We protect your information with care and transparency

At Britts International Limited, your privacy is fundamental to how we operate. We collect only what we need, keep it secure, and never share it without your consent. This policy explains exactly how we handle your data.

We protect your information with care and transparency

BRITTS INTERNATIONAL GROUP PRIVACY POLICY www.brittsinternational.com TMC Building, 52 New Eskaton Road, Dhaka, Bangladesh Effective Date: March 17, 2026 Last Updated: March 17, 2026 1. INTRODUCTION Britts International Group / ASTRAX SPACE S.A. de C.V. (hereinafter referred to as "the Company", "we", "us" or "our") is committed to protecting the privacy and security of the personal data of all users, clients, business partners and visitors of the website www.brittsinternational.com (the "Website"). This Privacy Policy describes how we collect, use, store, transfer and protect your personal information, in compliance with the applicable regulations in the European Union (GDPR), the United States of America (CCPA/CPRA and applicable federal laws), and Latin America (national personal data protection laws). By accessing or using our Website, you acknowledge that you have read, understood and agreed to the terms of this Policy. If you disagree with any provision, please do not use our services. 2. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER Company Name: Britts International Group / ASTRAX SPACE S.A. de C.V. Registered Address: TMC Building, 52 New Eskaton Road, Dhaka, Bangladesh Website: www.brittsinternational.com Privacy Contact Email: privacy@brittsinternational.com For the purposes of the European Union General Data Protection Regulation (GDPR), the Company acts as the Data Controller of the personal data collected through the Website. 3. PERSONAL DATA WE COLLECT Depending on your interaction with our Website and services, we may collect the following categories of personal data: 3.1 Data provided directly by the user • Full name and surnames • Email address • Phone number • Job title and company or organization name • Country and city of residence • Information included in contact forms, quote requests or inquiries • Communication preferences 3.2 Data collected automatically • IP address and approximate geolocation data • Browser type and operating system • Pages visited, time spent and navigation path • Device identifiers (cookies, tracking pixels, web beacons) • Traffic source data (search engines, social media, referrals) 3.3 Data from third parties We may occasionally receive information about you from external sources such as social media platforms, business partners or public databases, provided those sources have obtained your consent or have a legal basis for sharing it. 4. PURPOSES AND LEGAL BASIS FOR PROCESSING Your personal data is processed for the following purposes, with the corresponding legal basis: 4.1 Primary purposes (necessary for the contractual or pre-contractual relationship) • Managing and responding to your information, quote or contact requests. • Providing access to our products and services. • Executing contracts and commercial agreements with clients and partners. • Complying with applicable legal, tax and regulatory obligations. 4.2 Secondary purposes (subject to consent or legitimate interest) • Sending commercial communications, newsletters and product updates. • Statistical analysis and continuous improvement of the Website and user experience. • Content segmentation and personalization. • Digital marketing and remarketing activities. 4.3 Applicable legal basis (GDPR) • Performance of a contract (Art. 6.1.b GDPR). • Explicit consent of the data subject (Art. 6.1.a GDPR). • Legitimate interests of the controller (Art. 6.1.f GDPR). • Compliance with a legal obligation (Art. 6.1.c GDPR). 5. COOKIE POLICY Our Website uses cookies and similar technologies to improve your browsing experience. Cookies are small text files stored on your device that allow us to remember your preferences and analyze Website usage. 5.1 Types of cookies used • Strictly necessary cookies: Essential for the basic functioning of the Website. Do not require consent. • Preference/functionality cookies: Remember your settings and user preferences. • Analytical cookies: Collect anonymous statistical information about Website usage (e.g. Google Analytics). • Marketing and advertising cookies: Allow us to display personalized advertising and measure campaign effectiveness. When you first visit the Website, a cookie notice will be displayed allowing you to manage your consent. You may modify or withdraw your consent at any time through your browser settings or the cookie preference panel available on the Website. 6. DATA TRANSFER AND DISCLOSURE The Company does not sell, rent or trade your personal data to third parties. However, we may share your data in the following circumstances: • Technology service providers (hosting, email, CRM, web analytics) under confidentiality and data protection agreements. • Strategic business partners in Mexico, Spain, Russia, Bulgaria and Bangladesh, solely within the framework of formalized contractual relationships. • Public authorities, regulatory or judicial bodies when required by applicable law. • Third parties in the context of a merger, acquisition or corporate restructuring, with prior notice to the user. 6.1 International data transfers As the Company operates internationally, your data may be transferred to countries outside the European Economic Area (EEA). In such cases, the Company ensures that such transfers are carried out under appropriate safeguards as provided by the GDPR, including: • Adequacy decisions by the European Commission. • Standard Contractual Clauses (SCCs) adopted by the European Commission. • Binding Corporate Rules (BCRs) where applicable. 7. RIGHTS OF DATA SUBJECTS In accordance with the applicable regulations in each jurisdiction, you have the right to exercise the following rights regarding your personal data: 7.1 Rights under the GDPR (European Union) • Right of Access: To know what personal data we process about you. • Right to Rectification: To correct inaccurate or incomplete data. • Right to Erasure ("right to be forgotten"): To request deletion of your data when no longer necessary. • Right to Restriction of Processing: To limit the use of your data in certain circumstances. • Right to Data Portability: To receive your data in a structured, machine-readable format. • Right to Object: To object to processing based on legitimate interests or for direct marketing purposes. • Right not to be subject to automated decision-making: Including profiling with significant legal effects. 7.2 Rights under the CCPA/CPRA (California, U.S.A.) • Right to Know: What personal data we collect, use, share or sell. • Right to Delete: To request deletion of your personal data, subject to exceptions. • Right to Correct: To request correction of inaccurate personal data. • Right to Opt-Out: From the sale or sharing of data for cross-context behavioral advertising. • Right not to be discriminated against for exercising your privacy rights. 7.3 Rights in Latin America Residents in Latin American countries are entitled to ARCO rights (Access, Rectification, Cancellation and Opposition) recognized in national personal data protection laws, including: • Mexico: Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and its Regulations. • Argentina: Personal Data Protection Law No. 25,326. • Brazil: General Data Protection Law (LGPD – Law No. 13,709/2018). • Colombia: Statutory Law 1581 of 2012 and Decree 1377 of 2013. • Chile: Law No. 19,628 on the Protection of Private Life. • Peru: Personal Data Protection Law No. 29,733. 7.4 How to exercise your rights To exercise any of the aforementioned rights, you may send us a written request to: Email: privacy@brittsinternational.com Postal address: TMC Building, 52 New Eskaton Road, Dhaka, Bangladesh. Attn: Data Privacy Officer We will respond to your request within a maximum of 30 calendar days from receipt, unless applicable law establishes a different timeframe. We may request documentation to verify your identity before processing your request. If you believe your rights have not been adequately addressed, you have the right to lodge a complaint with the competent data protection authority in your jurisdiction: • European Union: Supervisory authority of your habitual residence Member State. • Spain: Agencia Espanola de Proteccion de Datos (AEPD) – www.aepd.es • U.S.A. (California): California Privacy Protection Agency (CPPA) – www.cppa.ca.gov • Mexico: Instituto Nacional de Transparencia, Acceso a la Informacion y Proteccion de Datos Personales (INAI) – www.inai.org.mx • Argentina: Agencia de Acceso a la Informacion Publica (AAIP) – www.argentina.gob.ar/aaip • Brazil: Autoridade Nacional de Protecao de Dados (ANPD) – www.gov.br/anpd 8. DATA RETENTION PERIODS Your personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, as well as to satisfy applicable legal, accounting or regulatory requirements. In general terms: • Client and business partner data: Up to 10 years after the end of the contractual relationship, in accordance with applicable accounting and tax obligations. • Candidate or prospect data: Up to 2 years from the last contact, unless consent is given for longer retention. • Browsing and cookie data: Depending on the type of cookie, between 30 days and 2 years. • Marketing communications: Until the user withdraws consent or exercises their right to object. Upon expiry of these periods, data will be securely deleted or anonymized. 9. INFORMATION SECURITY The Company implements appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, accidental or unlawful disclosure or destruction. These measures include, among others: • Data encryption in transit using SSL/TLS protocols. • Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA). • Periodic cybersecurity audits and vulnerability assessments. • Confidentiality agreements with all employees and providers who access personal data. • Security breach notification procedures in compliance with applicable regulatory timeframes (72 hours under GDPR). However, no security system is infallible. In the event of a security breach affecting your rights and freedoms, we will notify you without undue delay in accordance with the law. 10. MINORS Our Website is not directed at persons under the age of 18, or the minimum legal age established in the applicable jurisdiction for the processing of personal data. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor without verifiable parental or guardian consent, we will proceed to delete such information immediately. In the United States, we comply with the Children's Online Privacy Protection Act (COPPA). In the European Union, we respect the provisions of the GDPR relating to the processing of minors' data (Art. 8 GDPR). 11. COMMERCIAL COMMUNICATIONS AND MARKETING If you have provided us with your email address in the context of purchasing a product or service, or through a subscription form, we may contact you with information about similar products or services, provided you have not objected to receiving such communications. All commercial communications will include a simple and free mechanism to unsubscribe (opt-out), which we will process within a maximum of 10 business days. You may also withdraw your consent at any time by writing to privacy@brittsinternational.com. 12. CHANGES TO THIS POLICY The Company reserves the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements or other operational considerations. Changes will be published on this same page with the date of the last update. In the event of material changes, we will notify you by email or through a prominent notice on the Website. We recommend that you periodically review this Policy to stay informed about how we protect your information. 13. GOVERNING LAW AND JURISDICTION This Privacy Policy is governed by and construed in accordance with the laws of Bangladesh, without prejudice to the mandatory data protection provisions applicable in the user's jurisdiction of residence. For the purposes of European Union regulations, the Company designates its Data Protection Officer (DPO) as the point of contact for all matters relating to data processing in the European Union. You may contact the DPO at: privacy@brittsinternational.com. Any dispute arising from the application of this Policy that cannot be resolved amicably shall be submitted to the jurisdiction of the competent courts, without prejudice to your right to appeal to the data protection authority of your country of residence. 14. CONTACT For any inquiries, requests or complaints regarding the processing of your personal data or this Privacy Policy, you may contact us through the following means: Company: Britts International Group / ASTRAX SPACE S.A. de C.V. Email: privacy@brittsinternational.com Address: TMC Building, 52 New Eskaton Road, Dhaka, Bangladesh Website: www.brittsinternational.com © 2026 Britts International Group / ASTRAX SPACE S.A. de C.V. All rights reserved. Privacy Policy — Version 1.0 — March 17, 2026

We follow data protection laws across every market we serve

Britts International Limited operates under strict compliance with international data protection regulations including GDPR, local Bangladesh data privacy laws, and the employment data standards of every country we work in. Your information stays secure and is never shared without your consent.