1. Introduction

In compliance with Personal Data Protection and Data Privacity Regulation, by which regulations are issued for the protection of personal data, ANT Secure Solutions LLC, in its capacity as the party responsible for the protection of personal data, informs the guidelines it has established in this matter.

2. Objective

To publicize the personal data treatment policies developed and implemented by ANT Secure Solutions LLC, in order to guarantee the adequate compliance with Personal Data Protection and Data Privacity Regulation, which are intended to develop the constitutional right of all persons to know, update, update and rectify the data that have been  collected about them in databases or files -the right to Habeas Data-, and the other rights, freedoms and constitutional guarantees.

3. Definitions

– Privacy notice: Verbal, electronic, written or any other means of communication generated by the responsible

generated by the responsible, addressed to the holder for the processing of personal data, which informs him/her about the existence of the personal data processing policies that will be applicable to him/her, the way to access them, and how to access the and the purposes of the treatment intended to be given to personal data.

– Authorization: prior, express and informed consent of the Holder in order to carry out their personal data processing.

– Database: organized set of personal data that is subject to Processing.

-Consultations: request of the personal information of the Data Subject that is contained in any database used by ANT Secure Solutions LLC, on which it is obliged to provide the Holder with all the information the Holder, all the information contained in the individual record or that is linked to the identification of the Holder.

– Database custodian: It is the natural person who has under his/her custody the database of personal

personal data within ANT Secure Solutions LLC

– Personal data: any information linked or that can be associated to one or several determined or determinable natural persons.

– Public data: data that is not semi-private, private or sensitive. Public data includes, among others, data related to the marital status of individuals, their profession or trade, and their status as merchants or public servants. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed court rulings that are not subject to confidentiality.

– Sensitive data: sensitive data is understood as that which affects the privacy of the Data Holder or whose improper use may generate discrimination, such as data that reveals the racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or organizations that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

– Data Processor: natural or legal person, public or private, who by himself or in association with others, performs the Processing of personal data on behalf of the Data Controller.

– Habeas Data: Fundamental constitutional right that every person has to know, update, rectify and/or cancel personal data collected and/or processed in public or private databases, in accordance with the provisions of the law and other the provisions of the law and other applicable regulations.

– Claims: request for correction, updating or deletion of the information contained in a database used by ANT Secure Solutions LLC, or a request for alleged breach of any of the duties contained in Personal Data Protection and Data Privacity Regulation, made by the  the Holder.

– Data Controller: natural or legal person, public or private, who by himself or in association with others, decides on the database and/or  and/or the processing of data.

– Data Holder: natural person whose personal data is the object of Processing.

– Processing: any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

– Superintendence of Industry and Commerce: Technical agency, of an administrative nature, which, through the Directorate of Investigation of Personal Data Protection, exercises oversight of operators, sources and users of financial, credit, commercial and service information and information from third countries of the same nature, as it relates to the activity of personal data management. In addition, it may order the correction, updating or removal of personal data from a database, when so determined within the investigation, and shall administer the National Public Registry of Databases. Public Registry of Databases.

4. Purpose of the processing of personal data

Los datos personales suministrados a ANT Secure Solutions LLC, serán tratados con la siguiente finalidad:

1. Facilitar a ANT Secure Solutions LLC la prestación de los servicios por parte de

Proveedores / Contratistas / Clientes.

1. La ejecución y el cumplimiento de los contratos que se celebren.
2. To provide an adequate service and/or benefit and to meet the obligations and commitments undertaken.
3. Compliance with fiscal, legal and tax aspects with governmental and regulatory entities.
4. Process of control and accounting registration of the obligations contracted with suppliers, and services offered to customers.
5. To carry out, the storage of information and the execution of administrative, accounting, tax, legal and/or financial administrative, accounting, tax, legal and/or financial reviews related to the operation of the Company.
6. Storage of information related to the processes and procedures of Human Resources.
7. To comply with the legal labor regime.
8. Verify the veracity of the information provided, consult personal references, and /or as well as to consult the official portals for disciplinary and/or judicial antecedents for human talent information and other tax, commercial and accounting purposes relevant to the development of our commercial activity.
9. ANT Secure Solutions LLC will use the personal information of its customers for the purposes authorized and informed to the owner and those indicated in the present policies, as long as the treatment obeys a legitimate purpose and is proportional to the client’s relationship, particularly for what is necessary for the provision of the services entrusted, such as the services ordered, such as executing and fulfilling the contract. The information will also be processed in order to deliver or share it with legal entities that manage for the purpose of fraud prevention and control and risk selection, with Information and Risk Centers; with the purpose of reporting the data, confidentiality agreements for the handling of the information and obligations of the responsible party -person in charge when the type of delivery warrants it. For this purpose, ANT Secure Solutions LLC will guarantee that in all commercial and contractual relationships where personal information is transmitted to a service provider, that the contractual clauses are in place for the processing of personal data and that the security policy is disclosed within such companies for the application in all its companies.
10. Preferences for sending commercial information, advertising and product and service offers: The holders of the personal information may contact ANT Secure Solutions LLC by the means indicated for the exercise of their rights as owners in order to exercise their rights as owners in order to express their preferences for the sending of commercial offers, thus being able to request the cancellation of the sending of this information, without prejudice that ANT Secure Solutions LLC may continue sending information necessary for the execution of the contractual relationship. Our goal is to honor the holder’s request for cancellation within a reasonable period of time. However, in the event that ANT Secure Solutions LLC has shared the personal information prior to the request of cancellation, in accordance with the authorization previously granted by the holder, it cannot be guaranteed that the holder will not receive the information described above again when the database in which the information is stored is not the responsibility of ANT Secure Solutions LLC
11. The data provided for purposes other than those described previously will be used only as authorized in the respective request made at the time by ANT Secure Solutions LLC

5. Sensitive data processing

The processing of sensitive data is prohibited, except when:

1. The Data Holder has given his/her explicit authorization to such Processing, except in those cases where the law does not require the granting of such authorization.
2. The Processing is necessary to safeguard the vital interest of the Data Golder and he/she is physically or legally incapacitated. In these events, the legal representatives must grant their authorization.
3. The processing is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or trade union, as long as it relates exclusively to its members or to persons regular contacts by reason of their purpose. In these events, the data may not be provided to third parties without the authorization of the Data Holder.
4. The processing refers to data that are necessary for the recognition, exercise or defense of a right in a judicial process.
5. The processing has a historical, statistical or scientific purpose. In this event, the measures leading to the suppression of the identity of the Data Holders must be adopted.
6. Conditions for data processing

6.1 Collection of personal data

The collection of data by ANT Secure Solutions LLC shall be limited to those personal data that are pertinent and adequate for the purpose for which they are collected or required in are collected or required in accordance with the regulations in place. Except in the cases expressly provided for by law.

6.2 Authorization of the holder

1. In order for ANT Secure Solutions LLC to carry out any action of personal data processing, prior and informed the authorization of the Data Holder is required, which shall be obtained by any means that can bes ubject to subsequent consultation. These mechanisms may be predetermined through technical means that make it easier for the Data Holder to obtain the automated manifestation and must be in writing.
2. ANT Secure Solutions LLC will adopt the necessary procedures to request, at the latest at the time of data collection, the authorization of the Data Holder to

the processing of such data and will inform about the personal data that will be collected,  as well as all the specific purposes of the Processing for which consent is obtained.

1. Personal data found in publicly accessible sources, regardless of the means by which access is obtained, understood as those data or databases that are available to the public, may be processed by ANT Secure Solutions LLC, provided that, by their nature, they are public data.
2. When it comes to the collection of sensitive data, the following requirements must be met:

• Authorization must be explicit.
• The data subject must be informed that they are not obliged to authorize the processing of such information.
• The data subject must be explicitly and in advance informed which of the data to be processed are sensitive and the purpose of such processing.

 No activity may be conditioned on the data subject providing sensitive personal data.

1. In the event of making substantial changes to the content of the Treatment Policies, related to the identification of the Controller and the purpose of the Processing of personal data, which may affect the content of the authorization, ANT Secure Solutions LLC will communicate these changes to the Data Holders, before or at the latest when implementing the new policies. Additionally, a new authorization will be obtained from the Data Holders when the change pertains to the purpose of the Processing. Technical means facilitating this activity may be used for the communication of changes and authorization.

6.3 Duty to inform the data subject

ANT Secure Solutions LLC, when requesting authorization from the Data Holder, must clearly and expressly inform them of the following:

1. The Processing to which your personal data will be subjected and its purpose.
2. The voluntary nature of responding to questions posed, when they concern sensitive data or the data of girls, boys, and adolescents.
3. The rights that you, as the Data Subject, are entitled to.
4. The identification, physical or electronic address, and telephone number of the data controller.

6.4 Cases where authorization is not necessary

1. Information required by a public or administrative entity in the exercise of its legal functions or by court order.
2. Data of a public nature.
3. Cases of medical or health emergencies.
4. Processing of information authorized by law for historical, statistical, or scientific purposes.
5. Data related to the Civil Registry of Persons.
6. Rights of children and adolescents

In the Processing, the prevailing rights of children and adolescents will be ensured. The Processing of personal data of children and adolescents is prohibited, except for data that is of a public nature. The rights of children and adolescents will be exercised by individuals authorized to represent them.

8. Duties of ANT Secure Solutions LLC regarding the processing of personal data

ANT Secure Solutions LLC will bear in mind, at all times, that personal data belongs to the individuals to whom they refer and that only they can decide on them. In this sense, it will only use them for those purposes for which it is duly authorized, and always respecting Personal Data Protection and Data Privacity Regulation on the protection of personal data.

In accordance with Personal Data Protection and Data Privacity Regulation, ANT Secure Solutions LLC undertakes to permanently comply with the following duties:

1. Ensure the Holder, at all times, the full and effective exercise of the right to habeas data.
2. Preserve the information under the necessary security conditions to prevent its adulteration, loss, consultation, use, or unauthorized or fraudulent access.
3. Timely perform, as provided of Personal Data Protection and Data Privacity Regulation, the updating, rectification, or deletion of data.
4. Process the inquiries and claims made by the Owners in the terms indicated in Personal Data Protection and Data Privacity Regulation.
5. Insert the label “information under judicial discussion” once notified by the competent authority about judicial processes related to the quality or details of personal data.
6. Refrain from circulating information that is being disputed by the Owner and whose blocking has been ordered by the Superintendence of Industry and Commerce.
7. Allow access to the information only to those who are authorized to access it.
8. Inform the Superintendence of Industry and Commerce when violations to security codes occur and there are risks in the management of the information of the Holders.
9. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
10. Rights of the Data Holder

The data holder of the personal data provided to ANT Secure Solutions LLC for processing have the rights established in Personal Data Protection and Data Privacity Regulation.

1. Know, update, and rectify their personal data with regard to the data controllers. This right may be exercised, among others, in relation to partial, inaccurate, incomplete, fragmented data, misleading data, or those whose processing is expressly prohibited or has not been authorized.
2. Request proof of the authorization granted to ANT Secure Solutions LLC in its capacity as the data controller, except when expressly exempted as a requirement for processing, in accordance with the provisions in this law.
3. Be informed by the data controller, upon request, regarding the use that has been made of their personal data
4. Lodge complaints with the Superintendence of Industry and Commerce for breaches of the provisions of Personal Data Protection and Data Privacity Regulation, and other regulations that modify, add to, or complement it, once the consultation or complaint process with the data controller has been exhausted.
5. Revoke the authorization and/or request the deletion of the data when the Treatment does not respect constitutional and legal principles, rights, and guarantees.
6. Access free of charge to their personal data that have been processed by ANT Secure Solutions LLC, under the conditions established in Personal Data Protection and Data Privacity Regulation and the decrees and/or regulations that regulate, modify, and/or add to it.
7. Duties of data processor

Data processors must comply with the following duties, without prejudice to other provisions provided for in the Law and in others governing their activity:Data processors must comply with the following duties, without prejudice to other provisions provided for in the Law and in others governing their activity:

1. Ensure the Data Subject’s full and effective exercise of the right to habeas data at all times.
2. Preserve the information under the necessary security conditions to prevent its alteration, loss, consultation, use, or unauthorized or fraudulent access.
3. Timely carry out the updating, rectification, or deletion of data in accordance with the terms established by law.
4. Update the information reported by the data controllers within five (5) business days from its receipt.
5. Process queries and complaints filed by the Data Holders in the terms indicated by law;
6. Adopt an internal manual of policies and procedures to ensure the proper compliance with the Law and, especially, for addressing queries and complaints from Data Subjects.
7. Record in the database the label “claim for habeas data in process” regarding the personal information that is being discussed or questioned by the Data Holders, according to how it is regulated in the law.
8. Insert in the database the label “information on habeas data under judicial discussion” once notified by the competent authority about judicial processes related to the quality of personal data.
9. Refrain from circulating information that is being disputed by the Data Holder and whose blocking has been ordered by the Superintendence of Industry and Commerce.
10. Allow access to information only to those individuals who are authorized to access it.
11. Inform the Superintendence of Industry and Commerce in case of security breaches or risks in the management of Data Holders’ information.
12. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
13. Procedures to exercise rights as data holders

The procedures for exercising the rights of data holders shall be those provided for in Personal Data Protection and Data Privacity Regulation.

To exercise their rights, data holders may do so in order to know, update, rectify, and delete their personal data by sending their request to the email address cafegaho@gmail.com and/or by calling 6515164.

For any of the procedures to be carried out, the data holder must provide the following information:

• Full name and identification number of the Data Holder.
• Clear and precise description of the facts giving rise to the request.
• Address or email of the Data Holder to which the response will be sent.
• Documents proving or demonstrating the facts and/or the capacity in which the requester acts.
• Any document the requester wishes to rely on.

11.1 Response to inquiries

In any case, regardless of the mechanism implemented for handling inquiry requests, they will be addressed within a maximum period of ten (10) business days from the date of receipt. When it is not possible to address the inquiry within this term, the interested party will be informed before the expiration of the (10) days, stating the reasons for the delay and indicating the date on which their inquiry will be addressed, which in no case may exceed the five (5) business days following the expiration of the initial deadline.

11.2 Claims

In accordance with Article 14 of Personal Data Protection and Data Privacity Regulation, the Data Holder who considers that the information contained in a database should be corrected, updated, or deleted, or when they notice the alleged breach of any of the duties contained in Personal Data Protection and Data Privacity Regulation, may file a claim with the Data Controller, which will be processed under the following rules:

1. The claim may be filed directly by the Data Holder at the offices of ANT Secure Solutions LLC If the received claim does not have complete information that allows processing, namely, the identification of the Data Holder, the description of the facts giving rise to the claim, the address, and accompanying documents, the interested party will be required within five (5) days following its receipt to remedy the deficiencies. If two (2) months have elapsed since the date of the request without the applicant providing the required information, it will be understood that they have withdrawn the claim. If for any reason ANT Secure Solutions LLC receives a claim that should not actually be directed against it, it will transfer it to the appropriate party within a maximum period of two (2) business days and inform the interested party of the situation.
2. The maximum term for addressing the claim will be fifteen (15) business days counted from the day following the date of its receipt. When it is not possible to address it within that term, the interested party will be informed before the expiration of the aforementioned period of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the initial term.

11.3 Implementation of procedures to guarantee the right to file complaints

At any time and free of charge, the Data Holder may request from ANT Secure Solutions LLC the rectification, updating, or deletion of their personal data, upon accreditation of their identity.

The rights of rectification, updating, or deletion may only be exercised by:

• The Data Holder, upon accreditation of their identity, or through electronic instruments that allow them to identify themselves.
• Their representative, upon accreditation of the representation.
• When the request is made by a person other than the Data Holder and it is not accredited that they are acting on behalf of the Data Holder, it will be considered not submitted
• The request for rectification, updating, or deletion must be submitted through the means enabled by ANT Secure Solutions LLC as indicated in the privacy notice and contain, at a minimum, the information detailed in item 11. Procedures for exercising rights as Data Holders

11.4 Data Rectification and Updating

• ANT Secure Solutions LLC is obligated to rectify and update, upon request from the data holder, any information that is incomplete or inaccurate, following the procedure and terms outlined above. In this regard, the following will be taken into account: In requests for rectification and updating of personal data, the data subject must indicate the corrections to be made and provide supporting documentation for their request
• ANT Secure Solutions LLC has full discretion to enable mechanisms that facilitate the exercise of this right, provided that they benefit the data subject. Accordingly, electronic means or others deemed relevant may be enabled
• ANT Secure Solutions LLC may establish forms, systems, and other simplified methods, which must be disclosed in the privacy notice and made available to interested parties
• ANT Secure Solutions LLC will use the customer service or support services it has in operation, provided that response times do not exceed those stipulated in Personal Data Protection and Data Privacity Regulation
• Whenever ANT Secure Solutions LLC make available a new tool to facilitate the exercise of rights by data subjects or modify existing ones, they will inform interested parties via email or their website portal

11.5 Data Deletion

The data holder has the right, at any time, to request from ANT Secure Solutions LLC the deletion (elimination) of their personal data when:

1. They consider that the data is not being processed in accordance with the principles, duties, and obligations provided for in Personal Data Protection and Data Privacity Regulation.
2. The data is no longer necessary or relevant for the purpose for which it was collected.
3. The period necessary for the fulfillment of the purposes for which it was collected has elapsed.

This deletion involves the total or partial removal of personal information as requested by the data holder from the records, files, databases, or treatments carried out by ANT Secure Solutions LLC

It is important to note that the right to deletion is not absolute, and the controller may deny its exercise when:

• The request for deletion of information shall not proceed when the data subject has a legal or contractual duty to remain in the database.
• The deletion of data obstructs judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes, or the updating of administrative sanctions.
• The data is necessary to protect the legally protected interests of the data holdert; to carry out an action in the public interest, or to comply with a legal obligation acquired by the data subject.

If the cancellation of personal data is deemed appropriate, ANT Secure Solutions LLC must operationally perform the deletion in such a way that the information cannot be recovered.

11.6 Revocation of authorization

Data holders can revoke consent for the processing of their personal data at any time, provided that it is not prevented by a legal provision. To do so, they must contact ANT Secure Solutions LLC It should be noted that there are two modalities in which consent revocation can occur:

1. It may concern all of the consented purposes, meaning that ANT Secure Solutions LLC must cease processing the data subject’s data entirely.
2. It may occur for specific types of processing, such as for advertising or market research purposes. With the second modality, i.e., partial revocation of consent, other purposes of the processing that the controller, in accordance with the granted authorization, may carry out and with which the data subject agrees, are preserved.

Therefore, it will be necessary for the data subject, when submitting the request to revoke consent to ANT Secure Solutions LLC, to specify whether the revocation they intend to make is total or partial. If it is partial, the data subject should indicate which processing activities they do not agree with. There will be cases where consent, due to its necessary nature in the relationship between the data subject and the controller for the fulfillment of a contract, or by legal requirement, cannot be revoked. The mechanisms or procedures established by ANT Secure Solutions LLC to address requests for revocation of consent must not exceed the time limits set for addressing complaints as indicated in Article 15 of Personal Data Protection and Data Privacity Regulation.

12. Information security
    • Security Measures

 In accordance with the security principle established in Personal Data Protection and Data Privacity Regulation, ANT Secure Solutions LLC has implemented the technical, human, and administrative measures necessary to ensure the security of the records, preventing their alteration, loss, consultation, unauthorized or fraudulent use, or access.

ANT Secure Solutions LLC will make their best technological and human effort to ensure the security of personal information of all its Data Subjects, employing reasonable and current security methods to prevent unauthorized access, maintain data accuracy, and ensure proper use of the information.

• Implementation of security measures

1. ANT Secure Solutions LLC takes all reasonable precautions and measures of a technical, administrative, and organizational nature aimed at ensuring the security of personal data of the Data Holders, primarily those intended to prevent their alteration, loss, and unauthorized treatment or access.
2. The security measures apply to both files and treatments.
3. The application of security measures aims to ensure the preservation, confidentiality, integrity, and availability of the data. These measures are strictly enforced by direct or indirect staff performing any work or activity within ANT Secure Solutions LLC
4. Third parties contracted by ANT Secure Solutions LLC will be required to adhere to and comply with information security policies and manuals, as well as security protocols applied to all our processes.
5. Every contract of ANT Secure Solutions LLC with third parties (suppliers, external consultants, temporary collaborators, among others) involving the processing of information and personal data will include a confidentiality agreement detailing their commitments to protect, care for, secure, and preserve the confidentiality, integrity, and privacy of the information.
6. Modifications to the Personal Data Processing Policy

ANT Secure Solutions LLC reserves the right to unilaterally modify its policies and procedures for the processing of personal data at any time. Any changes will be published and announced. Additionally, previous versions of this personal data processing policy will be preserved. The continued use of the services or the failure to disconnect from them by the data subject after the notification of the new guidelines constitutes acceptance thereof.

14. Disclosure of Information

By accepting this personal data processing policy, the data subject declares that they are aware that ANT Secure Solutions LLC may provide this information to affiliated and allied entities, as well as to judicial or administrative entities and other state entities that, in the exercise of their functions, request this information. Likewise, they accept that they may be subject to internal or external audit processes by companies responsible for this type of control. The foregoing is subject to the confidentiality of the information.

15. Validity of the Personal Data Processing Policy

The personal data processing policy takes effect from the moment it is approved by the Board of Directors of ANT Secure Solutions LLC