PL-GIF-01 PERSONAL DATA PROCESSING POLICY V.1

1. OBJECTIVE.

Frame the principles and scope contemplated by Axces Capital S.A.S in accordance with the provisions of the Political Constitution of Colombia, the Statutory Law 1581 of 2012 for the Protection of Personal Data, Single Regulatory Decree 1074 of 2015 and Accountability Guide in its current version, regarding the processing of personal data of different stakeholders.

2. INTRODUCTION.

Axces is a financial services company specialized in Traditional Factoring, Electronic Factoring, Confirming, among others. To this end, its mission is “To be a financial ally that provides sustainable and digital liquidity solutions to boost the growth and profitability of its clients” and its vision which describes “We seek to be the leading non-bank company in the Colombian digital factoring market, committed at all times with innovation and the use of technology in our processes in order to support and promote the growth of the business sector in the country, through liquidity offers through portfolio discounting” therefore, it is important to have a clear position regarding the treatment of personal data of its stakeholders, being this described in this policy.

3. DEVELOPMENT.

3.1 NAME OR COMPANY NAME, ADDRESS, E-MAIL ADDRESS AND TELEPHONE NUMBER OF THE PERSON IN CHARGE.

Axces Capital S.A.S. identified with N.I.T. number 901.557.463-6, owner of the commercial brand Axces with main domicile in the city of Medellín (Antioquia) and domicile of judicial notification in the city of Medellín (Antioquia), address of judicial notification in Calle 7ma sur #42-70, Edificio Forum – Piso 18, email notificaciones@axces.com.co and telephone (4)448-8435; aiming to be a financial ally that provides sustainable and scalable trade financing solutions to boost the growth and profitability of its customers, will comply with the legal and regulatory requirements established for the protection of personal data to ensure full transparency and clarity to stakeholders in the treatment that in its role as responsible and responsible for the information provided by these and in turn meet the provisions of the legislation that applies to the protection of personal data; through criteria that lead to respect for fundamental rights such as privacy and good name of those who have a relationship of any kind with AXCES, in compliance with the provisions of the Demonstrated Responsibility Guide issued by the Superintendence of Industry and Commerce – SIC.

3.2 TREATMENT TO WHICH THE DATA WILL BE SUBJECTED AND ITS PURPOSE WHEN THIS HAS NOT BEEN INFORMED BY MEANS OF A PRIVACY NOTICE.

The life cycle of personal information is established by the capture, processing, transfer, transmission, storage, disposal or final disposition and established by the purposes contained in the privacy notices accompanying the physical and digital records.

3.3 RIGHTS OF THE HOLDER.

In total alignment with the strategic objectives of Axces Capital S.A.S. addressed in 4 perspectives, which are:
– Technology.
– Clients.
– Processes.
– Learning.
And to the provisions of the Constitution in Articles 15 and 20 and Law 1581 of 2012 in Article 8 in addition to its other paragraphs, the Holders may know, update, rectify and delete or cancel the personal data AXCES has.

3.4 PERSON OR AREA RESPONSIBLE FOR THE ATTENTION OF PETITIONS, QUERIES AND CLAIMS BEFORE WHICH THE HOLDER OF THE INFORMATION MAY EXERCISE HIS/HER RIGHTS TO KNOW, UPDATE, RECTIFY AND DELETE THE DATA AND REVOKE THE AUTHORIZATION.

Understanding that we seek to be the leading non-banking company in the Colombian factoring market, committed at all times to innovation and the use of technology in our processes in order to support and promote the growth of the business sector in the country, through liquidity offers through portfolio discounting and in accordance with the provisions of the Accountability Guide, Axces Capital S.A.S. has as its designee responsible for the attention of requests, inquiries and complaints the Personal Data Protection Officer or whoever takes his or her place.

3.5 PROCEDURES FOR THE HOLDERS OF THE INFORMATION TO EXERCISE THE RIGHT TO KNOW, UPDATE, RECTIFY AND DELETE INFORMATION AND REVOKE THE AUTHORIZATION.

The owners to whom Axces Capital S.A.S. captures, treats, transfers, transmits, stores and deletes personal data, may at any time exercise their rights to know, update, rectify, delete and revoke the authorization to process them; this in accordance with the law of protection of personal data, using the following mechanisms:

A. Minimum contact information required for a proper management of the request is important at the time of the request, it is important to share with Axces Capital S.A.S. clearly full name, email, contact telephone number of the owner or assignee and a description of the facts that give rise to the request.

B. Axces Capital S.A.S. receives requests, queries and claims regardless of the means to be used by the Data Subject or assignee of personal data, with emphasis on the electronic service channel through the reception of correspondence at the e-mail address datos@axces.com.co. The channels will have their respective reading and reception from Monday to Friday from 7:30 a.m. to 5:30 p.m.

C. Attention and Response to Requests and Consultations The holder, assignee or his attorney(s), may request Axces Capital S.A.S. – AXCES a request or consultation, through its channels indicating:

– Access to personal information.

Inquiries will be answered within a maximum period of ten (10) business days from the date they were received. In case of impossibility to attend the consultation within the established term, the interested party will be informed by any of the available means, stating the reasons for delay and indicating the maximum term of attention to the complaint or consultation, which shall not exceed the following five (5) working days.

D. Claims Attention and Response

The holder, assignee or his attorney(s), may request Axces Capital S.A.S. – AXCES a claim, through its channels indicating:

– Rectification of personal information.
– The cancellation or opposition of personal information.
– The deletion or elimination of personal information.
– The amendment of an alleged breach of the duties contained in the law 1581 for the protection of personal data.

The claim to be submitted by the holder, assignee or his/her representative(s) must contain at least the information mentioned in item (A) Minimum Required Contact Information in item 5.

If the data is incomplete Axces Capital S.A.S – AXCES will require the applicant within five (5) business days from receipt of the claim, to amend the fault occurred. If after sixty (60) days from the date of the claim, the applicant has not submitted the required information, it shall be understood that the initially submitted claim has been withdrawn.

The maximum term to address a complaint or claim will be fifteen (15) business days from the business day following its receipt. If for any reason the claim cannot be attended within the established term, the cause of the delay and the date on which your claim will be attended, which shall not exceed eight (8) working days following the initial deadline, will be informed by any of the available means.

Finally, the above will be reflected in the organizational procedures P-GIF-05 Reception and Action Taking ARCO Rights, P-GIF-06 Access to Personal Information, P-GIF-07 Rectification of Personal Information, and P-GIF-08 Cancellation and/or Opposition to the Processing of Personal Information.

3.6 EFFECTIVE DATE OF THE INFORMATION PROCESSING POLICY AND PERIOD OF VALIDITY OF THE DATABASE

The present personal data treatment policy repeals previous versions and becomes effective as of April 01, 20212 and the period of validity of the physical and digital database(s) that are part of the Scope of the Integral Personal Data Management Program – PIGDP – developed by Axces Capital S.A.S. will be in accordance with the life cycle and purposes of the data contained in the database(s).

4. REFERENCES

Applicable legislation:
– Political Constitution of Colombia.
– Statutory Law 1581 for the Protection of Personal Data.
– Sole Regulatory Decree 1074 of 2015.
– Accountability Guide.