DATA TREATMENT POLICY

STORE LRFN SAS, identified with NIT 9014822608-3, LRFN FREEDOM CHASERS, identified with NIT 901361323-0, and WORKSHOP LRFN, identified with NIT 901463271-4, hereinafter "the company," will be responsible for the treatment of personal data. By accepting this policy, I, as the owner of my personal data, accept their treatment by the companies, their strategic allies, subsidiaries, subordinate companies, parent companies, for the purpose of fulfilling the functions and obligations arising from various operations carried out through electronic commerce or in person in commercial establishments. I agree that my personal data will be used to fulfill the relationship I currently have with the company, and for the following purposes: statistical, marketing, contact, sending of documentation, information, promotions, events related to the company or its allies, or notifications, among others, unless I expressly or verbally request the deletion, rectification, or suppression of data from the company's databases through the mechanisms established in this policy.

Below, you will find the personal data treatment policy adopted by the company, applying and complying with the obligations of Law 1581 of 2012 and other regulations that modify it. This policy is adopted because it is very important for the company to take care of the personal data of its customers, employees, suppliers, or any other natural person who has a relationship with the company, and it is our purpose to fulfill the obligations we have towards them.

The company guarantees the rights of privacy, intimacy, and good name in the treatment of personal data, and consequently, all our actions will be based on the principles of legality, purpose, freedom, truthfulness or quality, transparency, access and restricted circulation, security, and confidentiality.

All persons who, in the exercise of our commercial, labor, or corporate activities, provide us with any type of information or personal data, may know, update, and rectify their data at any time, that is, exercise their rights of habeas data. This is the main objective of our policy.

PURPOSE OF THE PERSONAL DATA TREATMENT POLICY

This personal data treatment policy aims to implement the provisions contained in Law 1581 of 2012 and other regulations that modify it, regarding exclusively the databases, files, and information containing personal data susceptible to treatment, and explains how the company collects, stores, manages, uses, circulates, and treats information that you provide us through various means. It is the company's interest to safeguard the privacy of the personal information of the owner, obtained through various means, for which it undertakes to adopt this policy.

The owner acknowledges that the entry of personal information in the different means provided by the company is done voluntarily and upon request of specific requirements of the company to provide or offer a service or product, or to access interactive mechanisms.

The owner accepts that, through interaction with the company, it may collect personal data, which may be transferred to third parties. For this purpose, by accepting this policy, the owner accepts and acknowledges that the company may process the collected data. The collection and automated processing of personal data, as a result of browsing and/or interacting with the company, have the following purposes:

The proper management and administration of the products and/or services offered in the different marketing channels, in which the owner decides to register, use, or hire.
The quantitative and qualitative study of visits and the use of services by the owners.
Sending information and/or products, and/or services related to the company and its commercial partners by traditional and electronic means.
For the processing of any procedure before a public authority or a private person or entity, regarding which the information is relevant.
For the proper commercial management that the company may carry out directly, in order to offer products or services, including, but not limited to, the sale of furniture products, advertising, among others.
For sending information related to companies that have a direct relationship with the company. However, it is clarified that the company will be responsible for the handling of such data.

DEFINITIONS

Personal Data: Any information linked or that can be associated with one or several natural persons.
Private Data: Data that by its intimate or reserved nature is only relevant to the data subject.
Public Data: Data relating to the civil status, profession or occupation, and the quality of merchant or public servant of a person. These data can be obtained and offered without any reservation and regardless of whether they refer to general, private, or personal information.
Semiprivate Data: Data that is not intimate, reserved, or public, whose knowledge or disclosure may be of interest not only to its owner but to a certain sector or group of people or to the policy in general, such as financial and credit data related to commercial activity.
Sensitive Data: Data that affects the privacy of the owner or whose improper use may lead to their discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or that promote the interests of any political party, among others.
Authorization: The prior, express, and informed consent of the owner for the company to carry out the processing of their personal data.
Database: The organized set of personal data that is subject to processing.
Data Processor: The natural or legal person, public or private, who, alone or in association with others, processes your personal data on behalf and for the account of the company.
Data Controller: The company itself or in association with others, is the one who decides on the Database and/or the processing of personal data.
Owner: You are the natural person providing personal data to the company and which will be subject to processing.
Processing: Any operation or set of operations on your personal data, such as collection, storage, use, circulation, or deletion.

DUTIES OF THE COMPANY

The company will use the information solely and exclusively to fulfill the functions and obligations arising from various operations carried out through electronic commerce or in person in our existing commercial establishments, as well as with the legal relationships that exist with our employees, managers, and dependents. In turn, it will have such information for statistical, marketing, contact, sending of documentation, information, promotions, events related to the company or its allies, or notifications, among others, unless you expressly or verbally request the deletion, rectification, or suppression of data from the company's databases through the mechanisms established in this policy.

At the time of carrying out any type of activity with the company, whether in person or through electronic means, the owner must express or tacitly manifest their consent for the handling of their information. Consent must be freely, prior, expressly, and informed by you as the data subject for the processing of such data, except in cases expressly authorized by law.

You can express your authorization in the following ways: (i) verbally at the time of purchase, (ii) in writing, and (iii) when you accept the terms and conditions of commercial relationships.

EXCEPTIONS TO AUTHORIZATION FOR THE PROCESSING OF PERSONAL DATA

When such information is required by a public or administrative entity in the exercise of its constitutional or legal functions.
When there is a judicial order to that effect.
In cases of medical and/or health emergencies.
Processing of information authorized by law for historical, statistical, or scientific purposes.
Data related to the civil registry of individuals.
Others established by law.

RIGHTS OF DATA SUBJECTS IN RELATION TO THEIR PERSONAL DATA

In compliance