Effective Date: September 9, 2025

Thank you for choosing to be part of our community at Urbantech Digital Solutions (“Urbantech Digital Solutions”, “Company”, “we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this Privacy Notice, or our practices with regards to your personal information, please contact us at [email protected].

When you visit our website https://urbantechdigital.com/homepage (the “Website“), and more generally, use any of our services (the “Services“, which include the Website), we appreciate that you are trusting us with your personal information. We take your privacy very seriously. In this Privacy Notice, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We comply with the Philippine Data Privacy Act of 2012 (RA 10173) and guidance from the National Privacy Commission (NPC), as well as other applicable privacy laws (e.g., GDPR, CCPA/CPRA, PIPEDA). We hope you take some time to read through it carefully, as it is important. If there are any terms in this Privacy Notice that you do not agree with, please discontinue use of our Services immediately.

This Privacy Notice applies to all information collected through our Services (which, as described above, includes our Website), as well as any related services, sales, marketing or events.

Please read this Privacy Notice carefully as it will help you understand what we do with the information that we collect.

1. WHAT PERSONAL INFORMATION DO WE COLLECT?

We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

The personal information that we collect depends on the context of your interactions with us and our Services, the choices you make and the products and features you use. The information we collect is used to provide and improve our services, communicate with users, send updates, and ensure compliance with applicable laws. We do not share personal information with third parties for their own marketing purposes.

All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.

Anonymized, Aggregated, or De-Identified Personal Information

We may also anonymize, aggregate or de-identify personal information so the end-product does not identify you or any other individual. For example, we may use this information to generate norms by industry, geography, level, etc., enable us to understand where our services are being utilized, conduct ongoing validation studies, compile reports, and improve the services. Such aggregated, anonymized or de-identified information is not considered personal information for purposes of this Privacy Notice and we may use it for any purpose.

Information automatically collected
We automatically collect certain information when you visit, use or navigate the Website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Website and other technical information. This information is primarily needed to maintain the security and operation of our Website, and for our internal analytics and reporting purposes.

2. HOW YOUR PERSONAL INFORMATION IS COLLECTED

We collect most of this personal information directly from you – in person, by telephone, text or email and via our Website when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Website or otherwise when you contact us. However, we may also collect information from:
• From publicly accessible sources;
• Directly from a third party (e.g., joint marketing partners, affiliate programs, data providers);
• From a third party with your consent (e.g., your social media accounts including Google, Facebook, Twitter, LinkedIn);
• From cookies on our Website; and
• Via our IT systems, including automated monitoring of our Websites and other technical systems, such as our computer networks and connections, communications systems, and email and instant messaging systems.

This information may include mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs and custom profiles, for purposes of targeted advertising and event promotion.

3. HOW AND WHY WE USE YOUR PERSONAL INFORMATION

Under data protection law, we can only use your personal information if we have a proper reason for doing so. We use personal information collected via our Services for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal and regulatory obligations (including the Philippine Data Privacy Act of 2012 (RA 10173), GDPR, CCPA/CPRA, and other applicable laws). We indicate the specific processing grounds we rely on next to each purpose listed below.

A legitimate business interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

4. PROMOTIONAL COMMUNICATIONS

We may use your personal information to send you updates (by email, text message) about our Services, including exclusive offers, promotions or new products and/or services.

We have a legitimate interest in processing your personal information for promotional purposes (see above “HOW AND WHY WE USE YOUR PERSONAL INFORMATION”).

You have the right to opt out of receiving promotional communications at any time by:
• Contacting us at [email protected] or by post to: Urbantech Digital Solutions, Lahug, Cebu City, 6000, Philippines; or
• Using the “unsubscribe” link in emails or replying “STOP” in texts.

We respect your privacy, and your mobile phone contact information will not be shared or sold to third parties for marketing purposes.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business. Please note that even if you opt out of receiving promotional communications, you may still receive communications related to Urbantech Digital Solutions’ oversight activities or otherwise as required by law.

5. WHO WILL YOUR INFORMATION BE SHARED WITH?

We do not share personal information or data with third parties or affiliates, except as necessary to provide our services or as required by law. We do not sell your personal information to third parties for marketing purposes.

We routinely share personal information with the following categories of third parties:

• Vendors, Consultants and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Website, which will enable them to collect data on our behalf about how you interact with our Website over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, pages or features, and better understand online activity. Unless described in this notice, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.

• Third-Party Advertisers. We may use third-party advertising companies to serve ads when you visit or use the Website. These companies may use information about your visits to our Website(s) and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you.

• Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Notice. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.

• Business Partners. We may share your information with our business partners to offer you certain products, services or promotions.

If we have processed your data based on your consent and you wish to revoke your consent, please contact us using the contact details provided in the section below titled “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”.

Cloud Computing Services
We use Go High Level (GHL) as our primary cloud-based SaaS platform. GHL outsources hosting to Google Cloud Platform (GCP) and Amazon Web Services (AWS), ensuring high availability, security, and compliance. In addition, GHL relies on authorized sub-processors such as Twilio, Mailgun, Stripe, and Zapier to support communications, email delivery, payment processing, and integrations.

Customer Relationship Management (CRM)
Our CRM, sales pipelines, automations, and client communications are managed through Go High Level.

Content Optimization, Data Backup, and Security
These functions are handled within Go High Level’s infrastructure, providing secure data management and continuity.

Functionality and Infrastructure Optimization
We utilize Cloudflare for content delivery, performance optimization, and protection against malicious activity (including DDoS attacks).

Website Hosting and Domains
Our official website and domains are hosted and managed on Wix.

Email Hosting and Business Communications
Our business emails are hosted via Microsoft 365, ensuring secure and professional-grade communications.

Invoicing and Billing
Payments and invoicing are securely processed through PayPal.

Advertising and Marketing
We may use Facebook Business Tools (including Meta Ads) and Google Ads/Google Marketing Platform for online advertising, remarketing, and performance measurement. These tools allow us to reach audiences, deliver targeted campaigns, and measure ad effectiveness. Marketing emails and SMS campaigns are also managed through our CRM (Go High Level) and its communication partners (e.g., Twilio, Mailgun). Users may opt out of such communications at any time.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

Additionally, we may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

Cookies and Other Tracking Technologies
Like many businesses, we also collect information through cookies and similar technologies.

Cookies are small text files of information stored by the Internet browser on your computer’s hard drive. We may use these cookies to collect browsing data on our Site to keep track of your preferences and profile information and to collect general usage and volume statistical information. Our cookies do not collect personal or confidential information and are not spyware.

Our Website contains electronic images known as web beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our Website is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications. We use a third party to gather information about how you and others use our Website. For example, we will know how many users access a specific page and which links they clicked on. We use this aggregated information to understand and optimize how our Website is used.

Targeted Advertising (also known as online behavioral advertising) uses information collected on an individual’s web browsing behavior such as the pages they have visited or the searches they have made. Third parties collect this information by placing or accessing cookies in your browser when you visit this Website, or other, websites. If you would like to learn more about the third party advertisers that may be aware of the fact that you visit this Website, and to understand your choices about having such advertisers’ cookies turned off, please visit www.networkadvertising.org.

The information we collect includes:

• Log and Usage Data. Log and usage data is service-related, diagnostic usage and performance information our servers automatically collect when you access or use our Website and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings and information about your activity in the Website (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called ‘crash dumps’) and hardware settings).

• Device Data. We collect device data such as information about your computer, phone, tablet or other device you use to access the Website. Depending on the device used, this device data may include information such as your IP address (or proxy server), device application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system configuration information.

• Location Data. We collect information such as information about your device’s location, which can be either precise or imprecise. How much

information we collect depends on the type of settings of the device you use to access the Website. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Locations settings on your device. Note however, if you choose to opt out, you may not be able to use certain aspects of the Services.

Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Policy. Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Website. To opt-out of interest-based advertising by advertisers on our Website visit http://www.aboutads.info/choices/.

6. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?

The Website may contain advertisements and links from third parties that are not affiliated with us and which may link to other websites, online services or mobile applications. When you click on a link to any other website or location, you will leave our Website and go to another site, and another entity may collect personal data or anonymous data from you. We have no control over, do not review, and cannot be responsible for, these outside websites or their content. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this Privacy Notice. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services or applications that may be linked to or from the Website. As such, we urge that you exercise caution before providing them with your personal information. You should review the policies of such third parties and contact them directly to respond to your questions.

The links to third party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content or websites.

You should contact the site administrator for such third party website if you have any complaints, claims, concerns or questions regarding such third party website or its privacy practices.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements, to respond to any questions, complaints or claims made by you or on your behalf, and to show that we treated you fairly). Different retention periods apply for different types of personal information.

For regulatory compliance purposes, we will keep the categories of personal information identified in the Section titled “WHAT PERSONAL INFORMATION DO WE COLLECT”, above, for a maximum of 7 years.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. We endeavor to protect the personal information we receive, gather and store, by such means as password protection, firewalls and other means. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also require that third party service providers acting on our behalf or with whom we share your information also provide appropriate security measures in accordance with industry standards. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Website is at your own risk. You should only access the Website within a secure environment.

We will maintain a record of every breach of security safeguards involving personal information under our control. In accordance with Philippine law, we will notify the National Privacy Commission (NPC) and affected individuals within 72 hours when a breach creates a real risk of significant harm.

9. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at [email protected]. Please visit the FTC's website at www.ftc.gov for tips on protecting children's privacy online.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

11. WHERE YOUR PERSONAL INFORMATION IS HELD.

Information may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above (see above: “Who Will Your Information Be Shared With?”). Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal information when this occurs, see below: “Transferring Your Personal Information Out of the EEA”.

12. TRANSFERRING YOUR PERSONAL INFORMATION OUT OF THE EEA.

Information may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above (see above: “Who Will Your Information Be Shared With?”). Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal information when this occurs, see below: “Transferring Your Personal Information Out of the EEA”.
• With our offices outside the EEA;
• With your and our service providers located outside the EEA;
• If you are based outside the EEA; or
• Where there is an international dimension to the services we are providing to you.

These transfers are subject to special rules under European and UK data protection law. These non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. In particular, you are advised that the United States of America uses a sectoral model of privacy protection that relies on a mix of legislation, governmental regulation, and self-regulation. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. Where required, we rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards for transfers.

Where the laws of your country allow you to do so, by using the Website or the Services, you consent and authorize Urbantech Digital Solutions to transfer, store, and use all such information in the United States of America and any other country where we operate which may not offer an equivalent level of protection to that required in the country where you reside and to the processing of that information by us on servers located in the United States of America as described in this Privacy Notice. If you do not want your personal information transferred to the United States of America and any other country where we operate, please do not submit any information to us or use our Services.

If you would like further information, please contact us (see “How You Can Contact Us About This Notice” below).

13. CANADA’S PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT

You may have the following rights under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA):
• You have a right to know how your information will be used. We will explain why we need your information before or when we collect it, if the purpose is not already clear.
• We will collect personal information only for the purposes we’ve identified or for the primary uses described above. We shall collect information by fair and lawful means only.
• We will not use or disclose your personal information other than for the purposes for which it was collected unless we receive your consent or unless we are required or permitted to by law.
• We will keep your personal information only for as long as it needs to for the purposes identified above, as required by law, or as necessary to resolve any disputes you may have concerning our Services. We will follow internally set guidelines and use care in the disposal, destruction, or de-identification of personal information to prevent unauthorized parties from gaining access to such information.
• We will maintain accurate, complete and up-to-date personal information as required for the identified purposes associated with its collection. Please let us know if your contact or other personal information changes.
• Upon your written request, and subject to exceptions as permitted or mandated by law, we will inform you of the existence, use and disclosure of your personal information and will give you access to that information. You may challenge the accuracy and completeness of your information and have it amended as appropriate.

13A. DATA PROTECTION OFFICER (DPO) — PHILIPPINE DPA (RA 10173)

To ensure compliance with the Philippine Data Privacy Act of 2012 and international standards, Urbantech Digital Solutions has appointed a Data Protection Officer (DPO). For any inquiries, requests, or complaints regarding your personal data, please contact: [email protected].

14. WHAT ARE YOUR PRIVACY RIGHTS UNDER GDPR?

In some regions (like the European Economic Area), you have certain rights under applicable data protection laws. For further information on each of those rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner's Office (ICO) on individual rights under the General Data Protection Regulation.

14A. WHAT ARE YOUR PRIVACY RIGHTS UNDER THE PHILIPPINE DATA PRIVACY ACT (RA 10173)?

Philippine data subjects have the right to be informed, to object, to access, to correct (rectify), to erase or block, to data portability, to damages, and to file complaints with the National Privacy Commission (NPC). You may exercise these rights by contacting us at [email protected]. Where required by law, we will respond within the statutory timelines and may request information necessary to verify your identity.

15. WHAT ARE YOUR PRIVACY RIGHTS UNDER CCPA AND CPRA?

If you are a California resident, you may have the following rights under the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA) and certain other privacy and data protection laws, as applicable, to exercise free of charge:

The California Code of Regulations defines a “resident” as:
(1) every individual who is in the State of California for other than a temporary or transitory purpose and
(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.
All other individuals are defined as “non-residents.”

Urbantech Digital Solutions has disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months (e.g., to service providers as described in Section 5):
• Identifiers (e.g., name, alias, postal address, phone, IP, email, account name).
• Personal information (e.g., contact info, education/employment info, financial info).
• Characteristics of protected classifications (e.g., gender or date of birth).
• Commercial information (e.g., transactions, purchase history, payment info).
• Internet or other electronic network activity information (e.g., browsing, search history, interactions with sites/apps/ads).
• Geolocation data (e.g., device location).
• Audio, electronic, visual and similar information (e.g., images, recordings created in connection with business activities).
• Professional or employment-related information (e.g., business contact details, job title, work history, qualifications).
• Inferences drawn from the above to create a profile (e.g., preferences and characteristics).

The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under “WHO WILL YOUR INFORMATION BE SHARED WITH?”.

Sale/Share Disclosure. Urbantech Digital Solutions does not sell personal information as “sell” is defined under the CCPA/CPRA, and we do not share personal information for cross-context behavioral advertising in a manner that constitutes a “sale” under the CCPA/CPRA. If our practices change, we will update this notice and provide consumers with applicable opt-out rights.

16. HOW TO EXERCISE YOUR RIGHTS

If you would like to exercise any of your rights as described in this Privacy Notice, please:
• Complete a data subject request form available on our Website (if provided); or
• Email us at [email protected].

Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.

If you choose to contact us directly by Website or email, you will need to provide us with:
• Enough information to identify you; and
• A description of what right you want to exercise and the information to which your request relates.

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with the information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate. We will respond to your request within 30 days or the period required by applicable law.

We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

We are not obligated to make a data access or a data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf. If you are using an authorized agent to exercise your right to opt-out, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

17. HOW TO FILE A GDPR COMPLAINT.

We hope that we can resolve any query or concern you raise about our use of your personal information.

If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you are resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

18. COMPLAINT COMPLIANCE

We maintain procedures for addressing and responding to all inquiries or complaints from you about our handling of personal information. We will inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures. We may seek external advice where appropriate before providing a final response to individual complaints. We shall investigate all complaints. If a complaint is found to be justified, we will take appropriate measures, including, if necessary, amending our policies and procedures.

Philippine residents may also file complaints with the National Privacy Commission (NPC): https://privacy.gov.ph.

19. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

Contact:
Urbantech Digital Solutions
Lahug, Cebu City, 6000, Philippines
Email: [email protected]