Ritch, Mueller y Nicolau, S.C. is firmly committed to safeguarding personal data and preserving the privacy of our clients, professionals, partners, suppliers, and all parties involved.

In compliance with the Federal Law on the Protection of Personal Data Held by Private Parties (the "Law") and the Regulations of the Federal Law on the Protection of Personal Data Held by Private Parties (the "Regulations"), Ritch, Mueller y Nicolau, S.C. (the "Controller"), domiciled at Avenida Pedregal No. 24 - 10th floor, Colonia Molino del Rey, C.P. 11040, in Mexico City, is aware of the importance of the legitimate, controlled and informed treatment of the Personal Data provided by its partners, and is responsible for the use, treatment and protection of the same. For the aforementioned reasons and in order to guarantee the privacy and the right to informational self-determination of individuals, we provide you with this privacy notice (the "Privacy Notice").

Capitalized terms used in this Privacy Notice that are not defined herein shall have the meaning attributed to them by the Law and/or the Regulations.

What Personal Data will we use for these purposes?

The Controller may collect from you the Personal Data mentioned below by categories: (a) Identification; (b) Contact; (c) Labor; (d) Academic; (e) Patrimonial and/or Financial; (f) Third party data: person(s) to be notified in case of emergency and when applicable, data of spouse, common-law spouse, children, and/or other relatives; as well as images and sounds captured by our video surveillance cameras.

When Personal Data is provided directly by the Data Owner, it will be presumed that it complies with the quality principle until the Data Owner does not state and prove otherwise, or until the Controller has objective evidence to contradict it. The Controller may carry out the investigations and actions deemed necessary, in order to verify directly or through third parties hired for this purpose, agency or authority, the veracity of the data provided to them. Consent will not be necessary for the processing of Personal Data as long as it complies with one of the assumptions provided in Article 10 of the Law.

We inform you that our website uses its own and third party cookies, which allow us to improve the performance and scope of our services.

Do we collect Sensitive Personal Data?

We inform you that we do not collect Sensitive Personal Data. However, according to the environment in which the different data are treated and the level of risk that their treatment generates to the Data Owner, Financial Data may be considered as Sensitive Personal Data, which for any reason we cannot unilaterally dispose of without prior express written authorization from the Data Owner.

What are the purposes of the processing of Personal Data?

The Personal Data that we collect from you, may be used for the following primary purposes, among which are: (i) Identification and contact; (ii) Integration of your file as a Partner of Ritch, Mueller y Nicolau, S.C. (iii) Making payments to you; (iv) Assigning, documenting and controlling the equipment provided to you; (v) Providing you with training courses; (vi) Presenting service proposals to clients; (vii) Controlling access and maintaining security in the facilities; (viii) Contacting, in emergency or necessity situations, the people you have indicated as references; and (ix) Fulfilling legal obligations before authorities of different nature.

We will not use your Personal Data for secondary purposes.

We inform the Data Owners that, when the Personal Data is no longer necessary for the fulfillment of the purposes mentioned above or for the fulfillment of the legal obligations in charge, we will proceed to block the Personal Data, and subsequently to its cancellation.

What are the security measures in the processing of Personal Data?

The Controller has adopted technical, administrative and physical security measures necessary to ensure the integrity of your Personal Data and to avoid its damage, loss, alteration, destruction or unauthorized use, access or processing. However, it is clear that no data transmission over the Internet is completely secure and therefore, the Controller cannot guarantee that the processing of your Personal Data will be free from any damage, loss, alteration, destruction or unauthorized use, access or processing.

Only the personnel authorized by the Controller, and who have complied with and observed the corresponding confidentiality requirements, may participate in the processing of your Personal Data. Authorized personnel are prohibited from allowing access to unauthorized persons and from using your Personal Data for purposes other than those described. The obligation of confidentiality of the persons involved in the processing of your Personal Data subsists even after the termination of the relationship with the Controller.

With whom do we share your Personal Data?

National or international transfers of Personal Data may be carried out without the consent of the Data Owner when any of the circumstances set forth in article 37 of the Law apply. Additionally, in this act the Data Owner grants his consent so that the Controller may transfer his Personal Data to third parties that collaborate or work with him in order to comply with the purposes set forth in this Privacy Notice.

The Controller shall ensure, to the possible extent, that such third parties maintain adequate administrative, technical and physical security measures to protect your Personal Data against damage, loss, alteration, destruction or unauthorized use, access or processing of your Personal Data, as well as that they comply with the provisions of this Privacy Notice. The Controller does not assign, sell or transfer your Personal Data to third parties that have no relationship with the Controller.

Means to exercise the Rights of Access, Rectification, Cancellation and Opposition (ARCO), as well as to exercise the right to limit the use and disclosure of your Personal Data, or revoke consent for the processing of such.

The exercise of any of these rights may be requested by you or your legal representative, by submitting a request via email to privacidaddedatos@ritch.com.mx. The request must include: (i) the full name of the Data Owner, (ii) a copy of the official identification of the Data Owner, (iii) a clear and precise description of the Personal Data with respect to which the ARCO rights will be exercised, or indicating briefly in writing what the revocation request refers to, (iv) as well as identifying and/or specifying which ARCO right(s) you wish to exercise. In case it is submitted through a legal representative, the identity and personality of the latter must be accredited.

It is important that you take into account that not in all cases we will be able to respond to your request or conclude the use immediately, since it is possible that due to some legal obligation we may need to continue processing your Personal Data. Also, you should consider that for certain purposes, the revocation of your consent will imply that the Controller cannot continue the legal relationship that exists with you.

How can I know about changes in this Privacy Notice?

This Privacy Notice may undergo modifications, changes or updates derived from different causes. We are committed to keep you informed about the changes that this Privacy Notice may undergo, through our website located at https://ritch.com.mx.

In compliance with the Federal Law on the Protection of Personal Data Held by Private Parties (the "Law") and the Regulations of the Federal Law on the Protection of Personal Data Held by Private Parties (the "Regulations"), Ritch, Mueller y Nicolau, S.C. (the "Controller"), domiciled at Avenida Pedregal No. 24 - 10th floor, Colonia Molino del Rey, C.P. 11040, in Mexico City, is aware of the importance of the legitimate, controlled and informed treatment of the Personal Data provided by the candidates, and is responsible for the use, treatment and protection of the same. For the aforementioned reasons and in order to guarantee the privacy and the right to informational self-determination of individuals, we provide you with this privacy notice (the "Privacy Notice").

Capitalized terms used in this Privacy Notice that are not defined herein shall have the meaning attributed to them by the Law and/or the Regulations.

What Personal Data will we use for these purposes?

The Controller may collect from you the following Personal Data by categories: (a) Identification; (b) Contact; (c) Labor; (d) Academic; (e) Patrimonial and/or Financial; (f) Health; (g) Third party data: person(s) that serve as reference; as well as images and sounds captured by our video surveillance cameras or in any interview(s) conducted virtually.

Data that you freely provide us in your resume, which should not contain sensitive personal data. In particular, racial or ethnic origin, genetic information, religious, philosophical and moral beliefs, union membership, political opinions and sexual preference are considered sensitive.

In the course of the job interview or selection process, we may ask you for personal financial and/or patrimonial data, as well as health data; the latter are considered sensitive personal data.

In the event that you advance in the selection process, we will ask you to allow us to conduct a psychometric study, which involves the collection of sensitive personal data related to mental processes; and a socioeconomic study, which involves the collection of personal financial and/or patrimonial data.

When Personal Data is provided directly by the Data Owner, it will be presumed that it complies with the quality principle until the Data Owner does not state and prove otherwise, or until the Controller has objective evidence to contradict it. The Controller may carry out the investigations and actions deemed necessary, in order to verify directly or through third parties hired for this purpose, agency or authority, the veracity of the data provided to them. Consent will not be necessary for the processing of Personal Data as long as it complies with one of the assumptions provided in Article 10 of the Law.

We inform you that our website uses its own and third party cookies, which allow us to improve the performance and scope of our services.

Do we collect Sensitive Personal Data?

We inform you that we do not collect Sensitive Personal Data. However, according to the environment in which the different data are treated and the level of risk that their treatment generates to the Data Owner, Financial Data may be considered as Sensitive Personal Data, which for any reason we cannot unilaterally dispose of without prior express written authorization from the Data Owner.

What are the purposes of the processing of Personal Data?

The Personal Data we collect from you may be used for the following primary purposes, among which are: (i) Identification and contact; (ii) Verification of educational and employment information; (iii) Integration of your file as a job applicant; (iv) Evaluate your job application in accordance with our selection and/or recruitment process; and (v) Compliance with legal obligations before authorities of different nature.

Additionally, your personal information will be used for the following secondary purposes:

• In the event that we are unable to offer you employment, to keep you in our database for consideration on future occasions, should vacancies become available at Ritch, Mueller y Nicolau, S.C.

• To share it with third parties when they ask us to refer candidates with your profile.

If you do not want your personal data to be processed for any of the secondary purposes mentioned above, you may refuse your consent at this time by checking the appropriate box in each case.

Your refusal in this sense, will not be a reason to stop processing your job application.

We inform the Data Owners that, when the Personal Data is no longer necessary for the fulfillment of the purposes mentioned above or for the fulfillment of the legal obligations in charge, we will proceed to block the Personal Data, and subsequently to its cancellation.

What are the security measures in the processing of Personal Data?

The Controller has adopted technical, administrative and physical security measures necessary to ensure the integrity of your Personal Data and to avoid its damage, loss, alteration, destruction or unauthorized use, access or processing. However, it is clear that no data transmission over the Internet is completely secure and therefore, the Controller cannot guarantee that the processing of your Personal Data will be free from any damage, loss, alteration, destruction or unauthorized use, access or processing.

Only the personnel authorized by the Controller, and who have complied with and observed the corresponding confidentiality requirements, may participate in the processing of your Personal Data. Authorized personnel are prohibited from allowing access to unauthorized persons and from using your Personal Data for purposes other than those described. The obligation of confidentiality of the persons involved in the processing of your Personal Data subsists even after the termination of the relationship with the Controller.

With whom do we share your Personal Data?

National or international transfers of Personal Data may be carried out without the consent of the Data Owner when any of the circumstances set forth in article 37 of the Law apply. Additionally, in this act the Data Owner grants his consent so that the Controller may transfer his Personal Data to third parties that collaborate or work with him in order to comply with the purposes set forth in this Privacy Notice.

The Controller shall ensure, to the possible extent, that such third parties maintain adequate administrative, technical and physical security measures to protect your Personal Data against damage, loss, alteration, destruction or unauthorized use, access or processing of your Personal Data, as well as that they comply with the provisions of this Privacy Notice. The Controller does not assign, sell or transfer your Personal Data to third parties that have no relationship with the Controller.

Means to exercise the Rights of Access, Rectification, Cancellation and Opposition (ARCO), as well as to exercise the right to limit the use and disclosure of your Personal Data, or revoke consent for the processing of such.

The exercise of any of these rights may be requested by you or your legal representative, by submitting a request via email to privacidaddedatos@ritch.com.mx. The request must include: (i) the full name of the Data Owner, (ii) a copy of the official identification of the Data Owner, (iii) a clear and precise description of the Personal Data with respect to which the ARCO rights will be exercised, or indicating briefly in writing what the revocation request refers to, (iv) as well as identifying and/or specifying which ARCO right(s) you wish to exercise. In case it is submitted through a legal representative, the identity and personality of the latter must be accredited.

It is important that you take into account that not in all cases we will be able to respond to your request or conclude the use immediately, since it is possible that due to some legal obligation we may need to continue processing your Personal Data. Also, you should consider that for certain purposes, the revocation of your consent will imply that the Controller cannot continue the legal relationship that exists with you.

How can I know about changes in this Privacy Notice?

This Privacy Notice may undergo modifications, changes or updates derived from different causes. We are committed to keep you informed about the changes that this Privacy Notice may undergo, through our website located at https://ritch.com.mx.

In compliance with the Federal Law on the Protection of Personal Data Held by Private Parties (the "Law") and the Regulations of the Federal Law on the Protection of Personal Data Held by Private Parties (the "Regulations"), Ritch, Mueller y Nicolau, S.C. (the "Controller"), domiciled at Avenida Pedregal No. 24 - 10th floor, Colonia Molino del Rey, C.P. 11040, in Mexico City, is aware of the importance of the legitimate, controlled and informed treatment of the Personal Data provided by its employees, and is responsible for the use, treatment and protection of the same. For the aforementioned reasons and in order to guarantee the privacy and the right to informational self-determination of individuals, we provide you with this privacy notice (the "Privacy Notice").

Capitalized terms used in this Privacy Notice that are not defined herein shall have the meaning attributed to them by the Law and/or the Regulations.

What Personal Data will we use for these purposes?

The Controller may collect from you the Personal Data mentioned below by categories: (a) Identification; (b) Contact; (c) Labor; (d) Academic; (e) Patrimonial and/or Financial; (f) Third party data: person(s) to be notified in case of emergency and when applicable, data of spouse, common-law spouse, children, and/or other relatives; as well as images and sounds captured by our video surveillance cameras.

When Personal Data is provided directly by the Data Owner, it will be presumed that it complies with the quality principle until the Data Owner does not state and prove otherwise, or until the Controller has objective evidence to contradict it. The Controller may carry out the investigations and actions deemed necessary, in order to verify directly or through third parties hired for this purpose, agency or authority, the veracity of the data provided to them. Consent will not be necessary for the processing of Personal Data as long as it complies with one of the assumptions provided in Article 10 of the Law.

We inform you that our website uses its own and third party cookies, which allow us to improve the performance and scope of our services.

Do we collect Sensitive Personal Data?

We inform you that we do not collect Sensitive Personal Data. However, according to the environment in which the different data are treated and the level of risk that their treatment generates to the Data Owner, Financial Data may be considered as Sensitive Personal Data, which for any reason we cannot unilaterally dispose of without prior express written authorization from the Data Owner.

What are the purposes of the processing of Personal Data?

The Personal Data we collect from you may be used for the following primary purposes, among which are: (i) Identification and contact; (ii) Verification of educational and labor information; (iii) Integration of your labor file; (iv) Make payments; (v) Assign, document and control the equipment provided to you; (vi) Provide training courses; (vii) Control access and maintain security in the facilities; (viii) Contact, in emergency or necessity situations, the persons you have indicated as reference: and (ix) Compliance with legal obligations before authorities of diverse nature.

Additionally, your personal information will be used for the following secondary purposes:

• When you no longer work for the Controller, to keep you in our database in order to consider you on future occasions, should vacancies arise in Ritch, Mueller y Nicolau, S.C.

• To share it with third parties when they ask us to refer candidates with your profile.

If you do not want your personal data to be processed for any of the secondary purposes mentioned above, you can deny us your consent at this time by checking the corresponding box in each case.

We inform the Data Owners that, when the Personal Data is no longer necessary for the fulfillment of the purposes mentioned above or for the fulfillment of the legal obligations in charge, we will proceed to block the Personal Data, and subsequently to its cancellation.

What are the security measures in the processing of Personal Data?

The Controller has adopted technical, administrative and physical security measures necessary to ensure the integrity of your Personal Data and to avoid its damage, loss, alteration, destruction or unauthorized use, access or processing. However, it is clear that no data transmission over the Internet is completely secure and therefore, the Controller cannot guarantee that the processing of your Personal Data will be free from any damage, loss, alteration, destruction or unauthorized use, access or processing.

Only the personnel authorized by the Controller, and who have complied with and observed the corresponding confidentiality requirements, may participate in the processing of your Personal Data. Authorized personnel are prohibited from allowing access to unauthorized persons and from using your Personal Data for purposes other than those described. The obligation of confidentiality of the persons involved in the processing of your Personal Data subsists even after the termination of the relationship with the Controller.

With whom do we share your Personal Data?

National or international transfers of Personal Data may be carried out without the consent of the Data Owner when any of the circumstances set forth in article 37 of the Law apply. Additionally, in this act the Data Owner grants his consent so that the Controller may transfer his Personal Data to third parties that collaborate or work with him in order to comply with the purposes set forth in this Privacy Notice.

The Controller shall ensure, to the possible extent, that such third parties maintain adequate administrative, technical and physical security measures to protect your Personal Data against damage, loss, alteration, destruction or unauthorized use, access or processing of your Personal Data, as well as that they comply with the provisions of this Privacy Notice. The Controller does not assign, sell or transfer your Personal Data to third parties that have no relationship with the Controller.

Means to exercise the Rights of Access, Rectification, Cancellation and Opposition (ARCO), as well as to exercise the right to limit the use and disclosure of your Personal Data, or revoke consent for the processing of such.

The exercise of any of these rights may be requested by you or your legal representative, by submitting a request via email to privacidaddedatos@ritch.com.mx. The request must include: (i) the full name of the Data Owner, (ii) a copy of the official identification of the Data Owner, (iii) a clear and precise description of the Personal Data with respect to which the ARCO rights will be exercised, or indicating briefly in writing what the revocation request refers to, (iv) as well as identifying and/or specifying which ARCO right(s) you wish to exercise. In case it is submitted through a legal representative, the identity and personality of the latter must be accredited.

It is important that you take into account that not in all cases we will be able to respond to your request or conclude the use immediately, since it is possible that due to some legal obligation we may need to continue processing your Personal Data. Also, you should consider that for certain purposes, the revocation of your consent will imply that the Controller cannot continue the legal relationship that exists with you.

How can I know about changes in this Privacy Notice?

This Privacy Notice may undergo modifications, changes or updates derived from different causes. We are committed to keep you informed about the changes that this Privacy Notice may undergo, through our website located at https://ritch.com.mx.

In compliance with the Federal Law on the Protection of Personal Data Held by Private Parties (the "Law") and the Regulations of the Federal Law on the Protection of Personal Data Held by Private Parties (the "Regulations"), Ritch, Mueller y Nicolau, S.C. (the "Controller"), domiciled at Avenida Pedregal No. 24 - 10th floor, Colonia Molino del Rey, C.P. 11040, in Mexico City, is aware of the importance of the legitimate, controlled and informed treatment of the Personal Data provided by its clients, and is responsible for the use, treatment and protection of the same. For the aforementioned reasons and in order to guarantee the privacy and the right to informational self-determination of individuals, we provide you with this privacy notice (the "Privacy Notice").

Capitalized terms used in this Privacy Notice that are not defined herein shall have the meaning attributed to them by the Law and/or the Regulations.

When Personal Data is provided directly by the Data Owner, it will be presumed that it complies with the quality principle until the Data Owner does not state and prove otherwise, or until the Controller has objective evidence to contradict it. The Controller may carry out the investigations and actions deemed necessary, in order to verify directly or through third parties hired for this purpose, agency or authority, the veracity of the data provided to them. Consent will not be necessary for the processing of Personal Data as long as it complies with one of the assumptions provided in Article 10 of the Law.

We inform you that our website uses its own and third party cookies, which allow us to improve the performance and scope of our services.

What Personal Data will we use for these purposes?

The Controller may collect from you the Personal Data mentioned below by categories: (a) Identification; (b) Contact; (c) Labor; (d) Patrimonial and/or Financial; as well as images and sounds captured by our video surveillance cameras.

Do we collect Sensitive Personal Data?

We inform you that we do not collect Sensitive Personal Data. However, according to the environment in which the different data are treated and the level of risk that their treatment generates to the Data Owner, Financial Data may be considered as Sensitive Personal Data, which for any reason we cannot unilaterally dispose of without prior express written authorization from the Data Owner.

What are the purposes of the processing of Personal Data?

The Personal Data we collect from you may be used for the following primary purposes, among which are: (i) Identification and contact; (ii) Integration of your file as a client or prospective client; (iii) Registering you in our systems; (iv) Presenting you with service proposals; (v) Providing you with the contracted services; (vi) Carrying out billing processes and collection efforts; (vii) Controlling access and maintaining security in the facilities; and (viii) Fulfilling legal obligations before authorities of different nature.

Additionally, your personal information will be used for the following secondary purposes: (i) To evaluate the quality of our services; (ii) To invite you to events organized by Ritch, Mueller y Nicolau, S.C., or in which you participate; (iii) To inform you about the publications in which you collaborate and (iv) To promote our products and services, contacting you and holding events for marketing, advertising or commercial prospecting purposes.

In case you do not want your Personal Data to be treated in the informative campaigns, we offer you the option to "Unsubscribe" in the link provided at the end of any of the informative emails you receive. Likewise, you may express your refusal to the processing of your personal data for any of the secondary purposes by sending an e-mail to privacidaddedatos@ritch.com.mx.

The refusal to use your Personal Data for these secondary purposes may not be a reason for us to deny you the services and products you request or contract with us.

We inform the Data Owners that, when the Personal Data is no longer necessary for the fulfillment of the purposes mentioned above or for the fulfillment of the legal obligations in charge, we will proceed to block the Personal Data, and subsequently to its cancellation.

What are the security measures in the processing of Personal Data?

The Controller has adopted technical, administrative and physical security measures necessary to ensure the integrity of your Personal Data and to avoid its damage, loss, alteration, destruction or unauthorized use, access or processing. However, it is clear that no data transmission over the Internet is completely secure and therefore, the Controller cannot guarantee that the processing of your Personal Data will be free from any damage, loss, alteration, destruction or unauthorized use, access or processing.

Only the personnel authorized by the Controller, and who have complied with and observed the corresponding confidentiality requirements, may participate in the processing of your Personal Data. Authorized personnel are prohibited from allowing access to unauthorized persons and from using your Personal Data for purposes other than those described. The obligation of confidentiality of the persons involved in the processing of your Personal Data subsists even after the termination of the relationship with the Controller.

With whom do we share your Personal Data?

National or international transfers of Personal Data may be carried out without the consent of the Data Owner when any of the circumstances set forth in article 37 of the Law apply. Additionally, in this act the Data Owner grants his consent so that the Controller may transfer his Personal Data to third parties that collaborate or work with him in order to comply with the purposes set forth in this Privacy Notice.

The Controller shall ensure, to the possible extent, that such third parties maintain adequate administrative, technical and physical security measures to protect your Personal Data against damage, loss, alteration, destruction or unauthorized use, access or processing of your Personal Data, as well as that they comply with the provisions of this Privacy Notice. The Controller does not assign, sell or transfer your Personal Data to third parties that have no relationship with the Controller.

Means to exercise the Rights of Access, Rectification, Cancellation and Opposition (ARCO), as well as to exercise the right to limit the use and disclosure of your Personal Data, or revoke consent for the processing of such.

The exercise of any of these rights may be requested by you or your legal representative, by submitting a request via email to privacidaddedatos@ritch.com.mx. The request must include: (i) the full name of the Data Owner, (ii) a copy of the official identification of the Data Owner, (iii) a clear and precise description of the Personal Data with respect to which the ARCO rights will be exercised, or indicating briefly in writing what the revocation request refers to, (iv) as well as identifying and/or specifying which ARCO right(s) you wish to exercise. In case it is submitted through a legal representative, the identity and personality of the latter must be accredited.

It is important that you take into account that not in all cases we will be able to respond to your request or conclude the use immediately, since it is possible that due to some legal obligation we may need to continue processing your Personal Data. Also, you should consider that for certain purposes, the revocation of your consent will imply that the Controller cannot continue the legal relationship that exists with you.

How can I know about changes in this Privacy Notice?

This Privacy Notice may undergo modifications, changes or updates derived from different causes. We are committed to keep you informed about the changes that this Privacy Notice may undergo, through our website located at https://ritch.com.mx.