To comply with Statutory Law 1581 of 2012 and Regulatory Decree 1377 of 2013, DIGITAL REALTOR ACADEMY LLC establishes this policy for the processing of personal data. The main purpose of this Policy is to inform the Data Subjects of their rights, the procedures and mechanisms provided by the company to enforce those rights, and to disclose the scope and purpose of the Processing to which their Personal Data will be subjected, in case the Data Subject grants their express, prior, and informed authorization. The company also reaffirms its commitment to the various stakeholders with whom it interacts and expresses its firm intention to respect all their rights, particularly through this document, their right to Habeas Data, privacy, and other related rights.

CHAPTER I

General Provisions

ARTICLE ONE: DEFINITIONS.

The following definitions establish the meaning of specific terms used in this document:

a)

Authorization:

The prior, express, and informed consent of the Data Subject to carry out the Processing of their personal data.

b)

Database:

The set of personal data that is subject to Processing, regardless of the method used.

c)

Financial Data:

Any Personal Data related to the creation, execution, and termination of financial obligations, regardless of the nature of the contract that gives rise to them, which is governed by the applicable regulations.

d)

Personal Data:

Any information related or relatable to a natural person.

e)

Public Data:

Data classified as such by law or data that is contained in public records, certificates, documents, or Databases with a public nature.

f)

Sensitive Data:

Personal data related to the privacy of the Data Subject or data that may lead to discrimination or differentiated treatment. This category also includes biometric data.

g)

Data Processor:

A natural or legal person, public or private, who, alone or in association with others, processes Personal Data on behalf of the Data Controller.

h)

Authorized Person:

A person and their dependents who, by virtue of Authorization and these Policies, are entitled to Process the Data Subject's Personal Data. The Authorized Person includes those who are legally enabled to do so.

i)

Enabling:

The authorization granted explicitly and in writing through a contract or similar document, by the Company to third parties, in compliance with applicable Law, for the Processing of Personal Data, turning such third parties into Data Processors.

j)

Data Controller:

A person authorized by the Data Subject who manages and makes decisions regarding the Database.

k)

Data Subject:

The natural person to whom the data stored in the Database refers and who is the subject of protection under the Law.

l)

Transfer:

The communication of personal data between the Data Processor and the Data Controller.

m)

Transmission:

The activity of Processing Personal Data through which it is communicated internally or to third parties, within or outside the country, for the purpose of conducting any activity related to the Processing of personal data.

n)

Processing of Personal Data:

Any activity aimed at processing Databases, as well as their transfer to third parties.

ARTICLE TWO: OBJECTIVE.

The Policy for the Processing of Databases and Information aims to establish the procedure for collecting, storing, using, and performing any activity related to personal data, ensuring the rights, freedoms, and constitutional guarantees, as well as the right to information, in accordance with the law and related regulations.

ARTICLE THREE: COMPLIANCE WITH LEGAL PROVISIONS.

The company declares that the guidelines for the Processing of personal data will adhere to the applicable legal regulations.

ARTICLE FOUR: PURPOSES OF DATA COLLECTION.

All data collected by the Company is intended to:

i) Generate and manage all necessary information to comply with tax, commercial, civil, labor, legal, and general obligations of the Company.

ii) Manage the Company’s relationships with clients, suppliers, shareholders, and other stakeholders, including but not limited to: providing information to financial entities for financial services; customer loyalty programs; customer service management; advertising; marketing; commercial management and contact; sending informative emails and physical correspondence; debt collection management; real estate sales, rentals, and exchanges; receiving and sending real estate offers; updating or correcting real estate data; sharing information with business partners; making administrative, commercial, and advertising calls (call center); and other activities necessary for contract execution and business operations.

iii) Ensure legal and contractual compliance.

iv) Verify the legal status of certain clients, contractors, or suppliers as required by law.

v) Retain physical or digital archives for the legally required period to allow future consultation by the Data Subject or authorities.

vi) Transfer and transmit Databases when necessary for debt collection, credit processing, legal actions, and other purposes specified in this document.

vii) Manage employee information related to payroll, social security, recruitment, employment contracts, and employee well-being.

viii) Conduct other activities necessary for providing effective services.

ARTICLE FIVE: PRINCIPLES.

The Company adheres to the following principles in the collection, storage, use, and management of personal data:

Principle of Legality: Processing is governed by the law.Principle of Purpose: Processing follows the purposes established in Article Four.Principle of Freedom: Processing is only conducted with the prior, express, and informed consent of the Data Subject.Principle of Veracity: Data must be truthful, complete, accurate, updated, verifiable, and comprehensible.Principle of Transparency: The Data Subject has the right to obtain information about their data at any time.Principle of Restricted Access and Circulation: Only authorized personnel may process the data.Principle of Security: The Company ensures minimum security standards for protecting data.Principle of Confidentiality: Personal data is treated as confidential, except as required by law or authorized by the Data Subject.

CHAPTER II

Rights and Duties

ARTICLE SIX: RIGHTS OF THE DATA SUBJECT.

Data Subjects have the right to:

Know, update, and rectify their Personal Data.Request proof of Authorization for Processing.Request information on how their data is being used.File complaints with competent authorities for legal violations.Revoke Authorization and request data deletion if legally applicable.Access their data for free.Be informed of changes to this Policy.Have easy access to this Policy and its modifications.Know which department or person is responsible for handling data-related requests.

CHAPTER III

Procedures

ARTICLE SEVEN: DATA PROCESSING RESPONSIBILITY.

The Company acts as both the Data Controller and the Data Processor, delegating specific responsibilities as necessary. The Company will:

Receive and process requests from Data Subjects.Respond to inquiries regarding the use of personal data.

ARTICLE EIGHT: PROTECTION MECHANISMS FOR DATA SUBJECTS.

Data Subjects may submit:

8.1. Requests for information

– The Company will respond within 10 business days, with a maximum extension of 15 days.

8.2. Complaints

– Complaints must be addressed to the Company, including identification, a description of the issue, and supporting documentation.

The Company will verify identity, request missing information within five days, and resolve the complaint within 15 business days (or extend by eight additional days if necessary).

VALIDITY

This Policy is effective from July 1, 2023 updated January 2025. Personal Data will be stored and processed as long as necessary for the stated purposes.

By enrolling in the Limitless Agent Membership, you acknowledge that you have read, understood, and agreed to these Terms and Conditions.