Privacy Policy

COMPREHENSIVE PRIVACY NOTICE

CLIENTS

WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

In accordance with the Federal Law on Protection of Personal Data Held by Private Parties (hereinafter referred to as the “LFPD”, for its initials in the Spanish language), and in accordance with applicable provisions, we inform you that EDUARDO ARROYO LÓPEZ (Hereinafter, the “Data Controller”) is responsible for collecting, using and protecting your personal data. Likewise, we inform you that our address for hearing and receiving notifications with regard to the treatment of your personal data is the following: Blvd. El Maguey Núm. Ext. 2306 Núm. Interior. Local 1, Colonia Benito Juárez, C.P. 36446, San Francisco Del Rincón, Guanajuato, México.

WHAT PERSONAL DATA DO WE COLLECT AND UTILIZE?

The Data Controller collects the following categories of personal data for the purposes described in this Notice:

  • Identifiable data,
  • Personal characteristics data,
  • Economic data.

The Data Controller does not directly collect the personal data of minors. Minors must abstain from providing personal data to us in any way.   The Data Controller only processes the personal data of minors given by their parents and/or tutors, in all cases with the consent of the latter, whenever the processing of such data is necessary for meeting the original purposes described in this Privacy Notice.

Parents and/or tutors may, at all times, exercise ARCO rights or revoke consent to processing the personal data of minors that was provided in order to enjoy the services and activities available in the facilities of the Data Controller.

DO WE PROCESS SENSITIVE PERSONAL DATA?

In certain cases, the Data Controller must collect personal data related to your health condition.

Identified sensitive personal data (health condition) will be processed in order to comply with the purposes set forth in this Privacy Notice and, in particular, to provide the services offered by the Data Controller, the nature of which requires that the adoption of specific means for ensuring the wellbeing and/or health of our guests.

You may refuse to provide sensitive personal data, and, in such case, the Data Controller may deny the specific service that requires processing such information.

The Data Controller may also process sensitive personal data related to your health condition, whenever these are provided by the owner for the provision of special services or assistance, as expressly required for your stay in our facilities.

Therefore, and whenever it may be strictly necessary, we will require your express written consent for processing said sensitive personal data through means that inform you regarding such treatment.

WHY DO WE PROCESS YOUR PERSONAL DATA?

  1. Primary and necessary purposes

 

  • Provide the expressly contracted products, in any of their modalities, direct acquisition in any of the facilities or on the Data Controller's own platforms.
  • To ensure the functionality and quality of the contracted products.
  • Manage the parcel delivery of the contracted products.
  • Provide assistance, deliver information and assist the client in contracting our products.
  • To allow and facilitate access to our online services.
  • To notify you of changes in our products or services.
  • For billing for the services and products provided, as well as their judicial or extrajudicial collection thereof.
  • To comply with applicable legislation on tax obligations or information on contracts or operations that must be reported to the competent authorities.
  • For statistics and historical record of customers.

 

  1. Additional purposes

 

  • To send communications regarding offers and services provided by the Data Controller.
  • To carry out satisfaction surveys.

Third party personal data (for example, data of relatives) provided to the Data Controller for complying with the identified purposes, must be provided after informing such parties of the existence and content of this Privacy Notice.

TO WHOM DO WE TRANSFER YOUR PERSONAL DATA?

The Data Controller may transfer your personal data to national and foreign third parties. The receivers and purposes of such transfers may be:

  1. Public Entities; federal, state, or municipal public administrations, regulating entities or other competent authorities; for complying with information obligations, as well as for complying with judicial or administrative requests issued by competent authorities.
  2. Service Providers; so that these may assist the Data Controller in providing the services related to your purchase.
  3. To companies providing parcel services, to send your purchase.
  4. Collecting Agencies, for collecting unpaid debts and the judicial or extrajudicial payment thereof.

HOW CAN YOU EXERCISE YOUR ARCO RIGHTS?

In all such legally valid cases, you may exercise your Access, Rectification, Cancellation and Opposition (ARCO) rights through the procedures we have implemented.

The corresponding request must comply with the requirements set forth in applicable law, through a written document sent to our Personal Data Department, to the address indicated in this Notice.

The request should contain and include the following:

  1. Your name, address and other means for communicating our response to your request.
  2. The documentation that confirms your identity or, if applicable, any legal representation.
  3. The clear and precise description of the ARCO Rights you wish to exercise, and
  4. Any other element or document that would allow locating personal data.

The Data Controller will communicate the decision taken within a maximum time period of twenty business days, counted as of the date in which we receive your request, if such request proves applicable, it will be valid within fifteen business days as of the date on which the Data Controller communicates a response. In case the information provided in your request proves erroneous or insufficient, or the request does not include the necessary documentation for confirming your identity or the corresponding legal representation, the Data Controller will require remedy of such deficiencies within five business days following receipt of your request. In such cases, you will have ten business days to remedy such deficiencies. The corresponding request will be null and void if you do not respond within said period.

Alternatively, you may direct your request to the address www.privacidad@pookhats.com complying with all previously indicated requests, setting the subject heading as “ARCO Rights and/or Revocation of consent”. The time periods of the procedure will be the same as those mentioned in this section. The use of electronic means for exercising ARCO rights authorizes the Data Controller to answer the corresponding request through the same means, unless the rights holder expressly and clearly indicates other means.

You may obtain the requested information and personal data through simple photocopies, digital documents in conventional formats (word, PDF, etc.) or through any other legitimate means that guarantees and confirms the valid exercise of the requested right.

You are responsible for updating your personal data in possession of the Data Controller. Therefore, you guarantee and are liable for the veracity, preciseness, validity and authenticity of the facilitated personal data, and agree to maintain such data duly updated, informing the Data Controller of any changes.

CAN YOU REVOKE CONSENT TO THE USE OF YOUR PERSONAL DATA?

You may revoke your consent for processing personal data, without any retroactive effects, in all cases in which said revocation does not imply the impossibility of complying with obligations derived from a current legal relationship between yourself and the Data Controller.

The procedure for revoking consent, if applicable, will be the same as the procedure established in the preceding section for the exercise of ARCO rights.

DO YOU WISH TO LIMIT THE USE OR DISCLOSURE OF YOUR PERSONAL DATA?

You may limit the use or disclosure of your personal data by sending the corresponding request to our Personal Data Department. The requirements for confirming your identity, as well as the procedure for processing your request will be the same as those set forth in the section titled “HOW CAN YOU EXERCISE YOUR ARCO RIGHTS?”.

The Data Controller has the means and procedures to ensure the inclusion of some of your personal data in proprietary exclusion lists, whenever you expressly request such inclusion in these. The Data Controller will grant registered holders the corresponding proof of registry.

USE OF COOKIES

The Data Controller utilizes cookies in order to facilitate navigation and communication through the website www.privacidad@pookhats.com If you navigate and/or send information through such site, the cookies used by the Data Controller allow compiling, analyzing and maintaining technical information related to your browsing habits and use of said communication channels through electronic means that allow collecting such information automatically at the moment the user makes use of our electronic services.

To obtain more detailed information regarding cookies and the way you can disable these in your browser and operating system, we recommend you visit www.allaboutcookies.org. If you disable cookies, it is possible you may not be able to use certain parts of the site www.pookhats.com

CAN THIS PRIVACY NOTICE BE MODIFIED? HOW DO I KNOW IF ANY MODIFICATIONS EXIST?

The Data Controller may modify, update, extend or, in any way, change the content and reach of this Privacy Notice, at any time and the sole discretion of the Data Controller. In such cases, we will publish such changes in the website www.privacidad@pookhats.com, in the section “Privacy Notice”. Changes to the Privacy Notice may also be communicated through email, whenever such means has been established as a communications channel between yourself and the Data Controller, during the term of a legal relationship.

DENIAL OF PROCESSING

 I do not wish to receive communications regarding offers or services provided by the Data Controller.

 I do not wish to participate in surveys by the Data Controller.

If you have access to this Comprehensive Privacy Notice through remote means or, wish to communicate your denial, at any moment after giving your personal data to the Data Controller, you may inform your decision through the means set forth for exercising your ARCO rights.

Last Update:

July 2022