Privacy Policy

Please read carefully our privacy policy

1. Identity and Address of the Data Controller

ROBERTO RAMIREZ, an individual engaged in business activities, with a commercial address at Centro de Convenciones Cintermex, Ave. Fundidora 501 L129-C, Col. Obrera, 64010 Monterrey, Nuevo León, is responsible for the processing of personal data collected for the provision of services related to the ERPXTENDER system (hereinafter, the "Controller").

2. Collected Personal Data:

The Provider may collect certain personal data from the User, such as:

  • Name.
  • Email Address.
  • Phone Number.
  • User Photo or Avatar.
  • Connection Information: Access accounts or private keys for ERP access.
  • Company Information: User Profiles, Branches, Warehouses, Price Lists, Currencies, Serial Numbers, Series, Banks.
  • Sales Information: Categories, Products, Services, Formulas, Prospects, Clients, Quotes, Orders, Invoices.
  • Warehouse Information: Inventory, Merchandise Transfers, Merchandise Receptions.
  • Accounting Information: Account Groups, Account Catalogs, and Accounting Policies.
  • Treasury Information: Bank Account Balances.
  • Purchasing Information: Suppliers, Expenses, and Purchase Orders.
  • Tracking Information: Activities and Comments.

Any other data necessary for the operation and administration of the ERPXTENDER system. This data will be treated confidentially and in accordance with data protection laws.

3. Purposes of Data Processing

The personal data collected will be used for the following purposes:

  • Provide and manage the ERPXTENDER system services.
  • Invoice and collect payments for services provided.
  • Notify Users of changes to services or the contract.
  • Fulfill legal and tax obligations.
  • Evaluate service quality and conduct satisfaction surveys.
  • Send information about products and services of potential interest to the User, with their authorization.

4. Legal Basis for Data Processing

The processing of personal data is based on the following legal provisions:

  • Federal Law on Protection of Personal Data Held by Private Parties.
  • Regulation of the Federal Law on Protection of Personal Data Held by Private Parties.
  • Civil Code of the State of Nuevo León, particularly regarding the validity of contractual relationships.

5. Duration of Personal Data Processing

Data Processing Duration

The personal data collected by the Controller will be processed and retained for the time necessary to fulfill the purposes stated in this Privacy Notice and to comply with the legal and contractual obligations arising from the relationship between the User and the Controller.

Data Retention

User personal data will be retained as long as the contractual relationship remains in force and for an additional period of 30 calendar days after the end of that relationship, for legal compliance purposes and potential claims defense.

Data Deletion

Once the retention period has elapsed, the Controller will delete the personal data, ensuring its secure destruction in accordance with applicable data protection regulations.

Right to Deletion

The User has the right to request the deletion of their personal data at any time, following the procedures established in this Privacy Notice, which will entail the removal of such data from the Controller's systems, except for data required to be retained by law.

6. Data Transfer

The Controller may transfer personal data to third parties in the following cases:

  • When necessary for contract execution, provided appropriate security measures are in place.
  • When there is a legal requirement from competent authorities.
  • When the User has consented to such transfer.

7. User Rights

The User has the right to exercise their rights of Access, Rectification, Cancellation, and Opposition (hereinafter, "ARCO Rights") regarding their personal data, in accordance with the Federal Law on Protection of Personal Data Held by Private Parties.

1. Right of Access

The User has the right to know what personal data is held about them, as well as the conditions of its processing.

2. Right of Rectification

The User may request correction of their personal data if it is inaccurate or incomplete.

3. Right of Cancellation

The User has the right to request the deletion of their personal data if they believe it is unjustified or if a right has been violated.

4. Right of Opposition

The User may oppose the processing of their personal data for specific purposes, except where the law provides otherwise.

Procedure to Exercise ARCO Rights

To exercise ARCO Rights, the User must submit a written request to the Controller, including:

  • Full name of the applicant.
  • Clear description of the personal data in question.
  • Documentation proving the applicant’s identity.
  • Any other information the Controller may require to respond to the request.

Response Time

The Controller commits to responding to the request within 20 business days from its receipt. The response will be provided through the same means by which the request was submitted.

Limitations

ARCO Rights may be limited by legal provisions and contractual obligations between the User and the Controller.

8. Security Measures

The Controller has implemented the necessary administrative, technical, and physical security measures to protect the User’s personal data against unauthorized access, misuse, disclosure, alteration, and destruction.

Information Security

Security measures include, but are not limited to:

  • Use of encryption protocols for the transmission of sensitive data.
  • Access control to systems storing personal data, allowing access only to authorized personnel.
  • Ongoing data protection and information security training for personnel.
  • Regular audits to assess the effectiveness of implemented security measures.
  • Implementation of information security policies to regulate the handling of personal data.

Commitment to Protection

The Controller is committed to maintaining and updating security measures in accordance with applicable data protection regulations and industry best practices to safeguard information integrity and confidentiality.

Incident Notification

In the event of a security breach affecting User personal data, the Controller commits to notifying the User promptly and taking corrective actions to mitigate any damage.

9. Consent Revocation

The User has the right to revoke consent for the processing of their personal data at any time, as outlined in the Federal Law on Protection of Personal Data Held by Private Parties.

Revocation Procedure

To exercise this right, the User must submit a written revocation request to the Controller, clearly indicating the desire to revoke consent. This request must be sent to the email address privacy@erpxtender.com or the Controller’s physical address mentioned in this Privacy Notice.

Effects of Revocation

Revoking consent may limit the use of ERPXTENDER system services, as some services require the processing of certain personal data. The Controller will inform the User of the revocation’s consequences and the possible inability to continue providing certain services.

Legal Limitations

The User acknowledges that revoking consent will not affect the legality of prior data processing or prevent the necessary processing of personal data to fulfill legal obligations.

10. Privacy Notice Modifications

The Controller reserves the right to modify this Privacy Notice at any time. Any modifications will be duly communicated to Users via electronic, physical means, or through publication on the ERPXTENDER service website https://www.erpxtender.com.

Change Notification

Modifications to the Privacy Notice will take effect from the publication date unless otherwise stated. Users are encouraged to review this Privacy Notice periodically to stay informed of any changes. Continued use of ERPXTENDER services after Privacy Notice changes are published constitutes acceptance of such changes.

Responsibility to Review Privacy Notice

The User is responsible for staying informed about the Privacy Notice content. If the User disagrees with the modifications, they should discontinue using ERP system services and exercise their right to cancel personal data according to this Notice.

11. Acceptance

By providing their personal data and using ERPXTENDER system services offered by "THE PROVIDER," the User declares they have read and understood this Privacy Notice and expressly accept the processing of their personal data under its terms and conditions.

Express Consent

The User gives express consent for the processing of their personal data for the purposes indicated in this Privacy Notice. This consent is considered given when the User voluntarily and knowingly provides personal data via forms, emails, digital platforms, or other means.

Continued Service Use

Continued use of ERPXTENDER services after Privacy Notice changes notification constitutes acceptance of these changes by the User.

12. Contact for Questions and Comments

For any questions, comments, or complaints related to personal data processing, the User may contact "THE PROVIDER's" privacy department at the email address: privacy@erpxtender.com.

Last Updated: November 1, 2024