Through this privacy notice (hereinafter referred to as the “Notice”), in compliance with the Federal Law on Protection of Personal Data Held by Private Parties of the United Mexican States (hereinafter referred to as the “Law”), Sistemas Interactivos de Consultoría, S.A. de C.V. (hereinafter referred to as “Sintec”) makes available to its current, past, and potential clients and service providers, both direct and indirect, as well as attendees of events organized by Sintec, and/or visitors to Sintec’s facilities or its website (hereinafter, individually referred to as the “Data Subject”), this personal data protection policy.
Sintec, located at Avenida Ricardo Margáin 565, Torre PCC2-A, 6th floor, Colonia Santa Engracia, San Pedro Garza García, Nuevo León, C.P. 66267, will be responsible for the processing of personal data received from the Data Subject.
In accordance with Section V of Article 3 of the Law, any information concerning an identified or identifiable individual is considered personal data. For the purposes of this Notice, personal data shall include any information regarding the Data Subject that Sintec receives through any printed, digital, audio, visual, remote or local electronic and/or optical communication means, or through any other technology, and that pertains to such individual (hereinafter referred to as “Personal Data”).
The Personal Data of our service providers, current, past, and potential, that will be subject to processing under this Notice, are as follows:
General data of the Data Subject; i.e., gender, full name, address, telephone number, email address, marital status, profession, place and date of birth, nationality, personal contact telephone number, address, name of spouse and children, emergency contact telephone number and relationship to the Data Subject, Federal Taxpayer Registry Number (RFC), Unique Population Registry Code (CURP), voter ID number, passport number;
Curriculum vitae of the Data Subject; which, in addition to the general data mentioned above, may include information related to education, professional experience, and recognitions; and
Data related to the Data Subject’s areas of expertise and economic interests for a specific position at Sintec.
The Personal Data of our clients, current, past, and potential, both direct and indirect, that will be subject to processing under this Notice, are as follows:
General data of the Data Subject; i.e., gender, full name, address, telephone number, email address, profession, place and date of birth, nationality, personal contact telephone number, address, Federal Taxpayer Registry Number (RFC), and income; and
Positions, responsibilities, or appointments held by the Data Subject within the organizational structure of the client.
The Personal Data of individuals who provide their data through our website or electronic means, which will be subject to processing under this Notice, are as follows:
General data of the Data Subject; i.e., full name, telephone number, email address, country, marital status, profession; and
Curriculum vitae of the Data Subject; which, in addition to the general data mentioned above, will include education, professional experience, and positions held.
The Personal Data of attendees to events organized by Sintec, which will be subject to processing under this Notice, are as follows:
Gender, full name, telephone number, email address, profession, personal contact telephone number, workplace, position held in one or more companies, and professional opinions.
Additionally, individuals visiting Sintec’s facilities will be video recorded, and the processing of their image, as well as the rest of their Personal Data, will be subject to the provisions of this Notice.
Sintec does not collect sensitive personal data from the Data Subject. However, if such data is collected, the express and written consent of the Data Subject will be obtained for its processing.
Sintec uses cookies and does not use web beacons on its website; these cookies do not individually identify visitors to Sintec’s website.
Personal Data will be used by Sintec for specific purposes (the “Purposes”).
In the case of Personal Data of our service providers, Sintec will process it for the following Purposes:
1. Establish communication between the Data Subject and Sintec regarding the provision of services offered by the Data Subject to Sintec, as well as to prepare service proposals and, in the event that the Data Subject provides a service to Sintec, for projects that may arise;
2. Generate projects and/or final versions of communications and legal documents such as contracts and agreements, including the possibility that such Personal Data, as well as the referred legal documents, be sent to one or more notaries, third parties, authorities, and/or legal firms;
3. Prepare invoices, remittances, or any other accounting or tax information that Sintec is legally obligated to comply with;
4. Analyze the data to identify potential opportunities for the Data Subject to provide professional services to Sintec, using such data in the recruitment process and, if applicable, in the selection of their service; and
5. Locate the Data Subject in the event of an extraordinary situation, whether professional, such as an invitation to an event, or personal, such as an emergency.
6. Send emails to individuals who collaborate, are employees, directors, partners, or interns at Sintec to recognize personal achievements, holidays, career milestones, promotions, start of employment, end of employment, granted leaves, and vacations.
In the case of Personal Data of our clients, Sintec will process it for the following Purposes:
1. Establish communication between the Data Subject and Sintec regarding the provision of Sintec’s services, as well as to prepare service proposals for specific projects;
2. Generate projects and/or final versions of communications and legal documents such as contracts and agreements, including the possibility that such Personal Data, as well as the referred legal documents, be shared with one or more notaries, authorities, and/or legal firms; and
3. Prepare invoices, remittances, or any other accounting or tax information that Sintec is legally obligated to comply with.
In the case of Personal Data of individuals who provide their data through our website or electronic means, Sintec will process it for the following Purposes:
1. Establish communication between the Data Subject and Sintec in the event that the Data Subject sends a request for clarification regarding Sintec’s services; and
2. Analyze the data to identify potential opportunities for the Data Subject to provide professional services to Sintec, using such data in the recruitment process and, if applicable, in the selection of their service.
In the case of Personal Data of attendees to events organized by Sintec, for the following Purposes:
1. Establish communication between the Data Subject and Sintec to inform about Sintec’s services and to gather the Data Subject’s professional opinion on various matters.
In the case of video surveillance in Sintec’s facilities, it will be conducted for the purpose of providing security to the Data Subject and Sintec’s personnel.
1. The submission of Personal Data to Sintec by the Data Subject using any of the means mentioned above in this Notice implies acceptance and authorization of the manner in which Sintec processes such Personal Data, which will be used for the Purposes established above, as necessary or convenient in the provision of services performed by Sintec from time to time, in relation to the Data Subject, as well as in relation to the matter of reference that gave rise to the existing communication between Sintec and the Data Subject, and vice versa.
The Purposes outlined in this Notice are necessary for the existence and maintenance of a legal relationship between Sintec and the Data Subject of the Personal Data, so the Data Subject’s refusal to the processing of their Personal Data in accordance with the aforementioned Purposes would make it impossible to establish a legal relationship between the Data Subject and Sintec.
In the event that the Data Subject does not agree to their Personal Data being used in accordance with any of the Purposes established in the preceding paragraphs, including the possibility of transferring Personal Data to the third parties mentioned, the Data Subject must contact Sintec to express their position by email at derechosarco@sintec.com, submitting a request as set forth later in this Notice and specifying which Purposes they refuse to allow their Personal Data to be used for by Sintec, thereby subjecting themselves to the consequences generated by such refusal to the processing of their Personal Data as set forth in the immediately preceding paragraph.
Sintec’s obligations are as follows:
1. Limit the processing of Personal Data to the purposes outlined in this Notice;
2. Maintain strict confidentiality regarding Personal Data and not transfer it to any person outside Sintec, except in cases authorized by the Law or by the Data Subject;
3. Establish and maintain the administrative, technical, and physical security measures necessary to protect Personal Data against damage, loss, alteration, destruction, or unauthorized use, access, or processing;
4. Inform third parties to whom Personal Data is transferred, in applicable cases, of this Notice and the Purposes to which the Data Subject has subjected the processing of Personal Data; and
5. Immediately inform of any security breach that occurs during the processing of Personal Data so that those who have provided it to Sintec can take the corresponding measures to defend their rights.
The Data Subject of Personal Data enjoys the ARCO rights (Access, Rectification, Cancellation, and Opposition) provided for in Chapter IV of the Law, as well as the right to revoke consent and the right to limit the use or disclosure of Personal Data. To exercise any of these rights, the Data Subject must submit a request to Sintec with the following information:
– Their name and address or another means for Sintec to communicate its response;
– Documents proving their identity or, if applicable, the legal representation of the person making the request on their behalf;
– A clear and precise description of the Personal Data regarding which they seek to exercise any of the aforementioned rights and its scope; and
– Any other element or document that facilitates the location of their Personal Data.
If the request is for rectification of Personal Data, in addition to the information indicated in the previous paragraph, the modifications to be made must be specified, and documentation supporting the request must be provided. If the request is for opposition to the processing of Personal Data for a specific Purpose that is not necessary for the existence of a legal relationship between Sintec and the Data Subject, the Data Subject must request Sintec, at the email address mentioned above, to be added to an exclusion list.
In the case of a request for revocation of consent, in addition to the requirements already indicated in this Notice, the Data Subject must include in their request a description of the reasons that give rise to the request for revocation of consent, specifying whether they desire a partial or total revocation of the processing of Personal Data.
The request, submitted in the terms described above, will be addressed by Sintec and must be sent by email to derechosarco@sintec.com, or in writing to Sintec’s address indicated in the second paragraph of this Notice.
Sintec will have a maximum period of twenty business days, counted from the date it receives the request, to communicate the decision made, so that, if appropriate, it is implemented within the fifteen days following the date on which the response is communicated.
The terms of this Notice may change at any time, so Sintec reserves the right to modify it when it deems necessary. Modifications to this Notice will be published on Sintec’s website, sintec.com, so it is the responsibility of the Data Subject to stay informed about any changes.
Any complaint by a Data Subject regarding Sintec’s non-compliance with the Law may be filed by submitting the corresponding complaint to the National Institute of Transparency, Access to Information, and Protection of Personal Data; for more information, visit www.inai.org.mx.
1. PURPOSE
In accordance with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), Sistemas Interactivos de Consultoría S.A.P.I. de C.V. (Sintec), located in San Pedro Garza García, Nuevo León, as the responsible party for the processing of personal data of others, adopts through this document the policies and procedures to guarantee the right of individuals to know, access, and rectify the information that has been recorded about them in databases and/or files.
2. SCOPE
This Policy applies to all personal information of clients, prospects, contractors, suppliers, employees, or any other individual who, for any reason, provides information to Sintec.
3. VALIDITY AND UPDATES
This personal data processing policy will be effective as of its publication and for as long as Sintec carries out the activities related to its corporate purpose.
Sintec may update this policy at any time, whether to address new legislative, regulatory, or jurisprudential developments, internal policies, or for any other reason or circumstance. Such updates will be promptly communicated and made known through written documents, publication on the website, verbal communication, or any other technology. For this reason, it is recommended that the data subject regularly review this policy to ensure they have read the most current version.
4. DEFINITIONS
In accordance with the current legislation on the matter, the following definitions are established, which will be applied and implemented following interpretation criteria that guarantee a systematic and comprehensive application, in line with technological advancements, technological neutrality, and other principles and postulates governing the fundamental rights surrounding the right to habeas data and personal data protection.
Authorization: Prior, express, and informed consent of the data subject to carry out the processing of personal data.
Database: An organized set of personal data that is subject to processing.
Personal Data: Any information linked or that can be associated with one or more identified or identifiable natural persons.
Data Processor: A natural or legal person, public or private, who, by themselves or in association with others, processes personal data on behalf of the data controller.
Data Controller: A natural or legal person, public or private, who, by themselves or in association with others, decides on the database and/or the processing of the data.
Data Subject: A natural person whose personal data is subject to processing.
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.
5. FORMULATION OF THE POLICY
5.1 PURPOSE OF PERSONAL DATA
Sintec has a set of information databases that it has been using for purposes related to its corporate purpose, obtained through requests for quotes and/or bids, and other commercial, professional, or technical processes carried out by employees, suppliers, or contractors of our company.
The data that Sintec uses for regular communication with third parties includes identification data, such as names and surnames, position, profession, or occupation. Additionally, Sintec uses company contact data: phone numbers (office and mobile), email, position, company name and identification, number of employees, technological platforms, address, photograph, and basic contact information of individuals within companies, such as names, positions, phone numbers, and extensions, in addition to any other data required for legal purposes, whether for clients, employees, suppliers, contractors, or others. Sintec uses the data provided throughout the course of its relationships with third parties, such as the storage of documents that may or may not contain signatures and personal information of these individuals when they are natural persons, or of partners, employees, contractors, or dependents in the case of legal entities.
The collection of personal data and its automated processing aim to facilitate the management, administration, improvement, and expansion of various services, the management or follow-up of incidents, as well as the sending of communications, and any other purpose that Sintec may require in the exercise of its corporate purpose. Thus, personal data is used exclusively by the administrative, financial, and technical areas for the following purposes:
Creation, preservation, and use of documents legally required by accounting standards, management systems, and labor legislation, among others.
Adaptation and provision of our products and/or services.
Sending communications.
Management of requests, complaints, and claims.
Sending emails to individuals who collaborate, are employees, directors, partners, or interns at Sintec to recognize personal achievements, holidays, career milestones, promotions, start of employment, end of employment, granted leaves, and vacations.
5.2 EXERCISE OF THE DATA SUBJECT’S RIGHTS TO ACCESS, RECTIFICATION, CANCELLATION, AND OPPOSITION
The data subject may exercise their right to access, rectify, cancel, or oppose the personal data they have provided to Sintec by submitting a communication through the following means:
Email: derechosarco@sintec.com
Avenida Ricardo Margáin #565, Torre A, 6th Floor, Col. Santa Engracia, C.P. 66267, San Pedro Garza García, Nuevo León.
Phone: 81 1001 8570
The request or right exercised by the data subject must contain the information established in Article 29 of the LFPDPPP:
The name of the data subject and address or another means to communicate the response to their request;
Documents proving their identity or, if applicable, the legal representation of the data subject;
A clear and precise description of the personal data regarding which they seek to exercise any of the aforementioned rights; and
Any other element or document that facilitates the location of the personal data. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, or misleading data, or data whose processing is expressly prohibited or has not been authorized by the data subject.
The data subject may request a copy of the data that Sintec holds about them. Likewise, Sintec will update, rectify, or delete the data when they are inaccurate, incomplete, or no longer necessary or relevant for the initial purpose.
The data subject may consult their personal data free of charge once per calendar month and whenever there are substantial modifications to Sintec’s data processing policies.
In compliance with the above, the following procedure is established:
Processing of Access to Personal Data
Data subjects or their successors may consult the personal information of the data subject that is stored in any Sintec database. The company will provide them with all the information contained in the individual record or that is linked to the identification of the data subject. The request must be submitted in writing to the area indicated in section 5.2, provided that the requester is the data subject.
The request will be addressed within fifteen (15) business days from the date of receipt. When it is not possible to address the request within this period, the interested party will be informed of the reasons for the delay and the date on which their request will be addressed, which in no case may exceed five (5) business days following the expiration of the initial term.
Processing of Rectifications and Oppositions
Data subjects or their successors who consider that the information contained in a Sintec database should be corrected, updated, or deleted may file a claim with the People Strategy Coordination of the company, which will be processed under the following rules:
The claim must be submitted through a request containing the information previously outlined in Article 29 of the LFPDPPP.
Once the complete claim is received, it will be processed within a term not exceeding fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within this period, the interested party will be informed of the reasons why Sintec has not been able to complete the process and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the initial term.
Deletion of Information
Data subjects may at any time request Sintec, as the data controller, to delete their personal data and/or cancel the authorization granted for the processing of such data. Sintec, as the data controller, will maintain a record of the receipt of requests for data deletion or revocation of authorization, including the date of receipt. The maximum term for addressing the deletion and/or cancellation of data will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the request within this period, the interested party will be informed of the reasons why Sintec has not been able to complete the process and the date on which their request will be addressed, which in no case may exceed eight (8) business days following the expiration of the initial term.
5.3 DUTIES AS DATA PROCESSOR
Sintec is directly responsible for the processing and custody of the Personal Data collected and stored; however, it reserves the right to delegate such processing to a third party, for which it will require the processor to implement appropriate policies and procedures for the protection of personal data and the strict confidentiality of such data, in accordance with the provisions of Articles 14 and 21 of the LFPDPPP.
5.4 SENSITIVE DATA
For the purposes of the LFPDPPP and this personal data processing policy, sensitive data is understood as data related to the privacy of the data subject, such as data revealing racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights organizations, or those promoting the interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data. Sintec reiterates its apolitical nature, as well as the fact that it is an entity without exclusive religious or ethnic orientations. However, the data subject is not obligated to provide sensitive data, and therefore, any request for such data will require express authorization.
5.5 PERSONAL DATA OF MINORS
The personal data of children and adolescents stored in Sintec’s databases and necessary for the provision of the company’s services will be used solely and exclusively for registration and statistical purposes. Sintec ensures their protection in accordance with the Political Constitution and the LFPDPPP. In any case, any use of the data of minors registered in Sintec’s databases or requested must be expressly authorized by the legal representative of the child or adolescent, after the minor has exercised their right to be heard, an opinion that will be valued considering the maturity, autonomy, and ability to understand the matter. Likewise, Sintec will facilitate the legal representatives of minors the possibility of exercising the rights of access, cancellation, rectification, and opposition to the data of their dependents.
5.6 THIRD PARTIES
Databases or files will not be provided to third parties, except with the express authorization of the data subject or in cases provided for by law. Sintec has entered into confidentiality agreements with all involved parties to ensure the protection of the data.
5.7 SECURITY MEASURES ADOPTED IN RELATION TO THE PROCESSING OF PERSONAL DATA
Sintec informs the data subjects that it has adopted the necessary technical, human, and administrative measures to guarantee the security and confidentiality of the data and to prevent its alteration, loss, consultation, use, or unauthorized access. The personal data that the data subject provides to Sintec will be managed confidentially, with the due constitutional, legal, and other applicable guarantees for the protection of personal data.
The information will be incorporated into the various databases managed by Sintec, whose responsibility and management lie with the company.
Sintec has security and access protocols for its information systems. Access to the different databases is restricted even for our employees and collaborators. Our staff is committed to the confidentiality and proper handling of the databases, adhering to the information processing policies established by the Law. The system where the databases are stored is physically protected in a secure location. Only authorized personnel can access it and, therefore, the personal data of the involved parties under a protected system.
Therefore, Sintec will provide guarantees and assume obligations or responsibilities for the loss or theft of information from its computer system only when, due to negligence or fraud, an unauthorized third party accesses the information, and will diligently and prudently ensure the security of the information in digital or physical form.
5.8 ACCEPTANCE OF THIS POLICY
The data subject declares that they have read and accept this Personal Data Processing Policy of Sintec. Considering that there is a recurring relationship between the data subjects and Sintec, and that the company has explicitly requested its clients, prospects, collaborators, suppliers, and contractors for authorizations to continue processing previously collected personal data, in accordance with the provisions of Article 19 of the LFPDPPP; Sintec will continue using the stored data necessary to offer its products and/or services, as long as the data subject does not contact the Responsible Party to request the deletion of their personal data under the legal terms, without prejudice to the right of the data subject to exercise their rights at any time and request the deletion of the data.
5.9 CONTACT WITH THE RESPONSIBLE PARTY
For any information related to this Data Protection Policy, you may contact or send a communication to Sintec.
Email: derechosarco@sintec.com or cecilia.vargas@sintec.com
Avenida Ricardo Margáin #565, Torre A, 6th Floor, Col. Santa Engracia, C.P. 66267, San Pedro Garza García, Nuevo León.
Phone: 81 1001 8570
This policy is effective as of its publication on the company’s official platform and the Sintec website.
6. DATA TRANSFER
In the event that Sintec intends to transfer personal data to national or foreign third parties, it will notify the data subjects through the privacy notice and the purposes to which the data subject has subjected their processing, in accordance with Articles 36 and 37 of the LFPDPPP.
7. DISSEMINATION OF THE POLICY
The Information Processing Policy will be published and disseminated on the company’s website, as well as through the internal network, platforms, onboarding, reboarding, and training sessions.
The policy will be delivered to each employee, as well as to new staff, and will become part of the employment contract. Likewise, Sintec collaborators are recommended to continue informing themselves periodically about the personal data processing policies, as well as the privacy notice for updates or modifications that Sintec may require.
Any complaint by a data subject regarding Sintec’s non-compliance with the Law may be filed by submitting the corresponding complaint to the National Institute of Transparency, Access to Information, and Protection of Personal Data; for more information, visit www.inai.org.mx.