Personal Data Treatment and Protection Policy COMERCIALIZADORA BOOKCOFFE SAS

Policy for the Treatment and Protection of Personal Data Comercializadora Bookcoffe SAS COMERCIALIZADORA BOOKCOFFE SAS is respectful of the personal data and information provided by its current, past and potential clients, commercial allies and possible interested in the company's products (hereinafter, the Holders ).

In this Personal Data Treatment and Protection Policy, the purposes, measures and procedures of our databases are established, as well as the mechanisms that the Holders have to know, update, rectify, delete the data provided or revoke the authorization that It is granted with the acceptance of this policy.

The acquisition of the products and services offered in any of our points of sale or distributors (hereinafter, the Products and Services) and / or the express or unequivocal acceptance of these policies, implies the acceptance of the Holders of this Policy and your authorization for the uses and other treatments described here.

1. RESPONSIBLE AND RESPONSIBLE FOR DATA PROCESSING

The person responsible for the processing of personal data and other information of the Holders is the company COMERCIALIZADORA BOOKCOFFE SAS (hereinafter, BOOKCOFFE), with tax identification number NIT. 901,321,304-1; domicile and address at Carr 6 38-15 INt 5 of Neiva, Colombia; email juridica@bookcoffe.com
2. PURPOSE OF THE DATABASE

The treatment of BOOKCOFFE databases has the following purposes:

2.1. In relation to the database of employees, contractors and aspiring employees of BOOKCOFFE

1. Keep and manage the information of the labor or commercial relationship with the Holders.

2. Compliance with legal, accounting, commercial and regulatory duties.

3. The control and preservation of the security of people, goods and information of BOOKCOFFE.

4. Fulfill the object of the labor or civil relationship that has been acquired with the Holders.

5. Protect the health of BOOKCOFFE employees and contractors.

6. Prevent and verify the commission of crimes or criminal conduct by employees, contractors and applicants, for which different databases and sources may be consulted, such as databases of the National Police, Comptroller's Office, Interpol, FBI, SDNT list (or "Clinton List"), SARLAFT, as well as the corresponding social networks, in the form in which they are arranged.

7. Prevent and counteract an eventual reputational risk that could affect BOOKCOFFE, for which different databases and sources may be consulted, such as databases of the National Police, Comptroller's Office, Interpol, FBI, SDNT list (or “ Clinton List ”), SARLAFT, as well as the corresponding social networks, in the way they are arranged.

8. Maintain direct communication with the Holders for issues related to their employment or commercial relationship.

9. Selection of personnel, administration of contracts, management of labor relations and compliance with the obligations derived from it, granting benefits to its employees by itself or through third parties, as well as allowing employees access to computer resources of the company.

10. Keep a record of the disciplinary sanctions imposed on contractors and employees of the BOOKCOFFE.

11. Carrying out statistical, commercial, financial, social and technical analysis.

12. Communication with the owners for contractual, informative and commercial purposes.

13. Compliance with legal, accounting, commercial and regulatory duties.

14. Verification and verification of the identity and criminal, disciplinary, financial and credit history of the holders.

15. The control and preservation of the security of people, property and information of BOOKCOFFE.

16. Transmit, transfer and supply the information and personal data of the Holders to those third parties in charge of administering the social security system in Colombia, as well as to insurance companies.

17. Transmit, transfer and supply the information and personal data of the Holders to third parties, in those cases in which employer substitution occurs or in those cases in which BOOKCOFFE assigns its contractual position.

18. Transmit, transfer and supply the information and personal data of the Holders to third parties, in order to give employment and / or professional references on the Holders.

2.2. In relation to the database of clients, suppliers and commercial partners of BOOKCOFFE

1. The fulfillment of the corporate purpose of BOOKCOFFE.

2. The development, execution and fulfillment of the contractual relationship that the holder has with BOOKCOFFE.

3. Compliance with legal, accounting, commercial and regulatory duties.

4. Carrying out statistical, commercial, strategic, financial, social and technical analysis.

5. Communication with the owners for contractual, informative and commercial purposes.

6. Compliance with legal, accounting, commercial and regulatory duties.

7. The control and preservation of the security of the people, goods and information of BOOKCOFFE, for which different databases and sources may be consulted, such as databases of the National Police, Comptroller, Interpol, FBI, SDNT list (or "Clinton List"), SARLAFT, credit risk centers, as well as the Holder's social networks, in the form in which they are arranged.

8. Prevent and counteract an eventual reputational risk that could affect BOOKCOFFE, for which different databases and sources may be consulted, such as databases of the National Police, Comptroller's Office, Interpol, FBI, SDNT list (or “ Clinton List ”), SARLAFT, credit risk centers, as well as the Holder's social networks, in the way they are arranged.

9. Verification and verification of the identity and criminal, disciplinary, financial and credit history of the holders.

10. Transmit, transfer and supply the information and personal data of the Holders to the subsidiaries, affiliates or allied to BOOKCOFFE, commercial allies or other national and / or international companies or persons that BOOKCOFFE entrusts to carry out the treatment of the information and comply with the purposes described in this Policy and the purpose of the commercial or civil relationship with the Holders, or for said third parties to assume the position of Responsible

11. In order to preserve the security of BOOKCOFFE, analyze and verify the information of the employees and collaborators of BOOKCOFFE and of those who participate in selection processes.

12. Transmit, transfer and supply, free of charge or onerous, the information and personal data of the Holders to national and / or international commercial allies so that they contact the Holders to offer them their products, information or services that in the opinion of BOOKCOFFE may be of interest to the Holder.

13. Transmit, transfer and supply the information and personal data of the Holders to national and / or international third parties, in those cases in which BOOKCOFFE participates in processes of merger, integration, spin-off, liquidation and / or disposal of assets.

14. In order to preserve the security of BOOKCOFFE, analyze and verify the information of the employees and collaborators of BOOKCOFFE and of those who participate in selection processes.

2.3. In relation to the visitor database

1. Verification and verification of the identity, criminal and disciplinary records of the holders.

2. The control and preservation of the security of people, goods and information of BOOKCOFFE.

3. PERSONAL DATA PROVIDED AND FORM OF OBTAINING BOOKCOFFE

You may expressly ask the Holders or collect from their behavior the data that are necessary to fulfill the purpose of the Databases, which are - among others - the following:

3.1. In relation to the database of employees and contractors: Name and surname, nationality, marital status, identification number, military book, professional card, fingerprint, calligraphy, date and place of birth, marital status, correspondence address, telephone contact, email, employment, clinical or health, academic and patrimonial history, references, business history or financial, judicial, disciplinary and family information with other companies or with public entities, recent photographs, images in surveillance cameras; occupational medical history; name, identification number, telephone number, sex, date and place of birth, place of work, position or profession of the spouse or permanent partner of employees and contractors and their relatives up to the fourth degree of consanguinity, second degree of age and / or first civil , and any other data that is necessary to achieve the purposes described.

3.2. In relation to the databases of clients, suppliers, business partners: Name and surname, identification number, date of birth, correspondence address, contact telephone number, email, business and legal background, business and family relationships with other companies or with public entities, needs and interests, workplace, legal documents in the case of a company or natural person registered in RUT, financial documents for making payments and collections.

3.3. In relation to the visitor database: Names and surnames, identification number, signature, needs and interests, dates and times of access to the facilities of BOOKCOFFE, EPS where it is ally, RH blood type, contact telephone number. The data may be explicitly provided by the Holders, or collected at the beginning and / or during the labor or civil relationship between the Holders and BOOKCOFFE. The company will only collect and / or process data considered Sensitive Data in cases permitted by law. For such events, the Holders are informed that they are not obliged to supply the aforementioned data or to authorize their treatment. Once said data has been provided and the corresponding consent has been granted, the data will be collected and processed only for the purposes described in this Treatment Policy.

3.4. In relation to sensitive data and its treatment: In accordance with law 1581 of 2012, the following are considered sensitive data: Racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organizations, data related to health status, sexual life and biometric data. Taking into account the characteristics of BOOKCOFFE, the activities it develops, and the purposes described in this Policy, BOOKCOFFE requires processing of some sensitive data, in the manner and conditions indicated below.

3. 4. 1. Sensitive information related to health status: BOOKCOFFE will collect and process the health data of its employees and contractors. These data are of a sensitive nature, for which, in accordance with the provisions of the current regulations, the Holders are informed that they are not obliged to supply the aforementioned data or to authorize their treatment. Once said data has been provided and the corresponding consent has been granted, said data will be collected and processed solely to preserve and guarantee the well-being of the holders.

3.4.2. Biometric data: BOOKCOFFE will collect biometric data from its employees, contractors and visitors, such as fingerprints. As in the case of information on health status, these data are sensitive, and therefore the Holders are not obliged to supply them. BOOKCOFFE will guarantee that the treatment of this data will be done in accordance with the law and under strict security measures.

3.4.3. Data related to minors: BOOKCOFFE will only use, store and process the personal data of minors who are children, descendants or who depend on or are in charge of BOOKCOFFE's employees or contractors, and which are of a public nature. The purpose of said treatment will only be to plan and carry out activities related to the personal and family well-being of employees and minors. For such purposes, the company will take into account the respect and prevalence of the rights of minors, their superior interest and their fundamental rights.
4. AUTHORIZATION FOR COLLECTION AND PROCESSING OF PERSONAL DATA AND OTHER INFORMATION

By voluntarily supplying any of the personal data in the manner indicated in the previous paragraph, and / or express verbal or written authorization, the Holder expressly or unequivocally authorizes BOOKCOFFE to collect personal data and any other information that it provides, as well. as well as to carry out the treatment of your personal data, in accordance with this Policy and the law.
5. TREATMENT OF PERSONAL DATA STORED IN THE BOOKCOFFE DATABASES

BOOKCOFFE will only use, process and circulate the personal data and other information of the Holders for the purposes described and for the treatments authorized in this Treatment Policy or in current laws. In addition to what is mentioned in other clauses, the Owner expressly authorizes BOOKCOFFE to collect, use and circulate their personal data and other information for the following purposes and in the following circumstances:

1. Establish communication between BOOKCOFFE and the Holders for any purpose related to the purposes established in this policy, either through calls, text messages, emails and / or physical.

2. Audit, study and analyze the information in the Databases to design and execute administrative, labor, security and financial strategies related to the BOOKCOFFE personnel.

3. Provide the information and personal data of the Holders to the subsidiaries, affiliates or allies of BOOKCOFFE, commercial allies or other companies or persons that BOOKCOFFE entrusts to carry out the treatment of the information and fulfill the purposes described in this Policy and the object of the labor or civil relationship with the Holders.

4. In order to preserve the security of BOOKCOFFE, analyze and verify the information of the employees and collaborators of BOOKCOFFE and of those who participate in selection processes

5. Transfer, transmit and supply, free of charge or for consideration, the information and personal data of the Holders to national and / or foreign commercial allies so that they contact the Holders to offer them their products, information or services that in the opinion of BOOKCOFFE may be of interest to the Holder.

6. Transfer, transmit and supply the information and personal data of the Holders to third parties, in those cases in which BOOKCOFFE participates in merger, integration, spin-off and / or liquidation processes.

7. Verify conflicts of interest or possible irregularities in the new contractors and / or employees of BOOKCOFFE.

8. Perform financial, legal, commercial and security risk qualification.

9. Consult, store and use the financial information obtained from third-party database administrators, with the prior authorization of the Owner for said consultation.

10. Combine personal data with information obtained from other partners or companies or send it to them to implement joint business strategies.

11. When the information must be disclosed to comply with laws, regulations or legal processes, to ensure compliance with the terms and conditions, to stop or prevent fraud, attacks on the security of BOOKCOFFE or others, prevent technical problems or protect the rights of others

12. Audit, study and analyze the information in the Databases to design commercial strategies and increase and / or improve the Products and Services offered by BOOKCOFFE.

13. Audit, study, analyze and use the information in the Database to design, implement and develop programs, projects and events.

14. Audit, study, analyze and use the information in the Database for the socialization of policies, projects, programs, results and organizational changes.

15. Transmit, transfer and supply the information and personal data of the Holders to national and / or foreign strategic allies so that they contact the Holders to offer them goods and services of interest, receive offers from the holders, invite participation in programs , projects, events, socialize policies, projects, programs, results and organizational changes. 16. Sell or transfer the data to national and / or foreign third parties, prior compliance with Law 1581 of 2012 17. Any others that are necessary to fulfill the purposes described in this Treatment Policy.

6. APPLICATION FOR AUTHORIZATION FOR NEW BOOKCOFFE USES

You may request authorization from the Holders for the use or circulation of your data or information for purposes other than those expressed in this Privacy Policy and in the Terms and Conditions, for which you will publish the changes in this Treatment Policy on your page web www.BOOKCOFFE.com or in any means that it deems appropriate according to the case.
7. STORAGE OF PERSONAL DATA

The Holder expressly authorizes BOOKCOFFE to store it in the way it deems most appropriate and complies with the security required for the protection of the Data of the Holders.
8. SECURITY MEASURES FOR THE PROTECTION OF PERSONAL DATA AND OTHER INFORMATION

The security measures available to BOOKCOFFE seek to protect the data of the Holders in order to prevent its adulteration, loss, use and unauthorized access. To do this, BOOKCOFFE diligently implements human, administrative and technical protection measures that are reasonably within its reach. The Holder expressly accepts this form of protection and declares that he considers it convenient and sufficient for all purposes.
9. RIGHTS OF THE BOOKCOFFE HOLDERS

It informs its owners that, in accordance with current legislation, they have the right to know, update, rectify their information, and / or revoke the authorization for their treatment. In particular, the rights of the holders as established in article 8 of Law 1581 of 2012 are:

a) Know, update and rectify your personal data

b) Request proof of the authorization granted

c) Be informed, upon request, regarding the use that has been given to your personal data;

d) Present before the Superintendency of Industry and Commerce complaints for infractions to the provisions of the law

e) Revoke the authorization and / or request the deletion of the data

f) Free access to your personal data that have been subject to Treatment. to. Area in charge of requests, inquiries and claims. The area in charge of dealing with the requests, queries and claims of the holders to exercise their rights to know, update, rectify and delete their data and revoke their authorization is the BOOKCOFFE Quality Area. b. Procedure to exercise your rights. In case you wish to exercise your rights, the Holder must send an email or physical email to the contact addresses established in this Policy on Treatment and Protection of Personal Data. The procedure to be followed for said communications will be as follows: c. Requests and Queries on Personal Data. When the owner of the data or his successors in title wish to consult the information that resides in the database, BOOKCOFFE will respond to the request within a maximum period of ten (10) days. In compliance with the provisions of Law 1581 of 2012, when it is not possible to attend the query within said term, the Holders will be informed, the reasons for the delay will be expressed and the date on which their query will be attended will be indicated. , which may not exceed five (5) business days following the expiration of the first term. d. Revocation of authorization, withdrawal or deletion of the Database and claims on Personal Data. When the owner of the data or his successors in title consider that the information contained in the databases should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012, they may submit a claim before BOOKCOFFE, which will be processed under the following rules:

1. The claim will be formulated by means of a request addressed to BOOKCOFFE with the identification of the Holders, the description of the facts that give rise to the claim, the address, and the documents that are to be asserted will be attached. If the claim is incomplete, BOOKCOFFE may require the interested party within five (5) days following receipt of the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that he has withdrawn the claim. In the event that BOOKCOFFE is not competent to resolve the claim, it will transfer to the corresponding party within a maximum term of two (2) business days and will inform the Holder of the situation, thereby relieving it of any claim or responsibility for the use , rectification or deletion of data. 2. Once the complete claim is received, a legend that says "claim in process" and the reason for it will be included in the database, within a term not exceeding two (2) business days. Said legend must be kept until the claim is decided. 3. The maximum term to attend the claim will be fifteen (15) business days from the day following the date of receipt. When or it is not possible to attend the claim within said term, the Holder will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished. The withdrawal or deletion will not proceed when there is a contractual duty to remain in the BOOKCOFFE database.
10. CONTACT

Any questions or additional information will be received and processed by sending them to the contact addresses established in this Personal Data Treatment and Protection Policy.
11. PERIOD OF VALIDITY OF THE DATABASE

The personal data incorporated in the Databases will be valid for the period necessary to fulfill their purposes.
12. CHANGES IN THE POLICY OF TREATMENT AND PROTECTION OF PERSONAL DATA

Any substantial change in the Treatment policies will be promptly communicated to the Holders through publication on our web portals.
13. CURRENT LEGISLATION

The current national legislation on the protection of personal data is contained in Law 1581 of 2012, Decree 1377 of 2013 and Law 1266 of 2008 and the regulations that modify or complement it.