The Firm, with address in Ave. Gomez Morin 955 Sur, Suite 500, Colonia Montebello, San Pedro Garza Garcia, Nuevo León, 66279, will be responsible for the processing of the personal information it receives from any Data Owner.
According to paragraph V of article 3 of the Law and to section 1) of article 4 of the GDPR, any information concerning an identified or identifiable individual is considered as personal information. For purposes of this Policy, any information with respect to a Data Owner that the Firm receives by any printed, digital, audible or visual means, remote or local means of electronic and/or optical communication or through any other technology, and which concerns to such person, will be considered as personal information (hereinafter the “Personal Information”), and includes information in the following categories:
- General information of the Data Owner, such as full name, address, phone number, e-mail address, civil status, occupation, place and date of birth, number of the Federal Taxpayer’s Registry, Population Registration Code, number of voter’s license, number of passport, migration status;
- Curriculum vitae of the Data Owner, which, besides the general information mentioned in the previous paragraph, could include the information related to the education, professional experience and acknowledgments of the person;
- Positions, faculties or designations of the Data Owner within one or more companies, as well as the powers granted in favor of the Data Owner to act on the name and/or on behalf of one natural person or legal entity.
The Firm does not collect sensitive personal data of the Data Owner. However, if the case may arise, express and written consent of the Data Owner will be obtained for its processing.
The Personal Information will be used by the Firm for the following purposes (the “Purposes”):
- establish communication between any Data Owner and the Firm regarding the rendering of the services offered by the Firm to the Data Owner or to a third party whether it is a natural person or legal entity, as well as to prepare services proposals;
- generate drafts and/or final versions of legal documents such as public deeds, memoranda and/or legal or commercial information, contracts, agreements, of meetings of legal entities, special and general powers of attorney, litigation documents, translations and other legal documents,including the possibility that such Personal Information as well as the legal documents above mentioned could be transferred to one or more public notaries, authorities or other law firms;
- prepare invoices, remissions or any other accounting or tax information which the Firm is legally bound to prepare;
- be used by the Firm in its website and in the publications the Firm creates with advertising or commercial purposes;
- recruit or interview any Data Owner in order to identify if there are any possibilities of joining the Firm.
The sending of the Personal Information to the Firm by any Data Owner through any of the means established previously in this Policy, implies his or her acceptance and authorization to the way in which the Firm will use such Personal Information, which will be used for the Purposes above mentioned when necessary or convenient in the rendering of the legal services performed by the Firm from time to time in relation to such Data Owner, as well as in connection with the subject matter that gave rise to the existing communication between the Firm and the Data Owner, and vice versa.
With the exception of number 4. above, the rest of the Purposes mentioned in the previous paragraphs are required for the existence and maintenance of a legal relationship between the Firm and a Data Owner, and therefore the Data Owner’s refusal to the processing of his or her Personal Information in accordance with the aforementioned Purposes will make it impossible to establish a legal relationship between the Data Owner and the Firm. Should the Data Owner be a “data subject” pursuant the GDPR, the Firm shall obtain and continue obtaining his consent for the processing of data for the Purposes established in this paragraph.
In case the Data Owner does not accept that his or her Personal Information may be processed according to any of the Purposes established in the previous paragraphs, including number 2. that implies the possibility of a transfer of the Personal Information to the third parties there mentioned, he or she must contact the Administrative Manager of the Firm expressing his opinion via e-mail to email@example.com, submitting an application in accordance with the procedure established in this Policy, and specifying which are the Purposes to which the processing of his Personal Information is denied, being subject to the consequences derived from such denial to the processing of his or her Personal Information according to the previous paragraph.
The Firm is bound to:
- Limit the processing of the Personal Information to the Purposes set forth in this Policy;
- Maintain strict confidentiality of the Personal Information and abstain from transferring it to any person outside the Firm, except for the cases authorized by Law or by the Data Owner;
- Establish and maintain the administrative, technique and physical security measures that are necessary to protect the Personal Information against damage, loss, alteration, destruction or the unauthorized use, access or processing,
- Inform to the third parties to whom the Personal Information of any Data Owner may be transferred, in the applicable cases, regarding the existence of this Policy and the Purposes for which the Data Owner agreed to the processing of his Personal Information.
- Immediately inform of any security violation occurred during the processing of the Personal Information in order for the relevant Data Owners who provided it to the Firm to be able to take the corresponding measures for the defense of their rights, and
- Comply with its obligations in terms of the GDPR, when applicable.
Each Data Owner is entitled to the ARCO rights (Access, Rectification, Cancellation and Opposition) set forth in Chapter II of the Law, as well as to the right to revoke the consent and the right to limit the use or disclosure of the Personal Information. If the Data Owner is a “data subject” in terms of the GDPR, it will be entitled to the rights set forth in Chapter III of the GDPR. For the exercise of any of these rights, the Data Owner must file an application before the Firm, with the following information:
- His or her name and address or any other mean through which the Firm can communicate its answer;
- The documents that prove his or her identity or, in its case, the legal representation of the person filing the application on his or her behalf;
- The clear and accurate description of the Personal Information over which he or she wants to exercise any of the mentioned rights, and its relevant scope, and
- Any other element or document that facilitates the localization of his or her Personal Information.
In case of an application for rectification of Personal Information, in addition to the requirements set forth in the previous paragraph, the person submitting the application must indicate the modifications to be made, and provide the documentation that sustains his or her petition.
In case of an application for the revocation of the consent, in addition to the aforementioned requirements, the Data Owner will have to exhibit along with its application, a description of the reasons that originate such application, where he or she must specify whether a full or a partial revocation is being requested for the processing of his or her Personal Information.
The application, filed pursuant the aforementioned terms, will be examined by the Administrative Manager of the Firm and must be sent by e-mail to firstname.lastname@example.org, or in writing to the Firm’s domicile indicated in the second paragraph of this Policy.
The Firm will have a maximum period of twenty business days, starting from the date in which the application is received, to notify the adopted decision, with the purpose of, if the application is deemed admitted, becoming effective within the fifteen days following the date in which the decision is notified.
The terms of this Policy can change at any time, thus the Firm reserves the right to modify it when it is considered necessary. The modifications to this Policy will be published in the Firm’s website, www.jata.mx, therefore it is the responsibility of the Data Owner to be attentive of the website in order to be informed about the changes.
Any complaint by the Data Owner due to a default from the Firm to the Law can be filed before the Mexican National Institute for Transparency, Access to Information and Protection of Personal Data; for more information visit www.inai.org.mx.