PRIVACY NOTICE

In compliance with the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties and its Regulations, hereinafter referred to as FLPPDP, we hereby inform you of this Privacy Notice under the following terms:

IDENTITY AND ADDRESS OF THE DATA CONTROLLER

Industrias Unidas, S.A. DE C.V., hereinafter referred to as THE DATA CONTROLLER, declares to be a company legally constituted in accordance with Mexican laws and is responsible for the processing and protection of your personal data and sensitive personal data, for the purposes indicated in this Privacy Notice. THE DATA CONTROLLER can be contacted through the following email address privacidad@iusa.com.mx or at the address located at Pan-American Highway Mexico - Querétaro KM 109, Pastejé, Jocotitlán, State of Mexico, 50734.

PROCESSING OF PERSONAL DATA

THE DATA CONTROLLER collects your personal data for the purposes mentioned in this Privacy Notice. In this context, we inform you that your personal data will be processed and safeguarded based on the principles of legality, quality, consent, information, purpose, loyalty, proportionality, and responsibility established in the FLPPDP.

PURPOSE AND USE OF PERSONAL DATA

We collect your personal data, which are treated strictly confidentially and with the necessary security measures to ensure their protection. Therefore, we request your consent through this Privacy Notice to use them for the following purposes:

  • Primary purposes:
    • Identify you as a client or prospect.
    • Contact you and send you relevant information about our services.
    • Evaluate the quality of the service we provide to you.
    • Respond to your requests for information, attention, and services.
    • Notify you and offer you new services based on your interests and needs.
  • Secondary purposes:
    • Contact you and send you newsletters, advertising, organized events, and promotions by THE DATA CONTROLLER, affiliates, subsidiaries, or third parties who are our business partners.
    • To understand your consumption habits and preferences in order to personalize information about our products or services.
    • To create customized ads for users who visited our website.
    • Conduct internal studies on consumption habits, marketing, advertising, and/or commercial prospecting purposes.
    • Statistical purposes, without the processing of personal data.

I expressly authorize the processing of my personal data for the secondary purposes mentioned in this privacy notice.

If you do not agree to the use of your personal data for the aforementioned secondary purposes, we kindly request that you send an email to privacidad@iusa.com.mx.

PERSONAL DATA

To efficiently provide our services and in accordance with the purposes mentioned above, we require your identification and contact personal data. In this regard, the personal data that THE DATA CONTROLLER may collect through the means mentioned below will be as follows:

  • Identification:
    • Name
    • Age
  • Contact:
    • Address
    • Phone
    • Email
    • Social media

MEANS AND METHODS OF COLLECTING PERSONAL DATA

The personal data that THE DATA CONTROLLER may collect and that are necessary to offer our services and products, or that are derived from or are ancillary to them, in physical, telephone, or electronic form, will be collected through the following means and methods:

  • Directly from you.
  • Through agents or promoters.
  • When you visit or use our website or online services.
  • Through the completion of the form on our website.
  • By phone or fax.
  • By email.
  • Through social media.
  • Through instant messaging applications.
  • Through various electronic means.
  • From public access sources, such as telephone directories, and/or from other sources allowed by the law.

PERSONAL DATA CONTROLLER

You can contact the department responsible for the handling and administration of personal data via email at privacidad@iusa.com.mx or directly at the address provided in this Privacy Notice.

TRANSFER OF PERSONAL DATA.

THE CONTROLLER may share your personal data with controlling companies, subsidiaries, affiliates, or entities under the common control of the controller, companies or parent companies of any group of the controller that operate under the same internal processes and policies or related authorities for the management of your matter.

THE CONTROLLER will not exchange, share, publish, disseminate, assign, or sell your personal data to third parties unrelated to THE CONTROLLER.

THE CONTROLLER may transfer your personal data without your prior consent, only when it falls under the exceptions provided in article 37 of the LFPDPPP, and in any case complying with the conditions provided in article 17 of the LFPDPPP Regulations.

THE CONTROLLER undertakes to comply with and respect the legal principles of personal data protection when transferring them, whether to individuals or legal entities, for the purpose of offering our products and services.

THE CONTROLLER will ensure, through the signing of agreements and/or the adoption of other binding documents, that such third parties maintain appropriate security measures, administrative, technical, and physical, to safeguard your personal data, and that such third parties only use your personal data for the purposes for which they were hired and in accordance with this Privacy Notice.

MEANS TO PROTECT THE USE OR DISCLOSURE OF YOUR PERSONAL DATA

THE CONTROLLER will implement the necessary security measures, technical, administrative, and physical, to protect your personal data and prevent their damage, loss, alteration, destruction, or unauthorized use, access, or processing within this privacy notice.

Ensuring that only authorized personnel, who have complied with and observed the confidentiality requirements, may participate in the processing of your personal data. Authorized personnel are prohibited from allowing access to unauthorized persons and using your personal data for purposes other than those established in this Privacy Notice. The confidentiality obligation of the individuals involved in the processing of your personal data continues even after the relationship with THE CONTROLLER has ended.

MEANS TO EXERCISE YOUR ARCO RIGHTS AS THE HOLDER OF PERSONAL DATA

As the holder of the personal data covered by this Privacy Notice, you have the right to know what personal data we store, how we use them, and the conditions under which we use them. In this regard, you may exercise your Access, Rectification, Cancellation, or Opposition (ARCO Rights), which are enshrined in the LFPDPPP. Likewise, you may revoke, at any time, the consent you have granted, if necessary, for the processing and use of your personal data, as long as there is no current relationship or link with THE CONTROLLER.

If you wish to exercise your ARCO rights, you may do so at any time by sending your request to THE CONTROLLER through the following mechanism:

To do this, you must send us an email in which you provide clear and detailed information about the specific personal data you wish to access, rectify, cancel, or oppose, as well as comply with the following requirements:

  • I. The name of the data subject and address or other means to communicate the response to your request;
  • II. Documents proving the identity or, where applicable, the legal representation of the data subject.
  • III. A clear and precise description of the personal data regarding which you seek to exercise any of the aforementioned rights; and
  • IV. Any other element or document that facilitates the location of personal data.

THE CONTROLLER will contact you within a maximum period of twenty (20) days, counted from the date the request for access, cancellation, rectification, or opposition is received, informing you of the respective decision, which, if deemed appropriate, will take effect within fifteen (15) days from the date of the response received.

REVOCATION OR LIMITATION OF THE USE AND/OR DISCLOSURE OF YOUR PERSONAL DATA

You may revoke or limit the use or disclosure of your personal data by sending your request to the email address privacidad@iusa.com.mx. In the event your request is valid, the use of the data will be revoked, and you will be registered in THE CONTROLLER's own exclusion list.

It is important to inform you that we may not be able to immediately address your request or conclude the use in all cases, as there may be a legal obligation that requires us to continue processing your personal data at the time of your request.

In this regard, we will respond to your request within a maximum period of twenty (20) days, counted from the date we receive the request, and we will inform you of its acceptance.

INTERNATIONAL DATA PROTECTION STANDARDS

THE RESPONSIBLE PARTY, in order to protect your personal data in the most appropriate way possible, and understanding that anyone from anywhere in the world can access the website and share their data with us, has decided to implement some provisions of Regulation (EU) 2016/679, better known as the General Data Protection Regulation of the European Union (GDPR).

In this regard, please be informed that in addition to the ARCO Rights, you have the following rights regarding your personal data:

  • Right to Portability: This right allows you to have your data processed by a third party unrelated to THE RESPONSIBLE PARTY, and we will facilitate the portability of your data to the new responsible party.
  • Right to Information: In the event of a breach of your data, THE RESPONSIBLE PARTY will inform you of such breach within a period of 3 days after THE RESPONSIBLE PARTY becomes aware of the breach.
  • Right to Erasure: You may request the erasure of your data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.

If you wish to exercise these rights, you can do so at any time by directing your request to THE RESPONSIBLE PARTY using the same ARCO Rights mechanism mentioned earlier.

It is important to inform you that we may not be able to immediately address your request or conclude the use in all cases, as there may be a legal obligation that requires us to continue processing your personal data at the time of your request.

In this regard, we will respond to your request within a maximum period of twenty (20) days, counted from the date we receive the request, and we will inform you of its acceptance.

THE RESPONSIBLE PARTY will retain the personal data of users only for the time necessary to fulfill the purposes for which they were collected, as long as you do not revoke the consents granted. In this regard, personal data are kept for the time that, in each case, is considered necessary to justify and/or account for the management, which may be linked to legal prescription periods, or the possibility of receiving requests from competent authorities.

THE RESPONSIBLE PARTY is authorized to process your personal data because you have provided your consent for specific purposes, as requested to provide our services. With regard to reservations, payment, and billing, the processing is authorized due to the reservation of services and the request for billing of consumption.

The processing of data for the purpose of sending you emails about services, events, and news related to our professional activity is based on the legitimate interest of THE RESPONSIBLE PARTY to carry out such processing in accordance with applicable regulations.

Likewise, the user's information may be used to fulfill the various legal obligations of THE RESPONSIBLE PARTY.

LINKS TO THIRD-PARTY WEBSITES

Our website may contain, for your convenience, links to other websites. THE RESPONSIBLE PARTY has not reviewed the Privacy Notices of these websites, so it does not guarantee or take responsibility for the content on such sites. We invite you to carefully read the Privacy Notice of each website you visit on the Internet.

MODIFICATIONS TO THE PRIVACY NOTICE

THE RESPONSIBLE PARTY reserves the right to amend or modify this Privacy Notice as it deems appropriate, for example, to comply with changes in data protection legislation or internal provisions, such as new requirements for the provision and offering of our products, services, or practices within the market. THE RESPONSIBLE PARTY will make the updated Privacy Notice available to you when changes are made to it, as well as when your consent is required.

The updated version of the Privacy Notice will be available to the public through the following means:

  • On our website http://ws.iusa.com.mx/ in the Privacy Notice section.
  • Visible notification in our offices.
  • It will be sent to the last email address you provided to us.

This Privacy Notice is governed by the Federal Law on the Protection of Personal Data Held by Private Parties, its Regulations, and other legal provisions applicable in the United Mexican States.

LAST UPDATED

October 22, 2018.