In compliance with the Federal Law for the Protection of Personal Data (Ley Federal de Protección de Datos Personales en Posesión de los Particulares), which was published in the Official Federal Gazette (the “DOF”) on July 5th, 2010 (the “Law”) with its rulebook published in the DOF on December 21st, 2011 (the “Rules”) and Privacy Policy guidelines published in the DOF on January 17th, 2013 (the “Guidelines” and referred to jointly, along with the Law and the Guidelines, as the “Regulations”), Semillero Online, S.A.P.I. de C.V. (the “Responsible” and/or the “Company”, indistinctly), issues the present Privay Policy (the “Privacy Policy”) for the persons and/or companies (the “Owner”) who confirm their acceptanceof the foregoing clauses.

The purpose of this Privacy Policy is to outline the scope and general conditions of the treatment of Personal and/or Business Data, and to inform the Owner, in order for them to be able to make informed decisions about the use of their Personal and/or Business Data and to maintain control and disposition over such data. Likewise, the Privacy Policy allows the Responsible to make such treatment transparent and, thereby strengthen the level of trust of the Owners.

The terms whose initial letter is capitalized shall have the meaning ascribed to them in the following definitions. The following terms shall have the same meaning regardless of whether they appear in the singular or plural.

For purposes of this Privacy Policy:

• "Account": means a unique account created for You to access our Service or parts thereof;
• “Subsidiary”: means an entity that controls, is controlled by, or is under common control with a party; where "control" means ownership of 50% (fifty percent) or more of the shares, equity interest or other securities entitled to vote for the election of directors or other management authority.
• “App”: means the software program provided by the Company downloaded by you on any electronic device, referred to as Semillero / Digital Contract / Hub Digital;
• "Responsible": (also referred to as "the Company", "We", "Us" or "Our" in this Agreement) refers to Semillero Online S.A.P.I. de C.V., Nuevo Laredo, Tamaulipas Mexico;
• “Cookies”: refers to data files that are stored on the hard disk of a user's computer or electronic communications device when browsing a specific website, which allows for the exchange of status information between the website and the user's browser. The state information may reveal means of session identification, authentication or user preferences, as well as any data stored by the browser with respect to the website.
• “Country”: Refers to United Mexican States;
• “Device”: means any device that can access the Service such as a computer, cell phone or digital tablet;
• “Personal Data”: is any information that relates to an identified or identifiable individual;
• “Business Data”: is any information that refers to an identified or identifiable legal entity;
• “Service”: means the App or the Website or both;
• “Service Provider”: means any individual or legal entity that processes data on behalf of the Company. Refers to third party companies or persons engaged by the Company to facilitate the Service, provide the Service on behalf of the Company, perform services related to the Service or assist the Company in analyzing how the Service is used;
• “Usage Data”: refers to automatically collected data, generated by the use of the Service or the Service's own infrastructure (e.g., the duration of the visit to a page);
• “Website”: refers to the site accessible on any internet browser under the following address https://semillero.online; and
• “You”: means the person accessing or using the Service or the Company or other legal entity on whose behalf such person is accessing or using the Service, as applicable, which shall be understood as the Owner of whose Personal Rights are the subject of this Privacy Policy.

Semillero Online, S.A.P.I. de C.V. whose domicile.

To carry out the purposes described in this Privacy Policy, the Company may collect the following Business, Personal and Usage Data:

a) Business Data:

• Legal name of the company;
• Full name of the natural person who acts on behalf of the company;
• Email address;
• Phone number(s);
• Company´s corporate purpose;
• Company´s domicile;
• Company´s incorporation date;
• Business purpose of the company;
• Certain quantitative information about the operations of the company;
• Certain qualitative information about the structure of the company;
• Card and bank account information, in order to be able to make deposits, charges, and other movements; and
• Any other data requested at the time of registration, or at any time thereafter.

b) Personal Data:

• Email address
• Full name
• Domicile, State, Province, Zip Code, City.
• Phone number(s)
• Date of birth
• Certain quantitative information about the operations of the person;
• Certain qualitative information about the structure of the person;
• Card and bank account information, to be able to make subscriptions, charges, and other movements; and
• Any others requested at the time of registration or at any time thereafter.

c) Usage Data

• Information related to your location
• Images and other information from the camera and devices photo library.

In order to provide a personalized service according to your particular needs, as well as to generate an environment of trust among the users of the Services, the Company may use the Personal and/or Business Data provided for the following purposes: In order to provide a personalized service according to your particular needs, as well as to generate an environment of trust among the users of the Services, the Company may use the Personal and/or Business Data provided for the following purposes:

a) End goals necessary for the existence, maintenance and fulfillment of the legal relationship between the Company and the Owner:

• For identification purposes.
• With the purpose of providing and maintaining our Service, including the supervision of our Service usage.
• For the management of your Account: to manage your registration as a user of the Service. The Personal and Business Data you provide may give you access to different functionalities of the Service that are available to You as a registered user;
• To comply with obligations contracted with our customers and other users of our Web Sites;
• To comply with regulatory obligations issued by the competent authorities, as well as to meet their requirements;
• For the execution of an agreement:: the development, compliance, and performance of the pruchase agreement of the services, articles or Services, acquired by You, or any other agreement with Us through the Service;
• To contact You: To contact You by email, phone calls, SMS, or other equivalent forms of electronic communication, such as push notifications from a mobile application about updates or informational communications related to the features, products or contracted Services, including security updates, when necessary or reasonable to implement them; and
• Manage your requests: So that We can attend and manage your requests.

b) Purposes not necessary for the existence, maintenance and fulfillment of the legal relationship between the Company and the Owner:

• To provide news, special offers and general information about other goods, services and events we offer that are similar to those you have already purchased or inquired about, unless you have opted out of receiving such information;
• For business transfers: We may use Your information to evaluate or carry out a merger, divestment, restructuring, reorganization, dissolution or other sale or transfer of some or all of Our assets, whether as a going concern or as part of a bankruptcy, liquidation or similar proceeding, in which Personal and Business Data that We hold about Our Service users is among the assets transferred;
• Analyzing data, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience;
• To inform regarding changes to our Services;
• To evaluate the quality of Service; and
• To perform internal studies regarding consumer habits and performance evolution.

By providing Personal and Business Data to the Company, you consent to the Company's collection and use of such Data for the purposes described above.

However, the Owner has the right to object to the use of his/her Personal and Business Data for the purposes contained in paragraph b) above (Purposes not necessary for the existence, maintenance, and fulfillment of the legal relationship between the Company and the Owner). In the event that the Owner wishes to exercise this right, he/she must do so in accordance with the procedure set forth in item VII below within 5 (five) business days following the date on which this Privacy Policy has been made available to him/her, in order for the Company not to use his/her data for such purposes. Otherwise, it will be understood that the holder consents to the processing of his/her data for all the purposes listed above.

However, the Company may disclose your Personal and Business Data to comply with applicable legal provisions and to comply with requests or orders issued by judicial, administrative or any other competent authorities.

In order to limit the use or disclosure of his/her Personal and Business Data, the Owner must submit a duly signed request to the department or person in charge of the processing of Personal and Business Data, either at the address of the Responsible or at the e-mail address set forth in section IXX of this Privacy Policy, requesting the limitation of the use or disclosure in question.

If the Owner wishes to stop receiving promotional messages from the Company, he/she may request so by the means set forth in such messages. However, if the Owner limits the Company's use or disclosure of his or her Personal and Business Data, the Company may not be able to provide him or her, with the features and benefits to which he or she would otherwise have access to. The Company may take such action as it deems appropriate in the event that your limitation on the use or disclosure of the data disrupts in any way affects the Company's processes and practices.

Except for the exceptions provided below, as well as those mentioned in Article 37 of the Law, We undertake not to transfer Personal and Business Data to third parties outside the corporate group to which the Company belongs without the consent of the Owner of such, as well as to carry out this transfer under the terms established by Law (except in cases where such transfer of data is necessary for the purposes necessary for the existence, maintenance and fulfillment of the legal relationship between the Company and the Owner, in which case you hereby give your express consent).

We may transfer your Personal and Business Data to the following persons at the following times and for the following purposes:

• With Service providers: We may share your personal information with Service Providers to monitor, analyze the use of our Service and to contact you.
• For commercial transfers: We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing or acquisition of all or part of Our business to another company.
• With Affiliates: We may share your information with our Affiliates, in which case We will require such Affiliates to abide by this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint ventures or other companies that we control or that are under common control with us.
• With business partners: We may share your information with Our business partners to offer you certain products, services or promotions.
• With other users: when You share personal information or otherwise interact in public areas with other users, such information may be viewed by all users and may be publicly distributed externally.
• With your consent, when for any other reason the Responsible requires to make any other transfer of your Personal and Business Data.

Your information, including Personal and Business Data, is processed at the Company's operational offices and at any other location where the parties involved in the processing are located.

Your consent to this Privacy Policy, followed by your submission of such information, represents your agreement to such transfer.

The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal and Business Data to an organization or country will take place unless there are adequate controls in place that include the security of your data and other personal information.

a) Commercial Transactions:

If the Company is involved in a merger, acquisition or asset sale, your Personal and/or Business Data may be transferred. We will notify you before your Personal or Business Data is transferred and/or becomes subject to a different Privacy Policy.

b) Legal Compliance:

In certain circumstances, the Company may be required to disclose your Personal and Business Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

c) Other legal requisites:

The Company may disclose your Personal and Business Data if it believes in good faith that such action is necessary to:

• To comply with a legal obligation;
• Protect and defend the rights or property of the Company;
• Prevent or investigate possible violations in connection with the Service;
• Protect the personal safety of users of the Service or the public; and
• Protect against legal liability.

The Company will retain your Personal and Business Data only for as long as necessary for the purposes set forth in this Privacy Policy. We will retain and use your Personal and Business Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except where this data is used to enhance the security or improve the functionality of Our Service, or where We are legally required to retain this data for longer periods of time.

The security of your Personal and Business Data is important to us, but please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal and Business Data, we cannot guarantee its absolute security.

XII. Links to Other Websites.

Our Service may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly encourage you to review the Privacy Policy of each site you visit.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party sites or services.

Our Service is not directed to children under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 13 without verifying parental consent, we will take steps to remove that information from our servers.

If we need to rely on consent as a legal basis to process your information and your country requires parental consent, we may require parental consent before collecting and using that information.

Tracking Technologies and Cookies.

We use Cookies and similar tracking technologies to track activity on Our Service and store certain information. The tracking technologies used are beacons, tags and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include

We use Cookies and similar tracking technologies to track activity on Our Service and store certain information. The tracking technologies used are beacons, tags and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

• Cookies or Browser Cookies: A cookie is a small file placed on your Device. You can instruct your browser to refuse all Cookies, or to tell you when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some parts of our Service. Unless you have adjusted your browser settings to refuse Cookies, our Service may use Cookies.
• Flash Cookies: Some features of our Service may use local stored objects (or Flash Cookies) to collect and store information about your preferences or your activity on our Service. Flash Cookies are not managed with the same browser settings as those used for browser Cookies. For more information on how you can delete Flash Cookies, read "Where can I change settings to disable or delete local shared objects?" available at
  https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects flash.html#main_Where_can_I_change_the_settings_for_disabling__or_deleting_local_shared_objects_.
• Web Beacons: Certain sections of our Service and our emails may contain small electronic files known as Web Beacons (also known as clear gifs, pixel tags and single-pixel gifs) that allow the Company, for example, to count users who have visited those pages or opened an email and for other statistics related to the Website (e.g., to record the popularity of a certain section and to verify system and server integrity).

Cookies can be "persistent" or "session" Cookies. Persistent Cookies remain on your personal computer or mobile Device when you log off, while session Cookies are deleted as soon as you close your web browser.

We use both session and persistent Cookies for the purposes set out below:

• Necessary/essential cookies

Type: Session Cookies Managed by: Us Purpose: These Cookies are essential to provide You with the Services available through the Website and allow You to use some of its features. They help authenticate users and prevent fraudulent use of user Accounts. Without these Cookies, the Services you request cannot be provided, and we only use these Cookies to provide these Services to You.

• Cookie Policy / Cookie Acceptance Notice

Type: Permanent Cookies Managed by: Us Purpose: These Cookies identify whether users have accepted the use of Cookies on the Website.

• Functionality Cookies

Type: Persistent Cookies Managed by: Us Purpose: These Cookies allow us to remember choices You make when using the Website, such as remembering Your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to prevent you from having to re-enter your preferences each time You use the Website.

For more information about the Cookies we use and your choices regarding the above, please visit our Cookie Policy or the Cookies section of our Privacy Policy.

We may update our Privacy Policy from time to time, for which purpose we will notify You of any changes by posting the new Privacy Policy on this page, email and/or through a prominent notice on our Service, before the change becomes effective and we will update the "Last Updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for changes. Changes to this Privacy Policy will be effective when posted on this page.

In accordance with the Ordinances, the Owner, by his own right or through his legal representative, may request to the Owner at any time the access, rectification, cancellation or opposition ("ARCO Rights") with respect to the Personal Rights that concern him.

• Access. You may verify the Data that the Company has, which will be made available to You either by physical copies, electronic documents or by any other means indicated by the Company or that you indicate in your request to be contacted.
• Rectification. In the event that the Company has inaccurate or incomplete Data, You may request the total or partial modification of the same, as long as you submit the supporting document that proves the error or change in the same.
• Opposition. You will have the right at all times and for legitimate reasons in accordance with the Law, to oppose the partial or total processing of your Personal and Business Data collected, being able to point out specific cases or situations for such opposition.
• Cancellation. You may request the Company to cancel the processing of your Personal and Business Data collected in case you consider that it is not required for any of the purposes stated in this Privacy Policy or is being used for purposes that have not been consented.

The request must be made in writing addressed to the area or person responsible for the processing of your Personal Data and must contain and be accompanied by the following: (i) name of the Owner and address or other means to communicate the response to his/her request; (ii) copy of the identification document of the Owner, as well as the original thereof for comparison or, if applicable, in the case of the representative of the Owner, in addition to the above (identification of the Owner), the documents proving the identity of the representative, as well as the public instrument or power of attorney signed before two witnesses, in which the powers granted are stated, or statement in personal appearance of the Owner; (iii) a clear and precise description of the Personal Data with respect to which it seeks to exercise any of the ARCO Rights, and (iv) any other element or document that facilitates the location of the Personal Data. Such request shall be submitted at the Address to hear and receive notifications or by e-mail addressed to the following address: legal@semillero.online, provided that duly certified electronic instruments that substitute the identification of the Owner or, as the case may be, of its representative, are submitted.

The Responsible shall notify the Owner within a maximum period of 20 (twenty) business days from the date on which the request of the corresponding ARCO Right was received, the determination adopted so that, if it is appropriate, it becomes effective within 15 (fifteen) business days from the date on which the response is communicated. The term may be extended only once for an equal period, provided that the Responsible justifies the extension to the Owner, which must be notified within the same term. For such purpose, the Responsible shall note in the acknowledgment of receipt delivered by the Owner the corresponding date of receipt.

The term indicated in the previous paragraph will be interrupted in the event that the Responsible requires additional information from the Owner, due to the fact that the information originally provided is insufficient or erroneous to process the request, or if the documents indicated above are not provided. For such purpose, the Responsible may require the Owner, once and within 5 (five) business days following the receipt of the request, to provide the necessary elements or documents to process the request, and the Owner shall have 10 (ten) business days to respond to the request, counted as of the day following the day it is received. If the Owner does not respond within such term, the corresponding request shall be deemed not to have been filed. On the contrary, in the event that the Owner complies with the information request, the term for the Responsible to respond to the request will begin to run the day after the Owner has complied with the request for additional information.

The answers provided by the Responsible to the Owner who has exercised his/her ARCO Rights, shall be made by the same means in which the request was made, dealing only with the Personal Data specifically indicated in the request in question and shall be presented in a legible and understandable format.

When the access to the Personal Data is on site, the Responsible shall grant the Owner a term of 15 (fifteen) days so that he/she may consult the Personal Data. Once this period has elapsed, without the Owner having attended, it will be necessary to submit a new request.

When the Responsible denies the exercise of any of the ARCO rights, the Company shall justify such denial, and the Owner shall have the right to request the initiation of the rights protection procedure before the National Institute of Transparency, Access to Information and Protection of Personal Data.

The consent You give to this Privacy Policy may be revoked at any time, without retroactive effect. The revocation of consent that the Owner intends to make, must do so in accordance with the means and procedure set forth in paragraph XVI above.

This Privacy Policy, the treatment of your Personal Data and/or all related documents are governed by the Law and other regulations of the United Mexican States. The acceptance of this Privacy Policy or the execution of a contract of any nature with the Responsible, once the same is made available, implies an express acceptance, in writing, of its terms and express submission to the courts of the city of [*], for any controversy or claim derived from the same, so it is understood the waiver of any jurisdiction that by reason of domicile, present or future, may correspond to You.

If you have any questions about this Privacy Policy or the processing of your Personal Data, you may contact us by e-mail: legal@semillero.online.

Notwithstanding the foregoing, in the event that you consider that the processing of your Personal Data constitutes a violation of the provisions of the Law, you may refer to the National Institute of Transparency (Instituto Nacional de Transparecia), Access to Information and Protection of Personal Data.