Important note: This full privacy notice applies only to relationships in which TICKETOPOLIS, S.A. DE C.V. (hereinafter "TICKETOPOLIS") acts as the DATA CONTROLLER with respect to DATA SUBJECTS. There will be instances where TICKETOPOLIS CLIENTS maintain their own databases, which they will use on our platform to send invitations or registrations for events directly; in such cases, those clients will act as DATA CONTROLLERS over their personal data, and TICKETOPOLIS will assume the role of DATA PROCESSOR. In that type of relationship, the applicable privacy notice will be the CLIENT's, who is legally required to make it available to data subjects prior to processing, among other obligations.

"TICKETOPOLIS" is committed to protecting your privacy. In addition to complying with applicable Mexican law, we follow international best practices in the handling and management of personal data. In all cases, we will handle your personal data to the highest standards of ethics, responsibility, and professionalism.

Unless otherwise indicated or specific terms are established for each case, this privacy notice applies specifically to information we collect from you through "the website": www.TICKETOPOLIS.com, promotional or training events, emails, and other possible "communication channels," such as social media, smartphones, third-party websites related to TICKETOPOLIS, in-person surveys at our own or third-party events, etc.

In collecting personal data, we follow all principles set forth under Mexican law (Article 6): Lawfulness, quality, consent, information, purpose, loyalty, proportionality, and accountability.

This privacy notice complies with the requirements of the Federal Law on Protection of Personal Data Held by Private Parties, its Regulations, and the IFAI Privacy Notice Guidelines. TICKETOPOLIS takes the security of your data very seriously and has technological, physical, administrative, and legal safeguards in place to protect your information.

In accordance with applicable law, you agree that the processing of your personal data shall be carried out in compliance with the following Full Privacy Notice:

1. Identity and address of the data controller:
   TICKETOPOLIS, S.A. DE C.V.
   Av. Fundidora #501 129 C, Col. Obrera
   Monterrey, N.L., México, C.P. 64010
   
2. Purposes of data processing:
   1. Information collected from data subjects (the personal data to be processed). We only collect identification data, physical and personal characteristics, contact information, employment data, academic records, financial data, ideological data, health information, and biometric data. If you would like to know specifically what data we process for clients, employees, candidates, service providers, website users, and visitors, please refer to Annex A at the end of this notice.
      1. You agree that the data you provide to TICKETOPOLIS is truthful, complete, and accurate. Any false, incomplete, or inaccurate data is solely your responsibility.
   2. Explicit identification of the sensitive personal data¹ to be processed.-

      For direct employees, outsourced service personnel, and job candidates, we collect the following sensitive data: physical and personal characteristics, health information, and biometric data.

      For clients, direct employees, outsourced service personnel, job candidates, vendor employees, visitors, and web users, we collect photographs and/or video.

   3. The purposes for which personal data will be processed are as follows (what will the personal data be used for?).-

      In general terms, we may use your personal data to investigate, report, and follow up on violations of terms and conditions, complaints filed by third parties or competent authorities, and to facilitate the exercise of your ARCO rights.

      1. For Clients:
         • To understand your needs; identify behavioral patterns, preferences, and interests in order to improve our software or services, determine the most effective ways to promote ourselves, recommend services or events, and make it easier for you to sign up for new events.
         • To carry out all activities necessary to provide the service, manage your account, handle authentication, sales, billing, invoicing, dispute resolution, issue detection, and technical support.
         • To contact you in emergencies, send system notifications, reminders, news, system updates, promotions, personalized experiences, campaigns, new products, messages, contests and prize delivery, service renewal reminders, and notifications regarding payment issues or non-payment.
      2. For Employees
         • To build your personnel file for the administration of your employment, payroll processing and management, cash and in-kind benefits, bonuses, reimbursements, pensions, enrollment in required insurance plans (e.g., life insurance, major medical), management and/or operation of your savings fund, employee savings account, and grocery vouchers, immigration processing, and the creation and implementation of analytical and statistical processes.
         • Accident prevention programs, nutrition support, psychological assistance, medical exams, overall wellness, and recreational, cultural, and sports activities.
         • To identify your skills and aptitudes for your position, provide training, and manage performance and personal and professional development tools.
         • To comply with the obligations arising from the employment contract under applicable law.
         • To provide employment references as permitted by applicable law.
         • To contact your family members, financial dependents, and/or beneficiaries in case of an emergency.
         • To grant and restrict access to permitted areas of our offices and ensure their security, as well as the security of our systems and technology infrastructure.
      3. For Job Candidates
         • To evaluate skills and aptitudes for the position.
         • To administer psychometric tests and medical exams.
         • To conduct background and socioeconomic checks and verify personal and professional references.
      4. For Website or App Users:
         • To provide an efficient service, deliver better user support, and improve our advertising campaigns.
         • To gather demographic data and other statistical information to improve service efficiency, enhance the user experience, analyze trends, and manage the website.
      5. For Visitors to Our Facilities
         • To record who you are visiting and the reason for your visit, take messages, and receive documents and packages.
         • To issue the necessary identification badges while you are on our premises.
         • To maintain a log of entries and exits for security purposes.
         • To grant and restrict access to permitted areas of our offices and ensure their security.
      6. For Vendors
         • To register you as a vendor, evaluate you, and if applicable, execute the corresponding agreements for the products and/or services you provide.
         • To request quotes, place orders, request invoices, and process payments for the products and/or services you provide.
         • To fulfill obligations arising from the legal relationship.
      7. For Attendees (those who purchase tickets from event organizers)
         • To understand your needs; identify behavioral patterns, preferences, and interests in order to improve our software or services, determine the most effective ways to promote ourselves, recommend additional services or events, and make it easier for you to sign up for new events.
         • To carry out all activities necessary to provide the service, manage your account, billing, dispute resolution, sales, authentication, issue detection, and technical support.
         • To contact you in emergencies, send system notifications, reminders, news, system updates, promotions, personalized experiences, campaigns, new products, messages, and contest and prize information.
         • For reservation, sales, billing, authorization, access control, receipt generation, surveys, authentication, validation, and data updates for reservations to events, activities, and related add-ons.
   4. Distinguishing between purposes that are necessary for the legal relationship between the controller and the data subject, and those that are not.

      We do not process personal data for secondary or derivative purposes.

   5. If applicable, purposes related to marketing, advertising, or commercial prospecting must be included.

      We do process personal data for marketing, advertising, and commercial prospecting purposes. If you do not wish your data to be used for these purposes, please notify our personal data protection department.

3. The options and means by which the data controller allows the data subject to limit the use or disclosure of their personal data:
   1. TICKETOPOLIS's personal data protection department is responsible for data privacy. By contacting this department, you may limit the use or disclosure of your personal data through the exercise of your ARCO Rights, as described in the following section.
4. How to exercise your ARCO rights (access, rectification, cancellation/deletion/erasure, and objection regarding personal data);
   1. You may exercise your ARCO rights (access, rectification, cancellation/deletion/erasure, and/or objection regarding personal data) by contacting the data controller directly at: privacidad@TICKETOPOLIS.com, or by visiting TICKETOPOLIS's offices at the address listed in Section 1.
   2. An ARCO request must include and be accompanied by the information and documents required under Articles 29 and other applicable provisions of the Federal Law on Protection of Personal Data Held by Private Parties. We reproduce Article 29 below for reference only (it is the data subject's responsibility to verify the current requirements for properly exercising their ARCO Rights):
      Article 29.- A request for access, rectification, cancellation/deletion/erasure, or objection regarding personal data must include and be accompanied by the following:

      1. The data subject's name and address or other means by which they can be notified of the response to their request;
      2. Documents establishing the identity of the data subject or, where applicable, the legal authority of their representative;
      3. A clear and precise description of the personal data with respect to which the data subject seeks to exercise any of the above rights; and
      4. Any other element or document that may assist in locating the personal data.
   3. The mechanisms and procedures by which the data subject may, if applicable, revoke their consent to the processing of their personal data;
      1. In accordance with Article 21 of the Regulations to the Federal Law on Protection of Personal Data Held by Private Parties:
         • At any time, the data subject may revoke their consent to the processing of their personal data. To this end, the data controller must establish simple and free-of-charge mechanisms that allow the data subject to revoke their consent by at least the same means through which it was granted, provided that no legal provision prohibits this.
      2. TICKETOPOLIS makes the contact information for our personal data protection department available in Sections 3.1 and 4.1 above. You may reach the department through the available channels and submit a written request to revoke your consent to the processing of your personal data.
5. The clause indicating whether the data subject accepts or rejects the transfer of their data, where required;
   1. Any personal data transfers that may take place; the third-party recipient of the personal data; and the purposes of such transfers:

      TICKETOPOLIS does not transfer personal data.

6. Information on the use of mechanisms in remote or local electronic, optical, or other technological communication channels (such as cookies or web beacons) that allow personal data to be collected automatically and simultaneously when the data subject interacts with them, if applicable; and

   TICKETOPOLIS uses cookies to review:

   1. Browser information and characteristics
      • Whether the visitor is a crawler
      • Whether JavaScript is enabled
      • Browser type and version
   2. HTML request headers
      • IP address
      • Language
      • Country
   3. System session
      • Google Analytics statistical data

   You can remove cookies by following the steps for deleting cookies in your specific browser.

7. The procedures and means by which the data controller will notify data subjects of changes to the privacy notice.

TICKETOPOLIS reserves the right to change this privacy notice at any time. If any changes are made, TICKETOPOLIS will communicate them as follows: (a) by sending an email to the account you have registered on "the website" or the app, or provided through other in-person or electronic data collection channels, and/or (b) by posting a visible notice on "the website." TICKETOPOLIS will not be liable if you do not receive notification of a change to the privacy notice due to any issue with your email account or internet data transmission. For your own protection, we encourage you to review the content of this full privacy notice on our portal (www.ticketopolis.com/es/aviso-de-privacidad.html) whenever you wish.

In the event of any dispute arising from this privacy notice, the parties will first attempt to resolve it through good-faith negotiations, with the assistance of a professional mediator if needed. If after a maximum of 30 days of negotiation the parties fail to reach an agreement, the matter shall be governed by the Federal Law on Protection of Personal Data Held by Private Parties, and the parties accept the involvement that the Federal Institute for Access to Information and Data Protection may have in the matter.

By accepting this Privacy Notice, you waive any other jurisdiction or legislation that may otherwise apply to you. This Privacy Notice is governed by Mexican law, and any disputes shall be resolved before the competent Mexican authorities.