NOTICE OF PRIVACY

DIGIPATH TECHNOLOGIES, S.A. DE C.V.

This document constitutes the Privacy Notice for all effects regarding the Federal Law for the Protection of Personal Data Possessed by Private Individuals (LFPDP, in Spanish) and provisions emanated from, or related to it. This Privacy Notice is applicable to all personal information regarding the Holder collected by DIGIPATH TECHNOLOGIES, S.A. de C.V, in its role as the Responsible party. This Privacy Notice has the following terms and conditions:

1.DEFINED TERMS. For all effects of this Privacy Notice, the following Terms will have the following meaning, acknowledging that, unless they are defined differently in this Privacy Notice, the terms used in this Privacy Notice and not defined therein, will have the meaning attributed to them by the LFPDP:

Personal Information: Any information regarding an identified or identifiable private individual

ARCO Rights: The Access, Rectification, Cancellation and Opposition rights held by the Responsible Party and/or his/her entrusted parties, in compliance with the provisions of the LFPDP, subject to the exceptions established therein and in this Privacy Notice, described below:


Access Right: The Holder's right to know about the Personal Information related to him/herself, in the possession of the Responsible Party or his/her entrusted parties, as well as those with whom this information has been shared, and to what purpose.

Rectification Right: Each Holder has a right for his/her Personal Information to be rectified in case of imprecision or mistakes.


Cancellation Right: Each Holder has a right to request, at any time, the suppression of his/her Personal Information, which will take place once the blockage period has elapsed. The blockage implies the identification and preservation of the Personal Information, once the purpose for which they were collected has been accomplished, and aims to determine all possible responsibilities regarding its treatment, until the term of legal or contractual expiry. During this term, his/her Personal Information will not be treated, and once it has elapsed, their cancelation in the corresponding database or archive will proceed. Once the corresponding data has been cancelled, the Responsible Party will provide the Holder with the corresponding notification. In case the Personal Information has been transmitted before the date of rectification or cancellation, and they remain under treatment by third parties, the Responsible Party will inform the third party of the rectification or cancellation request, for the third party to proceed to make it effective as well.

“Opposition Right” The Holder has, at all times, the right, as long as there is a legitimate cause justifying it, to request the Responsible Party to cease treating his/her Personal Information.

Responsible Party: This term refers to the physical person or legal entity that makes decisions over the treatment of the Holder's Personal Information, in this case, DIGIPATH TECHNOLOGIES, S.A. DE C.V.

Entrusted Party: The physical person or legal entity that, alone or along with others, treats the Personal Information on account of the Responsible Party.

Holder: The physical person that holds the Personal Information, or the person authorized to provide a third party with such Personal Information, according to all applicable laws, who delivers such Personal Information to the Responsible Party.

2.HOLDER CONSENT. For all effects regarding the provisions of the LFPDP, particularly Article 17, the Holder states (i) that he/she has been informed of this Privacy Notice by the Responsible Party, (ii) that he/she has read, understood and agreed with the terms exposed in this Privacy Notice, therefore granting his/her consent regarding the treatment of his/her Personal Information for the effects of the LFPDP and all other applicable laws. In case the collected Personal Information includes sensible or financial Personal Information, through the signature of the corresponding contract, in print, through electronic methods and their corresponding processes for the configuration of consent, for example, without limitation, through the provision of Personal Information through dialog boxes, or the visualization and on-screen display of the terms and conditions, actions executed will constitute the Holder's express consent in terms of the second paragraph of Article 8 of the LFPDP and other applicable laws, and (iii) that he/she grants consent for DIGIPATH TECHNOLOGIES or its Entrusted Parties to carry out transferences of his/her Personal Information to Local or Foreign Third Parties, acknowledging that the treatment these Third Parties will give his/her Personal Information must comply with the provisions of this Privacy Statement.

In case the Holder is not opposed to the Terms of this Privacy Notice within 30 days after he/she has been informed of it, he/she will be considered to agree with and consent to its contents, in terms of the third paragraph of Article 8 of the LFPDP. The Holder's consent may be revoked at any time by him/her without the attribution of retroactive rights, as per the terms and procedures established below to this end in this Privacy Notice.

Notwithstanding any provision of this Privacy Notice, the Holder acknowledges that his/he consent is not required for the treatment of any Personal Information by the Responsible Party or any third party in any of the cases mentioned in Article 10 of the LFPDP.

3. OBJECTIVE OF THE PRIVACY NOTICE; PURPOSE OF THE PERSONAL INFORMATION. This Privacy Notice has the objective of establishing the terms and conditions by virtue of which DIGIPATH TECHNOLOGIES S.A. DE C.V. (or the Entrusted Party designated by DIGIPATH TECHNOLOGIES, S.A. DE C.V..) (i) will receive and protect the Holder's Personal Information, in order to protect his/her privacy and right to informative self-determination, in compliance with the provisions of the LFPDP; (ii) will use the Holder's Personal Information, and (iii) will carry out all applicable Personal Information transmissions to third parties.

The Responsible Party will collect and treat the Holder's Personal Information, that is, all information that may reasonably identify him/her, through the reception of documents, be them in print and/or digital format. The following, without limitation, are examples of information that the Responsible Party may collect: name and surname; date of birth; personal or tax address and directions; personal or work email address; identification key in social networks; personal or work telephone number; cell phone number; credit or debit card number and bank account numbers; Taxpayer ID (RFC in Spanish); Citizen ID number (CURP in Spanish); Mexican Social Security Number; consumption and navigation preferences when using the provided telecommunications services, as well as any others of an analog nature. The collection of Personal Information may be performed when the Holder visits the Responsible Party's sales points or authorized dealers, when reaching the Responsible Party or its Entrusted Parties via telephone (including customer attention centers), or through its direct submission to the Responsible Party or through emails and/or short text messages (SMS), or through the use of its websites, by means of the direct submission of information through dialog boxes in the websites, or through the use of automatic information capture tools. These tools make it possible to collect information sent by the web browser to such websites, such as the type of browser used, user language, access times and the IP of websites used to access the Responsible Party's or its Entrusted Party's websites. The documentation that may be collected by DIGIPATH TECHNOLOGIES S.A. DE C.V. to verify the identity of the Personal Information Holder include Voter ID card; National Military Service ID; Taxpayer ID registration; CURP registration; proof of address - water service, property taxation or power service invoices; special credit reports issued by a Credit Information Association. 


The Responsible party may also collect Personal Information from public access sources and other available sources in the market to which the Holder may have given consent to share his/her Personal Information, or provided with anonymous demographic information related to a determined geographical area. The Holder's Personal Information is collected and treated by the Responsible Party or its Entrusted Parties aiming to allow the Holder to carry out the following activities with the Responsible Party:


Request, purchase change or return products and/or services, offered by DIGIPATH TECHNOLOGIES S.A. DE C.V., be them lent by this company or through third parties;

Request, hire, change or cancel services, offered by DIGIPATH TECHNOLOGIES S.A. DE C.V., be them lent by this company or through third parties;

Make online payments;

Request invoices or digital tax proofs;

Request quotations, information or free products and services samples;

Request the delivery, repair or compliance with product warranty;

Request the delivery of services or compliance with the service warranty;

Contact the Customer Attention Service;

Receive print or electronic publicity, including online marketing communications, or telemarketing regarding products and services;

Create personal profiles;

Participate in polls;

Use the different services of all corresponding websites, including downloading contents and forms;

Notify the Responsible Party of problems in its websites;

Participate in chats and/or online discussion forums regarding the products and services;

Participate in polls, trivia, contests, raffles, games and draws;

Share his/her comments or suggestions for products and services;

Process payments, and

Any other activity of a nature similar to those described in the previously referenced sections.

Likewise, the Responsible Party may use Personal Information, directly or through its Entrusted Parties, for the following purposes:

Conduct studies on the demographic data, interests and behavior of its customers, consumers, suppliers and any third parties with which it has relations;

Execute market and consumption studies in order to acquire and offer personalized products and services, as well as publicity and contents that are suitable for the needs of its customers, consumers, suppliers and other third parties with which it has relations;

Generate internal statistics that indicate the services and products that are best appreciated by the different segments of customers, consumers, suppliers and other users of the telecommunications services provided by the Responsible Party;

Formalize the transactional process with its customers, consumers, suppliers and other third parties with which it has relations;

Manage the request, assessment and supplier designation processes, and that of other third parties with which it has relations;

If applicable, verify the Holder's credit and/or payment capability, which can be performed through credit information associations, in terms of the Credit Information Associations Law;

Verify the commercial transactions carried out by the Holder with the Responsible Party;

Keep a record of the operations and information reviewed on the different sections of the telecommunications services provided by the Responsible Party, collected through automatic data capture tools;

Send the Holder notifications regarding offers, advertisements and/or promotional messages, which will be sent unless the Holder expressly manifests his/her will to cease to receive such messages. Occasionally, these messages may contain information on the Responsible Party's suppliers or other third parties

DIGIPATH TECHNOLOGIES S.A. DE C.V. needs to share your Personal Information with providers of management system and database management services; automated treatment of Personal Information and its storage; cloud services; authentication and validation of email; staff hiring; audit services, and other services of a nature similar to those described.

Collection of data when navigating the sites and web pages of DIGIPATH TECHNOLOGIES S.A. DE C.V: within the automated data capture tools used by DIGIPATH TECHNOLOGIES, S.A. DE C.V. in its sites and web pages, are cookies, Web beacons, and links in email messages.

Use of Cookies.- The correct functioning of the DIGIPATH TECHNOLOGIES S.A. DE C.V. websites and those of its suppliers requires the enabling of “cookies” in your web browser. "Cookies" are small data files transferred by the website to the hard drive of your computer when you navigate the site. Cookies may last during a single session or be permanent. Session cookies will not remain in your computer after you close your web browser session, while permanent cookies remain in the computer until they are deleted or expire. In most web browsers, cookies are automatically accepted by virtue of their preset configuration. You may adjust your browser preferences to accept or reject cookies. Deactivating cookies may disable different functions of the DIGIPATH TECHNOLOGIES S.A. DE C.V. websites or prevent them from displaying correctly. In case you prefer to eliminate the information of the cookies sent by DIGIPATH TECHNOLOGIES S.A. DE C.V., you may delete the file(s) at the end of each web browser session. Relevant information may be consulted on the websites of the main Internet browsers.

Use of Web beacons (also known as internet tags, pixel tags and clear GIFs).- DIGIPATH TECHNOLOGIES S.A. DE C.V. may use web beacons in its websites and email messages with HTML format, alone or in combination with cookies, to compile information on the use of websites and their interactions with email. The Web beacon is an electronic image, known as single pixel (1×1), or a GIF that can recognize the information processed in your computer, as is the case with cookies, and the time and date in which the website and its sections are viewed.

Links on email messages by DIGIPATH TECHNOLOGIES S.A. DE C.V. The emails that include links allow DIGIPATH TECHNOLOGIES S.A. DE C.V. to know if you activated these links and visited the destination website, and this information may be included in your profile. In case you prefer DIGIPATH TECHNOLOGIES S.A. DE C.V. not to collect information on your interaction with these links, you may choose to modify the format of DIGIPATH TECHNOLOGIES S.A. DE C.V. communications (for example, the message may be received in text format rather than in HTML format) or you may ignore the link without accessing its contents. DIGIPATH TECHNOLOGIES S.A. DE C.V. emails may include several links, designed to direct users to the relevant sections of websites, by redirecting them through the DIGIPATH TECHNOLOGIES S.A. DE C.V. servers. The re-direction system allows DIGIPATH TECHNOLOGIES S.A. DE C.V. to modify the URL of these links if necessary. They also allow DIGIPATH TECHNOLOGIES S.A. DE C.V. to determine the efficacy of its online marketing campaigns. The Personal Information obtained by DIGIPATH TECHNOLOGIES S.A. DE C.V. from its commercial sources may be used along the Personal Information collected through its websites. For example, DIGIPATH TECHNOLOGIES S.A. DE C.V. may compare dissociated geographical information, acquired from commercial sources with the IP collected by the automated data capture tools, in order to provide information or promotions relevant to your geographic area.
Protection of minors: DIGIPATH TECHNOLOGIES S.A. DE C.V. encourages parents and/or tutors to play an active role in their children's online activities. In case DIGIPATH TECHNOLOGIES S.A. DE C.V. considers that the Personal Information has been submitted by a minor, breaching this Privacy Notice, DIGIPATH TECHNOLOGIES S.A. DE C.V. will proceed to eliminate this Personal Information as soon as possible. If you notice that this Personal Information has been submitted by a person under age 18, please send an email to: montse@digipath.com.mx

4. DATA TRANSFERS. Having read, understood and agreed with the terms presented in this Privacy Notice, the Holder manifests his/her consent for the Responsible Party or any Entrusted Party to carry out Personal Information transfers to national or foreign third parties, acknowledging that the treatment of Personal Information by these third parties must comply with the provisions of this Privacy Notice.

For the effects of the provisions of this Section 4, but subjected to the provisions of its last paragraph, the Responsible Party informs the Holder that, aiming to deliver products, services and solutions to its customers, consumers, employees, suppliers and other service users, the Responsible Party and/or its Entrusted Parties have entered or will enter different commercial agreements with service and product suppliers, in national territory and abroad, for the provision, among other services, of: telecommunications and email; database administration and management; automated treatment of Personal Information and its storage; customer service call center; email authentication and validation; telemarketing; credit card terminals; electronic invoicing; commercialization; product transportation and installation; payroll and social security benefit management; staff hiring; audit services and others of a similar nature. The Holder's authorization, granted as prescribed by Section 4, enables the Responsible Party and/or its Entrusted Parties to transmit the Holder's Personal Information to such suppliers, acknowledging that these suppliers are obliged, by virtue of the corresponding contract, to keep the confidentiality of the Personal Information submitted by the Responsible Party and/or its Entrusted Parties, and to comply with this Privacy Notice. The Responsible Party and/or its Entrusted Parties may transfer the Personal Information collected from the Holder to any other association of the same corporate group to which the Responsible Party pertains, and that operates with the same processes and internal policies, in the national territory and abroad, to be treated pursuing the same objectives described in this Privacy Notice. They may also transfer Personal Information to third parties that provide support to comply with the contracts or legal relations they may have with the Holder.


Your personal information may be transferred to, or stored and processed in, a different country from the one where it was submitted. If we choose to do this, we transfer the information in compliance with the information protection laws applicable to the country of destination. We take measures to protect personal information regardless of the country where it is stored or to which it is transferred. We have suitable procedures and control measures to bring this protection. We reserve the right to transfer your Personal Information in case our business and actives are partially or totally sold. In case this sale is carried out, we will do everything in our power to encourage the next owner to use all Personal Information in compliance with this Notice. If you do not wish your Personal Information being processed after the sale, you must contact the new owner.

Notwithstanding the provisions in Section 4 or any other section of this Privacy Notice, the Holder acknowledges and accepts that the Responsible Party requires no authorization of confirmation by the Holder to carry out national or international Personal Information transfers in the cases provided in Article 37 of the LFPDP or in any other exceptional case provided by this law or any other applicable regulations. 


5. PERSONAL INFORMATION SAFEKEEPING AND SECURITY. The Responsible Party and/or its Entrusted Parties will keep the Holder's Personal Information throughout the necessary time to process information, product and/or service requests, as well as to keep accounting, financial and audit records, in terms of the LFPDP and the market, tax and administrative regulations in force. The Holder's Personal Information collected by the Responsible Party and/or its Entrusted Parties, is protected by administrative, technical and physical safety measures against damage, loss, alteration, destruction, or unauthorized use, access or treatment, in compliance with the provisions of the LFPDP and all administrative regulation derived from it. Notwithstanding this, DIGIPATH TECHNOLOGIES S.A. DE C.V. does not guarantee that unauthorized third parties may not access the physical or logical systems of the Holder or the Responsible Party, or the electronic files and archives stored in its systems. Consequently, DIGIPATH TECHNOLOGIES S.A. DE C.V. shall not, in any case, be held responsible for damages that may derive from such unauthorized access.

6. DIGIPATH TECHNOLOGIES S.A. DE C.V. CONTACT FOR PERSONAL INFORMATION/ PRIVACY; ADDRESS.

For any communication regarding our Privacy Notice, please contact the following address, responsible areas and emails:

DIGIPATH TECHNOLOGIES S.A. DE C.V.


Ignacio Carrillo 1273, Jardines de Plaza del Sol,

Guadalajara, Jalisco, México.

+52 (33) 1655 0229

Customer Service:

Lic. Montserrat García Gómez Luna

montse@digipath.com.mx