PATRIMONIO DE COREA

PRIVACY NOTICE

In compliance with the Federal Law on the Protection of Personal Data Held by Private Parties (the "Law"), the company called "CENTRO DE NEGOCIOS LOS PORTALES S.A. DE C.V.," with its registered address at Avenida Coba, Manzana 10, Lote 82, Super Manzana 3, Edificio Coba, Local 1, Benito Juarez, Cancún 77500, operating under the trade name Travel Portal and its website https://travelportal.com.mx, responsible for the use and protection of your Personal Data, hereby informs you of the following:

Your data will be collected and processed in accordance with the principles of legality, consent, information, quality, purpose, loyalty, proportionality, and responsibility, as stipulated by the aforementioned Law.

For what purposes will we use your Personal Data?

The Personal Data we collect from you will be used for the following purposes necessary for the development of our services:

Primary purposes:

- Contact and identify you.

- Provision of online sales services for tourism products and vacation packages.

- Purchase of vacation packages.

- To arrange travel through our website in an easy, fast, convenient, and secure manner.

- To inform you about the status of your reservations and purchases of vacation packages.

- Offer our tourism services.

- Online assistance for our services through online tools or by phone.

- To bill and collect for our services.

- Evaluate the quality of our services.

- Address your opinions, complaints, and suggestions.

- Contact you via telephone, email, regular mail, and any other means regarding informational and promotional purposes of the company.

Secondary purposes:

Additionally, we will use your personal information for the following purposes that are not necessary for the requested service but will help us provide you with better assistance:

- To facilitate the use of our website.

- Development of our services.

- Evaluate the quality of our services.

- Promotion and marketing of products and services.

- Internal statistics.

- Statistical and internal analysis purposes.

What Personal Data will we use for these purposes?

To achieve the purposes described in this Privacy Notice, the information requested from the user on the website includes the following:

- Identification data, such as Full Name (Official Identification with Photograph), Date of Birth, Age, Photograph, Landline or Mobile Phone Number (personal), Address (personal and fiscal), the image of the cardholder when entering Viagenza’s facilities through video surveillance cameras and security, email, marital status, Federal Taxpayer Registry (RFC), Unique Population Registry Code (CURP), and interbank key, if applicable.

- For the online purchasing service, we request credit card or debit card data, which include: Full Name, Card Number, Security Code, and Expiration Date. According to articles 8, 10, and 37 of the Law, these data are not considered as requiring explicit consent for use.

At Travel Portal, we do not handle or request sensitive Personal Data. Sensitive Personal Data is understood to be data that affects the most intimate sphere of the individual, or whose improper use could give rise to discrimination or pose a serious risk to the individual. In particular, sensitive data includes information that may reveal aspects such as racial or ethnic origin, current and future health status, genetic information, religious, philosophical, and moral beliefs, union membership, political opinions, sexual preferences.

Security Measures and Liability Limits

We are committed to offering security and confidentiality for the data you provide us when contracting an online service. Therefore, we have a secure server under the SSL (Secure Socket Layer) protocol, which encrypts the information for your protection. Once we receive your data transmission, we make reasonable efforts to ensure its security on our systems. However, we cannot guarantee total security for information transmissions over the Internet due to external violations of our software and firewalls, so data transmission via the Internet is at your own risk.

Social Media

Social media platforms like Facebook®, Facebook Messenger®, YouTube®, Pinterest®, Instagram®, Google+®, Tumblr®, Snapchat®, Reddit®, Vine®, WeChat®, Skype®, Line®, Qzone®, QQ®, Weibo®, Telegram®, Twitter®, LinkedIn®, WhatsApp®, and any others that are available serve as a communication and interconnection platform among users of different digital platforms. These platforms are not the responsibility of Travel Portal and are therefore not covered by this Privacy Notice.

The information provided on social media platforms in which Travel Portal participates as a user does not constitute or form part of Personal Data subject to protection under this Privacy Notice; it is the responsibility of the platform’s company and the user who publishes it.

With whom do we share your personal information and for what purposes?

We inform you that your Personal Data is shared, within the country, with the following individuals, companies, organizations, and authorities other than us, for the following purposes:

| Recipient of personal data | Country (optional) | Purpose of the transfer.

| External consultants. Who are they? | United Mexican States | Consultation regarding best practices in customer service and the optimization of quality and internal organization controls.

| Local, state, and federal authorities, as well as public entities such as the Ministry of Finance and Public Credit, INFONAVIT, IMSS, and those indicated by law. | United Mexican States | Compliance with tax obligations, notifications, requests, judicial documents, and those indicated by law.

It is important to note that third parties to whom your personal data are transferred will be bound by the terms of this Privacy Notice and will comply with the corresponding security and confidentiality measures.

I consent and authorize the processing and transfer of my Personal Data as provided in this Privacy Notice.

I do not consent and authorize the processing and transfer of my Personal Data as provided in this Privacy Notice.

_____________________________

If you do not express your refusal for such transfers, we will understand that you have granted your implicit consent.

What are the rights of the Personal Data Owner?

In accordance with the Federal Law on the Protection of Personal Data Held by Private Parties, effective from January 6, 2012, as the owner of Personal Data, you have the right to exercise the rights of access, rectification, cancellation, and opposition, known as "ARCO Rights" (provided they are legally applicable). Additionally, you can revoke your consent for the processing of your Personal Data at any time or limit their use or disclosure. The procedure for you to exercise your ARCO rights and revoke the consent granted to Travel Portal for the management of your personal data is through the following email: travelportal@travelportal.com.mx.

The aforementioned rights are exercised through the respective request submitted through the aforementioned email and should include necessary details such as your name, address, or other means of notification in relation to the case.

We will respond to your request within a maximum of 15 business days and will inform you of its outcome. Travel Portal advises users to update their data whenever it changes to provide better service.

How can you access, rectify, or cancel your Personal Data, or object to its use?

You have the right to know what Personal Data we have about you, why we use it, and the conditions under which we use it (Access). It is also your right to request the correction of your personal information if it is outdated, inaccurate, or incomplete (Rectification). You can request the deletion of your data from our records or databases when you believe that it is not being used in accordance with the principles, duties, and obligations provided by the law (Cancellation). You also have the right to object to the use of your Personal Data for specific purposes (

Objection). These rights are known as ARCO rights.

How can you revoke your consent for the use of your Personal Data?

You can revoke the consent you have granted for the processing of your Personal Data. However, it is important to note that we may not be able to fulfill your request or cease using your Personal Data immediately in all cases, as there may be a legal obligation requiring us to continue processing your Personal Data. You should also consider that, for certain purposes, revoking your consent may result in us being unable to provide you with the service you requested or in the termination of your relationship with us.

To revoke your consent, you must submit your request in person at our offices.

The revocation of consent can be done at any time, and it does not have retroactive effects. To start the revocation process, you must clearly indicate in writing to the addresses provided or by email to travelportal@travelportal.com.mx which consent you wish to revoke. The written and/or electronic request for access, rectification, cancellation, or objection must contain the following:

1. The full name of the owner and address or other means for notification of the response to the request.

2. Documents proving the owner’s identity or, where appropriate, legal representation.

3. A clear and precise description of the Personal Data for which you seek to exercise any of the aforementioned rights.

4. Any other element or document that facilitates the location of the Personal Data.

5. In the case of requests for rectification, the owner must indicate the modifications to be made and provide supporting documentation.

Travel Portal will notify the owner within fifteen business days, counted from the date the request for access, rectification, cancellation, or objection is received, of the determination made. If the request is granted, it will be implemented within fifteen business days following the date on which the response is communicated. In the case of requests for access to Personal Data, delivery will proceed upon the owner’s identity verification or that of their legal representative, as appropriate. The aforementioned deadlines may be extended once, provided that the circumstances justify it.

The obligation to provide access to the information will be considered fulfilled when the Personal Data is made available to the owner or through the issuance of simple copies, electronic documents, or any other means provided by Travel Portal.

If the owner requests access to data from a person they presume is the responsible party and this turns out not to be the case, it will be sufficient to inform the owner of this through any printed (letter of non-acceptance) or electronic (email, optical media, etc.) means, in order to consider the request fulfilled.

Travel Portal may deny access to Personal Data, or the rectification, cancellation, or objection to the processing of such data in the following cases:

1. When the requester is not the owner of the Personal Data, and the legal representative is not duly accredited.

2. When the Personal Data of the requester is not in our database.

3. When the rights of a third party are affected.

4. When there is a legal impediment, or the resolution of a competent authority restricts access to the Personal Data or does not allow rectification, cancellation, or objection.

5. When rectification, cancellation, or objection has already been carried out.

The denial mentioned above may be partial. In such cases, Travel Portal will perform the required access, rectification, cancellation, or objection.

In all the above cases, Travel Portal must inform the reason for its decision and communicate it to the owner or, if applicable, to the legal representative within the deadlines set for that purpose, through the same means by which the request was made, and provide any pertinent evidence.

Travel Portal is not obliged to cancel Personal Data when:

1. It refers to parts of a private, social, or administrative contract and is necessary for its development and fulfillment.

2. It must be processed in compliance with a legal obligation.

3. It hinders judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes, or the enforcement of administrative sanctions.

4. It is necessary to protect the legally protected interests of the owner.

5. It is necessary to perform an action in the public interest.

6. It is necessary to comply with a legal obligation acquired by the owner.

If the cancellation is appropriate, Travel Portal will establish a blocking period for the sole purpose of determining possible responsibilities related to its processing, until the legal or contractual prescription period, and notify the owner or their legal representative of this in the response to the cancellation request issued within twenty business days. After the blocking period, the corresponding deletion will be carried out.

The blocking period will last until the corresponding legal or contractual prescription period.

How can you limit the use or disclosure of your personal information?

To limit the use and disclosure of your personal information, you have the following options:

1. Register with the Public Registry to Avoid Advertising, which is managed by the Federal Consumer Protection Agency, so that your Personal Data is not used to receive advertising or promotions from companies of goods or services. These will be sent to you and to the contacts registered for that purpose. You can modify this indication at any time by sending an email to travelportal@travelportal.com.mx.

Use of Tracking Technologies on Our Website

On our website, we may use cookies, web beacons, and similar technological elements to collect information such as (a) your browser type and operating system; (b) the internet pages you visit; (c) the links you follow; (d) your IP address; (e) the sites you visited before entering ours; (f) user recognition; (g) detection of highlighted information; and (h) measurement of certain traffic parameters. The "Help" section in the toolbar of most browsers will tell you how to prevent new cookies, how to make the browser notify you when you receive a new cookie, or how to disable all cookies.

A cookie is a small file that a web server sends to your computer, which is stored on your hard drive. When you revisit our website, we can use the information stored in the cookie, such as your preferences, to make it easier for you to use our website. Cookies do not allow us to know your personal identity, and this will only happen if you choose to provide it to us. Most cookies expire after a specified period of time, and you can delete them at any time. You can configure your browser to alert you each time you receive a cookie, allowing you to accept or reject them.

How do we use cookies at Travel Portal?

We use session or temporary cookies, which remain in your browser’s cookie file during your visit to our website, as well as persistent cookies for repeated visits. Both types perform the following main functions:

- Personalized experience:

Cookies help us differentiate one user from another when they visit the website and allow interaction with various features of our platform. The following points depend on cookies:

- Remembering the country and language.

- Selection of preferred tours.

- Viewing specific search history and previously visited destinations.

- Notifications about tours that may be of interest.

- Analytical projections:

They assist in a better analysis to optimize our website by anonymously tracking the links and features that are used most frequently. The information is captured to create anonymous statistics used to identify areas for improvement and successful aspects of the website. Cookies play an important role in providing an optimal experience on the site.

How can you manage the use of cookies?

You can decide not to allow cookies to be stored in

 your browser, but you should be aware that some of the website’s key features will not be available. Basic searches will continue to work correctly.

To avoid using cookies, you can modify your browser settings to receive notifications each time cookies are used or to completely block storage. You can also choose to delete cookies that are already stored. The settings depend on the browser you use. You can easily find this option in the "Help" section.

If cookies are necessary for the functionality of the Travel Portal website, consent for their use is not required. Cookies expire after leaving the main Travel Portal website. However, persistent or third-party cookies require consent for selections and preferences made on the site. By selecting "Accept Cookies," you declare your approval for their use.

OUR COOKIES

They are essential for the user to navigate the site and use all the functions.

THIRD-PARTY COOKIES

They are imposed by an organization external to the website visited by the user. They are mainly managed by the marketing or data analysis department.

SESSION COOKIES

They are temporary and stored in the user’s browser until they stop using it. That’s when cookies are completely deleted.

PERSISTENT COOKIES

Cookies are deleted when the browser is closed. They are necessary to remember the user’s preferred settings and provide them automatically.

Website Disclaimer

Our website may contain links or links to external websites that do not correspond to Travel Portal and, therefore, have no connection with us.

The Personal Data that you provide through these portals or websites that are not covered by this Privacy Notice, and their processing, are not the responsibility of Travel Portal.

We recommend reviewing and reading the privacy policies and terms of use of such external websites before using them.

How can you stay informed about changes to this Privacy Notice?

This Privacy Notice may undergo modifications, changes, or updates due to new legal requirements, our own needs for the products or services we offer, our privacy practices, or changes in our business model.

We reserve the right to change this Privacy Notice at any time at the discretion of our administrators.

If you use the services on any of the Travel Portal sites, it means you have read, understood, and agreed to the terms mentioned above. If you do not expressly object to this notice and its updates, it will be understood that you have given your tacit consent.

End of Privacy Notice.