PRIVACY AND PERSONAL DATA PROTECTION POLICY FOR INTERNET SITES

acafor.com

CLAUSE (1). Definitions

Access: one or more actions by the User required: in the case of the Site, for the Site Access; or, in the case of a Third-Party Site, to open in accordance with the Internet protocol called Hypertext Transfer Protocol (HTTP) or the Internet protocol called Hypertext Transfer Protocol Secure (HTTPS) one or more HTTP or HTTPS connections, respectively, between the Internet address of such Third-Party Site and the Internet address of a device used by the User to open each such connection.

Site Access: the opening in accordance with the Internet protocol called Hypertext Transfer Protocol (HTTP) or the Internet protocol called Hypertext Transfer Protocol Secure (HTTPS) of one or more HTTP or HTTPS connections, respectively, between the Internet address of the Site and the Internet address of a device used by the User to open each such connection.

Activity on the Site: the use by the User of one or more features included and enabled on the Site.

Administrator: the following legal entity: Dinexos SRL, with CUIT 33-71776866-9, registered in the Province of Buenos Aires with the Dirección Provincial de Personas Jurídicas under No. 1976668 and with email at [email protected].

Public Authority: any legislative, executive, or judicial body of a national, provincial, or municipal nature.

Cookie: each digital file that meets the following requirements: (1) it is created by an Internet site accessed by the User for the first time; (2) it stores one or more pieces of data about the User (e.g., their access ID) and/or the User's activity on that Internet site (e.g., the selections made) for the purpose of facilitating the User's access to that Internet site and activity on it at least a second time; (3) it is stored by the web browser the User used to access that Internet site for the first time; and (4) it can be read only or read and modified by that Internet site if the User returns to that Internet site using the same web browser at least a second time.

Credencial de Seguridad: one or more Personal Data and/or other data or information provided by a natural person, by themselves or through a software program not previously and expressly authorized by the Administrator, to grant that natural person a unique and unequivocal identity as a User.

Dato Personal: any data belonging to the User (including, without limitation, any data about the device used by the User to Access the Site —model, operating system, connection, etc.— and the User's geographic location during their Stay on the Site) that meets the following requirements: (1) under Law 25326 the Administrator is not prohibited from collecting it from the User in accordance with the Personal Data Collection Clause; and (2) it is not publicly known at the time the Administrator collects it from the User pursuant to the Personal Data Collection Clause.

Ley 25326: Law No. 25,326 and Decree No. 1558/2001 of the national Executive Branch.

Permanecer en el Sitio: one or more actions by the User, on the Site and in accordance with the TyC, necessary to prolong the Stay on the Site.

Time on the Site: the time that elapses from, and including, the Site Access until, and including, the Site Exit.

Owner: the Administrator.

Site Exit: the closing, in accordance with the Internet protocol called Hypertext Transfer Protocol (HTTP) or the Internet protocol called Hypertext Transfer Protocol Secure (HTTPS), of the single or, as applicable, the last HTTP or HTTPS connection opened by the Site Access.

Site: each digital file, whether empty or containing one or more texts (originals or authorized reproductions), images, videos, sounds, graphics, icons, logos, isotypes, trademarks, drawings, emblems, color combinations, letter-and-number combinations, advertising slogans or other digital or digitized content (other than software program instructions) and each software program file (whether it uses one or more of the aforementioned digital files or not) directly or indirectly associated by the Administrator with each of the Internet addresses corresponding to the following domain names:

acafor.com

Third-Party Site: any Internet address other than the Site.

TyC: the terms and conditions of the Site published in the “Terms and Conditions” section of the Site.

User: any natural person who Accesses the Site, Remains on the Site and performs the Activity on the Site, on their own behalf or through a software program not previously and expressly authorized by the Administrator, and each Necessary User; it is stipulated that the Activity on the Site carried out with a Security Credential will be considered to have been carried out by the natural person who supplied that Security Credential, either on their own behalf or through a software program not previously and expressly authorized by the Administrator.

Necessary User: every natural person who is the holder or delegate of parental responsibility or necessary representative, as applicable, of another natural person who Accesses the Site, on their own behalf or through software not previously and expressly authorized by the Administrator, and who is not 18 (eighteen) years of age and is not emancipated by marriage or for any other reason does not have legal capacity to Access the Site, Remain on the Site and carry out the Activity on the Site in compliance with the T&C.

CLAUSE (2). Site Development

(a) The Site has been developed with respect for the User's privacy on the Internet and taking into account the Administrator's duty to protect, in accordance with Law 25326, any Personal Data that the User transmits to the Site in connection with Access to the Site, Remaining on the Site, Activity on the Site and Exit from the Site.

(b) This Privacy and Personal Data Protection Policy is part of the T&C and must be read and interpreted together with the T&C.

CLAUSE (3). Collection of Personal Data

Each Access to the Site automatically constitutes the User's unconditional consent for the Administrator to collect, on the Site and/or via email received from the User, one or more Personal Data for the following purposes unless the Administrator expressly indicates otherwise on the Site and/or by email sent to the User:

(a) improve the interaction between the User and the Site during the User's Remain on the Site; and

(b) prepare anonymous statistics (that is, not capable of enabling the identification of the User) of the Site; and

(c) comply with an order from a Public Authority received by the Administrator; and

(d) evaluate and approve the different services to which the User may have access according to the profile they provide.

CLAUSE (4). Cookies

The Administrator must obtain from the User, on the Site and/or by email received from the User, the User’s unconditional consent to store one or more Site Cookies on the device used by the User to Access the Site and to use those Site Cookies before storing them on that device.

CLAUSE (5). User's Refusal

The User:

(a) may at any time during the User's Remain on the Site notify the Administrator on the Site of their unconditional refusal to:

(I) to provide one or more Personal Data to the Administrator in accordance with the Personal Data Collection Clause; and/or

(II) to allow the storage and use of one or more Site Cookies in accordance with the Cookies Clause; and

(b) acknowledges and agrees that the interaction between the User and the Site during the User's presence on the Site may be less satisfactory (quantitatively and/or qualitatively) than it would otherwise be if:

(I) the User were to communicate a refusal in accordance with subsection (a); or

(II) the User were to provide incomplete, inaccurate or false Personal Data for the purposes of the Personal Data Collection Clause.

CLAUSE (6). Storage of Personal Data

The Administrator will store the Personal Data in a database whose administration will be the exclusive responsibility of the Administrator at the following address: Avenida Rivadavia 21204, first floor, Morón, Partido of Morón, Province of Buenos Aires.

CLAUSE (7). Management of Personal Data

The Personal Data that the Administrator collects in accordance with the Personal Data Collection Clause may be stored, processed and transferred exclusively by:

(a) the Administrator; and

(b) each natural or legal person with whom the Administrator enters into a contract for the transfer or assignment of one or more Personal Data; and

(c) any Public Authority that requires the Administrator to transfer or assign one or more Personal Data by court order and when there are grounded reasons related to public safety, national defense or public health.

CLAUSE (8). User Rights

(a) In accordance with Law 25326 the User may request from the Administrator in relation to one or more Personal Data:

(I) free access to such Personal Data every 6 or more continuous anniversary months from the date of the last access requested by the User unless the User demonstrates a legitimate interest in accessing such Personal Data before the expiry of 6 continuous anniversary months from the date of the last access requested by the User; and/or

(II) the updating of such Personal Data if they have become outdated due to changes in the User's circumstances; and/or

(III) the rectification of such Personal Data if they are inaccurate or incomplete; and/or

(IV) the blocking of such Personal Data; or

(V) the deletion of such Personal Data.

(b) Each User request under paragraph (a) must be made by:

(I) a registered letter if the User requests access to one or more Personal Data; or

(II) an ordinary letter, accompanied by a simple photocopy of their current National Identity Document or passport, if the User requests the update, rectification, blocking or deletion of one or more Personal Data.

(c) The User must deliver or cause to be delivered the corresponding communication under paragraph (b) only to the Administrator's address indicated in the Clause Personal Data Storage.

(d) The Administrator's email address indicated in the Clause Definitions is not an electronic address and, consequently, any email containing or attaching a notice, communication or summons sent to that email address shall not be considered sent to the Administrator nor received by the Administrator for any purpose of the notice, communication or summons in question.

(e) The Administrator:

(I) shall not be obliged to respond favorably to:

(1) a request for access, rectification and/or deletion of one or more Personal Data received from the User under paragraph (a) if compliance with that request would affect the protection of the defense of the Nation, public order and security, or the rights and interests of third parties; or

(2) a request for access to one or more Personal Data received from the User pursuant to subsection (a) subparagraph (I) if such request is not dated at least 6 (six) months after the date of the last request for access to Personal Data that the Administrator received from the User pursuant to subsection (a) subparagraph (I), unless the User reasonably demonstrates to the Administrator (at the Administrator’s sole discretion) that they have a legitimate interest in accessing the Personal Data in question before 6 (six) months have elapsed since the date of that last access request; or

(3) a request for deletion of one or more Personal Data received from the User pursuant to subsection (a) subparagraph (V) if the requested deletion could harm the rights or legitimate interests of third parties or prevent the Administrator from complying with a legal obligation to retain the Personal Data in question; and

(II) will inform the grounds for each denial pursuant to subparagraph (I) by means of a written communication addressed to the address that the User provided in the rejected request.

(f) The Agencia de Acceso a la Información Pública, in its capacity as the Supervisory Body of Law 25326, has the authority to handle complaints and claims filed by those whose rights are affected by noncompliance with the current Personal Data protection regulations.

CLAUSE (9). Amendments

(a) The Administrator:

(I) may, at its sole discretion, at any time and without the need to give prior, simultaneous or subsequent notice or explanation to the User, modify, in whole or in part, temporarily or permanently, this Privacy and Personal Data Protection Policy; and

(II) without prejudice to the provisions of sub-section (I), the Administrator may notify the User, on the Site and/or by email sent to the User, at the time and for the period determined by the Administrator in each case, of a total or partial, temporary or permanent modification of this Privacy and Personal Data Protection Policy.

(b) The User:

(I) will not be obliged to accept, in whole or in part, any modification to this Privacy and Personal Data Protection Policy made by the Administrator; and

(II) must expressly state, on the Site and/or by email sent to the Administrator, at the time and for the period determined by the Administrator in each case, that they have read, understood, and unconditionally and fully accepted the modification of this Privacy and Personal Data Protection Policy as a prior requirement to Remain on the Site and/or perform the Activity on the Site; and

(III) must refrain from Accessing the Site if they do not intend to comply with the provisions of sub-section (II); and

(IV) must not Remain on the Site or perform the Activity on the Site if they have not complied with the provisions of sub-section (II).

(c) For the purposes of this Clause, the Privacy and Personal Data Protection Policy is the one published by the Administrator on the Site during the time on the Site unless the Administrator expressly indicates otherwise on the Site and/or by email sent to the User.

CLAUSE (10). Third-Party Site

This Privacy and Personal Data Protection Policy does not apply to any Third-Party Site, whether before accessing the Site, during the User’s stay on the Site after accessing the relevant Third-Party Site through the User’s use of one or more links to that Third-Party Site included and enabled on the Site to access that Third-Party Site, or after leaving the Site.

CLAUSE (11). Applicable Law

This Privacy and Personal Data Protection Policy is governed exclusively by the law of the Argentine Republic.