Last Updated on April 24, 2024
Definitions
For the purposes of this Privacy Notice, the following terms will have the meaning indicated below:
Authorization or Consent: Expression of will, prior, explicit, and informed, of the Data Subject to carry out the Processing of their Personal Data.
Privacy Notice: This document addressed to the Data Subjects of the Personal Data processed by SEMTIKS.
Database: Ordered set of Personal Data related to an identified or identifiable person.
Personal Data: Any information related to an identified or identifiable natural person.
Sensitive Personal Data: Information that affects the most intimate sphere of the Data Subject, whose improper use may generate discrimination or serious risks. Example: ethnic or racial origin, health status, genetic information, religious beliefs, political opinions, or sexual preferences.
ARCO Rights: The rights of Access, Rectification, Cancellation, and Opposition to the processing of Personal Data.
Processor: Natural or legal person who, on behalf of SEMTIKS, carries out the Processing of Personal Data.
Publicly accessible source: Databases whose consultation can be performed by any person, such as public directories, social networks, or websites open to the general public.
Platform: Websites managed by SEMTIKS, such as https://www.semantiks.com/ and https://www.semantiks.ai/.
Referral: Communication of Personal Data between SEMTIKS and its Processors, under common control, inside or outside the Mexican territory.
Data Subject: Natural person to whom the Personal Data belongs.
Transfer: Communication of Personal Data to third parties other than SEMTIKS or its Processors.
Processing: Obtaining, use, dissemination, storage, or any action related to Personal Data, such as access, handling, or Transfer.
Identity and address of the Responsible party
SEMTIKS, S. de R.L. de C.V. (hereinafter "SEMTIKS"), with address at Puebla number 403, interior 204, C.P. 06700, Colonia Roma Norte, Alcaldía Cuauhtémoc, Mexico City, is responsible for the processing of your Personal Data, the use given to it, and its protection.
Personal Data that will be subject to Processing
This Privacy Notice is the document that regulates the handling of all Databases and/or files of SEMTIKS, which contain Personal Data of clients and, in general, third parties with whom it has or has had any type of relationship, regardless of its nature (civil, commercial, and/or labor), that are subject to Processing by SEMTIKS, in the events in which it is considered as "Responsible" and/or "Manager" of the Processing of such Personal Data, in accordance with the provisions of the Federal Law on Protection of Personal Data Held by Private Parties (hereinafter the "Law"), its Regulations, and the Privacy Notice Guidelines, which aim at protecting the privacy of individuals' data.
For the purposes established in this Privacy Notice, the Owner grants his/her Consent for the Personal Data referred to below to be processed by SEMTIKS:
Identification Data: Information that allows identifying the Owner. This data includes his/her first name and last name, official identification documents, date and place of birth, nationality, sex, occupation, Federal Taxpayer Register (RFC), Unique Population Registration Code (CURP), location, handwritten and/or electronic signature.
Contact Data: Information that allows establishing communication with the Owner. This data includes his/her email address, personal phone number, contact phone number, personal address, and tax address.
Banking and Financial Data: Information related to the banking and financial operations of the Owner. This data includes account numbers, interbank CLABE, credit or debit card information, payment history, transaction information, income, expenses, and other data related to financial operations.
Sensitive Personal Data: Information that may reveal intimate aspects of the Owner, such as ethnic or racial origin, moral or emotional characteristics, ideology and political opinions, religious or philosophical beliefs, union affiliation, health status, disability, and sexual orientation.
Electronic Records: Information generated by the interaction of the Owner with the Platform. It includes data from the transactions made, information about the state between the Platform and the browser (such as session identification methods, authentication, and preferences), data stored in the browser, source IP address, browser type, operating system, date and time of access, and, in the case of emails, the association of this data with the recipient.
Employment Data: Information about the relationship of the Owner with the organization or business. It includes his/her role, work team, department, assigned projects, and professional trajectory within the organization.
Data on Administrative Procedures: Information linked to administrative, judicial, or jurisdictional procedures in which the Owner is involved. This includes procedures related to labor, civil, criminal, tax, administrative or other branches of law.
Financial and/or Credit Data: Information used to assess the financial and credit situation of the Owner. It includes credit history, risk ratings, movable and immovable property, personal or third-party references, income and expenses, insurance, bonds, bank accounts, and contracted services.
Biometric Data: Information related to the physical and behavioral characteristics of the Owner for identification purposes. It includes fingerprints, DNA, hand geometry, iris and retina characteristics, as well as images, photographs, and videos of the Owner.
SEMTIKS obtains Personal Data directly provided through various means such as interaction with the Platform or through interaction with the user via digital communication applications. SEMTIKS may also obtain information indirectly in cases where it is obtained through a public access Source or provided through a Transfer of Personal Data carried out by third parties contracted by SEMTIKS for the support of specific processes carried out on the Platform.
It is understood that the Authorization granted by the Owners is an express and informed authorization granted by them in favor of SEMTIKS to process their Personal Data. Likewise, it implies the understanding and full acceptance of all the content of this Privacy Notice.
Use of Personal Data
The Processing of Personal Data will be carried out at all times in accordance with the provisions of this Privacy Notice. If the Holder does not agree with the terms and conditions described herein, they must refrain from contracting, using, and interacting with the services of SEMTIKS, as well as from providing any information that may be registered in the Databases of SEMTIKS.
In accordance with this Privacy Notice, by providing their Personal Data for incorporation into the Databases of SEMTIKS, the Holder expresses their express consent for the Processing of such Personal Data based on the following purposes:
Primary Purposes
These purposes are necessary for the existence, maintenance, and fulfillment of the legal relationship between SEMTIKS and the Holder:
Creation and administration of the account on the platform:
Register the Holder as a user of the SEMTIKS Platform, manage additional users linked to a main account, and authenticate the identity of the Holder and other users to allow secure access to the contracted services.Technical support and customer service:
Provide technical assistance, resolve inquiries, complaints, or clarifications, and manage problems related to the contracted services through the Platform.Monitoring and management of the contracted services
Monitor the status and progress of the contracted services, send relevant notifications, coordinate the delivery of acquired products or services, and ensure compliance with what was agreed upon.Payment processing and validation
Manage and validate payment transactions made by the Holder, including reconciliations, receipts, and confirmations of payments related to the contracted services.Communication with the Holder
Contact the Holder by email or other means to:Provide information about the status of the contracted services and relevant updates from the Platform.
Inform about new functionalities, features or improvements to the offered solutions.
Communicate events organized by SEMTIKS, industry news or related topics of interest.
Collection of feedback and satisfaction evaluation
Obtain net promoter scores (NPS), satisfaction surveys, and other feedback provided by the Holder, in order to identify areas for improvement in the products and services offered.Account management and associated processes
Include processes such as deactivation or closure of the Holder's account when requested, ensuring compliance with the applicable terms of use.Prevention of illegal activities
Implement measures aimed at preventing and detecting illegal activities, such as money laundering, terrorist financing, or other unlawful conducts.
Secondary Purposes
The Processing of Personal Data for the following purposes is optional and does not condition access to or use of SEMTIKS services:
Marketing, advertising, or commercial prospecting activities carried out by SEMTIKS.
If the Holder wishes to limit the use or disclosure of their Personal Data, or prefers to stop receiving promotional messages, they may send a request to SEMTIKS via the email address hola@semantiks.ai, indicating the specific purposes for which they request such limitation.
Confidentiality and Security of Personal Data
SEMTIKS is committed to ensuring the protection of the Personal Data provided by the Holder. In this regard, it undertakes to use such data solely for the purposes established in this Privacy Notice and to implement administrative, technical, and physical security measures to prevent damage, loss, alteration, destruction, unauthorized use, access, or disclosure, in strict adherence to the provisions of applicable legislation.
SEMTIKS as Data Processor
SEMTIKS provides its business chat services ("Services") under agreements made with organizations that hire these services (hereinafter referred to as the "SEMTIKS Clients"). To fulfill its contractual obligations, SEMTIKS processes personal data necessary to provide the contracted Services, acting under the instructions of the SEMTIKS Clients and in compliance with the terms set by them.
The processing of personal data carried out by SEMTIKS is based on the legal basis defined by the SEMTIKS Clients. This personal data, referred to as "Service Data," is provided to SEMTIKS by the SEMTIKS Clients and, in some cases, directly by Users, to enable the provision of the contracted Services. SEMTIKS acts as a Data Processor on behalf of the SEMTIKS Client, in accordance with the agreement governing that relationship.
Responsibilities and Scope of Processing
Role of the SEMTIKS Client:
The SEMTIKS Client is primarily responsible for the interaction with the data subjects (individuals). SEMTIKS limits its role to assisting the SEMTIKS Client, processing the Service Data only under the received instructions and in strict accordance with the applicable contractual and legal provisions.Confidentiality and Security:
SEMTIKS has the obligation to respect the security and confidentiality of the Service Data. This includes implementing technical, administrative, and physical security measures that comply with applicable legal provisions and the agreements made with the SEMTIKS Client.Management of Data Subject Requests:
If a data subject (User) has questions or requests related to the access, correction, modification, or deletion of their data, these must be directed to the Privacy Office of the SEMTIKS Client, which is responsible for managing such requests. SEMTIKS will promptly notify the SEMTIKS Client if it receives a direct request from a data subject and will act solely under the instructions of the Client. SEMTIKS is not authorized to respond directly to these requests.Security Incident Notifications:
In the event of unauthorized access or improper disclosure of the Service Data, SEMTIKS will promptly notify the affected SEMTIKS Client, to the extent permitted by applicable law. SEMTIKS will reasonably cooperate with the Client to mitigate the effects of the incident and fulfill any corresponding legal obligations.Transparency:
SEMTIKS is committed to being transparent about its activities related to the processing of personal data and will provide, at the request of the SEMTIKS Client, information about the practices and measures implemented to protect such data.
Transfer and Referral of Personal Data
SEMTIKS may send or transfer Personal Data to third parties in accordance with the purposes established in this Privacy Notice, provided that such transfer or remittance is necessary for the proper provision of the contracted services. Transfers and remittances of personal data will be made under the following assumptions:
To parent companies, subsidiaries, or affiliates under the common control of SEMTIKS, or to its parent company, or any other company in the same corporate group operating under the same processes and internal policies.
To companies that provide services to SEMTIKS for the purpose of ensuring the proper provision of services to the Holder. This includes, but is not limited to, fraud prevention services, payment processing or gateways, and hosting services for the Platform.
To software as a service (SaaS) providers and other companies that assist in the processing, structuring, or analysis of information, as well as those that provide engines for data extraction, refinement, or enrichment, to the extent necessary to fulfill the purposes related to the contracted services.
In the cases provided for in Article 37 of the Federal Law on the Protection of Personal Data Held by Private Parties and Article 53 of its Regulations, or any other applicable provision.
In all transfers or remittances made, Personal Data will be used only to the extent necessary to achieve the purposes related to the provision of the contracted services. Third parties in charge of the processing of Personal Data must maintain the confidentiality of the information received and comply with the provisions established in the Law and other applicable regulations.
If the Holder does not agree with the mentioned transfers or remittances, they must refrain from using the Platform. If they have already provided their Personal Data, they may request its deletion by sending an email to hola@semantiks.ai.
Mechanisms and Procedures to exercise your "ARCO" Rights or, if applicable, revoke your Consent.
The Data Subject has the right to exercise the so-called ARCO Rights, which consist of Access, Rectification, Cancellation, and Opposition to the processing of their Personal Data, as well as the right to revoke Consent given, as long as the applicable legislation allows it.
To exercise these rights or request the revocation of their consent, the Data Subject must send a request via the email hola@semantiks.ai, which has been designated for handling requests related to the protection of Personal Data.
Request Requirements
The request must contain the following information:
Data of the Data Subject: Full name of the Data Subject and an email address to receive the response.
Identity documents: Copy of an official document that verifies the identity of the Data Subject or, if applicable, the documents that certify the legal representation of the requester.
Clear description of the request: An accurate description of the Personal Data for which a specific right (access, rectification, cancellation, opposition) is to be exercised or of the consent that is sought to be revoked.
Additional information: Any element or document that facilitates the location of the Personal Data.
In case of rectification: Specify the modifications that are desired, as well as provide the documentation that supports the request for correction.
Example of Consent Revocation Request
Subject: Revocation of Consent
Message:
"Through this medium I request the revocation of my consent for the processing of my Personal Data for secondary marketing purposes."
Response Deadlines
SEMTIKS will respond to the request of the Data Subject within a maximum period of 20 business days counted from the receipt of the same. If the request is granted, the measure will be effective within no more than 15 business days following the communication of the response.
Compliance with Requests
The obligation to provide access to the information shall be deemed fulfilled when SEMTIKS makes the Personal Data available to the Data Subject by sending the corresponding documents to the provided email address.
Responses to all requests will be sent exclusively to the email address indicated by the Data Subject in the request.
Cookies and Web beacons
SEMTIKS uses cookies, web beacons, and similar technologies to automatically collect Personal Data when the Holder interacts with the Platform or related websites. These technologies are intended to personalize and enhance the Holder's experience.
Definition of Cookies and Web Beacons
Cookies:
Cookies are small data files that are stored on the hard drive of the Holder's computer or electronic device when browsing the Platform or a specific website. They allow for the exchange of state information between the Holder's browser and the Platform, which may include session identifiers, user authentication, preferences, and any other data stored in the browser.Web Beacons:
Web beacons are visible or hidden images embedded in a website, the Platform, or emails. These tools allow monitoring of the Holder's behavior across these mediums. Through web beacons, information such as the originating IP address, type of browser used, operating system, date and time of page access, and in the case of emails, data linking interactions with the recipient can be collected.
Options to Disable Cookies
The Holder has the right to partially or fully disable the use of cookies at any time. To do this, they can access the settings menu or options of the browser they are using and deactivate the corresponding option. However, it is important to note that disabling cookies may result in some sections of the Platform being unavailable, which could limit the functionality and experience of the Holder when using the services.
Safety Measures
SEMTIKS implements technical, administrative, and physical security measures to protect your personal data against damage, loss, alteration, destruction, as well as unauthorized access, use, or processing. These measures include, among others:
Encryption of sensitive data: We ensure that the information transmitted and stored is protected using advanced encryption technologies.
Access control via credentials: Only authorized personnel, with the necessary credentials, can access personal data.
Cloud storage under world-class security standards: Personal data is hosted on certified cloud platforms that comply with the highest security standards and international regulations such as ISO/IEC 27001 and SOC 2.
Regular security assessments: We conduct audits and risk analyses regularly to identify and mitigate potential vulnerabilities.
Ongoing training for staff: Our team receives continuous training on the secure and confidential handling of personal data.
Changes to the Privacy Notice
SEMTIKS reserves the right to modify this Privacy Notice at any time. Any changes will be published on the Platform, indicating at the bottom of the Privacy Notice the date of the last update.
In the following specific cases, and when it is necessary to obtain the Consent of the Holder, SEMTIKS will provide the Holder with a new Privacy Notice:
Change in the identity of SEMTIKS:
When SEMTIKS modifies its identity or business name.Collection of new personal data:
When it is necessary to collect sensitive, property, or financial Personal Data in addition to those originally reported, and these have not been obtained personally or directly from the Holder.Modification of the purposes of data processing:
When new purposes are incorporated or those that originated or are necessary for the legal relationship between SEMTIKS and the Holder are modified, and said purposes require the Consent of the Holder.Changes in the conditions of data transfer:
When modifications are made to the conditions of Transfer of Personal Data, or an unforeseen Transfer is contemplated that requires the Consent of the Holder.
In all these cases, the new Privacy Notice will be communicated through the corresponding means, ensuring that the Holder has timely access to the information and can express their Consent when required, in accordance with applicable legislation.
