PRIVACY NOTICE

l. LEGAL FRAMEWORK

In compliance with the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties, (the “Law”), its Regulation (the “Bylaws”) and the Privacy Notice Guidelines published in the Federal Official Gazette on January 17, 2013 (the “Guidelines” and in conjunction with the Law and its Bylaws, the “Regulations”), J&N FIRMA LEGAL, S.C. (the “Responsible Party”) provides you with this privacy notice (the “Privacy Notice”) which contains the policy on the collection and handling of personal data (the “Personal Data”) of the Individuals (the “Holders”), which are mentioned in the section IV.

ll. PURPOSE

The purpose of this Privacy Notice is to determine the general terms and extents of the handling of the Personal Data and inform them to the Holders so that they are able to make informed decisions about the use of such Personal Data and to maintain control and disposal over them. In addition, the Privacy Notice allows the Responsible Party to have a clear handling with the Holders, strengthening the level of trust between them.

lll. DOMICILE OF THE RESPONSIBLE PARTY

The Responsible Party is located in Avenida Vasconcelos, 150 Ote, Torre O2, 10, Col. Del Valle, San Pedro Garza García, Nuevo León, México, C.P. 66220.

lV. PERSONAL DATA TO BE HANDLED

For the compliance of this section, based on the twenty-second article of the Guidelines, the Responsible Party may request and store your Personal Data through the following forms: (i) directly when the Holders provide them to the Responsible Party, or (ii) indirectly, through other sources of public information of the global access network (“Internet”).

The Personal Data that will be handled, according to their different categories, are those indicated below:

  •   Identification Data. Information concerning the Holder that will distinguish them from other people.
  •   Contact Data. Information that allows the Responsible Party to establish and maintain contact with the Holder.
  •   Property or Financial Data. Information concerning the Holder, regarding their assets, rights, duties or obligations subject to economic valuation.

V. PURPOSE OF THE HANDLING OF PERSONAL DATA

The Responsible Party will handle the Personal Data of the people who carry out operations and request the products and services of the Responsible Party (including, when applicable, guarantors and representatives) for the following purposes:

  • Purposes that give origin and are necessary for the existence, maintenance and fulfillment of the legal relationship between the Responsible Party and the Holder:
    • Authenticate and corroborate the identity of the Holder, as well as their address and other information provided for the provision of legal services.
    • Establish and maintain contact with the Holder for the provision of legal services.
    • Manage, when applicable, the records and/or formalities of the legal acts celebrated.
    • Keeping the Client’s records up to date for the development of activities that allow the provision of the contracted services.
    • Making payments, returns and/or compensations that, when applicable, correspond to the Holder.
    • To carry out an internal due diligence, in order to keep an internal control of the services, as well as following them up on a timely manner.
    • To elaborate statistics and reports on the services provided by the Responsible Party in order to keep an internal control of these services, as well as following them up on a timely manner.
    • Compliance with the applicable laws, regulations and legal provisions.
  • Purposes that do not give origin and are not necessary for the existence, maintenance and fulfillment of the legal relationship between the Responsible Party and the Holder.
    • Making welcome calls to new customers who hire a product;
    • Elaborate surveys, statistics and reports.
    • Implementing activities to measure the quality of the service.
    • Conducting marketing, advertising, promotion and telemarketing activities for the goods, products and/or services offered by the Responsible Party, by any material and/or electronic means.

Vl. PERSONAL DATA TRANSFERS

Vl.1. Third Party Recipients

The handling that the Responsible Party makes of the Personal Data may involve the national or international transfer of them. The third party recipients of the Personal Data, indicating their type, category or area of activity, are the following:

  •   The Mexican Postal Service as well as any company with similar services, to send the documentation and/or information of the Holder when they request it.
  •    Public Notary
  •    Public Registries
  •    Legal or accounting firms
  •    Legal authorized experts
  •    External auditors
  •    Authorities to which the Responsible Party is bound by law.

In all cases, the Responsible Party will inform the relevant third parties of the contents of this Privacy Notice.

Vl.2. Purposes that justify the transfers of Personal Data

The purposes that justify the transfer of Personal data are:

Those referred to in sections a), b), c), e) and h) of the letter A) of section V, of this Privacy Notice.

The above, with the understanding that the Responsible Party can freely refer the Personal Data to its service providers for the purposes of the Responsible Party itself, in accordance to the Regulations, these third parties would only be their attendants.

Vll. MEANS AND PROCEDURE FOR THE EXCERCISE OF THE RIGHTS OF ACCESS, RECTIFICATION, CANCELLATION AND OBJECTION.

In accordance with the Regulations, the Holder may at any time exercise their rights of access, rectification, cancellation or opposition (“ARCO Rights”) regarding the Personal Data that concerns them. For these purposes, the Holder should present a written request addressed to the area called “Specialized Unit”, which must contain and accompany the following: (i) the Holder’s name and address or other means to communicate the response to their request (ii) copy of the identification document of the Holder, as well as the original for its comparison, or when applicable, in the case of the Holder’s representative, in addition to the foregoing (identification of the Holder), the documents evidencing the identity of the representative, as well as the public instrument or power of attorney signed before two witnesses, stating the powers granted, or the personal declaration of the Holder. (iii) clear and precise description of the Personal Data to which one seeks to exercise any of the ARCO Rights, and (iv) any other element or document that facilitates the location of the Personal Data. Such request must be presented at the Responsible Party’s address or by email to the following address: alejandro@jnfirmalegal.com, provided that the duly certified electronic instruments are presented which substitute the identification of the Holder, or where appropriate, of his representative. The exercise of the ARCO Rights will be free of charge, the Holder must only cover the costs of shipping, reproduction (simple copy) and, when appropriate, the certification of documents. The times schedule of attention for the requests previously stated are from Monday to Friday from 9:00 to 13:00 hours and from 15:00 to 17:00 hours (Monterrey, Nuevo León time).

The Responsible Party will inform the Holder within a maximum period of 20 (twenty) business days from the date in which the request of the corresponding ARCO Right was received, the resolution made to the effect that, if proceeding, it becomes effective within 15 (fifteen) business days following the date on which the response is communicated. The term may be extended once for an equal period of time, provided that the Responsible Party justifies the extension to the Holder, which must be notified within the same period. For this purpose, the Responsible Party shall record on the acknowledgment of receipt that the Holder delivers, the corresponding date of receipt.

The term indicted in the previous paragraph shall be interrupted if the Responsible Party requires additional information from the Holder, in virtue of the fact that the information originally submitted is insufficient or erroneous to meet the request, or the documents indicated above are not accompanied. For this purpose, the Responsible Party may request the Holder, once and within 5 (five) business days following the receipt of the request, to provide the elements or documents necessary to process the request, counting, for its part, the Holder with 10 (ten) business days to meet the requirements, counted from the day after they received it. If the Holder does not respond within that period, the corresponding request will be deemed as not having been presented. On the contrary, in case that the Holder responds to the information request, the deadline for the Responsible Party to respond to the request, will begin to run the day after the Holder has attended the requirement for additional information.

The responses that the Responsible Party presents to the Holders who have exercised their ARCO Rights, will be made by the same means in which the request was made, dealing only with the Personal Data which have been specifically indicated in the request in question and must be presented in a readable and understandable format.

When the access to the Personal Data is in a physical place designated by the Responsible Party, they will grant the Holder a term of 15 (fifteen) business days so that they may present there to consult them. If the Holder did not present themselves in the designated place within the term given it will be necessary to submit a new application.

When the Responsible Party denies the exercise of any of the ARCO Rights, they must justify their response, informing the Holder of the right they have, to request the initiation of the procedure before the National Institute for Transparency, Access to Information and Personal Data Protection (INAI).

Vlll. REVOCATION OF CONSENT

The consent that the Holder grants in this Privacy Notice may be revoked at any time, without having any retroactive effects attributed by it. The revocation of consent that the Holder intends to conduct shall be made according to the means and procedures stated before in section VII. Nevertheless, it is very important to keep in mind that the request may not be attended or the use may not conclude in an immediate way in all cases, since its possible that due to some legal obligation we may still need to handle your personal data.

lX. OPTIONS AND MEANS TO LIMIT THE USE OR DISCLOSURE OF PERSONAL DATA.

In order to limit the use or disclosure of the Personal Data, the Responsible Party safeguards such Personal Data with limited access available only to people who, due to their duties, are granted access to them.

When the Personal Data is contained electronically or in physical documents, the Responsible Party uses the same security measures as those applied in their own information.

The Holders who are the owners of the Personal Data are informed that they may, where applicable, limit the use and disclosure of their Personal Data, other than the exercise of the ARCO Rights or the revocation of consent, through the registration they decide to make before the Public Registry to Avoid Disclosure (REPEP) according to the Federal Consumer Protection Law.

X. CHANGES TO THIS PRIVACY NOTICE

The Responsible Party has the right to modify or update this Privacy Notice at any time, due to legislative reforms, internal policies, or new requirements for the presentation or offering of our services or products. These modifications will be available to the Holders at www.jnfirmalegal.com.

For more information, visit the website www.ifai.org.mx.

(Last updated on April 11, 2019)