NOTICE OF PRIVACY

Your safety is very important to ACT MASTER S.A. DE CV also known by its trade name MASTER RESEARCH, so in adherence to the Federal Law on Protection of Personal Data Held by Private Parties, we want to make sure that you know how we safeguard and protect with the highest security standards the privacy and protection of your personal data. MASTER RESEARCH is a company that conducts market research, so it is necessary to collect certain personal data to carry out its activities. Due to this, it has the legal and social obligation to comply with sufficient security measures to protect the personal data that it has collected for the purposes that will be described in this privacy policy.

1. Data of the person in charge ACT MASTER S.A. DE C.V also known by its commercial name MASTER RESEARCH is a company incorporated in accordance with the laws of the United Mexican States with domicile in, CDMX, Mexico.

2. Personal data. The law defines personal data as “any information concerning an identified or identifiable natural person”. Our company will collect the necessary personal data from you. Said personal data may include the following: a) Identification data: full name, address, home phone, cell phone, marital status, signature, place and date of birth, age, economic dependents, etc. b) Labor data: occupation, position, area or department, address, telephone and mail, extracurricular activities. c) Asset data: movable and immovable property, income and expenses, contracted services, etc.

3. Purpose of data processing. The personal data that you provide us will invariably be used in aggregate form and for purely statistical purposes and for the exclusive use of our company, never for disclosure or marketing purposes, so once obtained it is dissociated with respect to specific topics of interest to our clients.

4. Data transfer. MASTER RESEARCH does not require or transfer your personal data to any company since the company has no relationship with companies that require personal data, in addition to committing to ensure that all legal protection principles, established by law, are met. Likewise, it expresses its commitment so that this privacy policy is respected at all times, by employees, suppliers, clients and other public or private entities.

5. Means to exercise ARCO rights. It is important to inform all customers and users that they have the right to Access, Rectification and Cancellation of their personal data, as well as to Oppose their treatment or to revoke the consent that has been granted to us for this purpose. For this, it is necessary that you send the request in the terms established by the Law in its Art. 29 to the Department of Protection of Personal Data, responsible for the Protection of your Personal Data, located in CDMX.

Important: Any modification to this privacy notice may be consulted on this site: www.masterresearch.mx or by email: privacy@masterresearch.mx.

Date of last update: 01/12/2015 | Personal data protection. Additionally, we also transmit to you the processing of personal data in the so-called cloud computing.

Article 52. For the processing of personal data in services, applications and infrastructure in the so-called cloud computing, in which the person in charge adheres to them through general contracting conditions or clauses, you may only use those services in which the business:

I. Comply, at least, with the following:

a) Have and apply personal data protection policies related to the principles and applicable duties established by the Law and these Regulations;

b) Make transparent subcontracting involving the information on which the service is provided;

c) Refrain from including conditions in the provision of the service that authorize or allow them to assume ownership or ownership of the information on which they provide the service, and

d) Keep confidentiality regarding the personal data on which the service is provided, and II. Have mechanisms, at least, to:

a) Publicize changes in their privacy policies or conditions of the service they provide;

b) Allow the controller to limit the type of processing of the personal data on which the service is provided;

c) Establish and maintain adequate security measures for the protection of personal data on which the service is provided;

d)Guarantee the deletion of personal data once the service provided to the person in charge has concluded, and that the latter has been able to recover them, and

e)Prevent access to personal data to people who do not have access privileges, or, if it is at the well-founded and motivated request of the competent authority, inform the person in charge of that fact.

In any case, the person in charge may not adhere to services that do not guarantee due protection of personal data.

For the purposes of this Regulation, computing in the cloud will be understood as the model of external provision of computing services on demand, which implies the supply of infrastructure, platform or software, which are distributed in a flexible way, through visualization procedures, in shared resources. dynamically. Regulatory agencies, within the scope of their powers, in collaboration with the Institute, will issue criteria for the proper processing of personal data in the so-called cloud computing. Referrals of personal data

Sincerely

Edmundo Ramírez Torres
Director General Master Research