INTEGRAL PRIVACY NOTICE FOR WEBSITE

Identity and Address of the Data Controller.

Servicios y Mantenimiento del Futuro en Televisión S.A. de C.V., with a conventional address for the receipt of notifications at Insurgentes Sur 3579, Torre 3, PH, Colonia Tlalpan La Joya, Delegación Tlalpan, C.P. 14000, Mexico City, only for privacy and personal data protection issues (the "Controller"), undertakes the legitimate, controlled and informed processing of personal data (the "Personal Data") of its users (the "Data Subject"), in accordance with its privacy policy, in compliance with the Federal Law on Protection of Personal Data held by Private Parties (the "LFPDPPP") and other applicable secondary regulations, as well as national and international standards on personal data protection, with the purpose of guaranteeing privacy, the right to informational self-determination, and protection of Personal Data, which the Controller may collect through the following means: (i) in person, when the Data Subject physically provides them at our facilities, (ii) directly, when the Data Subject enters them through the website www.tvazteca.com (the "Website"), and the mobile application called TV Azteca en Vivo (the "Mobile Application"), (iii) directly, when the Data Subject provides them by phone, (iv) indirectly, when other companies transfer them to us, and (v) indirectly, when they are obtained through public access sources allowed by the LFPDPPP. The Controller provides the Data Subject with this comprehensive privacy notice (the "Privacy Notice") prior to the collection of Personal Data, in strict compliance with the principles of information, legality, consent, quality, purpose, loyalty, proportionality, and responsibility established in the LFPDPPP.

In connection with the services provided to the Data Subject, the Controller will process the Personal Data according to the type and categories established below:

Personal Data that will be subject to processing

Non-sensitive Personal Data

Identification: Name, last name, full address, age, marital status, date and place of birth, social media username, photograph or selfie, images and video recordings, official identification (type, number and validity), sex or gender.
Electronic and computer: Fixed telephone number, mobile, fax and email address, model of the smart device and operating system used, smart device ID, private identification number (PIN).
Labor: occupation, profession or trade.
Transit and migration movements: FM3, passport, visa or corresponding immigration document.

In accordance with Article 16 of the LFPDPPP, the Data Subject is informed that the Controller does not process sensitive Personal Data.

Personal Data of Minors and Incapacitated Persons

Due to the nature of the services offered, the Controller may process Personal Data of minors and incapacitated persons. In these cases, parents or legal guardians give express consent when subscribing to the Privacy Notice, in accordance with the current Federal Civil Code (the "CCF"). Consequently, the Controller will carry out an adequate processing of the Personal Data of minors and incapacitated persons, subject to the security and confidentiality duties established by the LFPDPPP.

Purposes of Personal Data Processing.

In order to provide the corresponding services, the Controller will allocate the Personal Data for the following purposes:

With whom Personal Data is shared.

The Owner accepts and acknowledges that the Responsible Party does not require his/her consent to carry out national or international transfers of Personal Data-, n terms of what is established by article 37 of the LFPDPPP, or in any other case of exception provided by the applicable legislation, understanding that the treatment that these third parties give to the Personal Data must comply with what is established in the Privacy Notice, provided they fall under the following situations:

  1. When the transfer is provided for by a Law or Treaty in which Mexico is a party.
  2. When the transfer is necessary for medical prevention or diagnosis, the provision of health care, medical treatment, or management of health services.
  3. When the transfer is made to controlling companies, subsidiaries, or affiliates under the common control of the Responsible Party, or a parent company, or to any company of the business group to which it belongs, that operates under the same internal processes and policies.
  4. When the transfer is necessary by virtue of a contract concluded or to be concluded in the interest of the Owner, by the Responsible Party and a third party.
  5. When the transfer is necessary for the safeguarding of a public interest, or for the procurement or administration of justice.
  6. When the transfer is necessary for the recognition, exercise, or defense of a right in a judicial process, and
  7. When the transfer is necessary for the maintenance or fulfillment of the legal relationship derived from the financial services and products formalized with the Responsible Party.

Limitation on the use or disclosure of Personal Data.

It is necessary to inform the Owner that in order to restrict, limit, and control the treatment of Personal Data, the Responsible Party has administrative, physical, and technical measures, in addition to establishing internal privacy policies and programs to prevent the disclosure of Personal Data, implementing various security controls. Personal Data will be treated in a strictly confidential manner, so that the collection, transfer and exercise of the rights derived from them, is through the appropriate, legitimate and lawful use, permanently safeguarding the principles of legality, consent, information, quality, purpose, loyalty, proportionality and responsibility.

Procedure for Exercising the Right of Access, Rectification, Cancellation, and Opposition ("ARCO Rights") and Revocation of Consent

As the owner has the right to the protection of personal data, access, rectification, and cancellation of such data, as well as to express their opposition or revocation, as established by the LFPDPPP, they may exercise their ARCO Rights or revoke their consent personally or through their legal representative, by generating and submitting the corresponding request to the Department of Personal Data of the Data Controller, for which the owner will execute the following steps:

Steps to Generate the ARCO Rights Request (the "Request")
First.- The owner must access the website https://www.datospersonalesgs.com.mx (the “DDP Website”);
Second.- After doing so, click on the "Exercise your ARCO Rights", section, in which the box (Register and Log in), will appear. The owner must fill in the indicated personal information to create their username and password (the "Profile"), and click the "Log in" button. Once the profile is created, the owner can closely monitor the Request.
Third.- Next, the owner will click on the "New Request" icon, in which a screen will appear ("Which companies do you want to consult?"), where they will locate the logo of the Data Controller to which they wish to submit the Request;
Fourth.- Finally, the owner will choose the type of ARCO Right they wish to exercise, or the revocation of consent, by completing the indicated information, and click on the "Submit Request" button.

The Department of Personal Data will receive the Request and will contact the owner through the established email for this purpose. Likewise, the owner can check the status of the Request at any time by clicking on the "Exercise your ARCO Rights" section and clicking on the "Request Tracking" icon.

In the case of an -access request-, it will proceed after verifying the identity of the owner or legal representative, as applicable, by issuing simple copies or electronic documents in the possession of the Data Controller, and free of charge, except for shipping costs or the cost of reproduction in copies or other formats. In the event that the owner repeats the request within a period of less than twelve months, they must cover the corresponding costs equivalent to no more than three days of the Minimum Wage in force in Mexico City, as established by the LFPDPPP.

Regarding -requests for rectification-, the owner must indicate the modification to be made and provide the documentation supporting the request.

For the purpose of requests for the cancellation of personal data, n addition to what is provided in the Privacy Notice, the provisions of Article 26 of the LFPDPPP will be followed, including the cases of exception for the cancellation of personal data indicated and those ordered by the Commercial Code and the LFT. If the cancellation request is granted, the owner's personal data will be deleted from any system or database under the responsibility of the Data Controller or their authorized processors.

In the case of -opposition requests-, the owner will have the right to oppose the processing of personal data at any time for legitimate reasons. If the request is granted, the Data Controller will not be able to process the data.

The right to oppose will not apply in cases where the processing is necessary for the compliance with a legal obligation imposed on the Data Controller.

In accordance with the LFPDPPP and the RLFPDPPP, the Data Controller will communicate to the owner, within a maximum period of 20 business days from the date of receipt of the request, the decision made, so that, if applicable, it can be enforced within 15 business days from the date the response is communicated.

The Responsible Person may deny access to personal data or refuse to carry out the rectification, cancellation, or opposition to the processing of personal data in the following cases:

The denial referred to in the preceding paragraph may be partial, in which case the Responsible Person shall carry out the access, rectification, cancellation, or opposition requested by the Holder. In the cases provided for above, the Responsible Person shall duly inform the Holder or legal representative of the reason for the decision within the time limits established for this purpose, by the same means by which the request was made or by the means indicated by the Holder. In case the Holder feels affected by the decision issued by the Responsible Person, the Holder may file a protection of rights action before the National Institute of Transparency, Access to Information and Protection of Personal Data (the "INAI").

Personal Data Department

For any clarification, comment, complaint, or disagreement regarding the privacy policy of the Responsible Person, the Holder may send his or her request to the Personal Data Department through the email datospersonales@tvazteca.com.mx, who will respond to the request within a maximum period of 20 business days. In case the Holder is prevented from generating and sending the ARCO Rights Request or expressing the revocation of his or her consent in terms of the Privacy Notice, due to technical failures of the DPD Website, the Holder may send it to the Personal Data Department through the email datospersonales@tvazteca.com.mx, after accreditation of the occurred failure, complying with the requirements and conditions considered by the LFPDPPP.

Cookies and Online Security Protocol

The Responsible Person obtains information, through the Website and the Mobile Application, by using cookies, understanding “Cookie” as the data file that is stored in the Holder's hard drive when he or she has access to the Website or the Mobile Application. These files may contain information such as the identification provided by the Holder or information to track the Holder's preference pages, to monitor his or her behavior as an internet user, to provide a better service and user experience when browsing the Website or the Mobile Application. A Cookie cannot read data or information from the Holder's hard drive or read cookies created by other sites or pages. In case the Holder wishes to reject cookies or accept them selectively, he or she.

Remote electronic communication mechanisms that automatically collect Personal Data

Some parts of the Website and Mobile Application may use Cookies and Web Beacons to simplify navigation. Cookies are text files that are automatically downloaded and stored on the user's computer hard drive when browsing a specific internet page, which allow the Internet server to remember some data about the user, including their purchase preferences for viewing pages on that server, name and password. Web Beacons, on the other hand, are images inserted on an Internet page or email, which can be used to monitor a visitor's behavior, such as storing information about the user's IP address, duration of interaction time on that page, and the type of browser used, among others. We inform you that we use Cookies and Web Beacons to obtain personal information from you, such as the following: (i) The type of browser and operating system you use; (ii) The Internet pages you visit prior to and after entering the Website or Mobile Application; (iii) The links you follow and stay on the Website or Mobile Application; (iv) Your IP address; (v) Location from which you visit the Website or have access to the Mobile Application and browsing statistics. These Cookies and other technologies can be disabled. You can search for information about known browsers and find out how to adjust cookie preferences on the following websites:

Microsoft Internet Explorer: https://www.microsoft.com/info/cookies.html
Mozilla Firefox: https://www.mozilla.org/projects/security/pki/psm/help_21/using_p riv_help.html
Google Chrome: https://support.google.com/accounts/answer/61416?co=GENIE.P latform%3DDesktop&hl=es
Apple Safari: https://support.apple.com/es- es/guide/safari/sfri11471/mac

In the case of using Cookies, the "help" button located on the toolbar of most browsers will tell you how to prevent accepting new Cookies, how to have the browser notify you when you receive a new cookie, or how to disable all Cookies.

Retention and Security of Personal Data

The Controller and/or its processors will keep the Personal Data for as long as necessary to process requests for products and/or services offered, comply with the legal relationship between the Data Subject and the Controller, as well as maintain accounting, financial and auditing records in terms of the LFPDPPP and current commercial, tax and administrative legislation.

The Personal Data processed by the Controller and/or its processors will be protected by appropriate administrative, technical, and physical security measures against damage, loss, alteration, destruction or unauthorized use, access or treatment, in accordance with the provisions of the LFPDPPP, administrative regulation derived from it, banking legislation and secondary rules issued by the competent authorities.

INAI. In the event that the Data Subject considers that their right to the protection of Personal Data has been violated by the improper processing thereof, they may file a complaint or report with the INAI, so they can consult the website www.inai.org.mx for more information.

Disclaimer

The Website, Mobile Application, as well as the DDP Website, may contain links, hyperlinks, or hypertexts "links," banners, buttons, and/or internet search tools that, when used by Data Subjects, transport them to other portals or internet sites that may be owned by third parties. Therefore, the Controller does not control such sites and is not responsible for the privacy notices they display, or, if applicable, their absence; the Personal Data that Data Subjects may provide through such portals or internet sites other than the Website, Mobile Application, and the DDP Website are their responsibility, so they must verify the privacy notice on each site they access.

Some links, banners and/or buttons that request Personal Data within the Website or the Mobile Application are the responsibility of third parties unrelated to the Controller, who are sometimes service providers, and therefore governed by their own terms and privacy policies. To learn more about this, we invite you to consult the terms and conditions section.

Google Assistant Privacy Policy

The question and answer content of the Google Assistant has been developed by the Controller for those data subjects who have an Android operating system smart device. The Google Assistant runs on systems provided by Google, so the Controller does not have the ability to access the messages and information that the data subject sends when using the Google Assistant or the responses it returns.

The Controller may receive non-personal identification information from Google about the use of the content of the Google Assistant. The information that the Controller receives is dissociated, that is, it does not allow the identification of the data subject and it is not possible to know the interaction carried out in the Google Assistant. Likewise, the Controller may only have information related to:

  1. Number of users who are using the Google Assistant.
  2. Geographical location data and user language.
  3. Type of device, quantity and frequency of use.

By using the content of the Controller through the Google Assistant, the data subject accepts the usage policies of the latter. The data subject may consult Google's privacy policy at https://policies.google.com/privacy which describes how Google collects and uses the data collected from the data subject. To learn about the Google Assistant policy, you can consult https://support.google.com/assistant/answer/7126196 nd if the data subject wishes to delete the activity performed in the Google Assistant, they can consult https://support.google.com/assistant/answer/7108295.

Modifications to the Privacy Notice

The Controller reserves the right to periodically update or modify the Privacy Notice in accordance with changes in information practices, in response to legislative developments, internal policies or new requirements for the provision of services. Such updates or modifications will be notified to the data subject through the Website or the Mobile Application, in the Privacy Notice section. The data subject is recommended and required to consult the Privacy Notice, at least every six months, to stay updated on the conditions and terms of the same.

Consent for the Processing of Personal Data

The data subject states that they have read, understood and accepted the terms set forth in the Privacy Notice, which constitutes -free, specific, unequivocal and informed consent-, including with respect to the changes established in the updates made to the same, with regard to the processing of Personal Data in compliance with the LFPDPPP and the Guidelines.

Last updated February 2023.

END OF DOCUMENT.