PRIVACY POLICY

Date of the most recent update: July 1st, 2023.

In compliance with the Federal Law on the Protection of Personal Data Held by Private Parties (hereinafter, the "Law"), we provide you with this comprehensive privacy notice (hereinafter, the "Notice"), and we inform you as follows:

1. Controller of personal data protection.

DISTRIBUIDAORA TEXTIL DISEÑOS MIRA S DE RL DE CV (hereinafter the "Company," "Company," "we," "us," and "our"), with the contact email address info@miraboutique.com, is responsible for the treatment and protection of the personal data we collect from you. The company respects your privacy and is committed to protecting it by complying with this Privacy Policy ("Policy"). Please read this Policy carefully to understand how we collect and use the information and under what circumstances we share the information collected from you (hereinafter, "Users" or "you") with third parties.

2. Information about our privacy officer and how to contact them.

In compliance with Article 30 of the Law, a privacy officer is the person in our organization who has been formally designated to:

- Handle requests from data subjects to exercise their rights.

- Promote and ensure the protection of the personal data we hold.

For all matters related to the treatment and protection of personal data, you may contact our privacy officer by sending an email to the address provided in the previous section.

3. Personal data we collect.

To carry out the purposes indicated in numeral 4 of this Notice, we will collect personal data from the following categories: (i) Identification; (ii) contact; (iii) financial; (iv) consumer behavior. We will not collect sensitive personal data.

4. Purposes of the treatment of collected personal data.

We will use the personal data we collect from you for the following primary purposes, which are necessary to provide you with the requested product or service:

- Identify and contact you.

- Process your purchase and deliver the product you have acquired, if applicable.

- Invoice your purchase.

- Process refunds of money or products, if applicable.

- Validate benefits offered to you and requested by you, as well as discounts or promotions.

- Address your post-sale requests.

- Address and follow up on your complaints and suggestions.

- Comply with the legal provisions applicable to the benefits, products, and services we provide to you.

- Ensure the security of our facilities and the people inside them through surveillance cameras.

Additionally, your personal information will be used for the following secondary purposes, which are not necessary to provide you with our products but allow us to offer you a better service and pursue our legitimate business interests:

- Send you advertising through any means.

- Offer you promotions.

- Provide you with purchase coupons and/or discounts for marketing purposes.

- Conduct surveys to assess the quality of service we provide.

- Conduct all kinds of commercial prospecting, advertising, promotional, and marketing activities.

- Create a sales history to provide you with benefits or discounts.

- Conduct sales and consumer behavior analysis.

4.1. Refusal to the treatment of your personal data for secondary purposes.

If you do not wish your personal data to be processed for the aforementioned secondary purposes, or any of them, you can deny us your consent at this time by sending your request to our privacy officer, who will indicate the procedure to exercise your right. Your refusal in this regard will be a reason for us to deny the services and products you request or contract with us.

5. Transfer of personal data.

To fulfill the purposes set forth in numeral 4 of this Notice, your personal data may be transferred to the following individuals or legal entities, without requiring your consent in terms of Article 37 of the Law:

- Courier and freight companies, in order to deliver products to the delivery address you have indicated, if applicable.

- National and/or foreign companies belonging to our same corporate group, which operate under our same internal processes and policies, in order to comply with our regulations and processes.

- Authorities, in order to comply with the corresponding legal provisions, as well as to clarify incidents or exercise any right.

- In the event that the corresponding assumption is updated, any of the transfers contemplated by Article 37 of the Law.

Furthermore, your personal data of identification and contact may be transferred to the following legal entities, in which case we do require your consent:

- Companies that are our licensors, in order to comply with the contractual conditions of the licenses that have been granted to us, who may use it for promotional, advertising, marketing, and commercial prospecting purposes.

- Companies that belong to our corporate group, such as subsidiary, affiliate, or controlling companies, among others, who may use it for their own marketing and operation with the same purposes and particularities described herein, particularly those set forth in numeral 4.

If you do not express your refusal for us to carry out this transfer, we will understand that you have granted us your consent. You can express your refusal at this time by sending an email to our privacy officer, who will indicate the procedure to exercise your right.

6. ARCO Rights.

In accordance with the applicable regulations, you have the right to know what personal data we have about you, the purposes for which we use them, and the conditions of use that apply to them (Access). Likewise, it is your right to request the correction of your personal information if it is outdated, inaccurate, or incomplete (Rectification); that we delete it from our records or databases when you consider that it is not being used properly (Cancellation); as well as to object to the use of your personal data for specific purposes (Objection). These rights are known as ARCO rights.

To exercise any of the ARCO rights, you must submit the corresponding request through an email addressed to our privacy officer, who will inform you about the procedure and requirements to exercise these rights, response times, how we will enforce your right, and will address any questions, complaints, or comments you may have in this regard.

7. Mechanisms and procedure to revoke your consent.

In accordance with the applicable regulations, you may revoke the consent you may have granted us, where appropriate. However, it is important to note that not all requests will be accepted, or we may not be able to immediately conclude the use, as we may be legally obligated to continue processing your personal data.

To revoke your consent, you must submit your request through an email addressed to our privacy officer, who will inform you about the procedure and requirements to exercise this right, response times, how we will enforce your right, and will address any questions, complaints, or comments you may have in this regard.

8. Options for the data subject to limit the use or disclosure of personal data.

In addition to the procedure and exercise of the rights set forth in numerals 6 and 7 of this Notice, you may limit the use or disclosure of your personal data by selecting the "unsubscribe" option at any time to cancel the reception of emails we send you for advertising, promotional, or marketing purposes, which is available in all such email communications.

9. Use of cookies and web beacons.

As a general rule, we use cookies, pixel tags, web beacons, mobile device identifiers, flash cookies, and similar files or technologies to collect and store information regarding your use of the website. A cookie is a small text file stored on your computer that allows us to recognize you (e.g., as a registered user) when you visit our

 website, store your preferences and settings, improve your experience by delivering content and advertising tailored to your interests, conduct research and analytics, track your use of the website, and assist with administrative and security functions. Cookies may be persistent or stored only during an individual session. A pixel tag (also called a web beacon or clear GIF) is a small graphic with a unique identifier, embedded invisibly on a webpage (or an online ad or email), and is used to count or track things like activity on a webpage or ad impressions or clicks, as well as to access cookies stored on users' computers. We use pixel tags to measure the popularity of our various web pages, features, and services. We may also include web beacons in email messages or newsletters to determine if the message has been opened and for other analytics. Flash cookies work differently than browser cookies and cannot be deleted or blocked via your web browser's settings. A cookie is not used to collect your personal data without your knowledge but to record information about website browsing that we can directly read during your visits and subsequent searches on the site. All cookies have expiration dates that determine how long they stay in your browser.

■ Most browsers are set to automatically accept cookies. Please note that it is possible to disable some (but not all) cookies through your device or browser settings, but doing so may interfere with certain functions on the website. Major browsers provide users with several options regarding cookies. Generally, users can configure their browsers to block all third-party cookies (which are set by third-party companies that collect information on websites operated by other companies), block all cookies (including first-party cookies, such as those we use to collect search activity information from our users), or block specific cookies. You must opt out on each browser and each device you use to access the website. By using the website with your browser configured to accept cookies, you agree to our use of cookies as described in this section.

Third parties whose products or services are accessible or advertised through the website, including social media services, may also use cookies or similar tools, and we advise you to consult their privacy policies for information about their cookies and other practices. We do not control the practices of such partners, and their privacy policies govern your interactions with them.

■ By default, cookies are not installed automatically (except for those cookies necessary for the operation of the Website and its services, and you are informed of their installation by means of a notification). We will need your authorization before implanting any other type of cookie on your device. To avoid being bothered by these routine authorization requests and enjoy uninterrupted browsing, you can set up your computer to automatically accept our cookies.

10. Security measures.

The protection and proper use of your personal information are very important to us. Therefore, we have physical, technical, and administrative security measures to protect it against damage, loss, alteration, destruction, or unauthorized use, access, or processing.

11. Modifications to this Notice.

We reserve the right to make modifications or updates to this Notice at any time in response to legislative developments, internal policies, or new requirements for the provision or offering of our services or products. We will notify you of the updated version through one or more of the following means:

- On our website, which we suggest you visit frequently.

- Announcements in our establishments, indicating that we have updated our Notice and making it available there.

- We may send it to the last email address you provided us.

The procedure for notification via the internet is as follows:

(i) Access our website https://www.miraboutique.com/.

(ii) In case there are modifications or updates to this Notice, there will be a notification informing you.

(iii) Access the link to the Notice.

(iv) There you will find the current version with the date of the most recent update.

12. Improper handling of personal data.

If you believe that your right to the protection of personal data has been violated due to any conduct or omission on our part, or if you suspect a violation of the provisions established in the Law, its Regulation, and other applicable provisions, you may file a complaint or report with the National Institute of Transparency, Access to Information, and Personal Data Protection (INAI). For more information, we suggest you visit their official website: www.inai.org.mx.