Privacy Notice –September 2025

1. “Data Controller” Responsible for the processing of your personal data

SOLINLOG is the legal entity that, in accordance with the Federal Law on the Protection of Personal data held by Private Parties (“LFPDPP”), is considered the "Data controller", as it determines the purposes and means of the processing of personal data collected from clients, suppliers, employees, and, in general from any individual or legal entity (the “Data Subject”). The term “Data Subject” refers to any individual or legal entity to whom the personal data pertains, “personal data” is understood as any information relating to and identified or identifiable individual.

For the Data Controller, the lawful processing of your data in accordance with the applicable law is a top priority, This Privacy Notice complements any other simplified or short privacy notices made available to you by the Data Controller and shall apply in a supplementary manner to all matters not expressly addressed in those notices.

2. Address of the Data Controller

Av. Coyoacán 1878, Office 1405, Colonia Del Valle, Alcaldía Benito Juárez, Mexico City (CDMX). C.P. 03100. This is the address established by the Data Controller to hear and receive notifications.

3. Purposes of processing Client´s personal data

“The Data Controller” collects your data for the following purposes:

1. The information we request from our clients serves the following purposes:
   1. Identification purposes to maintain direct communication with our clients.
   2. Internal administrative control.
   3. To contact you and provide updates regarding the services entrusted to us.
   4. To send you news of interest about our products and services.
2. When collecting personal data, we adhere to all principles set out in Article 6 of the LFPDPPP
   1. Lawfulness – Data will be collected and processed lawfully in accordance with the law.
   2. Consent – Processing will be subject to the Data Subject’s consent, unless exceptions apply under the LFPDPPP.
   3. Quality – Ensuring accuracy, completeness, and up-to-date status of the collected data.
   4. Information – The right of individuals to obtain confirmation of the existence of their data from the Data Controller.
   5. Purpose Specification – The purpose must be clearly indicated at the time of data collection.
   6. Loyalty – Data must not be disclosed or used for purposes other than those specified.
   7. Proportionality – Processing must be fair and limited to what is relevant and necessary.
   8. Accountability – The Data Controller must effectively implement measures to comply with the above principles.

4. Personal Data Collected from Clients

To fulfill the purposes outlined in this privacy notice, the Data Controller may collect personal data related to identification, contact, employment, and billing.

5. Sensitive Personal Data

In certain cases, the Data Controller may need to collect sensitive personal data, as defined by applicable law, such as financial, economic, or asset-related information, fingerprints, or image recordings for the security of both the establishment and its personnel.

Sensitive data will only be processed with the purposes outlined in this Privacy Notice.

You may refuse to provide such data, in which case certain services may not be provided.

For this reason, we request your express written consent to process sensitive personal data as follows:“I consent to the Data Controller processing my sensitive personal data for the purposes described in this Privacy Notice, as required based on the nature of the data”

6. Options and Means to Limit the Use or Disclosure of Your Personal Data

To limit the use or disclosure of your personal data, especially for marketing or advertising purposes, you may directly contact the Data Protection Department of the Data Controller, who will provide you with instructions on how to exercise this right.

7. Means to Exercise ARCO Rights (Access, Rectification, Cancellation, and Opposition)

You have the right to access the personal data held by the Data Controller and obtain information about its use; to rectify your data if it is inaccurate or incomplete; to cancel it if you consider that it is no longer necessary for the stated purposes, or that it is being used improperly; and to object to its processing for specific purposes.

The Data Protection Department of the Data Controller will provide the necessary information and guidance to exercise your ARCO (Access, Rectification, Cancellation, and Opposition) rights.

The procedure implemented for exercising these rights, begins with the submission of a request, the format and response times of which can be obtained from the Data Protection Department, as indicated in section 6 of this notice.

8. Procedure for the owner (client), where applicable, to revoke their consent for the processing of their personal data.

You may revoke the consent that you have given to the Data Controller for the processing of your personal data at any time. However, please be aware that your request may not be fulfilled in every case, or may not take immediate effect, as there may be legal obligations requiring continued data processing. Additionally, revoking your consent may result in the inability to continue providing certain services or in the termination of your relationship with the Data Controller.

To request the revocation of your consent, please contact the Data Protection Department of the Data Controller to receive detailed instructions on how to proceed.

9. Implemented Security Measures

To protect your personal data, we have implemented administrative, physical, and technical security measures to prevent loss, misuse, or alteration of your information.

10. Modifications to the Privacy Notice

This Privacy Notice may be modified, amended, or updated due to new legal requirements, internal needs of the “Data Controller”, changes in the services offered, privacy practices, or other reason. Therefore the Data Controller reserves the right to make any necessary modifications or updates to this Privacy Notice at any time.

The “Data Controller” will make the updated version of the Privacy Notice available to the client on the website: www.smartports.app/privacy

11. Right to initiate rights protection and verification procedures conducted by the institute.

For any complaints or further information regarding the processing of your personal data, or if you have questions about the Federal Law on the Protection of Personal Data Held by Private Parties or its Regulations, you may contact the National Institute for Transparency, Access to Information, and Protection of Personal Data (INAI).