"Internacional Farmacéutica S.A. de C.V. (hereinafter “Internacional Farmacéutica”), located at Circuito de la Industria Poniente Lote 10–C, Parque Industrial el Cerrillo, Lerma de Villada, Estado de México, C.P. 52000, and with the website https://www.atramatvet.com/, is responsible for the treatment and protection of your personal data and hereby issues this Privacy Notice (hereinafter the "Privacy Notice") available to you, in compliance with the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties - Ley Federal de Protección de Datos Personales en Posesión de los Particulares- (hereinafter the "Law" or "LFPDPPP"), the Regulations of the Law (the "Regulations"), among other applicable provisions:

DEFINITIONS

Personal Data. Data about a living natural person who can be identified from such data (or from such data and other information in our possession or likely to come into our possession).

Usage Data. Data collected automatically, either generated by the use of the Service or by the Service infrastructure itself (for example, the duration of a page visit).

Confidentiality. Internacional Farmacéutica shall maintain absolute secrecy and strict confidentiality of all personal data and information provided to us, which shall be protected by the administrative, physical, and technical security measures established under applicable law.

ARCO Rights. The rights of Data Subjects to Access, Rectification, Cancellation, and Opposition, in accordance with the Privacy Notice and applicable legislation.

Primary Purposes. Primary Purposes of the processing of Personal Data shall be those processing purposes that give rise to the legal relationship between the Data Subjects and Internacional Farmacéutica; that is, information without which Internacional Farmacéutica would be unable to carry out the purchase and sale of its products and/or the provision of its services, as well as its relationship with suppliers.

Secondary Purposes. Secondary purposes of the processing of Personal Data shall be those which, while not essential to carry out the purchase and sale of products and/or the provision of services, contribute to their continuous improvement and enable Internacional Farmacéutica to offer its customers and suppliers a wide range of products with higher quality standards.

Data Subject. The individual to whom the personal data relates, which is collected, used, stored, transmitted, or processed by Internacional Farmacéutica, in accordance with the provisions of the LFPDPPP.

Data Controller. The natural or legal person who (either alone or jointly or in common with other people) determines the purposes for which, and the way, any personal information is, or will be, processed. For the purposes of this Privacy Notice, we are the Data Controller for your Personal Data.

Data Processors. Any natural or legal person who processes data on behalf of the Data Controller. We may use the services of various Service Providers to process your data more efficiently.

Revocation. Consent may be revoked by the Data Subject, except in cases where, due to a legal or contractual obligation, it is not possible to comply with the request for revocation of consent, whether partially or totally. The Data Subject must specify whether the revocation is partial or total, and whether it applies to data processed for Primary Purposes, Secondary Purposes, or both.

To learn about the consent revocation procedure, consult the section on means and procedures for exercising ARCO rights and requesting revocation of consent.

Data Subject or User. Any living individual who uses our Service and is a Subject of Personal Data.

Cookies. Text files that are automatically downloaded and stored on the hard drive of the Data Subject's computer equipment when browsing a specific Internet page, which allow the Internet server to remember some data about this Subject, including their preferences for viewing pages on that server, name, and password.

Web beacons. Images inserted into an Internet page or email, which can be used to monitor a visitor's behavior, such as storing information about the Subject's IP address, duration of interaction on said page, and the type of browser used, among others.

Supplier. A natural or legal person external to Internacional Farmacéutica who facilitates the sale of products and/or the offering of our services.

PURPOSE OF THE PRIVACY NOTICE

This Privacy Notice is made available to the Data Subject for the purpose of informing them, in accordance with the LFPDPPP, that they are the “Data Subject” of the Personal Data provided, and so that, through this Notice, they may be informed of the processing to which such data will be subject, as well as be provided with clear and sufficient information for the exercise of their ARCO Rights, which are described below:

1. The Data Subject has the right to access their Personal Data held by the Controller, except in the cases provided for under applicable law.

1. The Data Subject has the right to rectify their Personal Data when such data is inaccurate or incomplete.

1. The Data Subject has the right, at any time, to request the cancellation of their Personal Data. The Controller may deny the cancellation of data in the terms established by applicable law.

1. The Data Subject has the right, at any time and for legitimate reasons, to oppose the processing of their Personal Data.

It is important to inform you that the purpose of the LFPDPPP is to protect Personal Data held by private parties, with the aim of regulating its legitimate, controlled, and informed processing, to guarantee the privacy and the right to informational self-determination of individuals, in compliance with Article 16 of the Political Constitution of the United Mexican States.

This Privacy Notice shall apply to Data Subjects whose Personal Data is obtained directly, indirectly, or personally by the Controller through contracts, letters, requests for information, as well as through the various forms contained on the WEBSITE, or through any other means designated for such purposes that refer to this Privacy Notice.

MEANS OF COLLECTING YOUR INFORMATION

The Data Controller obtains, stores, and processes your personal information based on the current or future legal relationship existing with the Data Subject, as well as through records and the completion of forms submitted through the WEBSITE.

Likewise, the Data Controller may collect your personal data in person when such data are physically provided to any of its employees or authorized personnel; directly, when you or your legal representative provide them through technological or optical means; through a third party by way of a data transfer in order to comply with the Primary or Secondary Purposes; through correspondence designated for such purposes; through the WEBSITE; and indirectly through publicly available databases.

INFORMATION WE COLLECT

The personal data that the Data Controller collects directly, indirectly, and/or personally from its Data Subjects, clients, suppliers, and/or any individual related to its services include the following:

Identification Data: full name, email address, landline telephone number, mobile phone number, address, state, province, postal code, city, cookies and usage data, tax information (Federal Taxpayer Registration Number), and financial data.

USAGE DATA

We may also collect information regarding how the Service is accessed and used (“Usage Data”). Such Usage Data may include information such as your computer’s Internet Protocol (IP) address, browser type, browser version, the pages of our Service that you visit, the date and time of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

USE OF PERSONAL DATA

The personal data we collect from our clients shall be used for the following primary purposes, which are necessary for the provision of services and/or the purchase and sale of the requested products:

1. To receive, process, and follow up on requests for services, information, comments, and suggestions;

1. To verify and confirm the identity of the client, supplier, or any related individual, as well as the information provided;

1. To prepare and formalize agreements related to the provision of services;

1. To prepare quotations and respond to requests;

1. To process payments, apply charges, and issue refunds related to purchased products;

2. To comply with the contractual relationship arising from the use of the services provide through the WEBSITE , in accordance with the applicable terms and conditions;

1. To manage the shipment, delivery, return, and/or replacement of products, as well as to provide logistical tracking thereof;

1. To comply with commercial, tax, accounting, health, and regulatory obligations arising from the legal relationship with clients and suppliers;

1. To respond to requests from competent authorities, whether administrative, tax, health, or judicial, within the scope of their legal authority;

1. To provide technical support, customer service, and post-sale services related to purchased products;

1. To manage, control, and operate the services, digital platforms, and processes necessary for the sale, distribution, and delivery of products;

1. To maintain an updated internal record of clients and suppliers, as well as product traceability, in accordance with applicable regulations;

1. To comply with and respond to the exercise of ARCO rights;

1. To comply with health-related legal provisions and with the regulations applicable to the medical device industry in Mexico and abroad;

1. The processing of financial data shall be carried out exclusively with your prior, express, and informed consent, in addition to any other applicable legal basis. Such consent may be obtained through an unchecked box, verification code, or any other reliable mechanism that allows for the verification of your intent. These data are used for payment processing, refunds/returns, fraud prevention, and billing purposes. Failure to grant such consent may prevent the completion of the transaction. We will not use such data for purposes other than those stated herein without obtaining new express consent;

1. To respond to information requests from Data Subjects regarding our products or services.

Additionally, we may process your personal data for the following secondary purposes, which are not essential to the legal relationship but allow us to provide you with improved user experience:

1. To send communications for marketing, advertising, or commercial prospecting purposes, including satisfaction or quality surveys;

1. To invite you to events, training sessions, or activities organized by the company;

1. To provide you with information regarding new products, promotions, and offers related to the goods and services we commercialize.

The User may freely opt out of and revoke consent for these secondary purposes at any time through clear and simple mechanisms, such as checkboxes that may be accepted or unchecked on forms, or by sending an email to: privacy@atramat.com.

PROTECTION

The Data Controller has implemented technological and non-technological authentication measures to obtain the express consent of the data subject for the processing of personal data, where applicable.

Notwithstanding the foregoing, to ensure that personal data is processed in accordance with the LFPDPPP, the Data Controller complies with the following principles:

1. The purposes for which personal data are processed will be duly communicated, and only the data strictly necessary to fulfill such purposes will be collected; personal data shall not be used for purposes other than those set forth in this Privacy Notice.

1. Appropriate maintenance procedures will be carried out to ensure that personal data is accurate and up to date; where it is necessary to retain personal data, such retention shall be carried out in accordance with applicable law.

1. Security measures have been implemented to guarantee the protection of personal data.

DATA RETENTION

The Data Controller shall retain your personal data only for the period necessary to fulfill the purposes set forth in this Privacy Notice.

In any event, personal data shall be retained for the minimum period required to comply with applicable legal obligations, respond to requests from competent authorities, resolve disputes, and enforce rights arising from the legal relationship established, as well as for compliance with and observance of internal policies and legal agreements.

TRANSFER OF PERSONAL DATA

For the proper provision of its services, the Data Controller may disclose and/or transfer, in whole or in part, personal information to national or foreign third parties for the fulfillment of one or more of the purposes set forth in this Privacy Notice, in the following cases:

1. To third parties responsible for processing payments, as transactions are carried out through external service providers (e.g., banking institutions, credit or debit card payment platforms, electronic transfers, PayPal, or other payment methods), to whom the data necessary to authenticate and authorize such transactions may be transferred;

1. To affiliates and/or related parties of the Data Controller for verification, review, and certification purposes in tax and administrative matters;

1. To the Tax Administration Service and electronic invoicing service providers, in connection with the issuance and delivery of Digital Tax Receipts via the Internet;

1. To customer service providers, to offer you the best possible experience through our communication channels;

1. To our suppliers, to ensure the quality of our products, who are obligated to implement administrative, technical, and physical security measures to protect personal data and who may not use such data for purposes other than those set forth herein;

2. To third parties, to protect and defend the interests and rights of the Data Subject, the Data Controller, and/or other third parties;

1. To third parties, to protect the safety and/or interests of the Data Subject, personnel and/or affiliates, clients and suppliers, or the general public;

1. To competent authorities, to comply with requests or as required by applicable laws or regulations;

1. To send notifications of offers, notices, and/or promotional messages; communications for marketing, advertising, and/or telemarketing purposes regarding new or existing products and/or services; conduct statistical surveys and market studies regarding consumption habits, interests, and behavior; implement benefit and incentive programs; participate in social networks, chats, and/or discussion forums; participate in events, trivia, contests, raffles, games, and/or sweepstakes; evaluate service quality; and, in general, carry out any activity aimed at promoting, improving, and evaluating our services and/or products;

1. The Data Controller may transfer personal data contained in its databases to any of its controlling, subsidiary, affiliated, parent, or group companies that form part of the same corporate group, whether located within national territory or abroad, unless the respective data subjects expressly object thereto, in accordance with the provisions of the LFPDPPP;

1. To governmental institutions related to the health sector, for statistical purposes.

The personal data provided by Data Subjects shall not be transferred without their consent, except in the cases set forth in Article 36 of the LFPDPPP.

USE OF TOOLS FOR THE AUTOMATIC COLLECTION OF DATA

We use cookies and similar tracking technologies to ensure the proper functioning of our Website, facilitate the sale of products, store and manage session data, analyze browsing activity, and improve your user experience, in accordance with the provisions of our Cookie Policy.

The information that may be collected through cookies includes: the type of browser and operating system you use; the web pages you visit before and after accessing our Website; the links you follow, and the time spent on our Website; your IP address; the location from which you access the Website; and general browsing statistics.

You may configure your browser to reject all cookies or to notify you when a cookie is sent. However, if you choose not to accept cookies, certain features of our WEBSITE or the product purchasing process may be unavailable or may not function properly.

Examples of cookies we use include:

1. Session Cookies. We use session cookies to operate our Service, and they cannot be disabled.

1. Preference Cookies. We use preference cookies to remember your preferences and various settings.

1. Security Cookies. We use security cookies for security purposes.

1. Payment Security Cookies. Used to prevent fraudulent payment activities and identity theft.

When cookies are used, the “Help” button found on the toolbar of most browsers will provide instructions on how to prevent the acceptance of new cookies, how to configure the browser to notify you when a new cookie is received, or how to disable all cookies.

Likewise, these technologies may be disabled by following the procedures established by the internet browser you use. By way of example, for Google Chrome, please refer to: https://support.google.com

MINORS’ PRIVACY

Our Service is not intended for individuals under eighteen (18) years of age (“Minors”). We don´t knowingly collect personally identifiable information from anyone under the age of eighteen (18). If you are a parent or legal guardian and become aware that your child has provided us with Personal Data, please contact us at the following email address: privacy@atramat.com. If we become aware that we have collected Personal Data from Minors without verification of parental consent, we will take steps to remove such information from our servers.

LIMITATION ON THE USE AND DISCLOSURE OF INFORMATION

Within our email notification program, only the Data Controller has access to the information collected. This type of advertising is carried out through email notifications and promotional messages and through mobile applications, which will be sent exclusively to the Data Subject and to those contacts registered for such purpose. This preference may be modified at any time by sending a request via email to privacy@atramat.com or by submitting the request directly at our offices, where your request will be duly attended.

Emails sent by the Data Controller may occasionally include offers from third parties that are our commercial partners.

Notwithstanding the foregoing, the Data Controller may be required to disclose your Personal Data if so, required by law or in response to valid requests from competent authorities (for example, administrative and/or judicial authorities).

DATA SECURITY

The security of your personal data is of the utmost importance to the Data Controller; however, it is important to note that no method of transmission over the Internet or method of electronic storage is completely secure.

Notwithstanding the foregoing, we have implemented reasonable and commercially accepted administrative, technical, and physical security measures designed to protect your personal data against damage, loss, alteration, destruction, unauthorized use, access, or processing.

DISCLAIMER OF LIABILITY

Our WEBSITE may contain links, hyperlinks, and/or hypertext links, banners, buttons, and/or Internet search tools which, when used by Data Subjects, redirect them to other portals or websites that may be owned or operated by third parties. The Data Controller does not control such third-party sites and is not responsible for the privacy notices they display or for the personal data that Data Subjects may provide through such portals or websites other than the WEBSITE. Data Subjects are responsible for reviewing the applicable privacy notice of each site they access.

Likewise, our Website may provide social media features that allow you to share information from the WEBSITE on your social networks and to interact with such platforms. The use of these features may involve the collection or sharing of information about Data Subjects, depending on the specific functionality used. We recommend that you review the settings and privacy policies of the social media platforms with which you interact to ensure that you understand what information may be collected or shared on those sites.

EXERCISE OF ARCO RIGHTS

Data Subjects shall be entitled to exercise their rights of Access, Rectification, Cancellation, and Opposition, commonly referred to by their Spanish acronym as “ARCO Rights,” as granted under applicable data protection legislation.

Access. In accordance with Article 22 of the Law, the Data Subject has the right to obtain from the Data Controller their personal data, as well as information regarding the conditions and general aspects of the processing thereof

Rectification. Pursuant to Article 23 of the Law, the Data Subject may at any time request that the Data Controller rectify personal data that is inaccurate or incomplete.

Cancellation. In accordance with Article 24 of the Law, cancellation entails the cessation of the processing of personal data by the Data Controller, through the blocking thereof and their subsequent deletion.

Opposition. Pursuant to Article 26 of the Law, the Data Subject may at any time object to the processing of their personal data or request that such processing cease for specific purposes, in the cases provided for in Article 109 of the Regulations.

For the exercise of ARCO Rights (Access, Rectification, Cancellation, and Opposition), as well as for the revocation of consent or the limitation of the use or disclosure of personal data, the Data Subject may submit a request to the following email address: privacy@atramat.com.

It is important to note that, in the process of addressing such request, consideration shall be given to ensure that the exercise of these rights does not hinder compliance with any applicable law, court order, or the fulfillment of obligations arising from the legal relationship between the Data Subject and the Data Controller. Accordingly, please be advised that not all requests may be granted, nor may the use of personal data be terminated immediately in all cases.

For your convenience, we provide below a sample request text for executing ARCO Rights:

(Place and Date)

Personal Data Department

REFERENCE: Request for the Exercise of Personal Data Rights

Dear Sir or Madam:

I hereby submit a request to exercise the following right: _______ (a brief, clear, and precise description of the personal data with respect to which the right is to be exercised, as well as the specific right being requested), which were provided through the domain or website ____ (please indicate the website through which the aforementioned data were provided). For identification purposes, I hereby identify myself with ______ (please indicate and attach a copy of the document used for identification). All of the foregoing is submitted in accordance with your company’s Privacy Notice.

Sincerely,

Name – where applicable, and signature of the data subject or their legal representative – (in such case, the corresponding identification document or proof of the representative’s authority may be required).

The timeframes applicable to the processing of a request for the exercise of ARCO Rights are as follows:

i.               If the information provided in the request is insufficient, the Data Controller may require the Data Subject to submit the elements or documents necessary to process the request within a period of fifteen (15) business days from the date the request is received or otherwise issue a response

ii.             The Data Subject shall have a period of ten (10) business days to respond to the request made by the Data Controller.

iii.            The Data Controller shall issue a response to the request submitted by the Data Subject within a period of twenty (20) business days.

iv.           Where applicable, the period to implement or give effect to the response issued by the Data Controller shall be fifteen (15) business days counted from the date such response is notified to the Data Subject.

AUTHORITY

If the Data Subject considers that their rights regarding the protection of personal data have been violated, they have the right to resort to competent authority to defend the exercise of such rights. The competent authority is the Mexican Data Protection Authority the Anti-Corruption and Good Governance Ministry (Secretaría Anticorrupción y Buen Gobierno) whose official website is: https://www.gob.mx/buengobierno

UPDATES AND/OR MODIFICATIONS

This Privacy Notice may be subject to amendments, changes, or updates as a result of new legal requirements; our own needs arising from the products or services we offer; changes in our business model; or other causes.

Any modification or update to this Privacy Notice shall be published on the WEBSITE with at least fifteen (15) calendar days prior notice, or as otherwise required by applicable law, so that the Data Subject may, if deemed necessary, express their objection to the new processing of their personal data.

ACCEPTANCE OF THE PRIVACY NOTICE

By acknowledging that you have read this Privacy Notice and by not expressing any objection to the processing or transfer of your personal data, it shall be understood that you have granted your consent thereto. The use of our services by the Data Subject constitutes confirmation that the Data Subject has read, understood, and agreed to the terms set forth herein.