This Privacy Notice aims to inform you about the processing of your personal data when they are collected, used, stored, transmitted, and/or transferred by our company. This is in compliance with the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties, published on July 5, 2010, in the Official Gazette of the Federation.
I. Responsible for the Processing of Personal Data.
In accordance with Article 15 of the Federal Law on the Protection of Personal Data Held by Private Parties, hereinafter “LFPDPPP,” we inform you that TOSKO, located at Laguna Términos 221, Torre A Oficina 703, Colonia Granada, CP 11520, Miguel Hidalgo, CDMX, is responsible for the processing and protection of the personal data freely provided by you, which will be processed in accordance with this privacy notice.
II. Personal Data.
According to the information required as the case may be, the data subject will provide the company with personal data such as: name, surname, date of birth, federal taxpayer registration, nationality, gender, marital status, address, postal code, telephone number, email, official identification number, among others; financial and property data such as: bank account, CLABE Interbancaria, card number.
These data are collected when you provide them to us directly or personally, either verbally, in writing, electronically, among others. The company is obliged to process sensitive personal data only when strictly necessary for the purposes indicated and under appropriate security measures, analyzing factors, updates, and risks to protect their confidentiality.
Personal data that the company receives indirectly from the data subject, obtained from public access sources, or provided by a person other than the data subject, may be processed for the purposes described in this Privacy Notice; however, these data are received on the premise that they are correct and were provided with the consent of the data subject.
III. Purposes of the Processing of Personal Data.
The company will collect your personal data freely provided by you, without disclosure or commercial use, and only for the optimal contractual or commercial relationship that may arise between the company and you, and will be limited according to the general accepted and specific conditions described in each case.
Personal data provided by you, except for sensitive personal data, may be used for contractual or business purposes in accordance with the existing legal relationship, as well as for the specific uses for which such data were provided and which are provided for in this Privacy Notice.
IV. Sensitive Personal Data.
The Responsible Party will process the following sensitive personal data: disabilities, type of disability, health status, medical studies, height, weight, size, diseases or conditions, medical treatments, injuries or accidents, union affiliation, participation in legal processes or issues, which will be treated with total and exclusive secrecy and confidentiality.
V. Options and Means to Limit the Use or Disclosure of Data.
The company has the necessary and sufficient security, administrative, technical, and physical measures to protect your personal data against damage, loss, alteration, destruction, unauthorized use, access, or processing.
Personal data are safeguarded in databases and computer equipment that have the necessary security to prevent information leaks. Physical and logical access controls, environmental controls, intrusion protection systems (IPS, Firewall), antivirus protection tools, and web filtering are some of the tools used to maintain the security of data in the company’s information systems.
Therefore, you are informed of the options you have to request the limitation of the use or disclosure of your personal data, subject to this Notice:
a) In writing, sent to the company the Treatment or limitation required for the Personal Data, at TOSKO’s address.
b) Email: contacto@tosko.com.mx
c) Telephone: 55 5416 1952
IV. Means to Exercise Rights of Access, Rectification, Cancellation, or Opposition, in accordance with the provisions of the LFPDPPP and its regulations.
You may exercise your Rights of Access, Rectification, Cancellation, and Opposition by directly contacting the company to learn about the Processing of Personal Data, by postal mail, email, and/or telephone. The request must contain and accompany what is established in Article 29 of the Federal Law on the Protection of Personal Data Held by Private Parties (in force at the time of submitting the request), such as:
I. The name and address of the data subject or other means to communicate the response to their request
II. The documents that prove their identity or, where appropriate, the legal representation of the data subject
III. A clear and precise description of the personal data with respect to which they seek to exercise any of the rights.
IV. Any other element or document that facilitates the location of personal data,
It will be considered as submitted only those ARCO Rights Requests whose Data Subject or their duly accredited representative meet the following:
The company, through a designated officer, will respond to your ARCO Request by email within a maximum period of 20 business days from the day your ARCO Request was received. In case the ARCO Request is answered affirmatively or favorably, the requested changes will be made within a maximum period of 20 business days. The periods referred to in this paragraph may be extended once for an equal period if necessary.
In the case of the right of Access, the request will be considered attended when the company makes the personal data available to the data subject on-site or through the issuance of simple copies or electronic documents that are sent to the email provided.
The company may deny the exercise of your ARCO Rights in the following cases:
The Denial may be partial, in which case the company will make the access, rectification, cancellation, or opposition in the part that is applicable in accordance with this section, as well as Article 29 of the Federal Law on the Protection of Personal Data Held by Private Parties.
Likewise, if you have provided Personal Data directly or personally to the company, without the latter having made this Privacy Notice known to you at the time of such transfer, and if you disagree with the purposes indicated, you will have 5 business days to express your refusal for the processing of your Personal Data or the purposes that are not necessary, nor that gave rise to the legal relationship.
The company will not be obligated to cancel personal data when it falls under any of the exceptions established by the Law, among others, the following: that it refers to the parties of a private contract and is necessary for its development and fulfillment; must be processed by legal provision; obstructs judicial, administrative, and/or labor actions that are necessary to protect the legally protected interests of the data subject; that is necessary to carry out an action in the public interest; is necessary to fulfill a legally acquired obligation by the data subject and/or the Responsible Party, as long as such processing is carried out by a professional subject to a duty of secrecy, such as health, law, recruitment professionals, among others.
VII. Transfers and Remissions of Data That Are Carried Out.
TOSKO commits to ensuring compliance with all legal protection principles regarding the transfer of your personal data to its subsidiaries or affiliates, as well as to third parties, national or foreign, for the purposes previously mentioned.
Consequently, in any case of Remission and/or Transfer of Personal Data, the Protected Data will be processed on behalf and for the account of the company to which they are provided, making the company the DATA PROCESSOR of the personal data provided by the company, under what the Law itself establishes, the entire content of the Privacy Notice, as well as the relationship between the data subject and the company derived from the legal and contractual relationship.
Furthermore, the remission of the Protected Data that the company may carry out to the DATA PROCESSOR will be solely and exclusively for the purpose of providing professional planning and optimization services, expressly prohibiting the DATA PROCESSOR from using the Protected Data received from the company for purposes other than those established in this instrument and processing the Data in accordance with it.
Accordingly, the DATA PROCESSOR will have the following obligations:
i. Process the Protected Data only according to the company’s instructions;
ii. Refrain from processing the Protected Data for purposes other than those instructed by the company;
iii. Implement security measures according to the Law, its Regulations, and other applicable provisions;
iv. Maintain strict confidentiality and secrecy regarding the Protected Data processed;
v. Delete the Protected Data subject to processing once the legal relationship with the company has been fulfilled and/or by its instructions, provided there is no legal provision requiring the conservation of the data, and
Refrain from transferring the Protected Data unless the company so determines, the communication results from a subcontracting (which will be conditioned to the company’s authorization and must be in accordance with the procedure and formats determined for this purpose), or when required by the competent authority.
National or international data transfers may be carried out without the consent of the data subject, among other cases established by the Law, provided that the transfer is made to parent, subsidiary, or affiliated companies under common control of TOSKO, or a parent company or any company operating under the same processes and internal policies; is necessary under a contract concluded or to be concluded in the interest of the data subject, by TOSKO, and a third party; and when the transfer is necessary for the maintenance or fulfillment of a legal relationship between TOSKO and the data subject.
VIII. Revocation of Consent to the Processing of Personal Data.
The data subject has the right to revoke their consent for the processing of their personal data at any time. To this end, a written request must be sent to the company in accordance with the mechanism established in section VI of this Privacy Notice.
IX. Changes to the Privacy Notice.
We reserve the right to make changes or updates to this Privacy Notice at any time. Such modifications or updates will be made to comply with the Federal Law on the Protection of Personal Data Held by Private Parties and in accordance with the operational, administrative, and technical needs of the company. These modifications will be made known to you through any of the following means: (I) visible notices at our establishments (notice board) or Service Modules; (II) or we will send them to the last email address you provided.
We will not be responsible if you do not receive the notification of changes to the Privacy Notice if there is a problem with your email account or data transmission over the internet.
Last Updated: May 23, 2024.