Privacy Notice

American Society of Mexico A.C.

In compliance with the Federal Law on the Protection of Personal Data Held by Private Parties (hereinafter the “Law”), its Regulations (hereinafter the “Regulations”), and the Privacy Notice Guidelines issued by the Ministry of Economy (hereinafter the “Guidelines”), this Privacy Notice of the American Society of Mexico A.C. (hereinafter the “Data Controller”) is made available to you.  The purpose of this notice is to inform the owners of personal data (hereinafter the “Data Subject”), prior to the processing of their data, of the purposes for which such data is collected and the manner in which it will be processed.

When reading this Privacy Notice, please consider the following definitions:

  • Personal Data: Any information concerning an identified or identifiable natural person.
  • Sensitive Personal Data: Personal data that affects the most intimate sphere of its Data Subject or whose improper use may give rise to discrimination or entail a serious risk to the individual.  Sensitive data particularly include those that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical, or moral beliefs, union membership, political opinions, or sexual preferences.
  • Transfer: Any communication of data made to a person other than the Data Subject, the Data Controller, or the data processor.
  • Processing: The collection, use, disclosure, or storage of personal data by any means. Use includes any action of access, handling, utilization, transfer, or disposition of personal data.
  • Cookies: A data file stored on the hard drive of a computer or in any data storage system of a user’s electronic communications device while browsing a specific website. Cookies enable the exchange of session data between the website and the user’s browser, computer, or device. Session data may reveal, among other elements or data, session identifiers, authentication details, user preferences, or any information stored by the browser, computer, or device regarding the website.
  • Web Beacons: A visible image or hidden file embedded within a website or email that may or may not be downloaded onto a user’s computer or electronic communications device. These are used to monitor the behavior of the user or Data Subject on these platforms. Through these, information such as the originating IP address, browser used, operating system, the time the page was accessed, and, in the case of email, the association of the aforementioned data with the recipient, among other information associated with the Data Subject or their use of the computer or electronic communications device, may be obtained.
  • Processor: A natural or legal person who, alone or jointly with others, processes personal data on behalf of the Data Controller.

Pursuant to the provisions of Article 16 of the Law, as well as related Regulations and Guidelines, the following information is provided to the Data Subjects:

  • IDENTITY AND ADDRESS OF THE DATA CONTROLLER

The Data Controller is a nonprofit organization (asociación civil) aimed at fostering better relations between Mexico and the United States through voluntary financial contributions made by our sponsor members and third parties.

For the purposes of this Privacy Notice, American Society of Mexico A.C. is responsible for the use and management of your personal data, with its address located at Río Elba 25, 1-F, Col: Cuauhtémoc, Alc: Cuauhtémoc, CP: 06500.

  • PURPOSES OF DATA PROCESSING AND DATA TRANSFER

The personal data collected by the Data Controller will be used solely and exclusively for the purposes for which they were provided and will be recorded in the Data Controller’s database.

The primary purposes, understood as those that originated and are necessary for the legal relationship between the Data Controller and the Data Subject, are:

  1. Identifying and maintaining contact with potential donors, potential beneficiaries, donors, and beneficiaries.
  2. Registering the Data Subject as a beneficiary in the calls for applications organized by the Data Controller, including those conducted jointly with other organizations.
  • Evaluating the Data Subject’s profile as a participant in the aforementioned calls for applications.
  1. Sending information to Data Subjects regarding scholarship and award programs in which they are involved.
  2. Opening a file for the Data Subject as a beneficiary or donor of the Data Controller.
  3. Removing the registration of the Data Subject as a beneficiary or donor of the Data Controller.
  • Registering the Data Subject in the Data Controller’s application and database for sending communications.
  • Processing automated payments from donors’ bank cards.
  1. Managing administrative control and tracking of the Data Controller’s programs.
  2. Issuing electronic tax receipts (CFDI) for suppliers and donors.
  3. Requesting electronic tax receipts (CFDI).
  • Entering into collaboration agreements and contracts with third parties, including suppliers of the Data Controller.
  • Requesting quotes from providers for the provision of services for the Data Controller.
  • Providing informational communications, notices, and/or any relevant information related to the services contracted by the Data Controller.
  1. Making payments for services contracted by the Data Controller’s providers.
  • Preparing meeting minutes.
  • Preparing administrative records in the development of the Data Controller’s activities.
  • Storing personal data through hosting technologies to create a history of donors and beneficiaries.
  • Complying with obligations required by competent authorities, including information requests under the Federal Law for the Prevention and Identification of Transactions with Illicit Funds.
  1. Video surveillance for security purposes.

Additionally, the personal data of the Data Subjects will be used for the following secondary purposes:

  1. Sending various publications, communications, and notices of interest related to the activities carried out by the Data Controller, which may or may not include photographs of the beneficiaries of the Data Controller’s programs.
  2. Conducting satisfaction evaluations regarding the Data Controller’s activities.
  • Providing information to interested parties and beneficiaries about the activities carried out by the Data Controller.
  1. Preparing annual reports on the Data Controller’s activities.
  2. Conducting analyses, evaluations, and reports on the performance of various projects.
  3. Organizing fundraising advertising campaigns.
  • Informing about events organized by the Data Controller for the purpose of raising funds.
  • Personalizing and improving the Data Controller’s activities.
  1. Providing information about the benefits offered by the Data Controller to its donors and beneficiaries.
  2. Sharing information about activities, events, and updates organized and/or carried out by the Data Controller.

The personal data you provide may be compiled and stored in one or more databases to fulfill the purposes outlined in this notice.

If the Data Subject does not wish for their personal data to be processed for the specified secondary purposes, they may deny their consent at any time by sending an email toeventos@amsoc.mx and/or diana.perez@amsoc.mx specifying the secondary purpose(s) for which they do not wish their personal data to be used.

  • CATEGORIES OF PERSONAL DATA COLLECTED

The personal data that the Data Controller may collect includes the following:

  1. Identification and contact data, including full name, address, email address (corporate or personal), nationality, image and voice recordings, official identification details, reference contacts, taxpayer registration numbers, and academic records.
  2. Sensitive personal data, including information related to the socioeconomic status of the Data Subjects, financial information, and billing details.
  • PERSONAL DATA OF MINORS

If the Data Subject is a minor, their parents or guardians must provide explicit consent for the processing of personal data under the terms of this notice.

  • MEANS OF OBTAINING PERSONAL DATA

Data Subjects are informed that their data will be obtained through one of the following methods:

  1. In Person: When Data Subjects attend events or visit the Data Controller’s offices where they are requested to complete physical forms, or when they enter into a collaboration agreement with the Data Controller.
  2. Directly:  When Data Subjects provide personal data via email, social media platforms, or the Data Controller’s website and/or electronic forms.
  3. Indirectly: When data is available through other commercial information sources or permitted by law. When data is obtained through this method, the Data Controller is not bound to notify any changes made to this notice.
  • EXCEPTIONS TO CONSENT FOR PERSONAL DATA PROCESSING

In accordance with Article 10 and related provisions of the Law and its Regulations, the Data Subject is informed that there are exceptions to the obligation to obtain consent for the processing of personal data in the following cases:

  1. (i) When obtaining such consent is provided for by law.
  2. (ii) Personal data is available in public sources.

(iii) Personal data is subjected to a prior dissociation procedure.

  1. (iv) When the collection of personal data is necessary to fulfill obligations arising from a legal relationship between the Data Subject and the Data Controller.
  2. (v) There is an emergency that may potentially harm an individual or their property.
  3. (vi) The data is essential for medical attention, prevention, diagnosis, the provision of healthcare, medical treatments, or the management of healthcare services, while the Data Subject is unable to provide consent, in accordance with the General Health Law and other applicable legal provisions, and provided that such data processing is carried out by a person subject to professional secrecy or an equivalent obligation.
  4. (vii) A resolution is issued by a competent authority.
  • TRANSFER OF DATA

American Society of Mexico A.C. will act as the Data Processor and may process the personal data of the Data Subjects on behalf of the Data Controller.

Accordingly, the personal data of the Data Subjects may be transferred to American Society of MexicoA.C., specifically to the following areas:

  1. To the legal department of American Society of Mexico A.C., for the purpose of processing personal data for drafting agreements and contracts, completing forms for donation requests, reviewing the trademarks and patents of the Data Controller, reviewing meeting minutes, maintaining legal books, among other tasks.
  2. To the marketing department of American Society of Mexico A.C., for the purpose of processing personal data for organizing, promoting, and publicizing events related to the activities of the Data Controller.
  • To the systems department of American Society of Mexico A.C., for the purpose of processing personal data to generate informational emails about the activities and events of the Data Controller, prepare tax receipts, and process automated charges to bank cards.
  1. Payment processors for membership fees and/or donor contributions.
  2. Database administrators and email distribution companies (“mailing”).
  3. Auditors, attorneys, and external consultants hired by the Data Controller.
  • Companies with which a service provision contract has been executed, for the purpose of supporting the activities of the Data Controller.
  • Individuals employed by companies with which a service provision contract has been executed, for the purpose of supporting the activities of the Data Controller.
  1. Employees of the Data Controller, for the purpose of supporting the activities of the Data Controller.
  2. In cases where prior notification and consent from the Data Subject is obtained.

Additionally, the personal data of the Data Subjects may be transferred to individuals or entities with which the Data Controller has entered into collaboration agreements, for the purpose of supporting the activities of the Data Controller.

  • EXCEPTIONS TO CONSENT FOR THE TRANSFER OF PERSONAL DATA

In accordance with Article 37 and related provisions of the Law and its Regulations, the Data Subject is informed that there are exceptions to the obligation to obtain consent for the transfer of personal data in the following cases:

  1. When the transfer is provided for by a law or treaty to which Mexico is a party.
  2. When the transfer is necessary for medical prevention or diagnosis, the provision of healthcare, medical treatment, or the management of healthcare services.
  • When the transfer is made to parent companies, subsidiaries, or affiliates under the common control of the Data Controller, or to a parent company or any company within the same group as the Data Controller that operates under the same internal processes and policies.
  1. When the transfer is necessary due to a contract entered into or to be entered into in the interest of the Data Subject, by the Data Controller and a third party.
  2. When the transfer is necessary or legally required to safeguard a public interest or for the procurement or administration of justice.
  3. When the transfer is necessary for the recognition, exercise, or defense of a right in a judicial process.
  • When the transfer is necessary for the maintenance or fulfillment of a legal relationship between the Data Controller and the Data Subject.
  • MEANS TO LIMIT THE USE OR DISCLOSURE OF PERSONAL DATA

To revoke the consent granted to the Data Controller by the Data Subjects or to limit the disclosure of the personal data provided, a request must be submitted via email to the following address:  eventos@amsoc.mx and/or diana.perez@amsoc.mx

  • DATA RETENTION PERIOD:

The personal data provided by the Data Subjects will be processed for the time necessary to fulfill the aforementioned purposes, starting from the date on which they are provided.

  • MODIFICATIONS TO THE PRIVACY NOTICE

In the event of any modification to this Privacy Notice, the Data Controller undertakes to inform the Data Subject of such modification by any means, whether printed, electronic, including the Data Controller’s website, SMS message, or any other optical means.

In such a case, the Data Subject may express their preferences via email to the following address: eventos@amsoc.mx and/or diana.perez@amsoc.mx. If no expression of preference or explicit objection is made, the modifications to the Privacy Notice will be deemed accepted.

  • REQUESTS TO EXERCISE ARCO RIGHTS

In accordance with Articles 28, 29, 30, 31, 32, and related provisions of the Law and its corresponding Regulations, the Data Subject has the right to exercise their rights of access, rectification, cancellation, or opposition regarding their personal data.

The contact details for the person responsible for responding to requests to exercise ARCO rights within American Society of Mexico A.C. are as follows:

  • Area Responsible for Handling Requests: Administrative Management
  • Address: Río Elba 25, 1-F, Cuauhtémoc, Cuauhtémoc, 06500
  • Email : eventos@amsoc.mx y/o perez@amsoc.mx

To exercise these rights with the American Society of Mexico A.C., the Data Subject must send a request to the email address of the department responsible for handling such requests, including the following information and attaching the necessary documents:

  • Name of the Data Subject and their position within the company where they work.
  • Address of the Data Subject.
  • Phone number of the Data Subject.
  • Documents proving their legal capacity.
  • A clear and precise description of the data they wish to access, rectify, cancel, or oppose its use or disclosure.

The response or determination regarding the respective requests will be communicated to the Data Subject via email within ten business days from the date the request for access, rectification, cancellation, or opposition was received.

If the request is deemed valid, the measures adopted will be implemented within fifteen business days following the date on which the corresponding determination was communicated.

In cases of requests for access to personal data, delivery will proceed only after verifying the identity of the applicant or their legal representative, as applicable.

The aforementioned deadlines may be extended once for an equal period, provided the circumstances of the case justify it, subject to the discretion of the Data Controller or the individual responsible for responding to the requests to exercise ARCO rights within the American Society of Mexico A.C.

The Data Controller has the authority to request, and the Data Subject is obliged to update their personal data in accordance with other legal provisions issued regarding the prevention and detection of acts or operations involving resources of illicit origin.

In case of questions or clarifications, Data Subjects must contact the Data Controller via telephone or email.

  • COOKIES AND WEB BEACONS.

To enhance the experience of Data Subjects, manage executed contracts, monitor the use of this application, and fulfill the obligations undertaken by the Data Subject, the Data Controller may utilize these informational text files to improve the understanding of interactions between the Data Subjects and the website, as well as the services provided. The use of cookies does not identify users but solely monitors behavior through their devices and/or computers.

Similarly, as with cookies, web beacons aim to improve the user experience on the website, monitor user behavior, manage executed contracts, and ensure compliance with the obligations undertaken by the Data Subject. Through these tools, information such as the originating IP address, browser used, operating system, access time to the website, and, in the case of email, the association of this data with the recipient, may be obtained.

Users of the Data Controller’s website have the ability to adjust their preferences on their devices, computers, and/or browsers to reject the use of cookies and/or web beacons or to provide their consent for the use of these tools.

  • SECURITY MEASURES

The Data Controller will adopt appropriate security measures to protect the personal data of the Data Subjects against unauthorized processing.

If personal data is breached, the Data Controller undertakes to inform the Data Subject at the earliest opportunity through any known contact methods.

  • ACCEPTANCE AND ACKNOWLEDGMENT

The Data Subject acknowledges having read this Privacy Notice and understands that the processing of their personal data is necessary to establish and maintain the relationship with the Data Controller. Accordingly, the Data Subject authorizes the processing, use, and transfer of their personal data as outlined in this Privacy Notice for the duration of their relationship with the Data Controller and, subsequently, in accordance with applicable laws, considering that such processing is necessary for the continuity of the Data Controller’s activities.

Last updated: August 2023.

Contact us

membership@amsoc.mx

Privacy Notice

Instagram Facebook LinkendIn