PRIVACY NOTICE

Last updated: May 1, 2025

In compliance with the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties, hereinafter the "Law" (in force for the United Mexican States), we inform you of the terms and conditions of the Personal Data Privacy Notice ("Privacy Notice") of INTERNATIONAL CORPORATE & CARGO SERVICES, S.A. DE C.V.

INTERNATIONAL CORPORATE & CARGO SERVICES, S.A. DE C.V. (hereinafter "ICCS"), with address at Avenida Santa Fe Number 505, Floor 20, Colonia Cruz Manca, Cuajimalpa District, Postal Code 05349 in Mexico City, as well as its subsidiary and affiliated companies throughout the Mexican Republic, are responsible for collecting the personal data you provide, and are also responsible for the use, registration, organization, conservation, preparation, utilization, communication, dissemination, storage, possession, access, handling, exploitation, disclosure or disposition and protection given to them. The foregoing is derived from the relationship that "ICCS" has with you as a client.

In this document, you express your consent for the processing of your personal data in accordance with the terms and conditions of this Privacy Notice, therefore, you accept the collection, use, disclosure, processing and/or transfer of your personal information in accordance with the terms of this Privacy Notice. If you provide any type of personal information related to another person, by this notice you declare and accept that you have obtained the corresponding legal consent from said person.

1.What data do we collect?

The personal data that you freely and voluntarily provide to "ICCS" through the use of any of our online services, in writing and/or by telephone, may include the following personal data: name, place and date of birth, landline and/or mobile telephone number, email, nationality, RFC (tax ID), handwritten signature, address, financial information, tax information, credit history, income and expenses, bank accounts, insurance, bonds, commercial references, account numbers for deposits or electronic bank transfers in your favor. "ICCS" may collect information from other sources such as credit information companies.

"ICCS" does not collect sensitive personal data from users. However, should this be the case, we commit to obtaining written consent from the holder, through their handwritten signature, electronic signature or any other authentication mechanism, in accordance with Article 8 of the Federal Law on the Protection of Personal Data Held by Private Parties.

The protection of the privacy of personal data of minors is especially important to "ICCS", which is why, as soon as we become aware of personal data of minors, their processing will be carried out at all times in compliance with the guidelines and requirements established in the Law and its regulations.

The personal data you provide to "ICCS" will be kept in "ICCS" databases.

2.Data and means of obtaining personal information

Based on the purposes described in this Privacy Notice, personal data may be obtained through the following means:

In person, when you provide them directly to an ICCS executive
Through other sources that are permitted by Law

3.What do we use your information for?

The Personal Data we collect is intended to keep your personal data updated, and to carry out the identification, verification and contact with our clients; as well as to be able to offer you our services, attend to your service requests, complaints, make clarifications and comments, communicate any important and/or relevant information, comply with obligations contracted with you, among others.

In the collection and processing of Personal Data that you provide to us, we comply with the principles of legality, quality, consent, information, purpose, loyalty, proportionality and responsibility set forth in the "Law". In this way, the confidentiality of your data is guaranteed, since your personal data is protected by the measures established in the "Law", aimed at preventing damage, loss, alteration, destruction and/or improper use, and only personnel authorized by "ICCS" will have access to your personal data.

4.With whom do we share your personal information and for what purposes?

We inform you that your personal data will not be disclosed or shared with third parties outside of ICCS, except for companies that belong to our group and operate under our same internal processes and policies, to comply with our internal regulations, prevent fraud, manage risks and facilitate the management of ICCS services and products within the national territory and only for the purposes described in the preceding section; or when it is a requirement of an administrative and judicial authority that requires the collaboration of ICCS in the exercise of their functions and competencies, and for the fulfillment of obligations derived from a legal relationship between the holder of personal data and any of the ICCS companies.

Also when, in exercise of their competence, they need data or determine to share it with third parties, without the need for an executive or judicial citation, for the purposes of:

(a) Collaborate in the investigation and report any illegal act, as well as any activity that may generate legal liability for ICCS, collaborators, subsidiaries or affiliates and/or their users.
(b) Protect a public interest, the administration of justice, the exercise or defense of a certain right in a judicial or administrative process, and/or the resolution of disputes.
(c) Comply with any applicable law, regulation or legal provision, or any order from a competent authority duly founded and motivated.

5.What security and control measures do we use to protect your Personal Data?

"ICCS" has implemented the following security measures:

A) Administrative: which establish the management, support and review of the security of the information provided by our clients, which is identified and classified, and personnel are made aware of and trained on its processing.

B) Technical: which establish controls or mechanisms that use technology to ensure that access to databases is by identified and authorized users only so that the user carries out the activities required for their functions, in addition to actions for the acquisition, operation, development and maintenance of secure systems, and the management of communications and operations of computer resources used in the processing of personal data.

C) Physical: which are intended to prevent unauthorized access, damage or interference to facilities, equipment and information, protect mobile, portable or easily removable equipment, located inside or outside the facilities; provide equipment that contains or stores personal data with maintenance that ensures its availability, functionality and integrity, and guarantee the secure deletion of data.

All of the above to protect your personal information against damage, loss, alteration, destruction or unauthorized use, access or processing, security measures that we require to be met by the service providers we hire.

In addition, "ICCS" carries out other security measures on a weekly basis such as the purging of cookies (local) and the denial or acceptance of external cookies. This process is carried out by each browser available, because the location or storage of these depends on each particular browser.

However, data transmissions over the internet are never 100% secure or error-free. Consequently, "ICCS" does not guarantee the security, precision or accuracy of personal information. These technologies can be disabled by following these steps:

Edge: tools menu, internet options: Delete Cookies. To deny or accept cookies: Tools menu, Privacy Tab: select cookie level.
Mozilla: Tools, Clear recent history, check cookies, Clear now. To deny or accept cookies: Tools, options, Privacy Tab. Show cookies. Select and delete.
Chrome: Settings menu, Privacy and Security, Clear browsing data, select time and cookies, Delete data.

Customer information is stored in the ICCS Oracle system database, which only users with access to the modules can consult this information through an account and a user.

Externally we have webfilter, firewall, antispam and antiviral means that protect our systems from external attacks, but which do not guarantee that internally there is misuse or extraction of information.

6.Who is the person in charge or area responsible for the processing of your personal data?

The area responsible for the handling and administration of personal data is:

Responsible: Rafael Tapia Romero

Email: rafael.tapia@iccs.com.mx

Phone: 55 51 07 6261

Address: Avenida Santa Fe 505, Floor 20, Colonia Cruz Manca, Cuajimalpa District, Mexico City, P.C. 05349

You have the right to access your personal data, rectify it, oppose and/or cancel its use, for which we ask you to send an email to rafael.tapia@iccs.com.mx detailing your request.

7.How can you exercise your rights of access, rectification, cancellation or opposition (ARCO) and your consent to processing?

Our clients have the right to know what personal data we have about them, what they are used for and the conditions under which we use them. The users who own the Personal Data may exercise their rights to access, rectify and/or cancel their personal data at any time, as well as to oppose the processing thereof or revoke the consent that they have granted us for such purpose, by directly sending a request by email to the attention of Rafael Tapia Romero at the email address: rafael.tapia@iccs.com.mx, or by calling 55 51 07 6261 in Mexico City, or at the address of the aforementioned person located at Av. Santa Fe 505, Floor 20, Col. Cruz Manca, Cuajimalpa District, P.C. 05349 in Mexico City.

If the request for access, rectification, cancellation or opposition to the publication of data must be sent by email containing at least the following data:

The name of the interested party and, where appropriate, of their legal representative, guardian, curator or successor; as well as the document that accredits such representation or legal condition;
The expression and accreditation of their interest;
The name of the interested third party, if any;
The indication, with the greatest possible precision, of the name and location of the file or data registry, as well as the body on which it depends;
The precision of the personal data that are the subject of the request for access, rectification, cancellation or opposition to their publication;
The reasons why it is considered that the indicated data registry or file contains information referring to their person, and that it is discriminatory, risky to their integrity, false or inaccurate;
Handwritten signature of the applicant, their representative, or whoever does so at their request if they are unable to do so, in cases where it is appropriate.

And must be accompanied by documents that prove identity or, where appropriate, legal representation; the clear and precise description of the Personal Data with respect to which you wish to exercise any of the ARCO rights; and any other element that facilitates the location of Personal Data. Once the request in question is received, "ICCS" has the obligation to respond within 20 days following the date of receipt. If the term indicated by Law has elapsed and "ICCS" has not responded to your request, then you may initiate the ARCO rights protection procedure before the Anti-Corruption and Good Government Secretariat.

In the case of revocation of consent, it is important that you keep in mind that we will not be able to attend to your request or conclude the use immediately in all cases, since it is possible that due to some legal obligation, ICCS may need to continue processing your personal data, a situation that will be made known to you by letting you know which authority has requested your data to comply with said legal obligation, and you may request revocation by directly sending a request by email to the attention of Rafael Tapia Romero at the email address: rafael.tapia@iccs.com.mx, or by calling 55 51 07 6261 in Mexico City, the address of the aforementioned person is Av. Santa Fe 505, Floor 20, Col. Cruz Manca, Cuajimalpa District, P.C. 05349 in said City.

8.Modifications to the Privacy Notice

"ICCS" reserves the right to make modifications and/or additions at any time derived from new legal requirements, internal policies or new requirements for the provision or offering of our services. In that case, the changes will be notified to you by email to the last account you have provided us. However, ICCS will not be responsible if you do not receive notification of the change in the privacy notice if there is a problem with your email account, problems with internet transmission or for any other cause not attributable to ICCS, so for your safety we ask you to review this privacy notice at our facilities, or on the website www.iccs.com.mx when you consider it appropriate.

9.Anti-Corruption and Good Government Secretariat

If you consider that your right to the protection of your personal data has been harmed by any conduct or omission on our part, or you suspect any violation of the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties, its regulations and other applicable regulations, you may file your complaint or report before the Anti-Corruption and Good Government Secretariat. For more information, we suggest you visit their official website https://www.gob.mx/buengobierno.

10.Consent

Reading this notice and without express opposition on your part grants us your consent for personal data to be processed in accordance with the provisions of this privacy notice.

This Privacy Notice complies with the requirements set forth in "The Law".