This Privacy Policy and Personal Data Processing aims to inform you about how we collect, use, store, and protect your personal data within the framework of our operations. “Personal Data” refers to information that identifies you and is related to you or other individuals (such as, for example, the people under your care who, directly or through you, provide us with their information).

The policy describes and explains how we handle the Personal Data collected through the website www.colurs.io (the “Site”) or through other physical or electronic means, whether current or developed in the future. For example: Information that you provide to us directly through physical or virtual forms, through which we collect and store the necessary information for the development of our corporate purpose, as well as all goods and services offered by the company. Depending on the service you use, we may also collect the following types of personal data:

• Contact Data: Name, email address, physical address, phone number.
• Browsing Data: Information about your device, IP, browser type, geographic location, access data, and browsing activity on our website and digital platforms.
• Payment Data: Information related to the purchase of our services, such as credit card or bank details, if online payment services are used.
• Data Related to the Use of Our Services: Information about how you interact with our platforms, contracted services, requests, and previous communications.

At COLURS, we take appropriate technical, organizational, and administrative measures to protect your personal data against unauthorized access, alteration, disclosure, loss, or destruction. These measures include the use of encryption, access controls, and security protocols in our systems.

By authorizing the processing of your personal data, the Data Subjects fully accept this Policy and its additions or modifications, which will be communicated to them through appropriate means, in accordance with current regulations.

The information provided by the Data Subjects will be used to enhance the contractual relationship or connection that arises with COLURS. By using our services, you agree to the practices described in this policy. We recommend that you read this document carefully to understand how we process your personal information.

The express or unequivocal authorization of the Data Subjects for the processing of their Personal Data and/or Sensitive Data implies acceptance for the processing of their Personal Data, which will be carried out in accordance with the provisions established in the policy and local regulations. In any case, this Policy may NOT be interpreted in any way contrary to the applicable laws and/or the rights that belong to the Data Subjects. Additionally, the purposes, measures, and procedures established for the processing of the Personal Data of the Data Subjects are outlined, as well as the mechanisms available to the Data Subjects to access, update, rectify, delete, and generally exercise their rights as holders of Personal Data.

COLURS, as the data controller, will make its best professional effort to maintain the Personal Data it receives from the Data Subjects, particularly Sensitive Data, under appropriate quality, protection, and security standards. Likewise, it will strive to ensure that the Personal Data and/or Sensitive Data collected receive the necessary technical and legal protection to guarantee their security, integrity, access, and confidentiality. In this regard, by authorizing the processing of their Personal Data, the Data Subjects expressly authorize COLURS to store their Personal Data and/or Sensitive Data in a manner it deems appropriate and adequate, and to comply with the required security for the protection of Personal Data and Sensitive Data, in accordance with the normal and reasonable standards applicable to the services of issuing and providing tickets for mass transportation, public events, parks, and public and private recreational areas, as well as other activities included in its corporate purpose.

The authorized channels for COLURS to collect Personal Data from the Data Subjects are:

A. Call Center.

B. COLURS App on Google Play Store: https://play.google.com/store/apps/details?id=app.colurs.iohttps://play.google.com/store/apps/details?id=com.COLURS.COLURS&hl=es_CO&gl=US

C. COLURS App on Apple Store: https://apps.apple.com/co/app/colurs/id6448200343https://apps.apple.com/co/app/COLURS/id1574045983

D.COLURS website: www.colurs.io

E. COLURS APIs and web developments on third-party websites and apps

F. Online sales through the page colurs.io

G. At our administrative offices.

H. At our customer service module: https://colurs.odoo.com/helpdesk/enviar-ticket-

COLURS will process the personal data of the individuals described below, who, for the purposes of these Privacy Policies and Data Processing, will be considered as Data Subjects:

• Clients
• Suppliers
• Partners
• Shareholders
• Investors
• Employees
• Former employees
• Pensioners
• Apprentices and interns
• Applicants for job vacancies
• Individuals in the selection process
• Contractors
• Any third party with a commercial or contractual relationship
• Representatives of control and oversight entities
• Business allies and strategic partners
• Family members of employees, contractors, promoters, clients, or buyers

The security measures implemented by COLURS aim to protect Personal Data and the information provided by the Data Subjects, in order to prevent its alteration, loss, unauthorized use, and access. To this end, COLURS diligently implements administrative, legal, and technical protection measures that are reasonably within its reach. The Data Subjects expressly accept this form of protection and declare that they consider it appropriate and sufficient for all purposes.

Similarly, third parties contracted or associated with COLURS are required to adhere to and comply with the information security policies and manuals, as well as the security protocols that COLURS applies to all its processes.

Every contract between COLURS and third parties (contractors, external consultants, temporary collaborators, clients, suppliers, etc.) that involves the processing of data includes a confidentiality agreement detailing their commitments to the protection, care, security, and preservation of the confidentiality, integrity, and privacy of the data.

COLURS protects Personal Data through encrypted databases, which can only be accessed and consulted with COLURS’s proprietary software.

COLURS also employs firewalls, intrusion detection systems, and virus detection tools to protect Personal Data from unauthorized access or viruses. Furthermore, COLURS takes reasonable measures to permanently destroy Personal Data when it is no longer needed. COLURS also imposes strict security and confidentiality requirements on all third parties regarding how to store and handle the Databases.

Different Uses of the Information

COLURS may use the information provided by the Holder for purposes other than those described in this Privacy Policy; for which it will inform through suitable means about any modifications to this Privacy Policy, so that the Holder can decide whether to accept or reject the new terms.

Personal Data of Minors and Incompetent Persons

COLURS does not collect information from individuals under the age of 18, those deemed incompetent, or those under guardianship; however, when information is obtained from any of these individuals, COLURS will require the authorization of the parent or guardian.

Duration

COLURS will collect the information and keep it available in its databases for as long as the company remains active and subject to rights and obligations. In any case, the Holder authorizes the processing of the information for a maximum period of one hundred years.

Holders may submit their requests, inquiries, complaints, or claims through any of the following channels:

By email to: hola@colurs.io.

Through our website www.colurs.io, via the customer service link.

Holders may exercise their rights or submit requests, inquiries, complaints, or claims in accordance with the procedures established in this Section.

The request, inquiry, or complaint will be addressed within a maximum term of fifteen (15) business days from the date of receipt.

If it is not possible to address the inquiry within that term, the interested party will be informed, stating the reasons for the delay and indicating the date when their inquiry will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

The Holder or their heirs who wish to exercise their rights, such as correction, updating, or deletion of their Personal Data being processed by COLURS, may submit their request in accordance with the procedure established in this Section.