Sensitive data that ChessMap® processes in accordance with its relationship with each data subject, whether a natural person and/or legal entity.

• Image and/or voice.
• Current, past, or future physical and/or mental health status, as well as data on sexual life, including the following: diseases; sex; information on diagnoses; clinical tests and/or analyses; disabilities; incapacities; medical history; information and/or documentation related to psychosocial risks; information and/or documentation derived from complaints, reports, and/or judicial and/or administrative proceedings; information and/or documentation generated as a result of investigations.
• Asset-related data: rights and obligations relating to movable property; rights and obligations relating to immovable property; identification, rights and obligations relating to industrial property; intellectual property rights and obligations; identification, rights, and obligations; credit card information (card number, cardholder name, name of the issuing entity, expiration date), retirement fund, bank accounts, tax and/or social security status, accounting and/or tax information.
• Financial data: income; expenses; debts; losses; bankruptcy; commercial insolvency proceedings; obligations; investments; savings; insurance; bonds; trusts; loans; information and/or documentation on the administration and supervision of legal entities; bank statements; credit history; payment receipts; social and/or share participation in legal entities; value of social and/or share participation in legal entities.
• Data on a person’s legal, civil, and registry status: factual and legal status; information and/or documentation generated as a result of judicial and extrajudicial proceedings, trials, and processes; data relating to their affiliation, status, and participation in a trade union and/or political party; data on registrations and entries in registers under the control of public authorities; obligations and/or rights that must be fulfilled; data on the acquisition, constitution, transfer, modification, dissolution, and liquidation of rights and/or obligations; data on representation and supervision; marital status; licenses, permits; data on the registration, rectification, and modification of persons; data on marital status; filiation of natural persons; information on cohabitation; data on share capital; corporate purpose; identification, rights, and obligations with respect to ownership, rights, powers, and authority granted and/or conferred; type of participation, control, and/or influence in legal entities; country or jurisdiction of tax residence; location of titles, certificates, or documents evidencing ownership of the share and/or stock of a legal entity.
• Legal history and records: Information on legal cases; convictions; fines; penalties; criminal records; users and access codes to portals or websites for the fulfillment of an obligation or exercise of rights.
• Biometric data: fingerprints, signature, biometric and/or electronic signature, facial recognition, handwriting recognition, signature recognition.
• Data on immigration status: type of stay; entry, stay, and departure from the country; transit within and outside the country; immigration status; residence rights; insurance and repatriation; immigration alerts; refuge and/or asylum.
• Ethnic or regional origin: country of birth; country of nationality; country or region where the business is based.
• Data on ethnic or racial origin: identity and/or membership of a people, ethnic group or region, customs, habits, language, spoken language.
• Data on education, including the following: educational background, ability to read, ability to write.

Purposes not necessary for the processing of personal data.

• Send information or documentation issued by authorities for informational purposes.
• Send analyses, opinions, and studies of our own, of licensees, or of third parties for informational purposes.
• Send information about advertising campaigns and events of our own and/or those of licensees.
• Monitor user behavior on the website and/or applications.
• Conduct satisfaction surveys and obtain metrics on visits and interaction.
• Use anonymized data sets to improve the algorithms and/or artificial intelligence models used by Chessmap®.

When data subjects have given their consent to ChessMap® to process their personal data for purposes that are not necessary and no longer wish their personal data to be processed for such purposes, they may express their opposition by submitting their request and meeting the requirements set out in point "6.1.- Requirements for requests" of this privacy notice through any of the following means:

• By email to the following address:info@chessmap.mx , addressed to the data controller; and/or
• At the address located at 31 Sur, 915, La Paz, Puebla, Puebla, Mexico, postal code 72160, between 10:00 a.m. and 1:00 p.m., Monday through Friday, except for those days designated as holidays by the Federal Labor Law, by official order, as well as those designated as bank holidays.

Requests to be made by owners.

There are various requests that owners may make to ChessMap® in relation to their personal and/or sensitive data and/or the purposes of processing and transfers, which are indicated below: i) Limitation of use and/or disclosure; ii) Request for ARCO rights (access, rectification, cancellation, and opposition); and iii) Request for revocation of consent.

Depending on the request and/or requirement made by the owner, ChessMap® may take measures such as registering the owners on general or special exclusion lists. It should be noted that owners have the right to go before the authorities to receive the information and/or advice they require.

6.1.- Requirements for requests.

All requests made by data subjects must include the following:

• Señalar nombre completo del titular y, en su caso, el nombre completo de su representante legal;
• Indicar dirección para recibir notificaciones que incluya: calle, número de exterior y/o interior, colonia, municipio o delegación, estado, país, código postal;
• Señalar correo electrónico para recibir notificaciones;
• Indicar número de teléfono celular para recibir notificaciones;
• Precisar el tipo de solicitud que se formula;
• Manifestar los motivos de la solicitud y los fines pretendidos;
• Mencionar aquellos elementos y documentos para la ubicación de los datos personales o sensibles respecto de los cuales desea ejercer algún derecho;
• Estampar firma del titular o en su caso, del representante legal; y
• Adjuntar a la solicitud:
  • Copia simple de credencial oficial vigente del titular y, en su caso, del representante legal (Credencial para votar, pasaporte o licencia de conducir);
  • Cuando la solicitud sea formulada a través de un representante legal, se debe acompañar el documento que lo acredite con tal carácter;
  • Copia simple de documentos que considere necesarios; y
  • Copia simple de los documentos que faciliten la localización de los datos personales o sensibles sobre los cuales base su solicitud, si no cuenta con ellos, así deberá manifestarlo.
• Indicate the full name of the owner and, where applicable, the full name of their legal representative;
• Indicate the address for receiving notifications, including: street, exterior and/or interior number, neighborhood, municipality or district, state, country, and postal code;
• Indicate an email address for receiving notifications;
• Indicate a cell phone number for receiving notifications;
• Specify the type of request being made;
• State the reasons for the request and the intended purposes;
• Mention the elements and documents for the location of the personal or sensitive data for which you wish to exercise any right;
• Sign the request with your signature or, if applicable, with the signature of your legal representative; and
• Attach to the application:
• A simple copy of the current official ID of the holder and, if applicable, of the legal representative (voter registration card, passport, or driver's license);
• When the application is made through a legal representative, the document certifying their status must be attached;
• A simple copy of any documents deemed necessary; and
• A simple copy of any documents that facilitate the location of the personal or sensitive data on which your application is based. If you do not have these documents, you must state so.

6.2.- Response to requests.

When ChessMap® receives the request in question and according to the notification details provided by the owner or their legal representative in the request, the data controller will notify them of any of the following options, as appropriate:

• The admissibility of the request, within a period of 20 working days from the date of receipt of the request;
• The inadmissibility of the request, within a period of 20 working days from the date of receipt of the request;
• An extension of the period for responding to the request received, within a period of 20 working days from the date of receipt of the request;
• An extension of the period to comply with the request, within a maximum period of 20 business days from the date on which the admissibility of the request was notified; or
• One or more requests and/or clarifications regarding the request and/or the information and documentation provided and/or missing, within five days of the date of receipt of the request.
• In this case, the owner must respond within a period not exceeding 10 business days from the day following the date of receipt of the notification to comply. Thereafter, the protection department must comply, with the period beginning on the business day following receipt of compliance by the owner;
• If the owner does not respond within the aforementioned period, the request will be considered abandoned without liability for the personal data controller and/or ChessMap®.

To send requests, as well as to request more information about the simplified procedures, systems, and methods regarding personal data used by ChessMap® , please contact ChessMap® through any of the following means:

• Visit the address located at 31 Sur, 915, La Paz, Puebla, Puebla, Mexico, postal code 72160, between 10:00 a.m. and 1:00 p.m., Monday through Friday, except on days designated as holidays by federal labor law, by official order, or those designated as bank holidays; and/or
• Send an email to "info@chessmap.mx".

Use of cookies, web beacons, and technologies.

8.1.- ChessMap® has the website www.chessmap.mx, which uses its own and third-party cookies, as well as web beacons through which it collects the following categories of personal data: i) Identification data; ii) Contact data; and iii) Work/professional data. The categories of personal data are collected for the following processing purposes:

i. Issuing and following up on service quotes; ii) Providing the requested legal and/or consulting services; iii) Verifying the identity of the data subjects; iv) Referring data subjects to licensees and/or competent third parties; v) Schedule, conduct, analyze, and report on interviews, appointments, and meetings; vi) Build and maintain professional relationships within and outside of Mexico; vii) Integrate, safeguard, and transmit information and documentation to managers or third parties; viii) Issue opinions, audits, analyses, and technical and/or legal reports; ix) Contract, maintain, terminate, and enforce contractual rights and/or obligations, including employment rights and obligations; x) Verify the background and/or conflicts of interest of licensees, partners, and/or suppliers; xi) Retain data for the legal periods and, once these have expired, block or delete it securely; xii) Defend rights and interests in the event of complaints, claims, and/or litigation; xiii) Notify data subjects of material changes to the privacy notice and/or the terms of service; xiv) Safeguard communications sent and/or received through mailboxes managed by Chessmap® ; monitor, back up, and audit such infrastructure and/or associated systems for cybersecurity, fraud prevention and detection, compliance with legal obligations, and continuous improvement of service quality; allow access to messages, attachments, metadata, and/or logs only to ChessMap® , the licensee responsible for customer service, the external information technology team, and internal and/or external auditors, all subject to confidentiality obligations; to keep the entire content of emails for the maximum period allowed by applicable law, starting from the end of the relationship with the owner, and to delete or block them in advance when there is a request or express agreement from the owner and there is no legal impediment; xv) Process personal data using artificial intelligence solutions or platforms—either our own or those of third parties—to generate analyses, summaries, translations, drafts, and other deliverables that are essential for the proper provision of the legal and/or consulting services requested; xvi) Implement pseudonymization, encryption, and/or access control techniques for processing in artificial intelligence; xvii) Detect, contain, document, and notify personal data breaches; xviii) Manage risks of fraud, cybercrime, and identity theft; xix) Back up and/or restore databases to ensure business continuity; xx) Use work, productivity, and/or translation applications; xxi) Recruit, select, and/or hire personnel; xxii) Record, investigate, and/or resolve requests for access, rectification, cancellation, and opposition, limitation of use, revocations, and/or complaints.

i.i.- Necessary purposes: i) Issue and follow up on service quotes; ii) Provide the requested legal and/or consulting services; iii) Verify the identity of the owners; iv) Refer the owners to licensees and/or competent third parties; v) Schedule, conduct, analyze, and report on interviews, appointments, and meetings; vi) Build and maintain professional relationships within and outside of Mexico; vii) Integrate, safeguard, and transmit information and documentation to managers or third parties; viii) Issue opinions, audits, analyses, and technical and/or legal reports; ix) Contract, maintain, terminate, and enforce contractual rights and/or obligations, including labor rights; x) Verify the background and/or conflicts of interest of licensees, partners, and/or suppliers; xi) Retain data for the legal periods and, once these have expired, block or delete it securely; xii) Defend rights and interests in the event of complaints, claims, and/or litigation; xiii) Notify data subjects of material changes to the privacy notice and/or the terms of service; xiv) Safeguard communications sent and/or received through the mailboxes managed by Chessmap® ; monitor, back up, and audit such infrastructure and/or associated systems for cybersecurity, fraud prevention and detection, compliance with legal obligations, and continuous improvement of service quality; allow access to messages, attachments, metadata, and/or logs only to ChessMap® , the licensee responsible for customer service , the external information technology team, and internal and/or external auditors, all subject to confidentiality obligations; retain the full content of emails for the maximum period permitted by applicable law, counted from the end of the relationship with the owner, and delete or block them in advance when requested or expressly agreed by the owner and there is no legal impediment; xv) Process personal data using artificial intelligence solutions or platforms—either our own or those of third parties—to generate analyses, summaries, translations, drafts, and other deliverables that are essential for the proper provision of the legal and/or consulting services requested; xvi) Implement pseudonymization, encryption, and/or access control techniques for processing in artificial intelligence; xvii) Detect, contain, document, and notify personal data breaches; xviii) Manage risks of fraud, cybercrime, and identity theft; xix) Back up and/or restore databases to ensure business continuity; xx) Use work, productivity, and/or translation applications; xxi) Recruit, select, and/or hire personnel; xxii) Record, investigate, and/or resolve requests for access, rectification, cancellation, and opposition, limitation of use, revocations, and/or complaints. i.ii.- Non-necessary purposes: i) Send information or documentation issued by authorities for informational purposes; ii) Send analyses, opinions, and studies of our own, of licensees, or of third parties for informational purposes; iii) Send information about advertising campaigns and events of our own and/or of licensees; iv) Monitor user behavior on the website and/or applications; v) Conduct satisfaction surveys and obtain metrics on visits and interaction; vi) Use anonymized data sets to improve the algorithms and/or artificial intelligence models used by Chessmap® .

If the user wishes, they may block ChessMap's own cookies® and/or those of third parties, as well as web beacons, by following the instructions found in the user manuals and/or terms and conditions of the browser they are using. Below, ChessMap® provides guides for some browsers for the purposes of this paragraph (visiting or clicking on the links below is the sole responsibility of the owner who visits them):

• If you are using Google Chrome, please consult the following link: Delete, allow, and manage cookies in Chrome
• If you are using Mozilla Firefox, please consult the following link: Prevent websites from storing your preferences
• If you are using Safari, please consult the following link: Delete cookies in Safari on Mac
• If you are using Microsoft Edge, please consult the following link: Manage cookies in Microsoft Edge: view, allow, block, delete and use

Furthermore, ChessMap® has profiles on the internet applications LinkedIn, Instagram, Facebook, TikTok, Threads, X, and WhatsApp, through which it collects the following categories of personal data: i) Identification data; ii) Contact data; and iii) Employment/professional data.

The above is done to fulfill the following processing purposes:

• Necessary purposes of processing: i) Issuing and following up on service quotes; ii) Providing the legal and/or consulting services requested; iii) Requesting and managing quotes, proposals, and/or purchase orders from third parties; iv) Verifying the identity of the owners; v) Refer account holders to licensees and/or competent third parties; vi) Schedule, conduct, analyze, and/ te interviews, appointments, and meetings; vii) Conduct and/or analyze interviews, investigations, forms, and questionnaires; viii) Build and maintain professional relationships within and outside of Mexico; ix) Send and receive notifications related to services: x) Integrate, safeguard, and transmit information and documentation to managers or third parties; xi) Issue opinions, audits, analyses, and technical and/or legal reports; xii) Hire, maintain, terminate, and enforce contractual rights and/or obligations, including labor rights; xiii) Comply with tax, accounting, and/or auditing obligations; xiv) Verify the background and/or conflicts of interest of licensees, partners, and/or suppliers; xv) Retain data for the legal periods and, once these have expired, block or delete it securely; xvi) Defend rights and interests in the event of complaints, claims, and/or litigation; xvii) Notify data subjects of material changes to the privacy notice and/or terms of service; xviii) Ensure security in the offices and/or control access (video surveillance); xix) Safeguard communications sent and/or received through the mailboxes managed by Chessmap® ; monitor, back up, and audit said infrastructure and/or associated systems for cybersecurity, fraud prevention and detection, compliance with legal obligations, and continuous improvement of service quality; allow access to messages, attachments, metadata, and/or logs only to ChessMap® , the licensee responsible for customer service, the external information technology team, and internal and/or external auditors, all of whom are subject to confidentiality obligations; retain the full content of emails for the maximum period permitted by applicable law, counted from the end of the relationship with the owner, and delete or block them in advance when requested or expressly agreed by the owner and there is no legal impediment; xx) Process personal data using artificial intelligence solutions or platforms—either our own or those of third parties—to generate analyses, summaries, translations, drafts, and other deliverables that are essential for the proper provision of the legal and/or consulting services requested; xxi) Implement pseudonymization, encryption, and/or access control techniques for processing in artificial intelligence; xxii) Detect, contain, document, and notify personal data breaches; xxiii) Manage risks of fraud, cybercrime, and identity theft; xxiv) Back up and/or restore databases to ensure business continuity; xxv) Use work, productivity, and/or translation applications; xxvi) Recruit, select, and/or hire personnel; xxvii) Manage the employment relationship and/or its obligations; xxviii) Record, investigate, and/or resolve requests for access, rectification, cancellation, and opposition, limitation of use, revocations, and/or complaints.
• Non-necessary processing purposes: i) Send information or documentation issued by authorities for informational purposes; ii) Send analyses, opinions, and studies of our own, of licensees, or of third parties for informational purposes; iii) Send information about advertising campaigns and events of our own and/or of licensees; iv) Monitor user behavior on the website and/or applications; v) Conduct satisfaction surveys and obtain metrics on visits and interaction; vi) Use anonymized data sets to improve the algorithms and/or artificial intelligence models used by Chessmap® .

8.3.- Furthermore, ChessMap® , at its registered address at 31 Sur, 915, La Paz, Puebla, Puebla, Mexico, postal code 72160, has surveillance cameras and electronic devices that record video and/or audio, in color and black and white, such recordings are in the possession of ChessMap® for a period of 30 calendar days from the date of recording, unless for legal reasons such recordings must remain in its possession for a period longer than that indicated, and in each particular case such recordings collect the personal and sensitive data indicated in points 1 and 2- of this privacy notice in order to comply with the following necessary processing purposes described below:

• To provide the legal and/or consulting services requested.
• Verify the identity of the owners.
• Conduct and/or analyze interviews, investigations, forms, and questionnaires.
• Integrate, safeguard, and transmit information and documentation to managers or third parties.
• Defend rights and interests in the event of complaints, claims, and/or litigation.
• Ensure security in the offices and/or control access (video surveillance).
• Detect, contain, document, and report personal data breaches.
• Manage risks of fraud, cybercrime, and identity theft.
• Manage the employment relationship and/or obligations.

If the data subject objects to and/or requires any modification in the processing of their personal and/or sensitive data in accordance with points 8.1, 8.2, and 8.3 of this privacy notice, they must submit the corresponding request in accordance with point 6.- of this privacy notice at: i) the address located at 31 Sur, 915, La Paz, Puebla, Puebla, Mexico, postal code 72160, between 10:00 a.m. and 1:00 p.m., Monday through Friday, except on days designated as holidays by federal labor law, by official order, or those designated as bank holidays; or ii) by sending an email to "info@chessmap.mx ."