PERSONAL DATA PROCESSING POLICY

ALEJANDROBROKER.COM informs the Owners of the Personal Data that are treated in any way by the website this information treatment policy, thereby complying with the Law. The main purpose of this Policy is to inform The Personal Data Holders the rights that assist them, the procedures and mechanisms provided by the website to make these rights of the Holders effective, and make them aware of the scope and purpose of the Treatment to which the Personal Data will be subjected in the event that the Holder grants his express, prior and informed authorization. The website thus also confirms its commitment to the various interest groups with which it is related; and with the manifest interest of respecting all their rights, especially with this instrument their right to Habeas Data, privacy and other related matters.

CHAPTER I

General disposition

ARTICLE ONE: DEFINITIONS. These definitions relate to the meaning to be given to terms within this document.

a) Authorization: It is the prior, express and informed consent of the Holder to carry out the Processing of their personal data.

b) Database: It is the set of personal data that are subject to Treatment regardless of the modality of the same.

c) Financial Data: It is all Personal Data referring to the birth, execution and termination of monetary obligations, regardless of the nature of the contract that gives rise to them, whose Treatment is governed by the corresponding regulations.

d) Personal Data: It is any information related or relatable to a natural person.

e) Public Data: It is the one that the law designates as such, or the one that rests in public records, certificates, documents or Databases.

f) Sensitive Data: It is the personal data related to the privacy of the Holder or that may give rise to discrimination or differentiated treatment. Biometric data is also part of this category.

g) Responsible for the Treatment: It is the natural or legal person, of a public or private nature, that by itself or in association with others, performs the Personal Data Treatment on behalf of the person responsible for the Treatment.

h) Authorized: It is the person and their dependents who by virtue of the Authorization and these Policies have legitimacy to Process the Owner's Personal Data. The Authorized includes the gender of the Qualified.

i) Enabling: It is the legitimation that expressly and in writing by means of a contract or document that takes its place, the Company grants to third parties, in compliance with the applicable Law, for the Treatment of Personal Data, making such third parties in charge of the Treatment of the Personal Data delivered or made available.

j) Responsible for Treatment: It is the person, authorized by the Owner, who manages and makes decisions regarding the Database.

k) Owner: It is the natural person to whom the data that rests in the Database refer, and the object of protection of the Law and concordant regulations.

l) Transfer: It is the communication of personal data between the Manager and the person responsible for the treatment.

m) Transmission: It is the Personal Data Processing activity through which they are communicated, internally or with third parties, within or outside the country, when said communication is intended to carry out any personal data Processing activity.

n) Treatment of Personal Data: It is all aimed at the processing of Databases, as well as its transfer to third parties.

SECOND ARTICLE: PURPOSE. The Policy for the Treatment of Databases and Information is intended to develop the procedure to collect, store, use and carry out any activity on personal data, and the other rights, freedoms and constitutional guarantees; as well as the right to its information, as stipulated by law and other concordant regulations.

THIRD ARTICLE: SUBJECTION TO LEGAL PROVISIONS. The website states that the guidelines for the Processing of personal data will be those established by the regulations in force on the matter.

ARTICLE FOUR: PURPOSES OF THE DATA COLLECTED. All the data that the website collects are aimed at: i) Generating and managing the collection of all the information necessary for the fulfillment of tax, commercial, civil, labor, legal obligations and in general any obligation that concerns the site Web; ii) Manage the website, with respect to its clients, suppliers, shareholders and other stakeholders; In front of clients, the information collected can be used, without being restricted to: delivery of information to financial entities for the management of financial services; customer loyalty; customer service management; advertising; marketing; management and commercial contact; contacts for informational mails; sending physical and email correspondence; portfolio management; offer of sale, rent and exchange of real estate; receipt and sending of real estate offers; transfer of information for contractual purposes; update or correct property data; information from our business partners; making calls (call center) for administrative, commercial and advertising purposes; and in general, information related to the activity that the contracts signed between the parties imply; develop technologies, services or plans that represent a better service for customers iii) Comply with the legal and contractual obligations of the website; iv) Act within the framework of legal requirements in order to verify the legal nature and situation of some clients, contractors or suppliers; v) Keep the physical or digital file for the time legally required in such a way that they can be consulted later by the Holder or an authority; vi) The transfer and transmission of the Databases when necessary to carry out collection actions, credit processing, legal actions and, in general, the other purposes foreseen in this paragraph; vii) Management of employee information related to payroll, social management, social security, selection processes, contractual relationship and employee welfare ix) Other activities necessary for the effective provision of any of the usual or accidental services provided by the website .

ARTICLE FIVE: PRINCIPLES. The principles indicated in this article are the guidelines that will be respected by the website in the processes of collection, storage, use and administration of personal data:

• Principle of legality regarding the Processing of personal data: The Processing referred to in this Policy is an activity regulated by law, which must be subject to what is established in it and in the other provisions that develop it.

• Principle of purpose: The Treatment obeys the purposes established in the fourth article of this document.

• Principle of freedom: Treatment can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.

• Principle of truthfulness: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable.

• Principle of transparency: In the Treatment, the right of the Holder to obtain from the person in charge of the Treatment or the Person in Charge of the Treatment, at any time and without restrictions, information about the existence of data concerning him or her must be guaranteed.

• Principle of access and restricted circulation: The Treatment of personal data and Databases can only be done by the website or whoever delegates it according to the authorization provided by the Owner. Personal data may not be available in public access and mass dissemination media. If software or similar mechanisms are stored in the cloud, they will have restricted access and will not be of a public nature.

• Security principle: The website will provide minimum security conditions to protect the information contained in its Databases, for this purpose basic archiving measures will be implemented regarding physical documents and digital security systems such as anti-virus and / or storage in the cloud for digital files.

• Principle of confidentiality: As a general rule and except as provided in the Law, in the respective contract, or in this Policy (with the authorization of the Holder in the last two cases) the information and personal data will be treated confidentially.

CHAPTER II

Rights and duties

ARTICLE SIX: RIGHTS OF THE PERSONAL DATA HOLDER. In accordance with the Law, the Personal Data Holders have the following rights: i) Know, update and rectify their Personal Data in front of the website or those in charge of the Treatment thereof. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized; ii) Request proof of the Authorization granted to the website, unless the Law indicates that said Authorization is not necessary; iii) Submit requests to the website or the Person in Charge of Treatment regarding the use that has been given to your personal data, since they provide you with such information; iv) Present before a competent control organism the complaints for infractions to the Law; v) Revoke your Authorization and / or request the deletion of your Personal Data from the databases of the website, when the Superintendency of Industry and Commerce has determined through a definitive administrative act that in the Treatment the website or the Person in Charge of Treatment has engaged in conduct contrary to the Law or when there is no legal or contractual obligation to keep personal data in the Data Controller's database; vi) Request access and free access to your personal data that have been subject to Treatment in accordance with the Law; vii) Be aware of the modifications to the terms of this Policy prior and efficiently to the implementation of the new modifications or, failing that, of the new information treatment policy; viii) Have easy access to the text of this Policy and its modifications; ix) Access in an easy and simple way to the personal data that are under the control of the website to effectively exercise the rights that the Law grants to the Holders; x) Know the agency or person empowered by the website with whom you can submit complaints, queries, claims and any other request about your personal data.

The Holders may exercise their legal rights and carry out the procedures established in this Policy, by presenting their original identification document. Minors may exercise their rights personally, or through their parents or adults who have parental authority, who must prove it through the relevant documentation. Likewise, the successors who prove said quality, the representative and / or attorney-in-fact of the owner with the corresponding accreditation and those who have made a stipulation in favor of another or for another, may exercise the rights of the Holder. Requests may be filed physically or via email according to the data in the header.

ARTICLE SEVEN: IN CHARGE OF AND RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA. The website will be directly who will act as Responsible and as Person in Charge of the Processing of personal data; inside you can delegate any area or dependency for such purposes. In general, the website undertakes to: i) Receive requests from the Holders of personal data, process and respond to those that are based on the Law or this document, such as: requests for updating personal data; requests to know personal data; requests for the deletion of personal data when the Holder submits a copy of the decision of a competent control body in accordance with the provisions of the Law, requests for information on the use given to their Personal Data, requests to update Personal Data, requests proof of the Authorization granted, when it has proceeded according to the Law; ii) Respond to the Personal Data Holders on those requests that do not proceed in accordance with the Law. The contact details of the website are those indicated in the corresponding section.

CHAPTER III

Procedures

ARTICLE EIGHT: OWNER PROTECTION MECHANISMS. The owner may claim their rights, taking the following procedures for this purpose:

8.1. Queries: The website will have mechanisms for the Holder, his successors in title, their representatives and / or proxies, those to whom it has been stipulated in favor of another or for another, and / or the representatives of minors Holders, to make inquiries Regarding which are the personal data of the Holder that rest in the Databases of the website.

Whatever the medium, the website will save proof of the query and your response. a) If the applicant has the capacity to formulate the query, in accordance with the accreditation criteria established in the Law, the website will collect all the information about the Holder that is contained in the individual record of that person or that is linked to the identification of the Owner within the databases of the website and it will be made known to the applicant. b) The Responsible for attending the query will respond to the applicant as long as he has the right to do so because he is the Owner of the Personal Data, his successor, attorney, representative, it has been stipulated by another or for another, that is, the legal responsible in the case of minors. This response will be sent within ten (10) business days from the date the request was received by the website. c) In the event that the request cannot be attended within ten (10) business days, the applicant will be contacted to inform them of the reasons why the status of their request is in process. For this, the same means or one similar to that used by the Holder will be used to communicate his request. d) The final response to all requests will not take more than fifteen (15) business days from the date the initial request was received by the website.

8.2. Claims: The website has mechanisms for the Holder, his successors, representative and / or proxies, those who stipulated by another or for another, and / or the representatives of minors Holders, to formulate claims regarding (i) Data Personal processed by the website that must be subject to correction, updating or deletion, or (ii) the alleged breach of the duties of the website's Law. The claim must be submitted by the Holder, his successors in title or representatives or accredited in accordance with the Law, as follows:

· You must go to the website electronically to the email address given in the relevant section; or physically the address given by the website.

· It must contain the name and identification document of the Holder.

· It must contain a description of the facts that give rise to the claim and the objective pursued (update, correction or deletion, or fulfillment of duties).

· You must indicate the address and contact information and identification of the claimant.

· It must be accompanied by all the documentation that the claimant wants to assert.

8.2.1 Before handling the claim, the website will verify the identity of the Personal Data Holder, his representative and / or attorney-in-fact, or the accreditation that there was a stipulation by another or for another. To do this, you can require the holder's original identity card or identification document, and the special, general powers or documents that are required as the case may be.

8.2.2 If the claim or additional documentation is incomplete, the website will require the claimant only once within five (5) days of receipt of the claim to remedy the faults. If the claimant does not present the required documentation and information within two (2) months from the date of the initial claim, it will be understood that they have withdrawn the claim.

8.2.3 Once the claim with the complete documentation has been received, a legend that says “claim in process” and the reason for the claim will be included in the Database of the website where the Holder's Data subject to claim rests, in a term no longer than two (2) business days. This legend should be kept until the claim is decided.

8.2.4 The maximum term to attend the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.

VALIDITY. This Policy applies as of July 1, 2017. The personal data that is stored, used or transmitted will remain in our Database, based on the criteria of temporality and necessity, for as long as is necessary for the purposes mentioned in this Policy, for which they were collected.