Employee Privacy

Servicios de Frontera DEHP S de RL DE CV

Carretera 45 León-Silao Km. 156.4 Local 17, Colonia Nuevo México, Silao, Guanajuato, C.P. 35270

Fecha de revisión: Abril 1, 2023

Introduction

1. This Employee Privacy Policy Statement (the “Privacy Policy”) contains the policies, procedures and practices to be followed by Servicios de Frontera DEHP S de RL DE CV and any of its present or future subsidiaries (the “Company ”) in connection with the collection, use and disclosure of personal information (the “Personal Information”) of an identifiable person (the “Individual”) who is a current, future or former employee of the Company.

2. The Company recognizes the confidential nature of the Personal Information in its care and is responsible for the compliance of itself and its directors, officers, management, employees, representatives and agents, including consultants and independent contractors (the "Personnel") in the protection of this personal information.

3. For the purposes of this Privacy Policy, the term "Personal Information" has the meaning of any information or collection of information in any form, whether oral, electronic or written, belonging to the Individual, excluding information that is available publicly in its entirety. Personal information will also include any publicly available information that is combined with information that is not publicly available.

4. Personal information includes, but is not limited to, name, home address, home telephone number, home email address, identity verification information, social security number, physical description, age, sex, salary, education, professional designation , hobbies and personal activities. medical history, employment history, credit history, resume content, references, interview notes, performance review notes, and emergency contact information.

5. Personal information will not include the individual's business title, business address or contact information when used or disclosed for reasonable business purposes.

6. The Company will implement policies and procedures that give effect to this Privacy Policy, including procedures to protect and secure Personal Information, procedures to receive, investigate and resolve complaints, procedures to ensure adequate training of Personnel with respect to the policies and Company privacy and procedures. to distribute new and current information related to the Company's Privacy Policy.

Corporate privacy policy

7. The Company and the Staff will at all times respect the confidentiality of the Personal Information placed in their care. The Company will endeavor to ensure that policies affecting the collection, storage and disclosure of Personal Information reflect the confidential nature of the information.

8. The Company will comply with all applicable privacy laws and regulations now and in the future related to protecting the confidentiality of Personal Information.

Purposes for which personal information is collected

9. Personal information will be collected, used and disclosed for purposes related to the individual's employment relationship with the Company, including, but not limited to, employee hiring management, performance reviews, employee payroll administration , the processing of employee benefit claims and in order to comply with all applicable labor and employment laws.

10. The Company will document the purposes for collecting personal information. Personal information will only be used for the stated purpose or purposes for which it was originally collected. The purposes for which personal information is collected will be identified orally or in writing to the individual before it is collected. The person collecting the information may explain the purpose at the time the information is collected.

11. The Company may use Personal Information for a purpose other than that originally stated where the new purpose is required by law or where the Company has obtained the written consent of the Affected Person for each new purpose.

Knowledge and consent

12. Knowledge and consent of the affected individual is required for the collection, use and disclosure of all personal information subject to the exceptions noted elsewhere in the Privacy Policy statement.

13. Consent will not be obtained by deception or misrepresentation.

14. Any use or disclosure of Personal Information will be within the reasonable expectations of the Individual.

15. Subject to legal and contractual obligations, an individual may withdraw consent upon reasonable notice.

Legislation and Regulation

16. Where the company has people living and working in different jurisdictions, the specific rights and obligations of the people may vary from one jurisdiction to another.

17. The Company is subject to privacy legislation in all jurisdictions in which it operates. If any term, covenant, condition or provision of this Privacy Policy is deemed invalid, void or unenforceable by a court of competent jurisdiction, it is the intent of this Privacy Policy that the scope of the rights and obligations of the Privacy Policy be reduced only for the affected jurisdiction and only to the extent deemed necessary under the laws of the local jurisdiction to make the provision reasonable and enforceable and the remaining provisions of the Privacy Policy statement will in no way be affected, harmed or invalidated as a result.

18. Where this Privacy Policy provides greater rights and protections to the Individual than available applicable law, the terms of this Privacy Policy shall prevail to the extent permitted by law.

Scope and application

19. The rights and obligations described in this Privacy Policy will apply to all Persons. The Company and Personnel must comply with the policies, procedures and practices described in the Privacy Policy.

Collection of personal information

20. The type and amount of Personal Information collected by the Company will be limited to the minimum necessary to achieve reasonable business purposes. Personal Information will not be collected maliciously, indiscriminately, or without a reasonable commercial purpose.

21. Personal information will be collected using fair and legal means.

Access by authorized company representatives

22. All personal information will be disclosed internally only as necessary. In the course of normal and reasonable business practices, it is the Company's policy to grant designated Company representatives access to personal information files. This access will not exceed what is necessary to fulfill the Company representative's specific business function or the purpose for which the information was originally collected.

Accuracy of personal information

23. The Company will endeavor to ensure that all Personal Information collected is accurate and validated using reasonable business practices and procedures. The Company is also committed to ensuring that Personal Information remains accurate for the purpose for which it was collected.

Access and Correction Rights

24. The Company will use reasonable efforts to ensure that Personal Information is at all times complete and accurate for its stated purpose.

25. An individual may request access to his or her personal information by submitting a written request together with appropriate proof of identity to an authorized personnel officer. Where the request is made in person, the requirement for proof of identity will be at the discretion of the personnel officer. The individual will be provided with a copy of all available information that is not subject to restrictions as described in this Privacy Policy. All Personal Information and Medical Information will be provided free of charge or at a minimal cost that is not prohibitive.

26. The Company will also provide a specific summary of how the Personal Information has been used and to whom it has been disclosed. Where a detailed description of the disclosure is not available, the Company will provide a list of organizations to which Personal Information may have been disclosed.

27. Personal Information disclosed to an individual must be in a form that is reasonable and understandable. Where the meaning of information is unclear, translations and explanations will be provided at no additional cost.

28. Where a person suspects that there is an error in their personal information, they may submit a written request for its correction. This request must include any relevant information that substantiates the error and must describe the correction to be made. The Company will use reasonable efforts to accommodate any correction request.

29. Where the Individual successfully demonstrates an error in their Personal Information, the Company will make appropriate corrections. Any modification, addition or deletion of the individual's Personal Information will be made only by an authorized personnel officer.

30. Where a correction request is unsuccessful, the Company will record and retain the details and evidence supporting the request.

31. The Company will endeavor to respond promptly to any reasonable request for disclosure and correction made by an individual to ensure the continued accuracy of Personal Information.

32. In some cases, the Company may be required to limit access to Personal Information due to legal or regulatory requirements. However, in all cases, the Company will use reasonable efforts to comply with the individual's access and correction request to the extent permitted by law or regulation.

33. The Company may deny access to parts of an Individual's Personal Information when it is found to contain Personal Information belonging to another Individual.

Use and disclosure of personal information

34. The Company and Personnel will keep confidential all Personal Information under their control, except where one or more of the following conditions apply:

a. When the Person who is the subject of the disclosure has given written consent;
b. When the disclosure is consistent with the purposes for which the Personal Information was originally collected;

c. When the disclosure is for the purpose of providing employment references to potential employers and when the

personal information disclosed is limited to information considered reasonably necessary for the purpose of providing employment references;

d. Where applicable law or regulation permits or requires the Company to do so;

e. When the disclosure is directed to health benefit providers and when the purpose of the disclosure is consistent with the purposes for which the Personal Information was originally collected;

f. When disclosure is required by authorized government representatives acting to enforce any federal or state law or conducting an investigation related to the enforcement of any federal or state law or collecting information for the purpose of enforcing any federal or state law;

g. When the Company is required to comply with valid court orders, warrants or subpoenas or other valid legal processes and

h. In case of emergency to protect the physical safety of any person or group of people.

Ownership of personal information

35. All personal information collected by the Company pursuant to this Privacy Policy are business records of the Company.

Retention and deletion of personal information

36. Any Personal Information collected by the Company will be retained by the Company during the period of the Individual's active employment, as well as for the period following employment, only as long as the Personal Information is necessary to fulfill its original purpose or as indicated. by applicable legislation or regulation.

37. Personal Information that is no longer necessary for the stated purpose will be destroyed, deleted or anonymized.

38. The Company will ensure that all practices and procedures related to the disposal of Personal Information comply with the fundamental confidentiality policy. All disposal procedures for Personal Information, including removal of computerized data storage devices, will ensure the complete destruction of the Personal Information so that there is no risk of subsequent unauthorized disclosure of the Personal Information.

Deceased individuals

39. The rights and protections in the Company's Privacy Policies will extend to Deceased Persons.

Security

40. The Company will take and implement all security measures reasonable and appropriate to the sensitivity of the information to ensure that all Personal Information of each individual is protected against any form of unauthorized use, including, but not limited to, accidental disclosure or malicious, unauthorized access, modification, unauthorized duplication or theft.

41. Security methods will include, but are not limited to, the following:

a. physical security, including locked filing cabinets and secure access offices;
b. organizational security, including security clearances and limited access on a “need to know” basis and

c. Technological security including passwords and encryption.

42. The Company will educate and inform all Personnel about the Privacy Policy and related procedures and about the importance of confidentiality of Personal Information and will monitor compliance with the Privacy Policy and may observe and investigate data management practices. the information of all Personnel who take care of Personal Information. Information.

Knowledge of unauthorized disclosure

43. Responsibility for the security of personal information is a responsibility that the Company takes very seriously. Any Personnel who become aware of an imminent unauthorized disclosure, whether intentional or unintentional, and who fail to act to prevent the unauthorized breach will be subject to sanctions as described in the Application section of this document, including immediate dismissal of the offending Personnel.

Application

44. All personnel in charge of Personal Data must comply with the policies, procedures and practices described in the Privacy Policy. Failure to comply with any term or condition of this Privacy Policy, whether intentional or unintentional, including unauthorized disclosure of Personal Data, is grounds for disciplinary action, including immediate dismissal of all responsible personnel. Any violation of any term or condition of this Privacy Policy, whether intentional or unintentional, is grounds for termination with cause.

45. The Company will have a procedure that will allow Individuals to challenge the Company's compliance with this Privacy Policy. The Company will also have procedures to respond promptly to compliance challenges with the Privacy Policy.

46. The Company will use reasonable efforts to investigate and respond to compliance challenges related to this Privacy Policy. Where a dispute is well founded, the Company will take steps to correct any outstanding issues, including modifying the Privacy Policy and related procedures.

Mediation and Arbitration

47. In the event of a dispute arising out of or in connection with this Privacy Policy, the parties will first attempt to resolve the dispute through amicable consultations.

48. If the dispute is not resolved within a reasonable period, any or all outstanding issues may be submitted to mediation in accordance with the legal mediation rules. If mediation fails to resolve the entire dispute or is not available, any outstanding matter will be submitted to final and binding arbitration in accordance with the laws of Mexico and the state of Guanajuato. The arbitrator's award will be final and any court having jurisdiction within the state of Guanajuato may issue a ruling thereon.