The purpose of this Data Privacy Policy is to inform the interested parties about the scope of the integral protection of personal data recorded in the files, records, banks or databases, or other technical means of data processing implemented by LEADER ENTERTAINMENT S.A., Sole Tax Identification Code (CUIT – “Código Único de Identificación Tributaria”) 30-60906436-2 (hereinafter “THE COMPANY” or “LEADER”) domiciled at San José 1277, of the City of Buenos Aires, Argentine Republic, ensuring respect for the right to privacy of individuals, as well as free access to information about them that may eventually be recorded.

THE COMPANY considers that any type of information relating to a person is personal information and therefore ensures the privacy and confidentiality of the same at all times. The confidentiality of the information implies its maintenance in files and/or banks or secure databases, in such a way that access by third parties who are not authorized to that effect is prevented.

For doubts about this Policy or any circumstance related to the treatment of personal information, the interested parties may contact us through any of these means:

E-mail: legal@leaderent.com

The notices and communications sent by THE COMPANY to the mailing address or to the e-mail address provided directly by the interested party, or the one that appears as the sender’s address or mailing address, shall be considered effective and fully valid.

This Privacy Policy refers to the following aspects:

• Voluntariness in data delivery

• Sensitive data

• Tax and financial data

• Authorization for use of personal information

• Collection and use of Information

1. 1. Data policy relating to THE COMPANY’s web sites
   2. What information the company collects

• Transfer of personal information

• Disclosure of information

1. 1. Controller and physical location where the processing of personal information takes place.

• Communications with THE COMPANY

• Rights of the owners of the data

1. 1. Use of appropriate security methods

• Compliance with the General Data Protection Regulation (GDPR).

• Commitment of data subjects

• Changes to this Policy

1. VOLUNTARINESS IN DATA DELIVERY.

This Policy is intended to inform interested parties about the processing of personal data carried out by THE COMPANY, in order to freely and voluntarily determine whether or not to provide their personal data when they are required or that may be obtained from the use of any of the services provided by the company.

As a general rule, when in order to request a product or access a certain service some personal data is requested, the delivery of such data is not compulsory, except for those cases where it is specifically indicated that it is data required for the provision of the service.

2. SENSITIVE DATA

THE COMPANY does not collect sensitive data of any nature. If any of the data collected is, in the future, qualified as sensitive personnel data by the General Data Protection Regulation (GDPR), or any other applicable regulation, no person will be obliged to provide such data in order to access the services provided by THE COMPANY.

3. TAX, FINANCIAL AND LABOR DATA

THE COMPANY collects certain tax, financial and labor data from individuals or legal entities with which it maintains a commercial, labor or associative relationship, such as customers, suppliers, dependent staff, contractors or business partners. All these data will be treated according to the guidelines established herein, and will be exclusively for internal use by THE COMPANY, related companies, and subsidiaries. Under no circumstances will THE COMPANY provide third parties with financial, tax or labor information that it has on record, nor will it transfer all or part of such information.

4. AUTHORIZATION FOR THE USE OF PERSONAL INFORMATION

The interested party who provides their personal information at the time of establishing a legal relationship with THE COMPANY, among others, for commercial, labor, consumer, or professional matters, expressly authorizes THE COMPANY to collect such information and use it for the purposes set forth herein.

This also implies the acceptance of all the terms contained in this Privacy Policy, the particular terms and conditions that may govern each of these legal relationships, once the authorizations requested therein have been granted.

5. COLLECTION. USE OF INFORMATION.

The purpose of the collection and processing of personal data of the interested parties is the development, provision, management and improvement of the Company’s products and services, as well as the attention of its labor relations with its employees, and the commercial, accounting and administrative management of its business.

It is also possible that the personal information of the interested parties may be used for all legal purposes, which may include, but are not limited to, responding to their requests, processing transactions, for administrative purposes.

Likewise, the interested parties expressly consent that their personal data may be compared against publicly and privately accessible databases managed by third parties, in order to validate the identity and financial situation of the interested parties.

6. DATA POLICY RELATING TO THE COMPANY’S WEBSITES

Websites owned or operated by THE COMPANY may use “cookies” to facilitate navigation and to adapt their contents to users’ preferences.

What are cookies?

A cookie is a piece of data (text files) that a website, when visited by a user, stores in the user’s Internet browser in order to remember certain information about the user.

Why are cookies used?

THE COMPANY uses cookies to learn how users interact with the content and improve their experience when they visit its websites. For example, some cookies are used to remember the user’s language or preferences, so that the user does not have to select them each time they visit the website. Cookies are also used to keep track of geographic location, so that you can be shown the website for your country.

What types of cookies are used?

First-party and third-party cookies

The COMPANY’s websites use first-party and third-party cookies (which are cookies from a domain other than the domain of the website that the user is visiting).

First-party cookies are cookies sent from the COMPANY’s domain, generally used to identify language and location preferences or to provide basic site functions.

Third-party cookies belong to and are managed by other companies (e.g., service providers or business partners of THE COMPANY).

Session cookies

These are temporary cookies used to remember the user during the course of their visit to the website. When the user closes the browser, they disappear.

Permanent Cookies

These are used to remember the user’s preferences on the website and remain on the computer or mobile device even after the browser has been closed or the device has been restarted. These cookies are used to analyze the user´s behavior in order to obtain visit patterns and to be able to improve the functions of the website.

How to allow or reject the use of cookies?

The User may accept or reject the use of cookies directly from the banner or cookie notice that will appear on the first visit to the website. The refusal of cookies, for technical reasons, may prevent the provision of some or all of the services of the site.

7. WHAT INFORMATION THE COMPANY COLLECTS

The information that the COMPANY could collect according to the type of legal relationship maintained with the interested party is:

• Full name/Company name
• Tax identification number or code
• Invoicing data
• Bank data
• Financial data
• Data related to dependent staff
• Suppliers´ payment data
• Customer data
• Address
• E-mail address
• Any other information provided by the interested party on the occasion of the establishment of a legal relationship expressly consented by the interested party.

It is important to note that in the commercial distribution of its products and services the COMPANY uses platforms and services provided by third parties, such as, but not limited to, YouTube, Netflix, Amazon, Spotify, Roku, Pluto.tv, HBO. Each of these services may require the provision of certain personal data to those responsible for operating such services.

All the conditions related to the obtaining of a user account, its terms of use, prohibitions, and treatment of personal data, constitute an agreement between the user and the owners of such platforms or services, over which the COMPANY has no interference whatsoever.

Notwithstanding the foregoing, it is possible that for commercial reasons, and provided that they are authorized to do so, these third parties provide the COMPANY with certain information about users who have acquired, used or consumed products or services of the COMPANY. In such cases the COMPANY undertakes to treat such data in accordance with the applicable regulations on personal data protection, the privacy policy of the third parties that have collected the data, and this Privacy Policy of the COMPANY.

8. DATA TRANSFER

All personal data collected from interested parties is for internal use only by THE COMPANY, its partners and affiliates, and subsidiaries. Whenever personal information is collected as part of the direct relationship with an individual, in respect to privacy and confidentiality, THE COMPANY will not assign or transfer that personal information to any third party that is not part of THE COMPANY, or its associates. The personal information of the interested parties will only be shared with other third parties in the following cases:

1. When there is a legal obligation to do so.
2. When there is an order issued by a competent authority.

9. DISCLOSURE OF INFORMATION

THE COMPANY may share certain personal information with third parties under the terms described below.

1. Third party data processing service providers

In order to provide its services, THE COMPANY may contract certain services to third parties. These services may consist of, but are not limited to, automated data processing, information storage, content transmission services, distribution platforms, transaction processing. For the proper provision of services, third parties in charge of such services may require access to the COMPANY’s personal data. However, THE COMPANY will not transfer to these third parties any personal information of any kind, the access by them to THE COMPANY’s databases is strictly limited to the activities necessary for the provision of the service, being forbidden to extract data or to make total or partial copies of THE COMPANY’s personal data.

THE COMPANY will ensure that all its suppliers comply with the obligations imposed by the General Data Protection Regulation (GDPR), including the implementation of adequate security systems, and in the same sense that they subscribe to and comply with the principles upheld by THE COMPANY regarding the protection and confidentiality of personal data.

10. PHYSICAL PLACE WHERE THE PROCESSING OF PERSONAL DATA TAKES PLACE

The information collected in connection with the services provided by THE COMPANY may be processed and stored in the territory of the Argentine Republic, the European Union, or the USA. The transfer of personal information of European or Argentine citizens to the USA or other countries may take place for the sole and exclusive purpose of its storage and automated processing on behalf and in the order of the COMPANY, without transferring or granting access to personal data to any foreign subject. Only services of storage and/or automated processing of personal information abroad will be used when they are provided in those countries that ensure an adequate level of protection for personal data, and the providers comply with the General Data Protection Regulation (GDPR). In all cases, THE COMPANY guarantees that the information will be processed only in a jurisdiction that ensures adequate legal protection to the owners of the data.

11. COMMUNICATIONS FROM THE COMPANY

In the event that, in the contracting process, the interested parties have expressly consented to sending communications regarding the services provided by THE COMPANY. When an interested party prefers not to be contacted for these purposes, they may:

1. Communicate with THE COMPANY according to the contact details provided herein, and request not to be sent information about products and services.
2. Execute the instructions to that effect included in the e-mails sent by THE COMPANY.

12. DATA SUBJECTS’ RIGHTS

In compliance with the provisions of EU Regulation 2016/679 of the European Parliament and of the Council of April 27th, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR), the COMPANY informs that as a consequence of the guarantee of the rights protected, it is also expressed as a purpose that of allowing at all times access to the information by the persons linked to the registered data.

In this way, the interested party may exercise the rights of access, rectification and deletion, which are mentioned below.

                The right of access to data: this is the right to request and obtain information on the personal data included in the databases, by the persons linked to the registered data. Likewise, the interested parties will have the right to know the origin of the data, when the owners were not the ones who provided them.

The right to demand data rectification: As a general rule, the right to demand rectification can be exercised in the event of falsehood, inaccuracy, imprecision, lack of validity, or erroneous nature of the data. Its recognition implies the preservation of the veracity of the information, a condition that makes the quality of the same.

The right to data blocking: Data blocking consists in the identification and reservation of the data, adopting technical measures and procedures to prevent its processing, including its visualization.

The right to suppression: The “suppression” of data implies its definitive elimination from the file or registry, that is to say, its complete disappearance, without any record of its previous registration.

The exercise of such rights may be made effective by each interested party by means of a communication addressed to THE COMPANY, according to the contact information provided herein. The request for access, rectification, blocking or deletion must contain and be accompanied by the following:

1. The name of the holder, e-mail address and address to communicate the response to the request.
2. Documents proving the identity or, where appropriate, the legal representation of the holder.
3. The clear and precise description of the personal data with respect to which the holder seeks to exercise any of the abovementioned rights.
4. Any other element or document that facilitates the location of personal data.
5. In the case of requests for rectification of personal data, the holder must indicate, In addition to what was stated in the previous items, the modifications to be made.

13. USE OF APPROPRIATE SECURITY METHODS

THE COMPANY adopts all logical and physical security measures required by regulations, and those resulting from appropriate prudence and diligence in the protection of data subjects who have placed their trust in THE COMPANY, to protect personal information collected against unauthorized access, alteration or destruction. THE COMPANY will evaluate and improve its security systems whenever necessary.

14. COMPLIANCE WITH THE GENERAL DATA PROTECTION REGULATION (GDR)

The COMPANY treats data confidentially and adopts the appropriate technical and organizational measures to ensure the appropriate level of security for processing, in compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016 and other applicable regulations on Data Protection.

15. COMMITMENT OF THE OWNERS OF THE DATA

When personal data is required, and its owner consents to its delivery, they will guarantee that the data provided are truthful, being responsible for communicating any changes in them if necessary. In the event that the interested party provides personal data of third parties, they shall previously inform the affected party of the provisions of this privacy policy. The interested party will be solely responsible for any damage or harm, direct or indirect, that may be caused to THE COMPANY or any third party, because of providing false, inaccurate, incomplete, outdated or not authorized data.

16. CHANGES TO THIS POLICY

In case of modification of this Privacy Policy, the changes will be published in this section and other places deemed appropriate to notify interested parties about the changes. THE COMPANY reserves the right to modify this Privacy Policy at any time, to the effect of which it will be considered binding for the interested parties after three (3) days of its publication.

In the event of changes, the rights of the interested parties shall not be limited, in accordance with this Privacy Policy, without their express consent.