.m. to 5:00 p.m. Continuous working day.

10.3. THE APPLICATION MUST CONTAIN THE FOLLOWING INFORMATION:
h) Signature, identification number and fingerprint of the holder and, if applicable, of his/her representative.
i) Documents proving the identity of the holder and, if applicable, of his/her representative.
j) Contact information (telephone numbers and physical and electronic addresses).
k) A clear and precise description of the personal data to which the request or claim refers.
l) The description of the facts that give rise to the request or claim.
m) The documents that are intended to be used as evidence or annex.
n) Original filing.

If the request is incomplete, VOCE GROUP S.A.S. will inform the person concerned within five (5) days of receipt of the requirement to proceed to complete it. If two (2) months elapse without completing the information, the request shall be deemed withdrawn.

When the request is formulated by a person other than the owner and it is not accredited that such person is acting on behalf of the owner, the request shall be deemed not to have been filed.

If the area that receives the request or claim is not competent to resolve it, it will transfer it to the appropriate person, within a maximum term of two (2) business days, informing the claimant applicant.

Once the request or claim is received, it will be included in the database and the reason for the same, within a term not exceeding two (2) business days. Said legend shall be maintained until the request or claim is decided.

The maximum term to attend the request or claim will be fifteen (15) working days, counted from the day following the date of receipt. When it is not possible to attend the request or claim within such term, the interested party shall be informed of the reasons for the delay and the date on which the request or claim will be attended, which, in no case, may exceed eight (8) business days following the expiration of the first term.

PARAGRAPH: The holder of the personal data may revoke the authorization for the processing of his/her personal data at any time, as long as it is not prevented by a legal provision.

11. SUPPRESSION OF DATA. The owner of the information may request VOCE GROUP S.A.S. at any time, the deletion of their personal data, when:
(a) He/she considers that they are not being treated in accordance with the principles, duties and obligations under Law 1581 of 2012, regulated by Decree 1377 of 2013.
b) They are no longer necessary or relevant for the purpose for which they were collected.
c) The period stipulated for the fulfillment of the purpose for which they were collected has been exceeded.

This deletion implies the total or partial elimination of personal information, as requested by the holder in the records, files, databases or treatments carried out by VOCE GROUP S.A.S.

It is important to note that the right to data deletion is not absolute and VOCE GROUP S.A.S., may deny the exercise of the same, when:
(a) The holder has a legal or contractual duty to remain in the database.
b) The elimination of data hinders judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.
administrative sanctions.
c) The data is necessary to protect the legally protected interests of the holder, to carry out an action in the public interest, or to comply with an obligation legally acquired by the holder.

12. SECURITY OF THE INFORMATION. In developing the principle of security, VOCE GROUP S.A.S., has adopted reasonable technical, administrative and human measures to protect the information of the owners of the information and prevent adulteration, loss, consultation, use or unauthorized or fraudulent access. VOCE GROUP S.A.S. will not allow access to personal data by third parties, under conditions different from those set forth in this Policy, except at the express request of the owner of the information or persons entitled to do so, in accordance with national regulations. Notwithstanding the foregoing, VOCE GROUP S.A.S. shall not be liable for the actions of third parties, tending to violate the security measures established for the protection of personal data.

13. TERM. The authorization by the holder, for the processing of personal data, shall be valid for the duration of the commercial relationship or link to the service.
The authorization by the holder, for the processing of personal data, shall be valid for the duration of the business relationship or the link to the service, without prejudice to the provisions of the preceding paragraphs.

This Personal Data Treatment Policy is effective as of January 15, 2024.