Legal

Privacy Notice

American Society of Mexico A.C.

In compliance with the Federal Law for the Protection of Personal Data Held by Private Parties (hereinafter the “Law”), its Regulations (hereinafter the “Regulations”), and the Privacy Notice Guidelines issued by the Ministry of Economy (hereinafter the “Guidelines”), we make available the present Privacy Notice of American Society of Mexico A.C. (hereinafter the “Data Controller”), the purpose of which is to inform the holders of personal data (hereinafter the “holder”), prior to their processing, of the purposes for which they are collected and the treatment that will be given to such personal data.

When reading this Privacy Notice, please take into account the following definitions:

  • Personal data: Any information concerning an identified or identifiable natural person.
  • Sensitive personal data: Personal data that affect the most intimate sphere of their holder, or whose improper use could give rise to discrimination or entail a serious risk for them. In particular, those that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical, and moral beliefs, union affiliation, political opinions, or sexual preference are considered sensitive.
  • Transfer: Any communication of data made to a person other than the holder, the data controller, or the data processor.
  • Processing: The collection, use, disclosure, or storage of personal data by any means. Use includes any action of access, handling, exploitation, transfer, or disposition of personal data.
  • Cookies: A data file stored on the hard drive of a computer or on any data storage system of a user's electronic communications device when browsing a specific website, which allows the exchange of status information between such site and the browser, computer, or device of the user. The status information may reveal, among other elements, means of session identification, authentication, or user preferences, as well as any data stored by the browser, computer, or device regarding the website.
  • Web beacons: Visible image or hidden file inserted within a website or email, which is or is not downloaded to the user's or holder's computer or electronic communications device, used to monitor the user's or holder's behavior in these media. Through these, one may obtain information such as the source IP address, browser used, operating system, time of access to the page, and in the case of email, the association of the above data with the recipient, among other information associated with the holder or the use they make of the computer or electronic communications device.
  • Data Processor: Natural or legal person who, alone or jointly with others, processes personal data on behalf of the Data Controller.

Thus, by virtue of the provisions of Article 16 of the Law and others related in the Regulations and the Guidelines, holders are hereby informed of the following:

I. Identity and address of the Data Controller

The Data Controller is a civil association whose purpose is to provide a better relationship between Mexico and the United States, through the voluntary financial contributions made by our sponsoring members and third parties.

For the purposes of this Privacy Notice, American Society of Mexico A.C. is the party responsible for the use and handling of your personal data, with its address located at Río Elba 25, 1-F, Col: Cuauhtémoc, Alc: Cuauhtémoc, CP: 06500.

II. Purposes of data processing and data transfer

The personal data collected by the Data Controller will be used solely and exclusively for the purposes for which they were provided and will be registered in its database.

The primary purposes, understood as those that gave rise to and are necessary for the legal relationship between the Data Controller and the holder, are:

  • To identify and maintain contact with potential donors, potential beneficiaries, donors, and beneficiaries.
  • To register the holder as a beneficiary in the calls organized by the Data Controller, including those carried out jointly with another organization.
  • To evaluate the holder's profile as a participant in the calls referred to in the previous point.
  • To send holders information related to the scholarship and award programs in which they are involved.
  • Opening the holder's file as a beneficiary or donor of the Data Controller.
  • To deregister the holder as a beneficiary or donor of the Data Controller.
  • To register the holder in the application and database of the Data Controller for sending communications.
  • To make automatic charges to donors' bank cards.
  • To carry out administrative control and follow-up of the Data Controller's programs.
  • To issue electronic tax receipts (CFDI) in favor of suppliers and donors.
  • To request electronic tax receipts (CFDI).
  • To enter into collaboration agreements and contracts with third parties, including the Data Controller's suppliers.
  • To request quotes from suppliers for the provision of services in favor of the Data Controller.
  • For informational purposes, to send notices, communications, and/or any relevant information related to the services contracted by the Data Controller.
  • To make payments for services contracted with the Data Controller's suppliers.
  • To prepare meeting minutes.
  • To prepare administrative records in the development of the Data Controller's activities.
  • To store personal data through hosting technologies in order to generate a history of donors and beneficiaries.
  • To comply with the obligations required by competent authorities, including requests for information in compliance with the Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin.
  • Video surveillance, for security reasons.

Additionally, the holders' personal data will be used for the following secondary purposes:

  • Sending various publications, communications, and notices of interest related to the activities carried out by the Data Controller, which may or may not include photographs of beneficiaries of the Data Controller's programs.
  • Conducting satisfaction evaluations of the Data Controller's activities.
  • Providing information to interested parties and beneficiaries about the activities carried out by the Data Controller.
  • Preparing annual reports of the Data Controller's activities.
  • Conducting analyses, evaluations, and performance reports of the various projects.
  • Conducting fundraising advertising campaigns.
  • Reporting on events organized by the Data Controller for fundraising purposes.
  • Personalizing and improving the Data Controller's activities.
  • Providing information about the benefits the Data Controller grants to its donors and beneficiaries.
  • Providing information about activities, events, and news organized and/or carried out by the Data Controller.

The personal data you provide us may be compiled and stored in one or more databases for the fulfillment of the purposes of this notice.

If the holder does not wish their personal data to be processed for the secondary purposes indicated, they may deny their consent from this moment on by sending an email to eventos@amsoc.mx and/or diana.perez@amsoc.mx specifying the secondary purpose(s) for which they do not wish us to use their personal data.

III. Categories of personal data collected

The personal data the Data Controller may collect are the following:

  • Identification and contact data, including full name, address, contact email address (corporate or personal), nationality, image and voice records, official identification data, reference person data, federal taxpayer registry (RFC), and academic records.
  • Sensitive personal data, including data related to the socioeconomic level of the holders, financial data, and billing data.

IV. Personal data of minors

If the holder of the personal data is a minor, their parents or guardians shall grant express consent for the processing of personal data under the terms of this notice.

V. Means for obtaining personal data

Holders are informed that their data will be obtained through one of the following modalities:

  • In person: When holders attend events or the offices of the Data Controller where they are asked to fill out physical forms, or when holders enter into a collaboration agreement with the Data Controller.
  • Directly: When holders provide personal data through emails, social networks, or on the Data Controller's website and/or electronic forms.
  • Indirectly: When the data is available in any other source of commercial information or is permitted by Law. When the data is obtained through this modality, the Data Controller will not be required to notify changes made to this notice.

VI. Exceptions to consent for processing personal data

In accordance with Article 10 and other related provisions of the Law and its Regulations, the holder is informed that there is an exception to the obligation to obtain consent for the processing of personal data in the following cases:

  • i) When its collection is provided for by law.
  • ii) The personal data is found in publicly accessible sources.
  • iii) The personal data is subject to a prior dissociation procedure.
  • iv) When the collection of personal data is for the purpose of fulfilling obligations arising from a legal relationship between the holder and the Data Controller.
  • v) There is an emergency situation that could potentially harm an individual in their person or property.
  • vi) It is essential for medical care, prevention, diagnosis, the provision of healthcare assistance, medical treatments, or the management of health services, while the holder is not in a position to give consent, in accordance with the General Health Law and other applicable legal provisions, and such data processing is carried out by a person bound by professional secrecy or equivalent obligation.
  • vii) A resolution by a competent authority is issued.

VII. Transfer of data

American Society of Mexico A.C. shall have the character of Data Processor, and may process the personal data of the holders on behalf of the Data Controller.

Thus, the personal data of the holders may be transferred to American Society of Mexico A.C., specifically they may be transferred to the following areas:

  • The legal area of American Society of Mexico A.C., in order to process personal data for the preparation of agreements and contracts, filling out forms for donation requests, reviewing patents and trademarks of the Data Controller, reviewing meeting minutes, keeping the legal books, among others.
  • The marketing area of American Society of Mexico A.C., to process personal data for the organization, dissemination, and promotion of events of the Data Controller's activities.
  • The IT area of American Society of Mexico A.C., to process personal data for the generation of information emails about activities and events of the Data Controller, preparation of tax receipts, and automatic charges to bank cards.
  • Payment processors for membership fees and/or donations.
  • Database administrators and email mailing service companies.
  • Auditors, attorneys, and external consultants contracted by the Data Controller.
  • Companies with which a services contract has been entered into, for the purpose of carrying out the Data Controller's activities.
  • Persons employed by companies with which a services contract has been entered into, for the purpose of carrying out the Data Controller's activities.
  • Employees of the Data Controller, for the purpose of carrying out the Data Controller's activities.
  • In case of prior notification and consent of the holder.

Likewise, the personal data of the holders may be transferred to natural or legal persons with whom the Data Controller has entered into collaboration agreements, for the purpose of developing the Data Controller's activities.

VIII. Exceptions to consent for the transfer of personal data

In accordance with Article 37 and other related provisions of the Law and its Regulations, the holder is informed that there is an exception to the obligation to obtain consent for the transfer of data in the following cases:

  • When the transfer is provided for by a Law or Treaty to which Mexico is a party.
  • When the transfer is necessary for prevention or medical diagnosis, the provision of healthcare assistance, medical treatment, or the management of health services.
  • When the transfer is made to controlling, subsidiary, or affiliated companies under the common control of the Data Controller, or to a parent company or any company of the same group of the Data Controller operating under the same processes and internal policies.
  • When the transfer is necessary by virtue of a contract entered into or to be entered into in the interest of the holder, by the Data Controller and a third party.
  • When the transfer is necessary or legally required for the safeguarding of a public interest, or for the prosecution or administration of justice.
  • When the transfer is required for the recognition, exercise, or defense of a right in a judicial process.
  • When the transfer is required for the maintenance or fulfillment of a legal relationship between the Data Controller and the holder.

IX. Means to limit the use or disclosure of personal data

To revoke the consent granted to the Data Controller by holders or to limit the disclosure of the personal data provided, a request must be submitted via email to: eventos@amsoc.mx and/or diana.perez@amsoc.mx.

X. Duration

The duration of the processing of the personal data provided by holders will be for the time necessary to fulfill the aforementioned purposes, starting from the date on which they are provided.

XI. Modifications to the Privacy Notice

In the event that any modification is made to this Privacy Notice, the Data Controller undertakes to inform the holder of such modification, by any means, whether printed, electronic, including the Data Controller's website, SMS message, or by any other optical means.

In such case, the holder may express, via email to: eventos@amsoc.mx and/or diana.perez@amsoc.mx, what is in their right and, failing to make any statement, or expressly refusing, the modifications to the Privacy Notice will be deemed consented.

XII. Requests to exercise ARCO rights

In accordance with Articles 28, 29, 30, 31, 32, and other related provisions of the Law and its corresponding Regulations, the holder shall have the right to exercise the rights of access, rectification, cancellation, or opposition regarding their personal data.

The details of the person in charge of responding to requests for the exercise of the rights of American Society of Mexico A.C. are the following:

  • Area in charge of attending requests: Administrative Management
  • Address: Río Elba 25, 1-F, Cuauhtémoc, Cuauhtémoc, 06500
  • Email: eventos@amsoc.mx and/or perez@amsoc.mx

To exercise the rights of American Society of Mexico A.C., the holder must send a request to the email of the area in charge of attending such requests, indicating the following information and including the following documentation:

  • Name of the holder and position in the company where they work.
  • Address of the holder.
  • Telephone of the holder.
  • Documents that prove their identity.
  • Clear and precise description of the data to which they wish to access, or to rectify, cancel, or oppose the use or disclosure.

The means by which the holder will be informed of the response or determination adopted regarding the respective requests will be by email, within a period of ten business days, counted from the date on which the request for access, rectification, cancellation, or opposition was received.

If the request is deemed admissible, the measures adopted will be implemented within the fifteen business days following the date on which the corresponding determination was communicated.

For requests for access to personal data, delivery shall proceed upon prior verification of the identity of the applicant or legal representative, as appropriate.

The aforementioned periods may be extended once for an equal period, provided the circumstances of the case justify it, subject to the criteria of the Data Controller or the person in charge of responding to requests for the exercise of the rights of American Society of Mexico A.C.

The Data Controller has the authority to request, and the holder has the obligation to update, their personal data in accordance with other legal provisions issued on the prevention and detection of acts or operations carried out with resources of illicit origin.

In case of doubts or clarifications, holders should contact the Data Controller by telephone or email.

XIII. Cookies and web beacons

In order to improve the experience of holders, manage contracts entered into, the use of this application, and ensure compliance with the obligations contracted by the holder, the Data Controller may use such text files of information for the purpose of improving the understanding of the holders' interaction with the site and the services provided. The use of “cookies” does not identify users; only the behavior carried out through their devices and/or computer equipment.

For their part, like “cookies,” “web beacons” are intended to improve the user experience on the website, which is used to monitor user behavior in these media, as well as to manage contracts entered into, the use of this application, and to achieve compliance with the obligations contracted by the holder. Through these, the holder may obtain information such as the source IP address, browser used, operating system, time of access to the page, and in the case of email, the association of the above data with the recipient.

Users of the website of the Data Controller have the possibility of modifying their preferences in their devices, computer equipment, and/or browsers to refuse the use of cookies and/or web beacons, or to grant their consent for the use of such tools.

XIV. Security measures

The Data Controller will adopt the corresponding security measures for the protection of the holders' personal data against unauthorized processing.

If the personal data is breached, the Data Controller undertakes to inform the holder as soon as possible through any of the known means of contact.

XV. Acceptance and acknowledgment

The holder acknowledges having read this Privacy Notice and understands that the processing of their personal data is necessary to establish and maintain the relationship with the Data Controller. Therefore, they authorize the processing, use, and transfer in accordance with the provisions of this Privacy Notice, during the period of the relationship in favor of the holder, and, subsequently, in accordance with the laws applicable in the matter, taking into account that such processing is necessary for the continuity of the Data Controller's activities.

Last updated: August 2023.