Non-Sensitive Personal Data
→ ID: Name, surname, full address, date of birth, Federal Taxpayer Registry (“RFC”), Unique Population Registry Key (“CURP”), photograph or selfie and images.
→ Electronic and Computer: Fixed phone number, cell phone, device ID, GPS (Global Positioning System) location that allow YO to determine the exact position in real time and by radio base triangulation, email, call history, username and password.
Personal Financial Data
→ Financial: Bank card numbers, however, it is made known to the Owner that the Responsible Party does not intend to retain full bank card numbers as sensitive Personal Data.
→ Personal Data of Minors and Disabled: The Responsible Party will not carry out operations that involve the processing of Personal Data of minors or people who are in a state of incapacity. However, in the event that Personal Data from these types of persons is provided to the Responsible Party, it will be understood that they were provided by their father, mother or guardian.
In order to provide you with the services offered by the Responsible Party through the App, the Responsible Party will use your Personal Data for the purposes indicated below:
Primary purposes. Those that are necessary for the existence and fulfillment of the legal obligation that the User establishes with the Responsible Party, in order to:
1. Verify and confirm the identity of the User.
2. Provide mobile phone service.
3. Increase, decrease, change and/or transfer services, equipment or plans.
4. Provide the tools, functions and controls available in the Responsible Party's mobile application, whether the User executes its order through the App.
5. Provide Customer Service through our authorized sales channels, including billing.
6. Comply with the obligations and exercise the rights derived from the legal relationship established between the Responsible Party and the User.
7. To verify the data of the card provided to make the payment of the requested services.
8. To adhere to the requirements of any competent authority.
9. Take steps to ensure that Personal Data is accurate, complete, pertinent, correct and at all times, as well as updated in compliance with the principle of quality established by the LFPDPPP
Secondary purposes. Those that are not necessary for the existence and fulfillment of the legal relationship that the User requests and formalizes with the Responsible Party, however, they are complementary and important, since they allow us to provide a better service, such as to:
1. Prepare profiles of clients and users of the services.
2. Send communications related to offers, promotional messages, communications for marketing, advertising and advertising purposes, and commercial prospecting on new or existing services.
3. Apply surveys, market studies, participate in events, contests, games and raffles, participate in social networks, chats and information that allows us to evaluate the quality of services.
The User accepts and acknowledges that the Responsible Party, does not require your consent to make national or international transfers of Personal Data, in the following cases:
1. When the transfer is provided for in a Law or Treaty to which Mexico is a party.
2. When the transfer is made to controlling companies, subsidiaries or affiliates under the common control of the Responsible Party, or a parent company, or any company of the business group to which it belongs, and which operates under the same internal processes and policies.
3. When the transfer is necessary by virtue of a contract concluded in the interest of the User, by the Responsible Party and a third party.
4. When the transfer is necessary for the safeguarding of a public interest, or for the procurement or administration of justice.
5. When the transfer is necessary for the recognition, exercise or defense of a right in a judicial process.
6. When the transfer is necessary for the maintenance or fulfillment of the legal relationship derived from the services and products contracted with the Responsible Party.
It is necessary to let the Owner know that to restrict, limit and control the processing of Personal Data, the Responsible Party has adopted administrative, physical and technical measures, in addition to having established internal privacy policies and programs to prevent disclosure of Personal Data and implemented various security controls. Personal Data will be processed on a strictly confidential basis, so the obtaining, transfer and exercise of the rights derived from them, is through the adequate, legitimate and lawful use, permanently safeguarding the principles of legality, consent, information, quality, purpose, loyalty, proportionality and responsibility.
In the event that the Owner wants or needs to revoke his/her consent, as well as Access, Rectify, Cancel or Oppose the processing of the Personal Data he/she has provided to the Responsible Party, he/she must do so through the following contact designated by the Responsible Party for this:
Designated Person: Keneisha Wint
In the event that the Owner of any Personal Data needs to access, rectify, cancel or oppose the Personal Data that he/she has provided to the Responsible Party, the Owner may revoke the consent granted with the acceptance of this Notice by electronic means by using the following procedure to exercise your rights:
1. Send an e-mail to the designated address above, stating the following:
1.1. The full name of the Owner, address and email address to receive the response generated in connection with your request;
1.2. The reason for your request;
1.3. Arguments supporting your request or request;
1.4. Official document proving your identity and proving that you are who you claim to be; and
1.5. Clear and accurate description of the personal data for which any of the ARCO rights are sought, and any other element or document that facilitates the location of the Personal Data.
1.6. In the case of requests for rectification of personal data, the Owner shall indicate, in addition to the above, the modifications to be made and provide the documentation that supports his/her request.
2. The Responsible Party shall notify the Owner, within a maximum period of 20 (twenty) business days, from the date on which the request for access, rectification, cancellation or opposition was received, of the decision adopted, in order that, if appropriate, the same shall be effective within 15 (fifteen) business days following the date on which the reply is communicated. In the case of requests for access to Personal Data, the delivery will proceed with prior accreditation of the identity of the applicant or legal representative, as appropriate.
The Responsible Party may deny access to Personal Data or to make rectification, cancellation or grant opposition to treatment of the same, inthe following cases:
→ When the applicant is not the User or its legal representation is not duly accredited.
→ When Personal Data is not found in the Responsible Party's database.
→ When the rights of a third party are infringed.
→ When there is a legal impediment or the resolution of a competent authority that restricts access to Personal Data or does not allow the rectification, cancellation or opposition of the same.
→ When access, rectification, cancellation or opposition have been made.
The refusal referred to in the preceding paragraph may be partial, in which case the Responsible Party will carry out access, rectification, cancellation or opposition required by the User.
In the cases provided for above, the Person Responsible will duly inform the Owner or legal representative of the reason for the decision, within the time limits established for this purpose, by the same means in which the request was carried out or that indicated by the User. In case the User feels affected with the resolution issued by the Responsible Party, he/she has available the action to protect rights before the National Institute of Transparency, Access to Information and Protection of Personal Data (the "INAI").
In the event that the User is prevented from generating and sending the ARCO Rights Request, as well as manifesting the revocation of your consent in terms of the provisions of the Privacy Notice, due to technical failures of the DDP Website, you may send it to the Privacy Department, via email firstname.lastname@example.org, previous accreditation of the failure occurred, complying with the requirements and with the conditions considered by the LFPDPPP.
The Responsible Party and/or their managers, will keep Personal Data for as long as necessary to process the requests of products and/or services offered, comply with the legal relationship between the Owner and the Responsible Party, as well as to maintain the accounting, financial and audit records in terms of the LFPDPPP and the current commercial, fiscal and administrative legislation. The Personal Data processed by the Responsible Party and/or its managers will be protected by security measures, administrative, technical and physical measures against unauthorized damage, loss, alteration, destruction or use, access or treatment, in accordance with the provisions of the LFPDPPPP, the administrative regulation derived from it, banking legislation and secondary standards issued by the competent authorities.
In the event that the Owner considers that his/her right to protection of Personal Data has been damaged by the improper treatment of the Responsible Party, they may file a corresponding complaint or claim with the INAI, for which reason they may consult the website www.inai.org.mx for more information.
The Website, as well as the DDP Website, may contain links, hyperlinks or hypertexts "links", banners, buttons and/or tools for Internet search that when used by the Users transport to other portals or internet sites that could be owned by third parties. Therefore, it does not control these sites and is not responsible for the privacy notices that they have, or where appropriate, the lack thereof; the Personal Data that the Users come to provide through said portals or Internet sites other than the Website, as well as with the DDP Website, they are your responsibility, so you must verify the privacy notice on each site you access. Some links, banners and/or buttons that request Personal Data within the Website are the responsibility of third parties outside the Responsible Party, who are sometimes service providers, so they are governed by their own terms and privacy policies. To learn more about this topic, we invite you to consult the terms and conditions section.
The Controller reserves the right to periodically update or modify the Privacy Notice in accordance with the changes in the information practices, in response to legislative developments, internal policies or new requirements for the provision of services. Said updates or modifications will be notified to the Owner through the Website, in the Privacy Notice section. The Responsible Party recommends and requires the Owner to consult the Privacy Notice, at least every six months, to be updated on the conditions and terms thereof.
The Owner declares that he/she has read, understood and accepted the terms set forth in the Privacy Notice, which constitutes the free, specific, unequivocal and informed consent, including with respect to the changes established in any updates made to it, with respect to the processing of Personal Data in compliance with the provisions of the LFPDPPP and the Guidelines.