Personal Data Processing Policy

This Personal Data Processing Policy is prepared in accordance with the provisions of the Political Constitution of Colombia, Law 1581 of 2012, and Regulatory Decree 1377 of 2013 and will be applied by INVERSIONES SILCE S.A.S. regarding the collection, storage, use, circulation, deletion, transfer, and all activities that constitute the processing of personal data provided to this company.

The right of HÁBEAS DATA is the right of every person to know, update, and rectify the information collected about them in public or private files and databases, ensuring all citizens have decision-making power and control over their personal information. Therefore, INVERSIONES SILCE S.A.S. adheres to these provisions, considering that, for the development of its corporate purpose, it continuously collects and processes databases of clients, shareholders, suppliers, business partners, and employees.

DEFINITIONS

Authorization: Consent that, previously, expressly, and informedly, is given by the owner of personal data for the company to carry out the processing of their personal data.

Owner: Natural person whose data is subject to processing by the company.

Database: Set of personal data.

Personal Data: Information linked to a person. It is any piece of information linked to one or more determined or determinable persons or that can be associated with a natural or legal person. Personal data can be public, semi-private, or private.

Processing: Any operation or set of operations on personal data, including collection, storage, use, circulation, or deletion.

Processor: Natural or legal person, public or private, who alone or in association with others, processes personal data on behalf of the data controller.

Data Controller: Natural or legal person, public or private, who alone or in association with others, decides on the database and/or the processing of the data.

Public Data: Data qualified as such according to the mandates of the law or the Political Constitution. Public data includes, among others, data contained in public documents, final judicial rulings not subject to secrecy, and data related to personal civil status.

Semi-private Data: Semi-private data is that which is neither intimate, reserved, nor public and whose knowledge or disclosure might interest not only its owner but also a certain sector or group of people or society in general, such as financial and credit data of commercial activity.

Private Data: Data that, due to its intimate or reserved nature, is only relevant to the owner.

Sensitive Data: Data related to racial or ethnic origin, membership in unions, social or human rights organizations, political, religious, or sexual orientation beliefs, biometric data, or health data. This information may not be provided by the owner of the data.

Privacy Notice: Physical or electronic document generated by the data controller made available to the owner with information about the existence of the data processing policies that will apply, how to access them, and the characteristics of the processing intended for the personal data.

IDENTIFICATION OF THE DATA CONTROLLER AND PROCESSOR

DUTIES OF INVERSIONES SILCE S.A.S. REGARDING DATA OWNERS

INVERSIONES SILCE S.A.S. acknowledges that personal data is owned by its respective owners, and only these individuals can decide about it. In this sense, it will use the data exclusively for the purposes for which it is authorized by law. Therefore, the company undertakes the following duties as the data controller:

The company must seek a way to obtain the express authorization from the data owner for any type of processing.

The company must clearly and expressly inform its clients, employees, suppliers, and third parties in general from whom it obtains databases about the processing to which their data will be subjected and the purpose of such processing. To this end, the company must design a strategy to inform the data owners about the respective processing for each event, mechanism, or data request. Some of these methods may include sending text messages, completing physical forms.

The company must inform data owners about the optional nature of providing the requested information.

In all cases where data is collected, the company must inform the rights of all data owners regarding their data.

The company must provide the identification, physical or electronic address, and phone number of the person or area responsible for the processing.

The company must guarantee at all times the full and effective exercise of the right to habeas data and petition, allowing data owners to know, update, or correct their information, and process inquiries, all through the mechanisms for inquiries or complaints provided in this policy.

The company must securely store personal data records to prevent deterioration, loss, alteration, unauthorized or fraudulent use, and periodically and promptly update and rectify data whenever data owners report changes or requests.

PURPOSES OF PERSONAL DATA COLLECTION

The personal data provided to INVERSIONES SILCE S.A.S. will be stored in our databases and used for the following purposes:

– Sending commercial, advertising, or promotional information about products, events, and/or commercial promotions to physical, electronic mail, cell phone, or mobile device via text messages (SMS and/or MMS) or any other similar or digital communication method, to drive, invite, direct, execute, inform, and generally carry out campaigns, promotions, or commercial or advertising contests conducted by INVERSIONES SILCE S.A.S. and/or third parties.

– Attending internal or external audit processes.

WHO CAN RECEIVE INFORMATION FROM INVERSIONES SILCE S.A.S. WITHOUT NEEDING AUTHORIZATION FROM DATA OWNERS:

• Data owners, their heirs, or representatives at any time and through any means upon request to INVERSIONES SILCE S.A.S.
• Judicial or administrative entities exercising functions that require the company to provide information.
• Third parties authorized by any law of the Republic of Colombia.

INFORMATION SECURITY

INVERSIONES SILCE S.A.S. has human, administrative, and technical security measures to protect data owners’ information and prevent unauthorized access, modification, disclosure, or destruction of data. Access to personal data is restricted to employees, contractors, representatives, and agents of INVERSIONES SILCE S.A.S. who need to know the data to perform their functions and fulfill the company’s corporate purpose.

DATA BASE VALIDITY

Personal data incorporated in INVERSIONES SILCE S.A.S. databases will remain valid for the time necessary to fulfill its purposes and meet legal and contractual obligations. Once these periods expire and in accordance with Article 28 of Law 962 of 2005, data will be kept for ten (10) years from the end of the relationship with INVERSIONES SILCE S.A.S. Afterward, physical and/or magnetic files containing personal information, as well as personal data in databases, will be deleted.

If you do not wish for your personal data to be used by INVERSIONES SILCE S.A.S., you may partially or fully revoke such authorization expressly, unequivocally, and in writing, either physically or electronically; or orally, or by any means or behavior that reasonably concludes the revocation of such authorization or consent.

If you have any observations and/or comments on the management and use of your personal data, or if you believe the company has used your data contrary to the authorized use and applicable laws; or if you no longer wish to receive information related to the company as outlined in this document, you may contact us at:

INVERSIONES SILCE S.A.S. customer service line +57 318 350 41 96, email info@inversionessilce.com, address Carrera 56 number 46-49 warehouse 1107 Medellín – Colombia.