Privacy

SOMOS PLENTI S.A.S., is a company duly constituted and operating in accordance with the laws of the Republic of Colombia, with headquarters in the city of Medellín and with NIT 901,594,095-6 (“Plenti”), together with its affiliated entities, expresses its strict commitment to the protection of personal data and the privacy of the owners of such data, in line with its corporate purpose.

In order to establish the fundamental criteria for the collection, storage, use, circulation, management, transfer, transmission and deletion of personal data under its responsibility, Plenti presents its Personal Data Processing Policy (“Policy”).

We appreciate the trust you place in us when sharing your personal data, and we want to assure you that we manage them with the seriousness and responsibility they deserve, in strict compliance with applicable regulations.

We know that you are interested in understanding our management of databases in Plenti. This policy, applicable both to our internal databases and to those managed by designated managers, is the regulatory framework that guides our actions. In compliance with Law 1581 of 2012, Decree 1074 of 2015, the Political Constitution and other relevant regulations, both Plenti and its managers are fully committed to complying with the obligations they impose in the field of personal data protection.

This document seeks not only to inform you but also to reaffirm our commitment to transparency and responsibility in the management of the information you entrust to us. We invite you to explore more details and answer any questions you may have. Your trust is our priority.

In order to facilitate understanding and compliance with our Personal Data Processing Policy, we have established the following definitions:

• Authorization: Voluntary, explicit and informed confirmation from the Owner to carry out the processing of their personal data.
‍
• Database: Organized set of personal data that is subject to Treatment.
‍
• Consultation: Request made by the Owner to know the information we have about him in our Databases.
‍
• Anonymous Data: Information that does not identify the Owner personally and that we use at Plenti for statistical analysis.

• Personal Data: Any information linked to or that can be associated with one or more specific or determinable natural persons.

• Private Personal Data: Information of an intimate or confidential nature that is only relevant to the Owner.

• Semi-private Personal Data: Information that is not intimate, reserved or public in nature, and whose knowledge or disclosure may be of interest not only to the Owner, but to a certain sector or group of people, or to society in general. Examples include financial, credit, business or service data, and social security data.
‍
• Public Data: Information qualified as such by law and information that is not semi-private, private or sensitive.
‍
• Owner: Natural person whose personal data are subject to processing.

• Data Processor: Natural or legal person, public or private, who carries out the processing of personal data on behalf of the Data Controller. In this case, Plenti will act as Personal Data Processor.

• Source: Person, entity or organization that receives or knows Personal Data from Data Subjects and provides this data to an Information Operator, who delivers them to the Owner.

• Operator: Person, entity or organization that receives Personal Data from various Sources, manages them and brings them to the attention of the Owners under the parameters of Law 1266 of 2008 and other complementary regulations.

• Platform: Refers to the Plenti website and application through which we provide our Services.

• Complaint: Request from the Owner to exercise their rights related to their Personal Data.

• Data Controller: Natural or legal person, public or private, who decides on the Processing of Personal Data and determines its purpose.

• Procedural Requirement: Prior step that the Owner must take before filing a complaint with the Superintendency of Industry and Commerce. It consists of a direct complaint to the Manager or Responsible for Personal Data.

• Services: Refers to the operations offered by the Plenti Platform, which consist of the commercialization of virtual assets. These assets, of a non-monetary nature and without physical appearance, are traded through the Plenti Platform and are transferred using blockchain networks (for example, the Polygon network), stable currencies and cryptocurrencies, using cash, bank transfer or card.

• Treatment: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.

• Transmission: Act of transmitting or delivering personal data from the Databases to a third party in Colombia or abroad so that this third party, in its capacity as Manager, can carry out the processing of personal data.

• Transfer: Communication of personal data between a Data Controller located in Colombia and another Data Controller located inside or outside the country.

At Plenti, we are governed by solid fundamental principles, recognized both by Colombian legislation and by case law. These principles define our actions in the management of Personal Data hosted on our platform, and are described in detail below:

1. Principle of Purpose: Data processing is carried out for the legitimate and transparent purpose, as established by the Constitution and the Law. The purpose of the treatment is clearly informed to the Data Controller.

2. Principle of Necessity and Proportionality: The information recorded in our Database is strictly necessary to fulfill the purposes of the treatment. It must be appropriate, relevant and in accordance with the purposes for which it was collected.

3. Temporality: We keep Personal Data in our Database for the time necessary to achieve the purpose for which they were collected.

4. Principle of Freedom: The treatment is only carried out with the prior, express and informed consent of the Data Controller. Personal Data is not obtained or disclosed without prior authorization, unless there is a legal or judicial mandate.

5. Principle of Truthfulness: The information subject to treatment is true, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractional or error-inducing data is not allowed.6. Principle of Transparency: We guarantee the right of the Data Controller to obtain information about the existence of their data at any time and without restrictions.

7. Principle of Access and Restricted Circulation: Except for public information, we limit the presence of Personal Data on the Internet to situations in which access is technically controllable, providing restricted knowledge to Holders or authorized third parties.

8. Security Principle: We comply with all necessary technical, human and administrative measures to ensure the security of records, preventing their adulteration, loss, unauthorized or fraudulent consultation, use or access.

9. Principle of Confidentiality: Those who are involved in the processing of Personal Data, who are not public in nature, are obliged to guarantee confidentiality, even after ending their relationship with the processing work.

At Plenti, we understand the importance of trust in our relationship with our users. Therefore, we seek to make every authorization for the processing of personal data a conscious and empowered act. Here's how we do it:

5.1 Transparent Collection: We obtain your authorization in a clear and transparent manner, using means permitted by Applicable Law. We make sure that you can easily access your authorizations when you need them.

5.2 Act of Trust: When you grant your authorization, you trust us to handle your personal data. Whether directly to Plenti or its designees, your authorization implies that you know this Policy and your rights in the processing of your data.

5.3 Knowledge Guarantee: We understand that your consent is informed. Therefore, you make sure that you know both the details of our Policy and your rights in relation to the processing of your personal data.

5.4 Documented Backup: For your peace of mind, Plenti takes concrete steps. We keep detailed records of how and when we obtained your authorization. Thus, we guarantee traceability and compliance with established commitments. At Plenti, we believe in transparency and accountability in every interaction. Your authorization is the pillar of a relationship of trust that we build together.

At Plenti, we assume responsibility as managers of your personal data. The information we collect, directly or indirectly, varies depending on your relationship with us. This includes, but is not limited to:

(i) Your identification, such as first and last name. (ii) Location and contact data, including physical addresses, email addresses, telephone and cell phone numbers. (iii) Information on gender and age. (iv) Personal characteristics. (v) Social context and circumstances. (vi) Academic and professional history. (vii) Employment details. (viii) Transactional, financial or insurance information. (ix) Date of birth. (x) Your interests and preferences. (xi) How did you learn about our products and/or services. (xii) Biometric data and visual information when necessary. (xii) Information related to your health. (xiv) Sensitive data when necessary.

Plenti may collect financial information for purposes such as making payments, establishing and maintaining contractual relationships, reporting to risk entities and evaluating potential risks. This processing will be carried out in compliance with applicable laws on financial, commercial and credit data, including Act 1266 of 2008 or other relevant regulations.

It is important to know that Plenti can report breaches of obligations previously authorized by the owners. However, this process will be carried out with due communication to the owner.

If you choose not to provide certain personal data, we may not be able to offer you some products or services, and information of interest to you may not reach you through our designated communication channels.

At Plenti, we respect confidentiality and will keep your data for as long as necessary to fulfill the objectives mentioned in this Policy. We will always be attentive to your request for deletion, unless there are legal or contractual obligations that require us to keep them.

At Plenti, we understand the importance of safeguarding sensitive information, especially when it comes to underage data. We will always act with the utmost respect for the legal restrictions associated with this type of information.

When we request and collect sensitive data, we do so only with the express authorization of the owner, unless the law allows otherwise. In these cases, we undertake to inform the owners of the specific purposes for which the information will be used, making it clear that the provision of this data is voluntary as established by applicable legislation. It is important to note that no activity will be conditioned on the delivery of sensitive data. When it comes to the personal data of minors, we ensure that we comply with the particular rights that correspond to them. We guarantee that:

(i) Data processing will always be carried out considering the best interests of children. (ii) We will respect your fundamental rights at all times. (iii) We will give importance to the opinion of minors, taking into account their maturity, autonomy and capacity to understand the matter. Your voices will be heard and valued in any process involving your personal data.

At Plenti, we are committed to creating a safe and respectful environment for our small users.

At Plenti, we consider it essential to be transparent about how and why we process personal data. All actions related to the processing of information are aligned with our fundamental purpose and the specific needs of each relationship. Below, we detail the general and particular purposes:

8.1. General a) Confirm and update the information of the owners. b) Formalize relationships through preliminary negotiations. c) Negotiate, execute, modify or terminate acts and/or contracts. d) Contact to send related information. e) Know, store and process data in our databases. f) Creation of accounts and profiles on web platforms. g) Consult relevant information in risk databases. h) Report compliance or breach of obligations. i) Consult databases to identify background. j) Submit reports to authorities and respond to requests. k) Comply with internal policies. l) Resolve PQR's and allow the exercise of rights of the owners. m) Respond to requests, complaints and related procedures. n) Manage administrative, accounting, fiscal, financial and operational aspects. o) Make data transfers in corporate reorganization processes. p) Archiving, updating and processing informations. q) Protect the security of facilities and carry out physical security activities. r) Identify and control revenues and outputs, using CCTV recordings.

8.2. Individuals - Customers a) Collect information for commercial research and marketing. b) Store data for historical recording and market segmentation. c) Conduct satisfaction surveys and improve the quality of service. d) Verify legal, technical and financial requires. e) Resolve PQR's, issue answers and allow the exercise of rights. f) Validate and verify the identity of the owner to offer and provide products and services. g) Access third-party data for risk management. h) Consult data in information centers credit. i) Develop business relationships and their own activities.

8.3. Users and Visitors to the Plenti Website a) Provide access and ensure the proper functioning of the website. b) Continuously improve the experience of users and visitors. c) Remember preferences and offer personalized products, services and promotions. d) Create user and visitor profiles to optimize content. e) Make geographical references and personalize advertisements. f) Record usage and behavior patterns for statistical analysis. g) Monitor and ensure the correct use of the website.

8.4. Individuals - Suppliers and Contractors a) Contact to manage existing relationships. b) Verify legal, technical and financial requires. c) Store data for historical recording and commercial prospecting. d) Prevent fraud and inappropriate use of information. e) Develop business relationships and activities specific to them.

8.5. Individuals - Applicants, Employees, Former Collaborators a) Manage contracts, active personnel and payrolls. b) Contact to send information related to employment relations. c) Comply with internal policies and internal labor regulations. d) Perform procedures such as issuing labor certifications. e) Transmit information to other Plenti entities. f) Develop corporate welfare activities, training and programs. g) Identify operations that may involve fraud or other risks. h) Collect data through surveys to improve service quality.

Plenti, in compliance with current regulations, reserves the right to communicate, transmit or transfer the personal data provided by the owners to third parties, either inside or outside the national territory. This action will be carried out in accordance with Applicable Law.

Personal data may be shared with Plenti's partner companies, either inside or outside the country, as well as with business partners and commercial establishments that have a current contractual relationship with Plenti. These actions are carried out to fulfill the purposes authorized by the owners and to ensure the effective provision of services.

In some circumstances, Plenti may transmit or transfer data to third parties, either in Colombia or abroad. These actions will be carried out not only in countries with an adequate level of personal data protection, but also in those where Plenti and its associated companies offer products and/or services, and in those that are expressly authorized by the owners.

Acceptance of this policy implies the consent of the owners and the person responsible for Plenti to carry out data transmissions or transfers, either to cloud service providers located in jurisdictions with adequate levels of protection, or to managers appointed by Plenti, provided that it is authorized by the Data Controller and the Owner, or by legal or judicial mandate.

In our constant quest to improve your online experience, at Plenti we use cookies and identification technologies on various platforms, such as our website, electronic communications, advertisements and other online services. This allows us to understand your online behaviors and interests to provide you with a more personalized service.

How do we do it?

• User Authentication: We guarantee your security and privacy.
• Preference Reminder: We keep your settings and preferences.
• Popularity Analysis: We evaluate the relevance of our content.
• Advertising Effectiveness: We measure and improve our campaigns.
• Traffic Analysis: We understand trends and behaviors.

You are in control: you can configure your browser to accept, reject or receive notifications about the use of cookies. However, please note that refusing all cookies may affect the effectiveness of some of our products and services.

Links to Third Parties Our website may contain links to platforms operated by third parties. If you decide to explore these links, keep in mind that any processing of personal data by third parties will be subject to their own authorizations and policies. At Plenti, we are not responsible for the use, publication or disclosure of your personal data on third party pages. Explore with confidence!

At Plenti, we believe in the importance of empowering you over your personal data. As an owner, you have rights backed by Applicable Law:

a) Free Access: You can explore your data at no cost, it's yours!
b) Maintain Control: Update and correct your information so that it always reflects who you are.
c) Trust Test: Request proof of the authorization you have given us, transparency is key.
d) Let's Speak Clearly: If you see anything that doesn't comply with the law, let us know! We're here to listen to you.
e) You Decide: Revoke the authorization or ask to delete your data, provided that there is no legal or contractual duty that prevents it.
f) Protected Privacy: Your decision not to answer questions about sensitive data is fully respected.

Remember, the exercise of these rights is free and unlimited. We are committed to following the regulations that govern these processes. Your rights are personal, exclusive and will only be exercised by you, unless the law provides otherwise. At Plenti, your privacy is our priority, and we're here to make the handling of your data as clear and accessible as possible. Welcome to a space where your rights are fundamental!

‍We know that your data is important, and we want to hear from you. To exercise your rights, send your questions and complaints to our dedicated team at atencionalcliente@somosplenti.com. They are here to ensure that we comply with Applicable Law and address your concerns.
‍

We want you to be in control. You can revoke your authorization and request the deletion of your data in two situations: when you freely decide to do so or if we do not comply with established principles and rights. At Plenti, we respect your decisions and will take action in accordance with document retention regulations. If you believe that your information needs to be corrected, updated, or deleted, or if you see a breach of duty, you can file a complaint. Do it through:

• A letter to the address Cl. 7 Sur #42 -145, Medellín.
• An email to atencionalcliente@somosplenti.com.

Your claim must include: (i) your identification, (ii) a clear description of the facts, (iii) your contact and location details, and (iv) documents or evidence to support your claim. If something is missing, we'll let you know so you can complete it in five business days.

Plenti has 15 business days to deal with your complaint, and if we need more time, we will let you know the reasons and the new response date, which will not exceed eight additional business days. Our Customer Service team is responsible for receiving your requests, inquiries and complaints. They ensure that each area of Plenti responds in a timely and appropriate manner to your requests.

This policy is effective as of January 01, 2024. It will continue to be our guide, unless you decide to revoke or modify it expressly. Your trust is important to us, and we're committed to keeping you informed.