PRIVACY POLICY
Dear Users:
In accordance with the provisions of the Federal Law on Protection of Personal Data Held by Private Parties (hereinafter the “Law”), as well as the Regulations of the Federal Law on Protection of Personal Data Held by Private Parties (hereinafter the “Regulations”), and in harmony with the Privacy Notice Guidelines published in the Official Gazette of the Federation on January 17, 2013, we make this Comprehensive Privacy Policy available to you, in order to protect your data under the terms established by the Law and the Regulations for such purposes. Therefore, we inform you of the following:
I. DEFINITIONS
I.1. CONSENT: The manifestation of the will of the data subject (the “Data Subject”) by which the processing of their data is carried out.
I.2. PERSONAL DATA: Any information concerning an identified or identifiable natural person.
I.3. SENSITIVE PERSONAL DATA: Personal data of an intimate nature belonging to the Data Subject, which may, for example, reveal racial or ethnic origin, present or future health status, genetic information, religious, philosophical and moral beliefs, trade union membership, political opinions, or sexual preference.
I.4. CONTROLLER: Any private natural or legal person that decides on the processing of personal data.
I.5. THIRD PARTY: Any natural or legal person, national or foreign, other than the Data Subject or the Controller of the data.
I.6. DATA SUBJECT: The natural person to whom the personal data corresponds.
I.7. PROCESSING: The collection, use, disclosure or storage of personal data by any means.
I.8. TRANSFER: Any communication of data made to a person other than the Controller or the person in charge of the processing.
I.9. COOKIES: Data files stored on the hard drive of the user’s computer or electronic communications device when browsing a specific website.
I.10. ARCO RIGHTS: The rights of access, rectification, cancellation and opposition with respect to personal data.
I.11. DIGITAL ENVIRONMENT: The environment formed by the combination of hardware, software, networks, applications, services or any other information society technology that allows the exchange or computerized or digital processing of data.
I.12. WEBSITE: The Controller’s internet portal through which the Data Subject’s personal data is obtained.
II. PURPOSE OF THIS PRIVACY POLICY
In harmony with the applicable legal provisions, the purpose of this Privacy Policy is as follows:
II.1. To inform Data Subjects about the information that is collected, how it is stored, who the Controller is, the Controller’s address, and the purpose of collecting Personal Data in connection with the use of the Controller’s website.
II.2. To inform the Data Subject of the mechanisms available to express their refusal regarding the processing of their personal data.
II.3. To disclose the means by which the Data Subject may exercise their ARCO rights.
II.4. To establish the mechanism by which the Data Subject may revoke their consent for the processing of their personal data.
II.5. To describe the options offered to the Data Subject to limit the use or disclosure of their personal data.
II.6. To include a data transfer clause.
II.7. To describe the means by which the Controller will inform the Data Subject of changes to this Privacy Policy.
III. PERSONAL DATA
III.1. The personal data collected by the Controller, in a non-limiting and purely illustrative manner when registering as a user, are: first name(s) and last name(s), date of birth, gender, address, mobile phone or any other telephone communication number, e-mail address, educational background and similar data that may be attributable to the Data Subject by virtue of the use of the website/platform/app.
III.2. Personal data related to ads published on the website/platform/app: The personal data disclosed by the Data Subject in connection with the information provided to publish an ad on the website/platform/app will be processed under the terms of this Privacy Policy until the ad’s expiration date.
III.3. Use of Cookies: You are informed that when using the website/platform/app, data is stored through cookies. However, the data obtained in this way does not contain your name, e-mail address or phone number.
III.4. Websites/platforms/apps other than those of the Controller: Third-party websites (including but not limited to Facebook® and Twitter®) are not the responsibility of Con-Tak, so any handling of data that takes place on any site other than that of the Controller will be subject to the terms and conditions established in those third-party websites.
IV. PURPOSE OF THE PROCESSING OF PERSONAL DATA
IV.1. Registration: The data that the Controller collects with the Data Subject’s consent for registration purposes will be used to keep a record of the users who access the website, as well as to contact the Data Subject / User in order to report any malfunction of the website.
IV.2. Commercial purposes: The data that the Controller obtains with the Data Subject’s consent will be used for commercial purposes, including informing about events, promotions, service information, service evaluation, as well as sending information about our sponsors and clients, by any existing means of communication.
IV.3. Ads on the website: The data that the Data Subject discloses on the website in connection with the ads they publish in accordance with the Posting Rules will be used for the purposes that follow from the nature of each ad and will be deleted when the ad expires.
IV.4. Use of personal data other than for agreed purposes: In cases where the Controller intends to process the Data Subject’s personal data for purposes different from those that are necessary and inherent to the operation and use of this website, the Controller will request the Data Subject’s consent, should the Data Subject so wish.
V. CONTROLLER OF THE PROCESSING OF PERSONAL DATA
The Controller of the processing of the personal data that the Data Subject provides by granting consent is OSCAR GOMEZ SANCHEZ, whose address is Paseo Sinfonía 2, Local 1-7, Lomas de Angelópolis, Puebla, C.P. 72830, Mexico.
VI. CONSENT FOR THE PROCESSING OF PERSONAL DATA
In order for the Controller to process the Data Subject’s Personal Data, the Data Subject must grant their express or implied consent (as applicable). Below are the ways in which consent may be granted in each modality, as well as the cases in which the Controller does not require the Data Subject’s consent to process their Personal Data.
VI.1. Implied consent: As a general rule (unless the laws require express consent due to the type of Personal Data), implied consent is granted when this Privacy Policy is made available to the Data Subject and the Data Subject does not express their refusal to grant consent under the mechanism provided for such purposes (see “VI.6. Mechanism to withhold my consent”).
VI.2. Express consent: Under the terms of the Law, consent shall be express when financial or sensitive data is processed, when the Controller so requests, or when the Data Subject and the Controller so agree.
VI.3. Verbal consent: When consent is granted in person or through any means that allows oral communication.
VI.4. Written consent: Consent shall be considered written when granted by means of a document bearing a handwritten signature, fingerprint or, in the case of a digital environment, through an electronic signature or any mechanism or procedure that identifies the Data Subject and links them to the granting of their consent.
VI.5. How do I grant my consent?: For purposes of user registration, it will be sufficient not to object to the completion of the registration form and not to express opposition within five (5) business days following registration, it being understood that such opposition may be expressed by not accepting the terms of this Privacy Policy at the time of registration.
For personal data provided in connection with the publication of ads, when you publish an ad, the Privacy Policy will be displayed along with the option “ACCEPT”. Selecting this option means that you grant your express consent for the Controller to process your Personal Data. Conversely, if you select the “DO NOT ACCEPT” option, you deny your consent for the Controller to process your personal data, in which case Con-Tak will stop using your personal data for the purposes for which they were requested.
VI.6. Mechanism to withhold my consent: It will be sufficient to choose the “Do Not Accept” option when this Privacy Policy is made available to you.
VII. MEANS TO LIMIT THE USE OR DISCLOSURE OF PERSONAL DATA
If you wish to limit the use or disclosure of your personal data, you must send an e-mail to contacto@refid.mx, in which you may indicate the limitations that you wish to be applied to the use or disclosure of your personal data. Likewise, we recommend that if there is any information requested by the Controller that you do not wish to be used or disclosed, you should not publish it in the ads within Con-Tak’s website.
VIII. CONFIDENTIALITY OF PERSONAL DATA
In order to respect the principles governing the protection of personal data, the Controller shall carry out the following actions to protect such data:
VIII.1. Once the relationship between the Data Subject and the Controller has ended, the personal data will be kept by the Controller for a reasonable period justified by the purposes of the processing of the personal data.
VIII.2. If it is necessary to provide personal data to third parties, the Data Subject will be notified by e-mail in order to obtain their consent.
VIII.3. The Personal Data provided by the Data Subject will be processed solely by the staff that the Controller designates for such purposes.
VIII.4. The personal data stored in the Controller’s “Database” are protected by firewalls and computer and/or IT systems in order to restrict access to personal data by unauthorized third parties.
IX. HOW TO RECTIFY OR CANCEL YOUR PERSONAL DATA
IX.1. Rectification or cancellation of Personal Data: You have the right to access your personal data and to rectify it if it is inaccurate or incomplete. For such purposes, you must send an e-mail to contacto@refid.mx, in which you must indicate the following:
a) Full name and address of the holder of the Personal Data, or any other means for communicating the response to your request.
b) Documents proving the identity of the holder of the Personal Data or, where appropriate, the legal representation of the holder.
c) A clear and precise description of the Personal Data with respect to which you seek to exercise any of the aforementioned rights.
d) Any other element or document that facilitates the location of the Personal Data.
e) An indication of the modifications to be made and/or the limitations on the use of the Personal Data, in accordance with section 6.2 of this Privacy Policy.
f) The supporting documentation for your request.
IX.2. Response to the request for rectification or cancellation of Personal Data: The Controller will inform the Data Subject of its decision within a period not exceeding twenty (20) business days from the date on which the request was received. This period may be extended once by the Controller for an equal period, provided that the circumstances of the case so justify.
Once the request has been submitted and the above-mentioned response period has elapsed, the Controller will inform the Data Subject of the outcome and grounds of the decision by the same means used to submit the request and, where appropriate, will attach any relevant evidence.
If the request is accepted, the Controller will make the corresponding changes within fifteen (15) business days following the date on which the decision is communicated.
If the Controller does not respond to the request or if the request is denied, the Data Subject may file a data protection request with the Federal Institute for Access to Information (Instituto Federal de Acceso a la Información) based on the response received or the lack of response from the Controller. Such request must be submitted by the Data Subject within fifteen (15) business days following the date on which Con-Tak informs the Data Subject of its response or, in the case of no response, within fifteen (15) business days from the date on which the response should have been issued, and shall be subject to the provisions of the Law.
In the case of requests for access to Personal Data, it will be necessary for the applicant or their legal representative to first prove their identity.
The obligation to provide access to the information shall be deemed fulfilled when Con-Tak makes the Personal Data available to the Data Subject or by issuing simple copies or electronic documents.
If a person requests access to their Personal Data from Con-Tak on the assumption that Con-Tak is the Controller, and it turns out that Con-Tak is not the Controller, it will be sufficient for Con-Tak to so inform the Data Subject by any of the means set forth in this section in order to consider the request closed.
The response to your request to access, rectify, cancel or oppose the processing of your Personal Data will be free of charge. You will only be required to cover any justified shipping costs or the cost of reproduction in copies or other formats, which Con-Tak will inform you of at the appropriate time.
If the same person repeats a request for access, rectification, cancellation or opposition of their Personal Data within a period of less than twelve (12) months from the date of the previous request, the response to your request may be subject to an additional cost set by Con-Tak, in accordance with Article 35 of the Law.
X. REFUSAL TO GRANT ACCESS TO PERSONAL DATA
Con-Tak may deny total or partial access to Personal Data or the rectification, cancellation or opposition to the processing of such data in the following cases:
X.1. When the applicant is not the Data Subject and the legal representative is not duly authorized.
X.2. When the Personal Data of the applicant cannot be found in Con-Tak’s Database.
X.3. When the rights of a third party may be infringed.
X.4. When there is a legal impediment or a resolution from a competent authority.
X.5. When rectification, cancellation or opposition has already been carried out, such that the request has no substance.
XI. CONSEQUENCES OF CANCELLATION
The cancellation of Personal Data will lead to a blocking period after which Con-Tak will proceed to delete the corresponding data.
Once the corresponding Personal Data has been cancelled, Con-Tak will notify the Data Subject.
After this, Con-Tak may keep the Personal Data exclusively for purposes related to responsibilities arising from the processing referred to in this Privacy Policy.
When Personal Data have been transferred to third parties prior to rectification or cancellation and are being processed by such third parties, Con-Tak must inform them of the request submitted by the Data Subject so that they may carry out the corresponding rectifications or cancellations.
Con-Tak is not obliged to cancel your Personal Data when any of the cases established in Article 26 of the Law apply.
Likewise, when the information collected in the Personal Data is no longer necessary for the fulfillment of the purposes set out in this Privacy Policy and the applicable legal provisions, your Personal Data will be cancelled from Con-Tak’s Databases.
XII. CHANGES TO THE PRIVACY POLICY
Con-Tak reserves the right to make, at any time, modifications or updates to this Privacy Policy in order to address legislative or jurisprudential developments, internal policies, new requirements for the provision or offering of its products and services, or commercial practices.
Therefore, if Con-Tak modifies the content of this Privacy Policy, it will inform you of such changes by sending a notice to your e-mail address, or by publishing the changes using any of the forms and means established in section 6 of this Privacy Policy.
XIII. TRANSFER OF PERSONAL DATA
In the event that Con-Tak transfers your Personal Data to any of its providers in order to carry out the purposes of processing set out in this Privacy Policy, such transfer will be made subject to confidentiality agreements and provided that (i) the provider or recipient agrees to submit the processing of Personal Data to this Privacy Policy, and (ii) such transfer does not fall under any of the cases set out in Article 37 of the Law.
If you do not express your opposition to the transfer of your Personal Data to third parties, it shall be deemed that you have granted your consent to Con-Tak for such transfers.
The use and transfer of information received from Google APIs by the application to any other application will be governed by the
Google API Services User Data Policy, including the Limited Use requirements.
XIV. FINAL CONSIDERATIONS – INFORMATIONAL NATURE OF THIS DOCUMENT
The content of this Privacy Policy is for informational purposes only. Therefore, if you wish to express your acceptance or rejection of its content, we invite you to visit the Personal Data collection sections established on Con-Tak’s websites, where you may indicate your acceptance or rejection both of the content of this Privacy Policy and of the possible transfer of your Personal Data, or, where appropriate, send the corresponding request to Con-Tak’s Personal Data Department.