Terms and Privacy

This policy reflects the type of information that PERFILES Y SOLUCIONES TECNOLÓGICAS S.A.S. (hereinafter the “Company”) collects, stores, uses, transmits, treats, and transfers, as well as the purposes of its treatment, and the general guidelines that will be applied to guarantee the adequate treatment of any personal information.

Party responsible for the processing of any personal data

• Business Name: PERFILES Y SOLUCIONES TECNOLÓGICAS S.A.S.
• N.I.T.: 901.284.844
• Notification Address: Barranquilla, departamento del Atlántico. Calle 94 No 51B – 43 OF 306
• Email: tratamientodedatos@leangroup.com
• Web Portal: https://www.leangroup.com/solutions/leantech
• Telephone: 3164919529

Compiled data

As a Private User, we collect your personal data to provide you with a better service. To create an account, you must provide information such as your first name, middle initial, last name and surname, email address, telephone number, and a password.

In the same way, you can also include your academic data, work experience and skills, your location, a photograph, and upload your resume in Word or PDF (Spanish or English). We store information associated with the results of your psychometric tests, audio recordings, usage tracking on our web portal, and the duration of your activity on our portal.

As a Business User, to create an account on our Web Portal and use our services, you must provide the company’s identification data and the contact data of the person who will act on behalf of the company: full name, email address, and a password.

As an Employee, to be linked as an employee of PERFILES Y SOLUCIONES TECNOLÓGICAS S.A.S., you must provide identification and contact data; academic and work information; marital status; place of birth; nationality; number of children; information related to military record, healthcare provider (EPS), pension fund (AFP), benefits compensation fund, ARL; blood type; bank and account details; apparel and footwear sizes; and any additional information important to the employment relationship. If sensitive data is to be collected, we will inform you in advance; providing such data will be optional.

As a Contractor/Supplier/Client/Lessor (natural or legal person), we collect contact information (landline and/or mobile), business or legal notification address, physical address, email, type and number of identity, bank certification, and in general the data contained in the certificate of existence and legal representation, commercial registration and/or RUT, plus any information related to the contract’s purpose.

Data treatment and purpose policy

PERFILES Y SOLUCIONES TECNOLÓGICAS S.A.S. will inform data subjects, via Privacy Notices, about the processing that will be applied to their information and its purposes. In general, the Company will treat collected information as follows:

Private User and Business User Information

• Carry out the development of the company’s corporate purpose.
• Develop commercial and promotional campaigns.
• Conduct satisfaction surveys.
• Store information in a database and measure, for statistical purposes, visitors accessing the website and applying to job offers.
• Store information and analyze, for statistical purposes, users who enter the website seeking provision or supply of services offered by the Company.
• Use information to contact users for potential commercial or labor relations, depending on the user.
• Other uses as reserved under the Company’s privacy policy.

Employee Information

• Issue, publish, transmit, disseminate, and promote welfare activities developed by the Company to its labor community and through social networks and advertising channels (including radio/TV).
• Keep contact information updated.
• Verify identity and data of the holder.
• Build and update work history records.
• Verify and manage leaves, disabilities, and health-related processes with social security entities.

Contractor / Supplier / Lessor Information

• Execute the respective contracts or purchase orders.
• Fulfill tax and accounting obligations.
• Perform due diligence required by the Superintendency of Companies (Cap. X, Circular Externa).
• Pursue commercial, promotional, and informational purposes.
• Treat and respond to requests, complaints, claims, reports, suggestions, and/or extend congratulatory messages.

Shareholder Information

• Gather data to issue calls for ordinary or extraordinary meetings of the General Assembly of Shareholders.
• Report exogenous information to DIAN (tax and customs authority).
• Carry out due diligence required by the Superintendency of Companies (Cap. X, Circular Externa).

Limit on retention of personal information

PERFILES Y SOLUCIONES TECNOLÓGICAS S.A.S. will keep personal data for the duration of the contractual or commercial relationship (with the person or their representative) and as long as necessary to comply with legal obligations. Generally:

• Labor/Work-Related Data (Employees): kept during the contractual relationship, plus twenty (20) additional years.
• Commercial and Accounting Data (Business Users/Private Users/Lessors/Shareholders/Contractors/Suppliers): kept during the civil or commercial relationship, plus ten (10) additional years.

Transfer of information

The Company will transfer Employees’ and Private Users’ information to Business Users to comply with contractual obligations of PERFILES Y SOLUCIONES TECNOLÓGICAS S.A.S., as expressly accepted by data subjects in the corresponding Privacy Notices. Data subjects will be informed of the processing policies applied by the receiving Business Users.

Information ownership rights

As the owner of the personal data provided to the Company, you have the right to:

• Know, update, and rectify your personal data with the Company (including partial, inaccurate, incomplete, fragmented, or unauthorized data).
• Request proof of the authorization granted to the Company, except when not required by applicable law.
• Be informed, upon request, regarding the use given to your personal data.
• Submit complaints to the Superintendency of Industry & Commerce for violations of these Policies or the law.
• Revoke authorization and/or request deletion when principles, rights, and constitutional/legal guarantees are not respected. Revocation/deletion proceeds when the Superintendency determines noncompliance by the Company.
• Gain free access to your processed personal data through the designated channels.

Information relating to minors

If you are a minor, please do not provide personal data; the Company does not collect or process information from individuals under eighteen (18) years of age.

Sensitive / confidential information

Unless specifically requested by the Company, do not submit or disclose sensitive personal data. When requested, such data will be collected only with your express prior consent. You may refuse to provide sensitive data (e.g., racial/ethnic origin, union membership, social or human rights affiliations, political/religious beliefs, sexual preferences, biometric or health data), unless required for legal functions or by administrative/judicial order.

Video surveillance

For security and compliance, the Company uses video surveillance in internal and external areas of its facilities/offices. At the entrances, privacy notices will indicate the purpose of processing, the sensitive nature of the data, and the voluntary nature of providing it.

Inquiries and claims

To request access, updates, rectification, deletion of data, or revocation of authorization, the data subject or their successors may use the Company’s communication channels. NOTE: Inquiries received outside the established Service Schedule will be handled on the next business day.

To exercise these rights, a written communication (physical or electronic) must include:

• Full name of the data owner or their representative/proxy.
• Type and number of the applicant’s identity document.
• Electronic or physical address for correspondence and a contact telephone number.
• The purpose of the request and its grounds.
• Copy of the ID of the holder and, if applicable, the representative/proxy.
• Authenticated document accrediting representation, when applicable.
• Signature of the petitioner or attorney, when applicable.

If the request is incomplete, the Company will request corrections within five (5) days of receipt. After two (2) months without the requested information, the request will be considered withdrawn. Once a complete request is received, the Company will mark the database with “Request in process” within two (2) business days until resolved.

Queries

Queries will be answered within a maximum of ten (10) business days from the day after receipt. If not possible within that term, the Company will inform the reasons and the new date, which may not exceed five (5) additional business days.

Claims

Claims will be addressed within fifteen (15) business days from the day after receipt. If not possible within that term, the Company will inform the reasons and the new date, which may not exceed eight (8) additional business days.

Deletion of data / Revocation of authorization

As long as the Superintendency of Industry & Commerce has determined noncompliance by the Company, the data owner may request deletion or revocation. Requests may be denied or limited when:

• The data owner has a legal or contractual duty to remain in the database.
• Deletion would hinder pending judicial/administrative actions (e.g., tax obligations, crime investigation/prosecution, updating sanctions).
• The data is necessary to protect legally protected interests of the owner, to act in the public interest, or to comply with a legally acquired obligation.

Notwithstanding the foregoing, data will be used exclusively for the requested purpose and handled with appropriate confidentiality.

Validity and modifications

This Policy is effective from its issuance and may be modified in accordance with current regulations. The Company will inform data subjects of substantial changes by publishing the projected modification for ten (10) business days at: https://www.leangroup.com/solutions/leanstaffing
prior to implementation.

Date of Issuance: 11/30/2021