- Purpose, Objective and Scope
1.1. Purpose The following document details the necessary security features that must be taken into account for the proper management of cookie information.
1.2. Scope This policy includes the proper use of the information that is downloaded by the user client from the Protexa web portals. This document includes statements about: • Types of Cookies. • Cookies authorized for use on Protexa’s websites. • Administration of Cookies.
1.3. objective Establish rules and criteria that must be applied for the proper use of information, as well as the management and maintenance where information is stored and retrieved about the browsing habits of a user or their team and improve the service offered.
- Document reference
3.1. IT team
Adopt responsibility for the security practices established in this Guide for the administration of cookies. • Validate infrastructure requirements for application support.
3.2. Business process owners
Determine business and infrastructure requirements for applications.
3.3. Application Owners •
Implementation and support of commercial applications.
3.4. IT Infrastructure and Cybersecurity Manager
3.5. Employees / staff •
All Protexa personnel are responsible for the correct use of the information. • Use only previously identified or approved software and versions for use, and when an approved solution does not meet requirements, work with IT to identify an acceptable solution
3.6. Service Providers
• Comply with and periodically verify compliance with this Policy.
- Description of the Policy
4.1. Cookies Management Policy
- The types of cookies are: to. According to the entity, which manages the domain from which the cookies are sent and treats the data obtained, two types can be distinguished: own cookies and third-party cookies. b. Depending on the period of time, they remain stored in the client’s browser, and may be session cookies or persistent cookies. c. Depending on the purpose, for which the data obtained is processed: technical cookies, personalization cookies, analysis cookies, advertising cookies and behavioral advertising cookies.
- Special exceptions can be made to this Policy for Web portals where the administration of cookies is not required to improve the user or customer experience. Exceptions are handled on a case-by-case basis by the IT Infrastructure and Cybersecurity Manager or his / her designee and documented.
- All business critical functions must be compatible with standard business applications.
- Open source applications are not allowed in Protexa.
4.2. Cookies log
- In all cases, the IT Infrastructure and Cybersecurity department is required to have an up-to-date list of the software used to manage cookies, which is why the permitted ones on Protexa’s web portals are detailed below. .
- The software must be registered in the name of Protexa and the department in which it will be used.
- The IT team maintains a record of all Protexa software and will maintain a library of software cookies. The record must contain: o The title and the publisher of the cookie. o The date and source of the acquisition of the cookie. o The location of each facility, website, URL. o The existence and location of backup copies. o Details and duration of support arrangements for software updates. o Owner of the cookie. o Owner of the business process. o Benefits that the cookie provides for the business.
4.3. Cookie requirement 1. At the time of the acquisition of cookies, the foundations of future support and the expected useful life of the product will be established. It can be important to be confident that manufacturers will provide updates to correct any serious security vulnerabilities that are discovered in the future. 2. Access and storage controls must be taken into account for the adequate custody of the information.
4.4. Acceptance of Cookies 3. Protexa shows information about its Cookies Administration Policy and asks for the consent of its use. Given this information, it is possible to carry out the following actions: to. Accept cookies. This notice will not be displayed again when accessing any page of the portal during this session. b. Close. The notice is hidden on this page. c. Modify your settings. Modify your browser settings.
4.5. Cookie standardization
- On the Protexa web portals there are 5 types of cookies authorized for their administration.
B. SwitchConcepts – Works with Google Analytics and LeadLander to serve ads. They keep track of which pages a user visits and monitor which countries they come from. Cookies are used in these processes. Both methods of data collection are of a non-personal nature. The data they collect is anonymous. More information in your privacy and cookies policy.
E. Chatbot: 4.6. Maintenance and Elimination of Browser Cookies 1. Clients who visit Protexa’s web portals have the functionality of restricting, blocking or deleting Protexa’s cookies or any other web page, using their browser. In each browser the operation is different, the ‘Help’ function will show you how to do it. to. Internet explorer b. FireFox c. Chrome d. Safari In addition, you can also manage the cookie store in your browser through tools such as the following: and. Ghostery F. Cookies Manager
5.1. Disciplinary actions Non-compliance with policies can potentially lead to operational and security incidents that can destroy the integrity of Protexa’s IT systems and resources, damage company operations and reputation, or adversely affect company productivity. The prevention of such incidents is essential for the safety of the organization and of all people. Protexa personnel who do not comply with this Guide may be subject to disciplinary measures, up to and including termination of employment.
5.2. Exceptions All exceptions to security policies and controls must be formally documented and evaluated by the Security Risk Committee and approved by the Protexa CIO.
5.3. Definitions Description of Terms Cookies: Cookies are files that can be downloaded to the computer through web pages. They are tools that have an essential role for the provision of numerous services of the information society. Authorized Software: Software that is operated under the terms and conditions of the license duly acquired and in accordance with the purposes and objectives of Protexa. License: The right to use the software granted by the licensor to the licensee under the terms of the agreement. Open Source Software – Copyrighted software that meets the definition of open source (OSD), distributed with its source code in a readable format, developed openly and collaboratively by groups of developers. http://www.opensource.org/docs/osd
5.4. Audit and Control The audits should be planned and arranged with the parties involved to minimize the disruption of the IT operation at Protexa’s facilities. 5.5. Validity This document is valid from the date of approval and / or publication of the document on the Protexa ISMS portal. The owner of this document is the IT Security Manager, who must verify and, if necessary, update the document at least once a year.
DEMONSTRATION OF GENERALS
BASED ON THE PROVISIONS OF ARTICLE 16 LAST PARAGRAPH, ARTICLE 17, SECTION II OF THE FEDERAL LAW FOR THE PROTECTION OF PERSONAL DATA HELD BY INDIVIDUALS, ITS REGULATIONS AND GUIDELINES PUBLISHED ON JANUARY 17TH, 2013, WE INFORM YOU THAT THE COMPANY (THE “RESPONSIBLE PARTY”), RESIDING AT: AV. PERIFÉRICA S/N COL. LOMAS DE HOLCHE ENTRE 33 Y 33-A ZIP CODE 24167, CIUDAD DEL CARMEN, CAMPECHE, WILL PROCESS THE FOLLOWING PERSONAL DATA AND SENSITIVE PERSONAL DATA (IF REQUIRED) THAT IS COLLECTED FROM YOU UNDER THE TERMS OF THIS PRIVACY NOTICE.
The protection of your personal data is very important to Grupo Protexa, which is why this PRIVACY NOTICE, prepared in compliance with the FEDERAL LAW FOR THE PROTECTION OF PERSONAL DATA IN POSSESSION OF INDIVIDUALS, is intended to inform you of the type of personal data we collect from you, how we use, manage and benefit from it, and with whom we share it.
WHAT PERSONAL DATA DO WE COLLECT FROM YOU?
As a client or Service Provider of any of our products or Services, we may ask you for personal information, which varies from case to case, relating to:
– Your name, address, date of birth
– Your email and phone number
– Your property data such as bank accounts, loans, movable and immovable property, assets, liabilities, among others
– Official receipts that prove your identity and the information you declare, as well as registration as a taxpayer in the Tax Administration Service (SAT) or the Unique Population Registry Code (CURP).
SENSITIVE PERSONAL DATA
The data controller will treat the following data as sensitive: marital status, health status, disabilities, type of disability, medical studies and treatments, injuries or accidents, consumption of controlled or illegal substances, religious, philosophical, and moral beliefs, height, weight, size, diseases or illnesses, membership in a social or sports club, membership in a union or political party, as well as participation in judicial, labor, administrative, or any other type of processes or problems.
PERSONAL DATA PROTECTION AGENT
Our Personal Data Protection Agent is the person within THE COMPANY who, in compliance with the provisions of Article 30 of the Federal Law on Protection of Personal Data Held by Private Parties, has been designated to perform the following functions:
Attend requests related to the exercise of the right to access, rectification, cancellation, or opposition to the processing of personal data (ARCO) made by customers, suppliers, and active and inactive employees, as well as any other natural person from whom personal data have been collected in accordance with the purposes set forth in this privacy notice.
Be informed of consent revocations for the processing of Personal Data and take appropriate measures to address them.
Promote and monitor the protection of Personal Data in possession of the Personal Data Protection Agent.
Attend and process the refusals to process Personal Data presented by its owners.
You or the company you belong to or represent may contact the Personal Data Protection Agent at the following email address: [email protected]
WHAT DO WE USE YOUR PERSONAL DATA FOR?
THE COMPANY collects and uses your personal data for the following purposes:
– To confirm your identity
– To understand and attend to your commercial needs
To provide security and legal certainty to the facts and acts that it celebrates, as a Service Provider, Client, Contractor, Subcontractor, Supplier, making or subscribing Contracts, Agreements, Leases, Purchase Sale, Commodates, Purchase Orders, Service Orders, Assignments of Rights, payments, matching of Documents, Minutes Circumstantiated, Settlements, among others.
– To elaborate Master Contracts or Service Agreements
– To provide advice on our services and/or products
– To comply with applicable legal requirements
– To verify the information you provide
WHO DO WE SHARE YOUR PERSONAL DATA WITH AND TO WHAT END?
Your personal data are only processed by personnel assigned to THE COMPANY in order to prepare the legal and commercial instruments that you request or require from THE COMPANY, therefore, your personal data are not transferred to any third party outside of it, except for the fulfillment of legal or contractual obligations, before clients of THE COMPANY, the competent authorities such as tax authorities, as well as judicial authorities, only in case of official requirement, prior notice to you as a client and/or Service Provider.
HOW CAN YOU LIMIT THE USE OR DISCLOSURE OF YOUR PERSONAL DATA?
You may limit the use and disclosure of your personal data through the following means that we have implemented:
– By submitting your request in person at our address directed to the Personal Data Protection Agent
– By sending an e-mail to the following address: [email protected]
– By calling toll free at 800 00 77 711
YOUR RIGHTS – HOW CAN YOU ACCESS, RECTIFY, CANCEL, OR OPPOSE THE PROCESSING OR TRANSFER OF YOUR PERSONAL DATA?
The exercise of the rights of access, rectification, cancellation, and opposition or revocation of consent, may be made by submitting a written request to our address directed to the Personal Data Protection Agent or via email to [email protected] by calling 800 00 77 711, with the understanding that, once embodied in a legal or commercial instrument, you may not exercise any of these rights, and may only do so with respect to those that are retained in the database.
We inform you that you may revoke your consent in relation to the processing of your Personal Data for secondary purposes, within five business days after having knowledge of the latter. In the case of revocations not related to secondary purposes, you may revoke your consent at any time, provided that there is no legal impediment to do so.
For the revocation of consent for the processing of your personal data in any case, you must clearly inform the reasons for your refusal of processing and whether it is a total or partial revocation (which in your case must be broken down) to the Personal Data Protection Agent by email to the address [email protected], accompanying such request with, at least, the following information:
a) Your full name, address, and e-mail address so that we can communicate the response to the request
b) A copy of the documents that prove your identity (copy of INE, passport, or any other official identification), or if applicable, the documents that prove your legal representation, the original of which must be submitted in order to receive the response from the responsible party;
The Personal Data Protection Agent will respond to your Request for Revocation of Consent to the email from which the request was sent, giving reasons for its response, within a maximum period of 20 working days from the day on which your request was received, as well as the actions taken to give attention and compliance with the Revocation.
HOW CAN YOU FIND OUT ABOUT CHANGES TO THIS PRIVACY NOTICE?
This privacy notice may undergo modifications, changes, or updates, so we promise to keep you informed of said situations through any of the following means:
– Notification to your email
– In the first communication we have with you after the change
PERSONAL DATA TRANSFER
We may share your Personal Data with companies of the same group as subsidiaries, branches, affiliates, controlled or controlling of THE COMPANY, with domicile in Mexico or abroad, as well as with third parties, whether these companies specialize in recruitment and selection of personnel or others. By virtue of the foregoing, such persons may not use the information provided by THE COMPANY in a manner different from that set forth in this Privacy Notice.
These transfers of Personal Data will be conducted with all the appropriate security measures in accordance with the principles contained in the Federal Law of Protection of Personal Data in Possession of Private Parties and its Regulations and Guidelines of the Privacy Notice (stated below and collectively “Legislation”).
I consent to the processing of my sensitive personal data and personal financial or property data for the purposes necessary for the legal relationship with the data controller.
The Personal Data of Customers, Suppliers, and/or any third party may be transferred to third parties without the consent of the owner in the following cases:
a) To comply with the legal provisions in force;
b) In compliance with a court order or warrant; and,
c) Whenever it is necessary for the operation and functioning of THE COMPANY, and in general, for any of the cases indicated in Article 37 of the “LAW”.
In case of transfer of Personal Data, this will always be carried out through legal figures and instruments that provide the level of protection and under the appropriate security measures for such transfer, specifying to whom it is sent and for what reason.
HOW TO CONTACT US?
If you have any questions about this privacy notice, you may direct them to:
– The e-mail address [email protected]
– The phone number 800 00 77 711
We also make copies of this privacy notice available to you at our address.