Privacy Notice - DigyBot

At DigyBot, we are committed to protecting your privacy and personal data

1. IDENTITY AND ADDRESS OF THE RESPONSIBLE PARTY

In accordance with article 15 of the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), the company DIGYTO SOLUTIONS S.A. DE C.V., hereinafter "DIGYTO", with tax domicile at Av. Pedro Henríquez Ureña No. 444 Interior Marsella C5 D401, Col. Pedregal de Coyoacán, Delegación Coyoacán, CDMX C.P. 04330, makes this Privacy Notice known to you.

2. PERSONAL DATA AND SENSITIVE DATA SUBJECT TO PROCESSING

As part of our business activities, we need to collect and process personal identification data, address data, contact information, financial assets, academic and employment information from our employees, suppliers, customers, and other third parties related to DIGYTO, all for the purpose of fulfilling the primary and necessary purposes outlined in this Privacy Notice.

Likewise, we inform you that to fulfill the purposes indicated in this Notice, DIGYTO may collect and process the following sensitive personal data: Personal data.

We inform you that the processing of the aforementioned sensitive personal data is intended for DIGYTO to comply with obligations arising from the legal relationship we have with the Data Subject. We commit to treating them under strict security measures, always guaranteeing their confidentiality.

Consent will not be necessary for the processing of Personal Data when:

• It is provided for in a Law.

• The data appears in publicly accessible sources.

• The Personal Data undergoes a prior dissociation procedure.

• It has the purpose of fulfilling obligations arising from a legal relationship between the Personal Data Subject and DIGYTO.

• There is an emergency situation that could potentially damage an individual's property or person.

• A resolution is issued by a competent authority.

2.1 DETAILED INFORMATION ON PERSONAL DATA PROCESSING

Personal Data is collected for the following purposes and using the following services:

REGISTRATION AND AUTHENTICATION

By registering or authenticating, the User allows this Application to identify them and give them access to dedicated services.

Depending on what is indicated below, registration and authentication services may be provided with the assistance of third parties. In such case, this Application may access some Data stored by the third-party service used for registration or authentication.

Some of the services listed below may also collect Personal Data for targeting and profiling purposes; for more information, please consult the description of each service.

GOOGLE OAUTH (Google LLC)

Google OAuth is a registration and authentication service provided by Google LLC and connected to the Google network.

When using our application/service and authenticating through Google, we may collect the following information:

• Google profile information (name, email address, profile photo, etc.).
• Access to Google Calendar to create events on behalf of the user.

The collected information is used to:

• Authenticate the user through Google to access the service.
• Create events in Google Calendar according to user instructions.

2.2 ADDITIONAL LIMITS ON THE USE OF YOUR GOOGLE USER DATA

Notwithstanding any other provision in this Privacy Notice, if you provide Digyto access to your Google data (for example, when you enable the Google Calendar feature), Digyto's use of that data will be subject to these additional restrictions:

Digyto will only use the access to create, view or edit calendars (only new calendars created for the interaction of Digyto events, the user and their clients), so we will not access previously created calendars or personal calendars. This is to allow scheduling events and reminders between users and thus maintain an organized itinerary.

Digyto will not use this calendar or login data for other purposes.

Digyto will not allow humans to read this data unless we have your affirmative agreement for specific messages; doing so is necessary for security reasons, such as investigating abuse, to comply with applicable law or for Digyto's internal operations and even then only when the data has been aggregated and anonymized.

Digyto's use of information received and Digyto's transfer of information to any other application from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2.3 INFORMATION WE COLLECT FROM THIRD PARTIES

Registration through federated authentication service providers:

You can sign in to Digyto services using supported federated authentication service providers, such as Google. These services will authenticate your identity and give you the option to share certain personal information with us, such as your name and email address. You should verify your privacy settings in each Integrated Service to understand what information from that Integrated Service is made available to us and make necessary changes. Carefully review the terms of use and privacy policies of each Integrated Service before using their services and connecting to our Service.

References:

If someone has recommended any of our products or services to you through any of our referral programs, that person may have provided us with your name, email address and other personal information. You can contact us at hola@digyto.mx to request that we remove your information from our database. If you provide us with information about another person, or if another person provides us with your information, we will only use that information for the specific reason for which it was provided to us.

Information from our reseller partners and service providers:

If you contact any of our reseller partners, or express interest in any of our products or services, the reseller partner may pass your name, email address, company name and other information to Digyto. Digyto may also receive information about you from review sites if you comment on any review of our products and services, and from other third-party service providers we hire to market our products and services.

Information we collect and process when you integrate the Service with third parties:

You can connect third-party integrations to your Digyto account, which may request certain permissions to access data or send information to or from your Digyto account. It is your responsibility to review any third-party integration you authorize. We may collect information about what types of integrations you use in your Digyto account. Any permission granted by you gives these third parties access to your data, which may include (among others) granting access to third-party applications to view, store and modify your Digyto account data. We are not responsible for the practices of third-party integrations, so carefully review the permissions you grant to third-party applications.

Information from social networking sites and other publicly available sources:

When you provide feedback or reviews about our products, interact or engage with us on marketplaces, review sites or social networking sites such as Facebook, Twitter, LinkedIn and Instagram through posts, comments, questions and other interactions, we may collect such publicly available information, including profile information, to enable us to connect with you, improve our products, better understand user reactions and issues, or reproduce and publish your comments on our websites. We must inform you that once collected, this information may remain with us even if you delete it from these sites. Digyto may also add and update information about you, from other publicly available sources.

3. PROCESSING PURPOSES

The primary purposes for which DIGYTO may request, obtain, store and/or use Personal Data necessary to fulfill obligations arising from our legal relationship:

Primary Purposes

• For your employment or commercial hiring.
• To carry out all activities necessary for the legal relationship between us.
• To send you information on matters related to the employment or commercial relationship between us.
• To hire the necessary services to deliver the economic and in-kind benefits agreed upon and pre-established in the contracts.
• For statistical purposes and preparation of periodic reports.
• To keep our databases updated.
• To carry out all procedures before the corresponding authorities.
• To maintain a file and control of occupational health programs.

The secondary purposes for which DIGYTO may request, obtain, store and/or use Personal Data are the following:

Secondary Purposes

• For communication, promotion and dissemination purposes through physical and electronic means, of our products and/or services.
• Quality measurement and product and service satisfaction surveys.

In no case will any use other than those indicated herein be given to any Personal Data collected, unless there is a change in this Privacy Notice in accordance with what is established in section 10.

4. PERSONAL DATA TRANSFER

The Data Subject understands and accepts that DIGYTO is authorized to transfer the Data to third parties, respecting at all times the purposes provided in this Privacy Notice. Based on articles 36 and 37 of the Federal Law on Protection of Personal Data Held by Private Parties, Personal Data and/or Sensitive Personal Data may be lawfully transferred for the purposes established in this Privacy Notice to:

• Subsidiary, affiliated, related, controlling, and/or controlled companies of DIGYTO within the national territory or abroad.

• When the transfer is necessary to provide products and services or to fulfill contracted employment or commercial relationships.

• To third parties in matters of customer service and studies related to the provision of DIGYTO products and services.

• Third parties such as marketing agencies that participate with DIGYTO to be able to offer their products and services in terms of what is established by the applicable regulation on Personal Data.

The Data Subject accepts that by providing their Personal Data, they will be subject to the transfers mentioned in this Privacy Notice. To revoke consent, it will suffice for the data subject to submit the corresponding request at DIGYTO's address in compliance with what is established in section 5.

5. MEANS AND PROCEDURE TO EXERCISE ARCO RIGHTS

To exercise your ARCO rights (access, rectification, cancellation and opposition), you must send an email to the address hola@digyto.mx from Monday to Friday from 9:00 to 18:00 hours, on business days, as appropriate. In order to process any request for access, rectification, cancellation or opposition, you must send an email to the indicated address and attach the following:

• The name of the Data Subject, address and/or any other means to communicate the response to your request.
• Documents that prove the identity or, where appropriate, the legal representation of the Data Subject.
• A clear and precise description of the Personal Data with respect to which you seek to exercise any of the aforementioned rights.
• Any other element or document that facilitates the location of the Data Subject's Data.
• Clearly specify whether the request is for access, rectification, cancellation or opposition.
• The reason for the request.
• The modifications to be made, in case the request is for the rectification of Personal Data and provide the documentation that supports your request.

In case the information provided in the ARCO Request is insufficient or erroneous to address it, or the necessary documents to process it are not attached, DIGYTO will require the data subject or their representative, within 5 business days following receipt of the ARCO Request, only once, to provide the elements or documents necessary to process it. The data subject or their representative will have 10 business days counted from the day following receipt of the requirement to respond to it.

DIGYTO will respond to the ARCO Request with the determination reached, within 20 business days counted from the receipt of the request, or in case additional information or documents have been requested, within 20 business days counted from the day following the submission of the response to the requirement.

If the ARCO Request is appropriate, DIGYTO will make the determination reached effective within 15 business days counted from when the response is communicated to the data subject or their representative. In the case of ARCO Requests on the right of access to personal data, their delivery will be made after proving the identity of the data subject or their representative.

DIGYTO may extend the deadlines to respond to an ARCO Request, and/or to make the determination reached effective, only once, for periods equal to those indicated in each case, provided it considers that the circumstances of the case justify it. In such cases, DIGYTO will notify the data subject or their representative, the circumstance(s) that justify the extension, within each of the original deadlines to respond or make the determination reached effective.

Responses to ARCO Requests will be delivered to the data subject or their legal representative in simple copies or in electronic file according to the type and quantity of documents involved in each case.

To revoke consent, it will suffice for the data subject to submit their request at DIGYTO's address. DIGYTO will make said request effective, as long as it is not personal data necessary for the existence, maintenance and fulfillment of its legal relationship with the data subject.

DIGYTO may deny access, rectification, cancellation or opposition to the processing thereof, in the following cases:

• When the applicant is not the owner of the personal data, or the legal representative is not duly accredited to do so.
• When the applicant's personal data is not found in its database.
• When the rights of a third party are harmed.
• When there is a legal impediment, or the resolution of a competent authority that restricts access to personal data or that does not allow the rectification, cancellation or opposition thereof.
• When the rectification, cancellation or opposition has been previously carried out.

6. MECHANISMS AND PROCEDURES FOR THE DATA SUBJECT TO REVOKE THEIR CONSENT

DIGYTO will be authorized to give the treatment it deems appropriate to Personal Data, as long as it is carried out in accordance with the purposes indicated in subsection (a) of Section 3 of this Privacy Notice. For the treatment of the purposes indicated in subsection (b) of the aforementioned Section, DIGYTO may carry out such treatment until it receives the refusal from the Data Subject.

In order for the Data Subject to express their refusal in this regard, they must contact DIGYTO through the procedure established for the exercise of ARCO Rights indicated in Section 5 of this Privacy Notice.

7. IDENTITY AND ADDRESS OF THE RESPONSIBLE PARTY

8. OPTIONS TO LIMIT USE OR DISCLOSURE

To comply with the purposes of this Privacy Notice, as well as to be able to process Personal Data, it is possible that DIGYTO delivers all or part of the Data to third parties who may be natural or legal persons, national or foreign, subsidiary or affiliated companies, including suppliers of goods or services, who need to know this information, including information storage servers, who will be obliged, by contract, to maintain the confidentiality of Personal Data and in accordance with what is established in this Privacy Notice. Receiving third parties may be industrial, commercial and/or service companies.

DIGYTO commits to have sufficient and necessary legal and security measures to ensure that your Personal Data remains confidential and secure.

9. COMMUNICATION BY USE OF COOKIES, WEB BEACONS OR SIMILAR

In case the Data Subject provides their Data through electronic means, including DIGYTO's website (Internet), the Data Subject understands, accepts and acknowledges that:

• DIGYTO's website may include links to third-party websites, which if accessed, will cause you to leave DIGYTO's website, for which DIGYTO assumes no responsibility in relation to those third-party websites.

• DIGYTO's website may include links to sites that manage social networks, in which case the Data Subject accepts that by providing any type of information or Data on such sites, it may be read, viewed, accessed, retransmitted and processed by any person, and therefore releases DIGYTO from any responsibility.

Cookies:

They are data files that are stored on the hard drive of a user's computer equipment or electronic communications device when browsing a specific Internet site, which allows the exchange of status information between said site and the user's browser. The status information may reveal session identification means, authentication or user preferences, as well as any other data stored by the browser regarding the Internet site.

Web beacons:

They are a visible or hidden image inserted within a website or email, which is used to monitor user behavior in these media. Through these, information can be obtained such as the source IP address, browser used, operating system, time the page was accessed, and in the case of email, the association of the above data with the recipient.

DIGYTO may use cookies or web beacons on its website to facilitate navigation and to obtain greater efficiency by facilitating the personalization of services offered to visitors. Cookies or web beacons used on DIGYTO websites do not provide references that allow deducing the visitor's name and surname and cannot read data from their hard drive or include viruses in their texts. It is also not possible to read cookies implanted on the visitor's hard drive from other servers. The visitor can configure their browser to accept or reject all cookies or web beacons by default or to receive a screen notice of the reception of each cookie or web beacons and decide at that time whether or not to implant it on their hard drive.

10. CHANGES TO THE PRIVACY NOTICE

This Privacy Notice may undergo modifications, changes or updates derived from new legal requirements; from our own needs for the products or services we offer; from our privacy practices; from changes in our business model, or for other reasons.

It is our commitment to keep you informed about the changes that this Privacy Notice may undergo through this same page.

Last update date: December 15, 2025