Logo APyRE

PRIVACY NOTICE

I. Identity and Address.

APyRE Apoyo y Rehabilitación, A.C. (the "Data Controller"), pursuant to the Federal Law on the Protection of Personal Data Held by Private Individuals (Ley Federal de Protección de Datos Personales en Posesión de los Particulares), its Regulations and the Privacy Notice Guidelines (the "Law") hereby communicates the following Privacy Notice (the "Notice"), in order to set forth the terms and conditions of the data processing of personal data and delicate personal data to be gathered from the data subject from time to time.
For the purposes of this Notice, the Data Controller provides the following address: Av. Arteaga y Salazar No. 794, Col. El Contadero, Zip Code 05500, Delegación Cuajimalpa, Mexico, Mexico City.

II. Personal Data, Delicate Personal Data and Financial Data Subject to Data Processing and/or its Purpose.

All of the patient's personal data, as well as of the individuals over which it exercises parental rights, legal guard and/or representation (if applicable) you provide to the Data Controller will be used for the following purposes:

a) Patients: To provide the requested support, therapeutic-scholar, comprehensive recovery services or any other similar or supplementary service thereof, and to make any notice in connection with the provision of services and to comply with the purpose of the relationship pursuant to which the data processing of Personal Data and Delicate Personal Data is required.

b) Family members or legal guardians of the Patient: To provide the requested support, therapeutic-scholar, comprehensive recovery services or any other similar or supplementary service thereof, to the disabled patient, as well as to make any notice in connection with the requested service.

c) Services Providers and/or Suppliers and/or Employees: (i) Payment of the compensation derived from the provision of the services; (ii) To allow the Data Controller to comply with its obligations and request the services provider and/or supplier to comply with its obligations in accordance with the provision of services, as well as to comply with the purpose of the legal link pursuant to which the data processing of Personal Data and Delicate Personal Data is required.

d) Volunteers and/or Donors and/or Contributors and/or individuals that provide social services: (i) to identify, locate and/or contact him/she, (ii) to issue the corresponding tax invoices, if applicable, (iii) to follow up and allocate its contributions, and (iv) to fill out any submission or file necessary for the purpose of the legal link pursuant to which the data processing of Personal Data and Delicate Personal Data is required.

For the aforementioned purposes, we kindly ask the following Personal Data, Delicate Personal Data and/or Financial Data:

a) Patients: full name, address, country of residence, gender, date and place of birth, email address, phone number, cellphone number, Federal Taxpayers' Registry number (RFC in Spanish), Unique Population Registry Key (CURP in Spanish), Proof of Residence, medical data and/or medical history and information of its doctor, medical insurance and, If applicable, the information reflected in the document enclosed to this Notice.

b) Family Members or Legal Guardians of the Patient: full name, address, country of residence, gender, date and place of birth, email address, phone number, cellphone number, banking and financial information, bank account numbers, credit and/or debit card numbers, bank account and/or financial statements, Federal Taxpayers' Registry number (RFC in Spanish), Unique Population Registry Key (CURP in Spanish), invoicing information, medical data and/or medical history, acknowledgment of revenues (if applicable), and, if applicable, the information reflected in the document enclosed to this Notice.

c) Services Providers and/or Suppliers and/or Employees: full name, corporate name, address, country of residence, gender, date and place of birth (if applicable), e-mail address, phone number, cellphone number, banking and financial information, bank account numbers, credit/debit card numbers, bank account and/or financial statements, Federal Taxpayers' Registry number (RFC in Spanish), Unique Population Registry Key (CURP in Spanish), official ID, birth certificate, acknowledgment of address, Social Security number of the Mexican Institute of Social Security (IMSS in Spanish) (if applicable), invoicing and collection data.

d) Volunteers and/or Donors and/or Contributors: full name, corporate name, addresses, country of residence, email address, financial and banking data, banking account numbers, credit and/or debit card numbers, bank account and/or financial statements, Federal Taxpayers' Registry number (RFC in Spanish), Unique Population Registry Key (CURP in Spanish), invoicing information, official ID, acknowledgment of address.

III. Consent.

The data subject hereby consents the data processing of its Personal Data, Delicate Personal Data and/or Financial Data by the Data Controller by the terms hereby reflected, unless an express objection request pursuant to the procedure set forth in this Notice.

I hereby authorize that my Personal Data, Delicate Personal Data are processed and, if applicable, transferred under the terms and conditions of this Notice.

IV. Means to gather Personal Data and Delicate Personal Data.

The aforementioned Personal Data and Delicate Personal Data will allow the Data Controller comply with administrative, tax, civil and/or commercial obligations. Personal Data and Delicate Personal Data will be gathered through: email, telephone communications with personnel authorized by the Data Controller, voluntary provision of information and personal data through interviews with personnel authorized by the Data Controller, correspondence, voluntary provision of information and personal data through dialogue boxes of the website www.apyre.org.mx, and the provision of data through official IDs when entering to the premises of the Data Controller.

V. Transfers and Purposes.

Derived from the nature of the data processing of Personal Data, Delicate Personal Data and/or Financial Data to be performed by the Data Controller, such data will not be transferred to third parties, notwithstanding the foregoing, such data may be transferred to third parties in the following cases: (i) Employees' Personal Data in connection with benefits derived from the services provided; (ii) Personal Data and/or Delicate Personal Data from Patients, Family Members or Legal Guardians of the Patient, in the event the Patient has been granted with a scholarship by national or foreign institutions, as well as providers, in order to obtain the corresponding scholarship/discount; (iii) Personal Data and/or Delicate Personal Data of Patients, Family Members or Legal Guardians of Patients to their suppliers and advisors to perform the corresponding therapeutic diagnostic and/or pedagogical evaluation; (iv) Personal Data and/or Delicate Personal Data from Patients, Family Members or Legal Guardians of Patients to schools, doctors and/or medical institutions in order to complete the Patients' treatment and/or diagnostic. In pursuant to section II of article 37 of the Law.

In the aforementioned cases, the Data Controller may transfer Personal Data and/or Delicate Personal Data to third parties, whom will be notified with this document when undertaking the transfer.

In addition, the Data Controller hereby informs that, in the event of an emergency, it will provide certain Personal Data and/or Delicate Personal Data of Patients, Family members and/or Legal guardians to medical and health institutions such as insurance companies, ambulances and hospitals, pursuant to section II of article 37 of the Law.

In the event to be necessary to obtain the express consent to transfer certain data, the Data Controller will notify the nature and purpose of such transfer and the third party to whom the Personal Data and/or Delicate Personal Data will be transferred.

VI. Means and Procedures to exercise access, correction, cancellation and objection rights.

Should you have any question or concern on how the Data Controller processes the Personal Data or if you wish to access, correct, eliminate, copy, limit the use, cancel the use or delete your Personal Data and/or Delicate Personal Data or wish to request us to stop using such data under the Law, please contact our personal data protection manager (the "Manager") through the email address info@apyre.org.mx or by calling the following phone number: 5812-6269, indicating your name, address and purpose of your request. Once the Manager receives such request, it will perform an assessment pursuant to Law, its Regulations and internal privacy policies. The Manager will issue a response to your request in a term that may not exceed 10 (ten) business days following the day in which your request is received; such response may be affirmative or negative, and properly supported.

Please note, however, certain Personal Data may be exempt from such access, correction, removal, copy or deletion, pursuant to the data protection laws and other laws and regulations.

VII. Revoking of Consent for Transfer.

In the event you wish to revoke your consent for Personal Data and/or Delicate Personal Data to be transferred, you must undertake the procedure reflected in section VI "Means and Procedures to exercise access, correction, cancellation and objection rights", above.

VIII. Personal Data Division.

The Data Controller will take the adequate measures to protect Personal Data, Sensitive Personal Data and/or Financial Data in accordance with the laws and regulations applicable to data security and privacy, including administrative, technical and physical measures.

For any inquiry in connection with the protection of your Personal Data, Sensitive Personal Data and/or Financial Data, please contact the Manager in the following address: Av. Arteaga y Salazar No. 794, Col. El Contadero, Zip Code 05500, Delegación Cuajimalpa, Mexico, Mexico City; to the email address info@apyre.org.mx; or to the phone number 5812-6269.

All communications with such individual must be backed up with the corresponding acknowledgment of receipt of such communications through the email provided as part of your information; otherwise, such communication will have no effect

IX. Procedures and means to amend the privacy notice.

The Data Controller may amend this Notice in order to improve such Notice, include new provisions of the Law, its Regulations and other legal provisions. Any amendment to this Notice will be notified through our website www.apyre.org.mx, enclosing the updated privacy notice, in a term that may not exceed 5 (five) business days following the adoption of the new privacy notice.