COMPREHENSIVE PRIVACY NOTICE IDENTITY AND ADDRESS OF THE DATA CONTROLLER
In accordance with the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties (the Law), PIZZAS Y PASTAS BASILICO, SA DE CV, at the following addresses:
· Basilico – Prolongación Avenida Hidalgo #5280 L. 28 Fracc. Lomas del Chairel CP 89360 Tampico, Tamaulipas.
· Gate 27 – Prolongación Avenida Hidalgo #5280 L. 27 Fracc. Lomas del Chairel CP 89360 Tampico, Tamaulipas.
· Basilico Altama – Ejército Mexicano 706 Local 3013 Altama City Center CP 89130, Tampico, Tamaulipas.
· Plaza City Center – Ave. Paseo Usumacinta corner of Blvd. Adolfo Ruiz Cortines, Units 9-12, Col. Atasta de Serra Centro, CP 86035 Villahermosa, Tabasco
· Plaza Ankor – Ave. Prol. 27 de Febrero 3303, Col. Tabasco 2000, Villahermosa, Tabasco, Mexico
As the CONTROLLER of your personal data, we inform you of the following.
PURPOSES OF DATA PROCESSING
The collection of your personal data by the CONTROLLER, even if derived from any legal relationship due to the acts carried out with you as the owner of this data, will be protected and processed for various purposes, which are established below:
• Billing
• Updating customer databases
• Payment to suppliers
• Recruitment, selection and hiring of personnel
• Comply with legal and tax obligations relating to personnel
Additionally, it is identified and distinguished that the following purposes could
to be considered different from those that originated from the legal relationship with the
title, but which we consider necessary to conclude our processes:
• Evaluate the quality of service
• Receiving and following up on customer complaints
· Advertising
• Evaluate the work environment
• Procedures requested by the employees themselves
In accordance with Article 14 of the Regulations of the Law, the data subject will have a period of 5 days to express their refusal, if applicable, to the processing of their personal data for purposes other than those necessary for and giving rise to the legal relationship between the data controller and the data subject. If the data subject does not express their refusal to the processing of their data in accordance with the foregoing, it will be understood that they have given their consent for such processing, unless proven otherwise. This can be done by following the procedure outlined in this same document in the section on
MEANS TO EXERCISE ARCO RIGHTS.
INFORMATION THAT IS COLLECTED
The categories of personal data of the data subjects that may be requested for the development of our processes and purposes established in this notice are:
• Identification and contact
• Assets and/or financial
· Labor
• Biometrics
· Of physical characteristics
IN THE CASE OF SENSITIVE, FINANCIAL OR ASSET-RELATED DATA
This type of data must be processed under the strictest security measures to guarantee its confidentiality, in accordance with this privacy notice and the law. In such cases, pursuant to Article 9 of the Law concerning sensitive personal data, the data subject must provide their express written consent through their handwritten signature, electronic signature, or any other authentication mechanism established for this purpose. In this particular case, the CONTROLLER has established that such consent must be given through the data subject's handwritten signature, which must be placed at the bottom of the following statement:
“I agree that my sensitive personal data may be used, solely for the purposes contained in the comprehensive privacy notice of PIZZAS Y PASTAS BASILICO, SA DE CV”
NAME AND SIGNATURE OF THE HOLDER:
In the case of financial and/or asset data, as established in Article 8 of the Law, consent must be express, for which it has been established that it will be through the handwritten signature of the holder at the bottom of the following legend:
“I agree that my financial and/or asset data may be used, solely for the purposes contained in the comprehensive privacy notice of PIZZAS Y PASTAS BASILICO, SA DE CV”
BUT
NAME AND SIGNATURE OF THE HOLDER:
DATA COLLECTED IN OUR RECRUITMENT AND SELECTION PROCESS
Regarding the recruitment, selection and hiring of personnel, when the job application is received and before personal data that is considered sensitive, financial and/or patrimonial is used, the holder must respond and sign the statement found on the back of the application.
If the holder does not sign, their job application cannot be processed and their data will not be received.
When a job application or resume is received via email, it should be verified that it does not contain sensitive or financial/asset information. If it does contain such information, the applicant must respond and sign the consent form before the personal data is used.
This statement will be placed on the back of the application and/or resume. If the applicant does not sign, their job application cannot be processed and their information will not be received.
The legend for both cases is as follows:
“I agree that my personal data (sensitive, financial and/or patrimonial) may be used, solely for the purpose of the recruitment, selection and hiring process.”
BUT
APPLICANT'S NAME AND SIGNATURE:
In the case of contracts through a third party, the data will be collected by said third party being directly responsible for its processing, the responsibility of “The responsible party” begins at the time of contracting.
PERSONAL DATA RETENTION PERIOD
In order to comply with the Law, once the data subject provides their personal data to the data controller, the controller will retain it through various means for the minimum time required to complete the service. However, some personal data forms part of the information that tax authorities may require in the fiscal years following the delivery of the completed work. In these cases, the information will be duly stored and backed up in accordance with the implemented physical and technological security measures, as detailed in the data controller's internal data protection procedure.
ADMINISTRATIVE, TECHNICAL AND PHYSICAL DATA SECURITY
Personal data held by the controller will be protected administratively, technically and physically as established in the internal data control procedure, in order to prevent loss, misuse, unauthorized access, publication, modification or even destruction.
For the aforementioned processing of personal data, all the principles set forth in Article 6 of the Law will be followed, which for better understanding we indicate below: Lawfulness, Quality, Consent, Information, Purpose, Loyalty, Proportionality and Responsibility.
Likewise, the internal data protection procedure and the "Access Control and Backups" section describe the security measures relating to:
• Security system for access to administrative offices
• Control of restricted access to computer systems through account profile configuration and password assignment
• Safeguarding the accounts and passwords used by the various users
• data backup policies
• Destruction of both paper and electronic files of staff who have been dismissed or are not hired
LIMITATION ON THE USE AND DISCLOSURE OF DATA
For the purpose of limiting the use or disclosure of your data, the “CONTROLLER” has established a Confidentiality Policy that is signed annually as evidence of the commitment to its compliance by each member of the staff involved in the provision of the service and therefore in the use of your data.
The "CONTROLLER" has delegated the responsibility for data protection within the company to an internal officer called the Data Protection Officer, whose function will be to support and monitor the measures taken within the company to ensure their implementation. In this case, this is the person holding the position of Comptroller. The Data Protection Officer can be contacted via the following email address: [email protected]
The personal data held by the “CONTROLLER” will be protected administratively through an internal personal data control procedure, technically through the activities carried out by the internal systems area and physically through security cameras and registration of staff access by fingerprint, all with the purpose of preventing the loss, misuse, unauthorized access to them, as well as their publication, modification or even destruction of the personal data that it collects.
The “CONTROLLER” may not use the personal data collected for any purpose other than those mentioned in this privacy notice. If, under any circumstances, this were to occur, the relevant changes must be made to the privacy notice before it is used, and it will be made available to the data subject again through the following address. https://www.grupobasilico.com
MEANS TO EXERCISE ARCO RIGHTS
In order for the data subject to exercise their ARCO rights (Access, Rectification, Cancellation and Opposition) as provided by law, or to revoke the consent previously granted for the use of their personal data, we have implemented a procedure that establishes certain requirements, formats and deadlines that the data subject can learn about by requesting this information through the following email: [email protected]
Through said email or the link “ARCO Rights” in the Privacy Notice section at the following address: https://www.grupobasilico.com The holder may request or send (respectively) the “ARCO rights request”
In order for your ARCO rights request to be admitted for analysis by us, it must contain and be accompanied by everything indicated in article 29 of the Law:
• Full name of the account holder
· Address of the holder
• Documents that prove the identity of the holder
• Clear and precise description of the personal data regarding which you seek to exercise your ARCO rights
· Use the application provided as indicated in the preceding paragraph
In accordance with the above, if the data subject requests access to the personal data provided to the company, this obligation will be fulfilled by making said data available to him or, if the data subject requires it, we will provide him, by the means he indicates, a simple copy of the same.
If, even after reviewing this Privacy Notice, the data subject determines that the purpose of processing their personal data is different from that agreed upon with the "CONTROLLER", they may notify the controller by sending an email to [email protected] their refusal to allow their personal data to continue being used.
DATA TRANSFER
Similarly, we inform you that your personal data may be transferred and processed within and outside the country by parties other than the "CONTROLLER," in accordance with the provisions of Chapter V, Articles 36 and 37 of the Law. In this regard, your information may be shared with third parties (depending on the purpose) for the following activities:
· To banking institutions for the payment of employee payroll
· To third parties indicated by the data subject to complement a procedure requested by him/herself
· To the relevant authorities, to comply with tax and legal obligations relating to contributions and social security of workers.
· To the relevant authorities, to address their requirements or to protect and defend the rights of the “RESPONSIBLE”.
Through the following statement, the data subject may indicate whether or not they accept the transfer of their data.
“I agree that my personal data, whether sensitive or not, as well as financial and/or patrimonial data, may be transferred to third parties, solely for the purposes described above.”
BUT
NAME AND SIGNATURE OF THE HOLDER:
The third-party recipient will assume the same obligations as the "CONTROLLER" who transferred the data.
We reiterate that the data subject may object to the transfer of their personal data and exercise their ARCO rights, for which they may send an email to [email protected] or access the link “ARCO Rights” in the Privacy Notice section of the following address https://www.grupobasilico.com
If you do not express your opposition to the transfer of your data to third parties, the "CONTROLLER" will understand that you have given your consent for it.
CHANGES TO THE PRIVACY NOTICE
The “CONTROLLER” reserves the right to make any modifications it deems pertinent to this Privacy Notice in order to adapt, update, improve, or comply with new legal provisions. Data subjects are advised to regularly review the content of this comprehensive Privacy Notice at the following address: https://www.grupobasilico.com in order to be aware of any changes it may undergo.
COOKIES
Eventually our pages https://www.grupobasilico.com and https://alt.grupobasilico.com,They may use cookies, which will be installed on the user's computer when they browse the site. Their purpose is to facilitate the user's navigation of the site.
Version 1 effective from January 1, 2018.
