Foodment is the data controller, a commercial entity established under Colombian laws, whose main purpose is to design, build, and implement sustainable ecosystems on technological platforms applied to the organizational value chain. This is done to quantify the triple impact (environmental, social, and economic) through reliable and transparent traceability of assets. In practical terms, a sustainable ecosystem is one where its participants constantly share information about their individual productivity, operations, and other relevant aspects, with the goal of achieving a chain reaction that enables comprehensive sustainable development. The information for Foodment is as follows:

• Business name: FOODMENT S.A.S. BIC

• Tax Identification Number (NIT): 901.375.706-9

• Main address: Carrera 7 # 80-49 Of. 504

• Email: contacto@weia.com.co

Foodment adopts the Personal Data Treatment Policy (PTDP) to ensure the protection of the fundamental rights of data subjects in personal data processing.

II. OBJECTIVE OF THE PTDP

The objective of the PTDP is to develop and establish guidelines and policies that will govern the Processing of Personal Data by Foodment, especially of users of the website https://weia.com.co/ (hereinafter the "Website"). This PTDP includes: a) The Processing to which Personal Data are subjected; b) The rights of the data subjects; c) The person in charge or responsible area and the procedures for handling requests, inquiries, and complaints so that data subjects can exercise their rights to know, update, rectify, and delete, as well as revoke the Authorization; d) The effective date of the PTDP; and e) Other policies and guidelines followed by Foodment to ensure the full exercise of the right to habeas data.

III. SCOPE OF THE PTDP

The application of this PTDP covers all Personal Data that Foodment processes in the course of its activities and its corporate purpose, including the commercial relationship with clients, hiring of personnel, engagement of suppliers, and all other activities carried out in accordance with its corporate purpose. Workers, collaborators, representatives, contractors, allies, or third parties acting on behalf and on behalf of Foodment are obliged to comply with and apply all the provisions of the PTDP. Foodment limits access to the Personal Data of the data subjects to authorized collaborators, who may carry out the Processing for purposes authorized by the data subject or defined by law. Foodment will make its best professional effort to maintain under adequate standards of quality, protection, and information security, all the Personal Data received from data subjects, especially Sensitive Data or Personal Data of children, girls, and adolescents. Likewise, it will seek to ensure that the Personal Data and/or Sensitive Data collected have the technical and legal protection necessary to guarantee their security, integrity, access, and confidentiality. Data subjects expressly authorize Foodment to store their Personal Data and/or Sensitive Data (whose delivery is optional) in the manner it considers most appropriate and comply with the security required for the protection of Personal Data according to normal and reasonable standards applicable to Foodment.

IV. DEFINITIONS

Without prejudice to other definitions found in Law 1581 of 2012 and its related regulations, in accordance with current regulations, the following definitions will apply:

• "Authorization": Prior, express, and informed consent of the data subject for Foodment to carry out the Processing of their Personal Data, which may be requested through different mechanisms and technical means and may be, (i) in writing; (ii) orally, or (iii) through unequivocal conduct of the data subject that reasonably indicates that the authorization has been granted. In no case can silence be assimilated to unequivocal conduct. The Authorization may be obtained through a physical document, digital, data message, website, verbally, or by telephone, or in any other format that allows preserving evidence.

• "Privacy Notice": Verbal or written communication generated by Foodment, addressed to the data subject for the Processing of their personal data, through which they are informed about the existence of the PTDP, how to access the PTDP, and the purposes of the Processing that Foodment will give to Personal Data.

• "Database": An organized set of Personal Data that will be the subject of Processing.

• "Personal Data": Any information linked or that can be associated with one or more natural persons.

• "Public Data": Data that is not semi-private, private, or sensitive. Public Data includes, among others, data related to the civil status of individuals, their profession or occupation, and their status as a merchant or public servant. By their nature, Public Data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed judicial decisions not subject to reservation.

• "Sensitive Data": Those that affect the privacy of the data subject or whose misuse may lead to their discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights organizations, or that promote the interests of any political party or guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data. The delivery of Sensitive Data is optional, and the data subject is not obliged to answer questions about Sensitive Data.

• "Processor": Natural or legal person, public or private, who, alone or in association with others, carries out the Processing of personal data on behalf of the Data Controller; Foodment may be the Processor.

• "Data Controller": Natural or legal person, public or private, who, alone or in association with others, decides on the Database and/or the Processing of Personal Data; for the purposes of the PTDP, when referring to the Data Controller, it refers to Foodment.

• "Data Subject": Natural person whose Personal Data are the subject of Processing.

• "Transfer": Operation that will take place when the Data Controller and/or Processor sends Personal Data to a recipient, who in turn is a Data Controller and is located inside or outside the country.

• "Transmission": Operation that implies the communication of Personal Data within or outside the territory of the country when it has the purpose of carrying out Processing by the Processor on behalf of the Data Controller.

• "Treatment": Any operation or set of operations on Personal Data, such as collection, storage, use, circulation, or deletion.**

V. PRINCIPLES FOR PROCESSING PERSONAL DATA

The Processing of Personal Data by Foodment will adhere to the following principles:

• Principle of Legality in Data Processing: The Processing of Personal Data by Foodment will be carried out in a lawful manner, respecting the Authorization of the data subject and in compliance with current regulations.

• Principle of Purpose: The Processing of Personal Data will be guided by the purposes established in the Authorization granted by the data subject, and the processing will not exceed the purposes that justified the Processing.

• Principle of Freedom: The Processing can only be carried out with the prior, express, and informed consent of the data subject. Personal Data may not be obtained or disclosed without prior Authorization, or in the absence of a legal or judicial mandate that relieves the consent.

• Principle of Truthfulness or Quality: The information subject to Processing must be truthful, complete, accurate, updated, verifiable, and understandable. Processing of partial, incomplete, fractional, or misleading data is prohibited.

• Principle of Transparency: In the Processing of Personal Data, Foodment will guarantee the data subject the right to obtain information about the existence of PTDP and the purposes of the Processing, through the Privacy Notice, and this information will be made available in the terms of the PTDP.

• Principle of Access and Restricted Circulation: Personal Data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to data subjects or authorized third parties.

• Principle of Security: The information subject to Processing by Foodment will be handled with the technical, human, and administrative measures necessary to grant security to the records, avoiding their adulteration, loss, consultation, use, or unauthorized or fraudulent access.

• Principle of Confidentiality: All persons who intervene in the Processing of Personal Data are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks included in the Processing.

• Principle of Accountability: The Data Controller, who is Foodment, is accountable for ensuring that the Processing of Personal Data complies with the current regulations.

VI. RIGHTS OF DATA SUBJECTS

Foodment recognizes the following rights of data subjects:

• Know, update, and rectify their Personal Data in the face of the Data Controller or Processor. This right may be exercised, among others, against partial, inaccurate, incomplete, fractional, misleading data, or those whose Processing is expressly prohibited or has not been authorized;

• Request proof of the Authorization granted to the Data Controller unless expressly exempted as a requirement for Processing, in accordance with current regulations;

• Be informed by the Data Controller or the Processor, upon request, regarding the use that has been given to their Personal Data;

• Submit inquiries to the Data Controller or Processor about the use given to their Personal Data;

• Revoke the Authorization and/or request the deletion of the Personal Data when the principles, rights, and constitutional and legal guarantees are not respected in the Processing. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the Processing, Foodment or the person in charge has engaged in conduct contrary to this law and the Constitution;

• Access free of charge to their Personal Data that have been subject to Processing.

VII. PERSONAL DATA PROCESSED BY FOODMENT

The types of Personal Data that Foodment may process include, but are not limited to:

• Identification data such as name, identification number, address, telephone number, email, and other contact information;

• Financial and transactional data, such as bank account details;

• Data related to employment, such as resumes and other information provided by job applicants;

• Data related to customers and suppliers, such as business contact information;

• Other types of data necessary for the fulfillment of the corporate purpose of Foodment and in compliance with legal requirements.

VIII. PERSONAL DATA PROCESSING

Foodment will process Personal Data for the following purposes:

• Developing, maintaining, and managing the commercial relationship with customers, suppliers, and other business partners;

• Managing employment relationships and personnel administration;

• Complying with legal obligations and requirements;

• Other purposes related to the corporate purpose of Foodment and permitted by law.

IX. AUTHORIZATION

Foodment will obtain the Authorization of data subjects for the Processing of their Personal Data through the mechanisms established in current regulations.

X. PERSON IN CHARGE OF THE PROCESSING OF PERSONAL DATA

Foodment will designate a person or area responsible for processing Personal Data, who will be in charge of handling requests, inquiries, and complaints related to the Processing of Personal Data. The person in charge can be contacted at the email address contacto@weia.com.co.

XI. PROCEDURES FOR HANDLING REQUESTS, INQUIRIES, AND COMPLAINTS

Data subjects may submit requests, inquiries, and complaints related to the Processing of Personal Data by Foodment to the person in charge designated by Foodment, who will address and respond to these requests in accordance with the procedures established in the PTDP.

XII. EFFECTIVE DATE

This PTDP will be effective from the date of its approval by Foodment. Any modification or update to the PTDP will be communicated to the data subjects through the Privacy Notice or other means determined by Foodment.

XIII. OTHER POLICIES AND GUIDELINES

Foodment may establish and communicate to data subjects other policies and guidelines related to the Processing of Personal Data, with the aim of ensuring the full exercise of the right to habeas data.

I hope this helps! Let me know if you have any further questions or if there's anything else I can do for you.