NOTICE OF PRIVACY 

                                     KARTHA NFC SmartCard and its Cardholders

The following Privacy and Data Protection Principles (the "Principles") set out how Kartha NFC SmartCard (Kartha) and its direct and indirect Cardholders ("End Customer") will collect, use, store, share, transmit, delete or otherwise process (collectively "process") your personal data. Personal data means any information relating to an identified or identifiable natural person. The personal data protection standard established in these Principles will be used by Kartha NFC SmartCard worldwide, providing adequate and consistent protection for the processing of your personal data. In these Principles, the terms "you" and "your" refer to any natural person who is a customer or employee of Kartha NFC SmartCard and any other natural person whose personal data we process, and "we", "our" and refer to Kartha NFC SmartCard.

PRIVACY POLICY

Thank you for accessing the website www.kartha.com.mx (the "Site") operated by Javier Alvarez Prado Responsible for the Processing of your Personal Data, with address at Nueva galicia 50, Nueva Galicia Residencial, Tlajomulco de Zuñiga, Jalisco, CP 45645, Jalisco.

At Kartha, every day we work to serve you better and better when you purchase our products or use our services. Taking care of the Personal Data that you share with us is a fundamental part of this. Therefore, we want you to be sure that your information is safe and secure with us and know how we use it to offer you a better and more personalized customer experience when you use our services.

This Privacy Policy explains our Processing of your Personal Data, to whom, under certain conditions, we transfer and/or transmit your Personal Data, as well as the security measures we have taken to protect it. Likewise, it explains the rights that you have as the Owner of your Personal Data and how you can exercise them.

We invite you to read this Privacy Policy in detail and if you have any questions, we ask that you please contact us at sales@kartha.com.mx, or by phone (624) 1452153, (624) 1443081 or send a communication to Nueva galicia 50, Nueva Galicia Residencial, Tlajomulco de Zuñiga, Jalisco, CP 45645, Jalisco.

I. Some definitions you need to know:

For the purposes of this policy, the words defined below will have the meaning assigned in this chapter, whether or not they are capitalized, or whether they are plural or singular.

Commercial Ally: Natural or legal person that markets or offers products and/or services that improve the value offer for Kartha clients such as, for example, financial entities, insurance companies, retail establishments, among others.

Privacy Notice: Physical, electronic or any other format document, generated by the Data Controller, which is made available to the Owner for the Processing of their Personal Data, which communicates to the Owner the information related to the existence of the policies. of information processing that will be applicable, the way to access them and the characteristics of the Treatment that is intended to be given to personal data.

Service Channels: Means through which you can exercise your rights, which are through (i) email arco@kartha.com.mx , (ii) or directly at Nueva galicia 50, Nueva Galicia Residencial, Tlajomulco from Zuñiga, Jalisco, CP 45645, Jalisco , or by phone (624) 1452153, (624) 1443081.

Kartha or Responsible: Javier Alvarez Prado.

Personal Data: Any information concerning an identified or identifiable natural person. For example, Kartha may collect the following Personal Data: name, identification number, address, telephone number, email, geolocation data, use and visit of the website, browsing history, purchasing habits and other biometric data such as your fingerprint. , facial features and voice.

Sensitive Personal Data: Sensitive data is understood to be data that affects the most intimate sphere of the Owner, or whose improper use could give rise to discrimination or entail a serious risk for the Owner. Sensitive data is considered data that could reveal aspects such as racial or ethnic origin, current state of health and morals, union membership, opinions, policies, sexual preference, etc.

Consent: Manifestation of the will of the Owner of the data through which the processing of the data is carried out.

Processor: Natural or legal person, public or private, who, by themselves or together with others, carries out the Processing of Personal Data on behalf of the Person Responsible for the Processing of Personal Data.

Responsible for the Treatment: Natural or legal person, of a private nature, who decides on the database and/or the Processing of the data.

Owner: Natural person whose personal data is the subject of Treatment.

Processing of Personal Data: The obtaining, use, disclosure or storage of personal data, by any means. Use covers any action of access, handling, use, transfer or disposition of personal data.

II. Authorization

By accepting this Privacy Policy, you authorize Kartha to process your Personal Data.

Kartha will only process your Personal Data when it has your Authorization and only for the purposes indicated in section V of this document. You may revoke your authorization at any time, requesting it through any of the means indicated in section VIII.

III. Transfer of Personal Data to Related Companies and others.

Additionally, by accepting this Privacy Policy, you authorize Kartha to share your Personal Data with Related Companies and Kartha's Business Partners so that they may process it for the purposes indicated in section V. However, in At any time, as the Owner, you may revoke the authorization granted or oppose the sending of commercial communications, requesting it by any of the means indicated in section VIII.

Additionally, in the event of selling all or part of Kartha's business, you authorize Kartha to transfer the databases containing your Personal Data to the buyer.

Apart from what is established in this Privacy Policy, Kartha may not sell or disclose your Personal Data to third parties unless it has previously obtained your consent or is required to do so by law.

Kartha will be responsible for the effective compliance with the obligations regarding the Processing of Personal Data by its Related Companies and its Commercial Allies, without prejudice to the responsibility that corresponds to them for any breach of such obligations. Likewise, in the event that the Processing of Personal Data is to be carried out by service provider companies for Kartha, said provider companies must assume confidentiality commitments and adopt measures that ensure due compliance with Personal Data protection regulations. especially those established in the Federal Law on Protection of Personal Data Held by Private Parties and its Regulations.

IV. General Principles for the Processing of Personal Data.

Our commitment is to guarantee that all Personal Data Processing that we carry out is always done respecting the rights that the Constitution and the laws grant you. Therefore, we want to make you aware of the principles that move us in this matter:

Principle of Legality: Personal data must be collected and processed lawfully. Obtaining personal data should not be done through deceptive or fraudulent means.

Principle of Consent: All Personal Data Processing will be subject to the consent of its owner. Consent will be express when the will is expressed verbally, in writing, by electronic, optical or any other technology or by unequivocal signs. The Owner tacitly consents to the processing of his/her data when, having made the privacy notice available to him/her, he/she does not express his/her opposition.

Information principle: The Person Responsible for the Processing of Personal Data will have the obligation to inform the Owner of the Personal Data of the information that is collected from them and for what purposes through the privacy notice.

Quality Principle: The Person Responsible for the Processing of Personal Data will ensure that the personal data contained in the databases are relevant, correct and updated for the purposes for which they were received.

Principle of Purpose: The Processing of Personal Data must be limited to compliance with the purposes set forth in the privacy notice. If the person responsible intends to process the data for a different purpose that is not compatible or analogous to the purposes established in the Privacy Notice, the consent of the owner will be required to be obtained again.

Principle of Loyalty: Implies that the Processing of Personal Data must be carried out in a fair and lawful manner, that is, with full compliance with the law and respect for good faith and the rights of the Owner, whose information is subject to Processing.

Principle of Proportionality: The Person Responsible for the Processing of Personal Data must only use the Personal Data of the Owner, in accordance with the express purposes of the collection.

Principle of Responsibility: The Person Responsible for the Processing of Personal Data will ensure compliance with the principles of protection of Personal Data established by the Federal Law on Protection of Data Held by Private Parties, and must adopt the necessary measures for their application, even when they are processed. by a third party at the request of the person responsible. The Person Responsible for the Processing of Personal Data must take the necessary and sufficient measures to guarantee that the privacy notice made known to the owner is respected at all times by him or by third parties with whom he or she has a legal relationship.

Kartha will be responsible for the effective compliance of the obligations regarding the processing of data by its Related Companies, without prejudice to the liability that may apply to them for any breach of such obligations. Likewise, in the event that the data processing is to be carried out by service provider companies for Kartha or its Related Companies, said service provider companies must assume confidentiality commitments and adopt measures that ensure due compliance with the obligations of the Data Protection Law.

V. Purposes for which your Personal Data may be Processed.

Your Personal Data may be Processed by Kartha and Commercial Allies directly or through its suppliers, exclusively for:

1. Carry out the pertinent steps for the development of the corporate purpose of Linio in what has to do with the fulfillment of the purpose of the contract entered into with the Owner.
2. Comply with obligations contracted with the Owner.
3. Provide Personal Data to third parties with whom Kartha has a contractual relationship and it is necessary to deliver it to them for the fulfillment of the contracted object. For example, Linio may use third parties to assist in delivering product promotions, collecting your payments, shipping products, or operating our customer service systems.
4. Prepare, implement, promote and offer you new products and services, or new attributes, modalities or characteristics to the products and services that are already available to you.
5. Automatically complete the documents associated with the transactions you carry out based on the products and services acquired, used or contracted, or that you acquire, use or contract in the future, with Kartha and/or its Related Companies
6. Adjust the offer of products and services of Kartha and its Related Companies to your customer profile, or carry out analyses, reports and evaluations regarding them.
7. Develop commercial actions or post-sales services, of a general nature or directed at you personally, aimed at improving your experience as a customer.
8. Send information via physical mail, email, text messages (SMS and/or MMS), digital media such as Facebook, or "WhatsApp" or other similar platforms, to the cell phone number or means of communication that you give us, to send you the following information: (i) About the delivery and status of your orders placed on the Site; (ii) To send you commercial information, or offers or promotions about Kartha products or services, or to conduct surveys or confirm your Personal Data; and (iii) So that you can use the benefits of the Kartha loyalty program "Kartha Points" through any of the communication, sales or exchange channels available, both in-person and remote.
9. Share Personal Data with third parties for Kartha's compliance with money laundering and terrorist financing regulations.
10. Share Personal Data with third parties for the purposes of fraud protection and credit risk reduction.
11. Share Personal Data with third parties that have the status of Commercial Allies and Related Companies so that they can offer products and/or services that allow improving the value offer for Kartha customers, all of the above in accordance with the provisions of the Law. Federal Protection of Personal Data Held by Private Parties.
12. Transfer personal data outside or inside the country to the Related Companies so that they can process your Personal Data in accordance with the purposes established in this Policy, in accordance with the provisions of section V of the same.
13. Transmit Personal Data inside or outside the country to third parties in accordance with the provisions of section III of this policy.

SAW. Collection of your Personal Data

In this section we list some of the means through which Kartha accesses your Personal Data:

1. When you create an account on the Site.
2. When you visit our Site, and entering through your account, surf the web or purchase a product or service.
3. When you visit our Site, and without logging into your account, you browse the web or purchase a product or service.
4. When you participate in any loyalty program of Kartha or its Related Companies.
5. When you complete a form or participate in a contest, survey or comment or review a product or service.
6. When a Related Company previously authorized by you shares with Kartha Personal Data that it has about you.
7. When a third party, previously authorized by you, shares Personal Data that it has about you to Kartha.

VII. Rights of the Owner of Personal Data in accordance with the Federal Law on Protection of Personal Data Held by Private Parties.

The Owner of the Personal Data will have the following rights:

1. ARCO Rights (Access, Rectification, Cancellation and Opposition) of your Personal Data.
2. Request proof of the authorization granted to Kartha for the Processing of your Personal Data
3. Be informed by Kartha, upon request, in accordance with section VIII of this Policy, regarding the use it has given to your Personal Data.
4. Be informed by Kartha, upon request, in accordance with section VIII of this Policy, regarding the use it has given to your Personal Data.
5. Submit queries to the Controller or Data Processor, in accordance with the provisions of section 3 of this policy, and file complaints with the National Institute of Transparency , Access to Information and Protection of Personal Data .
6. Access free of charge to the Personal Data that is the subject of Processing under the terms of article 22 of the Federal Law on Protection of Personal Data Held by Private Parties.
7. Revoke the authorization granted for the processing of Personal Data.
8. Contact arco@kartha.com.mx or by phone (624) 1452153, (624) 1443081 or send a communication to Nueva galicia 50, Nueva Galicia Residencial, Tlajomulco de Zuñiga, Jalisco, CP 45645, Jalisco.

The Owner of the Personal Data will have the duty to keep their information updated and guarantee, at all times, its veracity. Kartha will not be responsible, in any case, for any type of liability arising from the inaccuracy of said information.

VIII. Procedure for the exercise of Arco Rights in accordance with the Federal Law on Protection of Personal Data Held by Private Parties.

You may exercise the rights indicated in the preceding paragraph and all other rights conferred by the Federal Law on Protection of Personal Data Held by Private Parties, by contacting Kartha via email arco@kartha.com.mx, or at telephone (624)1452153, or by sending a communication to Nueva galicia 50, Nueva Galicia Residencial, Tlajomulco de Zuñiga, Jalisco, CP 45645, Jalisco. . The Legal Affairs and Governance Management will be responsible for issuing guidelines for the attention of requests, queries and claims before which the Owner can exercise their rights to know, update, rectify and delete Personal Data and revoke the authorization of Data Processing. Personal information.

ARCO Rights

If you wish to exercise your ARCO rights (access, cancellation, rectification and opposition to the processing of your personal data) or revoke the consent you have given to Kartha, for the Processing of your Personal Data that resides in our databases, You must contact Kartha through the Service Channels and generate the request to consult Personal Data. For the above, it is necessary that at the time of generating the request, (a) Send the documents that prove the identity of the Owner or the personality of the representative, (b) The name and address of the owner, (c) The clear and precise of the Personal Data with respect to which the owner seeks to exercise any of the rights, (d) The express statement to revoke his consent to the processing of his personal data and therefore, so that (e) any other element or documents that facilitate the location of Personal Data. If the request of the Owner of the Personal Data is not clear, erroneous or incomplete, Kartha may ask the Owner to provide additional information to respond to your request within five (5) business days following receipt of the request, otherwise If the Owner responds within ten (10) business days to the request for additional information, the request will be considered not submitted.

Kartha will notify the Owner, via email or any means it considers appropriate, within a maximum period of twenty (20) business days from the date of receipt thereof of the determination adopted, so that if appropriate, the It will be effective within fifteen (fifteen) business days following the date on which the response is communicated. When it is not possible to attend to the query within the terms established in the previous paragraph, the previous deadlines may be extended only once for equal periods and this situation will be communicated to the Owner, indicating the reasons for the delay and indicating the date on which the request was made. will attend to your query.

Claim for rectification, cancellation or opposition of Personal Data

If you wish to file a claim for rectification, cancellation or opposition of Personal Data, you must contact Kartha through the Service Channels and Kartha will respond to your request under the same terms as the previous section of this instrument.

If you state, through any of the Service Channels, that you do not wish to receive advertising, Kartha will proceed to make your request effective within a period of five (20) business days from receipt of it. In this way, you will receive an email confirming the deletion of your Personal Data from Kartha's advertising databases. Additionally, you will be asked to confirm whether you want your Kartha account to be deleted. The Owner will have a period of five (5) business days from the sending of the email to make said confirmation. In the event that the Owner confirms that they want their Kartha account to be deleted, or that at the end of the five (5) day period they do not respond to said email, Kartha, in order to comply with current regulations on the protection of personal data, will proceed to delete your Linio account within five (5) business days.

Deleting the Kartha account will result in the deletion of all your Personal Data, resulting in the loss of your entire purchase history as well as any refund or discount coupons, and any other personal information that Kartha has about the Owner.

The request to object to the information and the revocation of Consent will not proceed when there is a legal, contractual or commercial duty for you to remain in our database.

IX Cookies and their use by Kartha

At Kartha we use cookies and similar technologies to personalize and improve your customer experience and to show you relevant online advertising.

Cookies are small text files that contain a unique identifier that is stored on the computer or mobile device through which you access the Site, so that they can be recognized each time you use the Site.

You can choose to disable some or all of the cookies we use at any time. However, this may restrict your use of the Site and limit your experience on the Site. The use of cookies does not contain or affect Personal Data and does not represent a virus threat. If you would like more information about cookies, go to https://www.allaboutcookies.org. If you wish to obtain information about deleting cookies, visit the website https://www.allaboutcookies.org/manage-cookies/index.html.

X. Kartha is NOT Responsible for third party sites advertised on the Site

To enhance your customer experience, the Site may contain third-party advertising and links to other sites or frames of other sites. Please note that kartha is not responsible for the privacy or content practices of such third parties or sites, so you should review their privacy policies.

XI. Safeguards that Kartha takes to protect your Personal Data

Kartha maintains the physical, electronic and procedural safeguards required by legal regulations in relation to the collection, storage and transfer of your Personal Data and evaluates their effectiveness periodically. The purpose of these safeguards is to prevent unauthorized or unlawful access to or accidental loss, destruction or damage to your Personal Data.

Therefore, when Kartha collects data through the Site, it does so through a secure server that has protection programs. In addition, Kartha's security procedures require that you are sometimes asked for proof of identity before we can provide you with your Personal Data. In the case of electronic payment card information, Kartha also uses Secure Socket Layer (SSL) encryption systems that encode the information, preventing fraudulent use. Although it is not possible to guarantee the above, these systems have proven to be effective in managing confidential information, preventing access by external threats (ie hackers). Without prejudice to the above, we recommend that you do not send unencrypted credit or debit card data or from public or unsecured sites or computers. Please note that you are solely responsible for protecting against unauthorized access to your password and computer.

XII. Validity and modification of this Privacy Policy.

This policy will apply from January 2, 2022 and your Personal Data will remain stored only for the time required by Law, or for the fulfillment of the purposes that have been authorized by you.

This Policy may be modified by Kartha at any time. Without prejudice to the foregoing, Linio will inform you, by the means it deems appropriate, of any substantial change prior to said modification coming into effect.

1. Collection : We will only collect personal data that is necessary, and by legal and fair means.
2. Notification and Treatment : When it is not evident due to the type of products or services you require, or the nature of your relationship with us, we will inform you about how your personal data will be processed, and which companies within Kartha NFC SmartCard will be processed. responsible for said treatment. We will process your personal data fairly, and only for the purposes we have told you about, for the purposes permitted by you, or as permitted by applicable law. Additionally, you may object to certain types of processing, as expressly permitted by applicable law.
3. Choice : We give our customers the option to include or remove their personal data from lists used for advertising or marketing purposes, in accordance with applicable law. This includes Kartha NFC SmartCard product and service offerings and those made in collaboration with our business partners. Of course, each of our businesses will continue to send customers information about the products or services they receive from that business.
4. Data quality : We use appropriate technology and well-defined practices among our employees to process your personal data quickly and accurately. We will not keep your personal data longer than necessary, unless required by applicable law.
5. Security and Confidentiality : We will keep your personal data confidential and limit access to it to those who specifically need it to carry out their business activities, except as permitted by applicable law. We follow industry standards and use reasonable administrative, technical and physical security measures to protect your personal data from unauthorized access, destruction, use, modification or disclosure. We require the application of industry standard data security measures to third parties who are authorized by us to process your personal data on our behalf.
6. Data Communication : We only share your personal data with third parties when it is necessary to provide you with products or services or as part of the nature of your relationship with us, as long as we have informed you or you have authorized us to do so, in relation to our efforts aimed at reducing fraud or criminal activity, or as permitted by law.
7. Openness and Access to Data : Upon your request, we will inform you about how your personal data is processed, as well as the rights and actions that you have under these Principles. You may request information from us about the nature of the personal data relating to you, stored or processed by Kartha NFC SmartCard. We will provide you with access to them in the manner required by Mexican law, regardless of the location of data processing and storage. If any of the data is inaccurate or incomplete, you may request its modification.
8. International Transfer : Where it is not evident from the international products or services you request or the nature of your relationship with us, we will inform you if your personal data may be transferred outside your country, and we will ensure that such transfer is only carried out in accordance with applicable law. Regardless of where your personal data is transferred, it will be protected by these Principles.
9. Responsibility : Kartha NFC SmartCard and its employees may process your personal data only in accordance with these Principles. We provide training and conduct reviews of compliance with these Principles. Employees who violate these principles may be subject to disciplinary action, up to and including dismissal. Employees are expected to report any violations of these Principles and may do so to their superiors, their business unit's compliance officer, the legal department, the Privacy Office, or the company's Office of the Ombudsperson.
10. Enforceability : You can demand compliance with these Principles in your country in any situation from Kartha NFC SmartCard that is responsible for your personal data, as a third party contractual beneficiary of these Principles. If you have a complaint regarding our failure to comply with these Principles and you have attempted, in good faith, to resolve your complaint through our customer service process, and we have not resolved it within a reasonable time, you may pursue the authorities our compliance with these Principles. If you make a complaint to your local data protection authority and the authority believes that we have breached these Principles, we will abide by the decisions of the data protection authority, but we reserve the right to challenge or appeal those decisions. These Principles do not affect any rights you may have under applicable law, the requirements of any relevant data protection regulatory authority or any other agreement you may have with us.

These Principles reinforce our commitment to protecting your personal data. These Principles are binding on Kartha NFC SmartCard demonstrating our commitment to privacy. In addition, Kartha NFC SmartCard that maintains personal data may have its own additional rules and practices for specific products or services, which must be consistent with these Principles, your data collected through our lead generation platform, database provided by clients directly they will be exclusively for use for Kartha's own software, its products, exclusive software development, digital platform, Hub Kartha Universe, Kartha Social Network, Kartha Sender, Kartha SMS or any system developed by Kartha CIE LLC for marketing use of our products.

Last update December 31, 2023