This Privacy Notice is set pursuant to the provisions of the Federal Law for the Protection of Personal Data Held by Private Parties (the Personal Data Law) and its regulations (the Regulations).
All terms used with the first letter capitalized that are not defined herein shall have the meaning provided for them in the Personal Data Law and its Regulations.
- Identity and Address of the Party Responsible. Artha Capital, S. de R.L. de C.V. (the Corporation), with the address Paseo de Tamarindos 90, Torre 2, Floor 31, Bosques de las Lomas, Cuajimalpa de Morelos, 05120 Mexico City, Mexico, is the Party Responsible for Handling the Personal Data pursuant to this Privacy Notice.
- Purposes of the Personal Data Handling. The purposes for the Personal Data Handling by the Corporation are the following:
- With respect to its employees and service providers, to be able to meet the obligations derived from the legal relationship that is set up with these employees or service providers and to be able to have an adequate internal record and make the corresponding payments, withholdings, and tax payments, as well as determine the people that must be contacted in the event that there is an emergency with respect to each employee or service provider.
The Personal Data that the Corporation collects from its employees and service providers is: name, nationality, date of birth, age, sex, marital status, email, contact information, and address.
- With respect to its clients or its clients’ employees or administrators, for any activity related to the services that the Corporation provides and to be able to charge the fees that are generated from provision of the Corporation’s services.
The Personal Data that the Corporation collects from its clients or its clients’ employees or administrators is: name, nationality, date of birth, age, sex, marital status, email, contact information, and address.
- With respect to its potential clients or its potential clients’ employees or administrators, in order to evaluate the possibility of providing services and to give quotes for providing these services.
The Personal Data that the Corporation collects from its potential clients or its potential clients’ employees or administrators is: name, nationality, date of birth, age, sex, marital status, email, contact information, and address.
- With respect to its providers, to make requests for products and services, as well as to make payments for the products or services that they provide to it.
The Personal Data that the Corporation collects from its providers is: name, nationality, date of birth, age, sex, marital status, email, contact information, and address.
- With respect to its clients and its potential clients, in order to inform them of events or news related to the Corporation.
For this purpose, the Personal Data that the Corporation collects is: name, nationality, date of birth, age, sex, marital status, email, contact information, and address.
For the purposes of the provisions of article 41 of the Regulations, it is stated that the purposes indicated in its letters a., b., and d. above are necessary in pursuant to the legal relationship between the Party Responsible and the Bearer. The purpose indicated in the letter c. is necessary to give rise to, or evaluate the setting up of, a legal relationship between the Party Responsible and the Bearer. The purpose indicated in the letter e. did not give rise to, nor is necessary for, the legal relationship between the Party Responsible and the Bearer.
In the event that, when collecting Personal Data, there is a purpose for Handling them other than those indicated in this Section 2, the Corporation shall communicate it to the Bearer, in order for the latter, in the event necessary, to state their Consent for the corresponding purpose.
Additionally, in the cases in which the Corporation collects Sensitive Personal Data, it shall communicate this to the Bearer in order to obtain their express Consent and notify them clearly of the purpose of Handling said Sensitive Personal Data.
Pursuant to article 10, section IV of the Regulations, the Bearer is informed that, if it were the case, their express Consent was not collected to obtain the information of their bank account in the cases indicated in letters a., b., and d. above, by virtue of the fact that this Personal Data’s purpose is to comply with obligations derived from a legal relationship between the Bearer and the Party Responsible.
- The Party Responsible offers Options and Means to the Bearers to limit the use or disclosure of their Personal Data. With respect to limitation of Personal Data disclosure, the people in charge of Handling Personal Data at the Corporation have signed an agreement by which they have undertaken to keep confidentiality with respect to all confidential information that they may have access to for any reason. The Databases that contain Personal Data are under safekeeping within the Corporation.
The Corporation maintains security, administrative, technical, and physical measures necessary to protect the Personal Data against harm, loss, alteration, or unauthorized use, access, or Handling.
With respect to the limitation of Personal Data use, the Bearer may stop receiving news or information related to the Corporation through a request presented to the Corporation, following the procedure indicated in Section 4 below.
- Measures for Exercising ARCO Rights. To exercise access, rectification, cancellation, or opposition rights (ARCO Rights), pursuant to the provisions of the Personal Data Law, Bearers may present the corresponding request at the Corporation’s address indicated in Section 1 above, through a message addressed to email@example.com. The access, rectification, cancellation, or opposition request (ARCO Request) must contain and be accompanied by the following:
- Name of the Bearer and address or other means for communicating the response to their ARCO Request.
- Documents that prove the identity or, if applicable, legal representation of the Bearer, pursuant to the Regulations.
- Clear and precise description of the Personal Data with respect to which they seek to exercise one of their ARCO Rights.
- Any other item or document that facilitates finding the Personal Data.
- In the case of ARCO Requests for rectifying Personal Data, the Bearer must indicate, in addition to what is pointed out in this section, the modifications to be made and provide documentation that substantiates their request.
The Corporation shall inform the Bearer at the address indicated by the latter in their ARCO Request, pursuant to letter a. immediately above, in a period no greater than twenty Days counted from the date on which the ARCO Request was received, of the determination adopted, so that, if it is the case, it be made effective within fifteen days following the date on which the response is communicated.
The periods referenced above may be extended once for a similar period, provided that the circumstances of the case justify it.
- Transfers of Personal Data. The Personal Data collected by the Corporation may only be transferred to holding companies, subsidiaries or affiliates under shared control by the Party Responsible, or to a parent company or any corporation of the same group of the Party Responsible that operates under the same internal processes and policies, pursuant to article 37, section III of the Personal Data Law, with the understanding that the Handling by these parties shall be done for the same purposes as those that were described in Section 2 herein.
Except for what is indicated in paragraph one of this Section 5, the Corporation does not carry out Transfers without having previously obtained Consent from the Bearer, when this Consent is required pursuant to the Personal Data Law. In the event that, when collecting Personal Data, there is the need to do a Transfer with respect to which the Personal Data Law demands Consent from the Bearer, the Corporation shall communicate this to the Bearer. In the event that the Bearer does not oppose, it shall be understood that they have granted their Consent to carry out the Transfer.
The Corporation shall communicate to Third Parties to whom, if applicable, it transfers Personal Data, this Privacy Notice and the purposes to which the Bearer has subjected its Handling. If applicable, Personal Data Handling by the Third Party must be done in pursuant to the provisions of this Privacy Notice and the Third Party must assume the same obligations that correspond to the Corporation as the Party Responsible.
- Procedure and Means by which the Party Responsible shall communicate to the Bearers about changes to the Privacy Notice. The Corporation reserves the right to make changes or updates to this Privacy Notice. Any change to this Privacy Notice shall be communicated to the Bearers through a visible change on the Website (the terms are defined below) and also send a notification to the email or to the address of the Bearer that the Corporation has on file.
- Consent Withdrawal. If the Bearer at any time wishes to withdraw its Consent with regard to the Handling of their Personal Data by the Corporation, they must request it through the means and procedures set in Section 4 above. Withdrawal of Consent shall not have retroactive effects and is not applicable when the purpose of the Handling is to comply with obligations derived from a legal relationship between the Bearer and the Party Responsible, when this Handling is set by law, or when any of the exceptionality clauses of Consent provided by the Personal Data Law are updated.
- • Refusal of Handling Personal Data for purposes that are not necessary nor have risen to a Legal Relationship with the Party Responsible. In the event that the Bearer wishes to opt-out of the Handling of their Personal Data for the purpose indicated in Section 2, letter e. above, please indicate so by marking the following box:
In the event that this Privacy Notice is not made known to the Bearer directly or personally, the Bearer has a period of 5 (five) Days to state their refusal of Handling of their Personal Data for the purpose indicated in Section 2, letter e. above, by notifying in writing to the Party Responsible to the address of Mr. Juan Pablo Martínez Velasco. This notification must clearly indicate: (i) the identity of the Bearer; (ii) their refusal of Personal Data Handling related to the purpose indicated in Section 2, letter e. above; and (iii) address information for the Bearer’s notifications. In any case, the rights of the Bearer remain in place to withdraw or oppose to the Handling of their Personal Data.
If you are the Bearer of Personal Data collected by the Corporation and wish to obtain mor details about this Privacy Notice and about the compliance policies of the Personal Data Law that the Corporation has adopted, please send a letter to the Corporation’s address indicated in Section 1 above and indicate as a recipient Mr. Juan Pablo Martínez Velasco.
- Use of Remote Means or Locations of Electronic, Optical, or Other Communication Technology. On the website of the Corporation that is available at [*] (the “Website”), cookies that do not collect Personal Data of the Bearers are used, but they do collect information disassociated from the Bearer for the following purposes: (i) to recognize the user of a certain browser within a certain computer that may have previously accessed the Website and, consequently, offer them a personalized experience; (ii) calculate traffic parameters with respect to the Website; (iii) determine the frequency of use, and the sections on the Website visited by this user, thus reflecting their habits and preferences, to allow the Corporation to improve the content, headlines, and promotions for the users in general; and (iv) to track certain activities or behaviors within the Website.
These technologies may be disabled by following these steps: [*]. Notwithstanding the above, please consider that some sections of the Website require that the respective user have cookies enabled for technical reasons and for its proper functioning.
- • Information about INAI. If you believe that your right to protect your Personal Data has been harmed by the Corporation’s conducts or omissions, or if you suspect a violation of the purposes indicated in the Personal Data Law, its Regulations, and other applicable ordinances, you may file a nonconformity claim to the National Institute for Transparency, Access to Information, and Personal Data Protection (INAI). For more information, we suggest that you visit their official webpage www.inai.org.mx.
I expressly state that I have read and understood the scope of this Privacy Notice and, consequently, I freely grant my Consent for Handling my Personal Data, pursuant to the terms and conditions set here.