Privacy Notice

1. PURPOSE AND LEGAL BASIS

The purpose of the privacy notice of ISATEL DIVISIÓN LABORATORIOS, S.C. (hereinafter “ISATEL Laboratorios”) is to establish the extent and conditions for handling Personal Data (hereinafter “Handling”) and inform Data Owners of said conditions so that they may take informed decisions and control and decide how their data are used.

ISATEL Laboratorios also uses the privacy notice to ensure the transparency of the handling of personal data so as to increase the trust of data owners.

This is in accordance with Article 16, paragraph two, of the Mexican Constitution that states “everyone shall be entitled to have their personal data protected, to have access thereto, and to be able to correct, cancel and oppose them, under the terms established by law that shall lay down the circumstances under which there may be exceptions to the principles that govern data handling, for example, for reasons of national security, laws of public order, safety and public health or to protect the rights of third parties”.

The regulatory law is the Federal Protection of Personal Data in the Possession of Individuals Act and its Regulations (hereinafter “the Act” and the “Regulations”, respectively). The Act defines personal data as follows: “any information concerning an identified or identifiable INDIVIDUAL”.

That is why ISATEL Laboratorios, as the data controller, makes its privacy notice available to you and to inform data owners of how their personal data will be handled, so that they may exercise their rights of informative self-determination, privacy and protection.

2. IDENTITY AND ADDRESS OF THE DATA CONTROLLER

For the purpose of the privacy notice, ISATEL DIVISIÓN LABORATORIOS, S.C. shall be referred to as the “Data Controller” with regard to the handling of Personal Data, who shall be responsible for gathering, disclosing, storing, using, accessing, handling, transferring and disposing of said data.

ISATEL Laboratorios is a corporation legally incorporated in accordance with the laws of Mexico and is the owner of the web site www.isalab.mx. ISATEL Laboratorios declares that it shall be individually responsible for the Personal Data that it gathers and states that its address for the purpose hereof is Avenida Tamaulipas, 1172 Local 3, Colonia Garcimarrero, Alcaldía Álvaro Obregón, C.P. 01510, Mexico City

The Data Controller hereby undertakes to protect and respect the privacy of the Owners of the Personal Data and to adhere to the principles of lawfulness, consent, information, quality, purpose, loyalty, trust, proportionality and responsibility.

3. PERSONAL DATA TO BE HANDLED

The Personal Data that the Data Controller may handle are classified as follows:

1. a) Non-sensitive Personal Data.

• Identification and contact data;
• Location data;
• Property, financial and tax data;
• Demographic data;
• Data on consumer preferences or any interest regarding services offered;
• Data produced by devices used to browse our web site, including data on the use and consumption of Internet services from your device, and your use of applications.
• Information that you provide us voluntarily to deal with complaints, claims and requests for services and information.

The Non-sensitive Data referred to above may be gathered by any electronic medium owned by the Data Controller, or directly and/or personally by any other medium to which Data Owners have access.

1. b) Sensitive Personal Data.

We wish to advise you that we will not handle sensitive personal data.

4. PURPOSE OF HANDLING PERSONAL DATA.

The Personal Data that the Data Controller gathers shall be used for the following purposes:

• Primary: data needed to create, maintain and comply with the legal relationship between the Data Controller and Data Owners, including:

• Checking the identity of Data Owners to be sure that the Personal Data contained and/or established in the identification documents of Data Owners agree with the data in the possession of the proper authorities.

• Retaining information that may be needed to answer the enquiries of the proper authorities.

• Doing whatever necessary to ensure that the Personal Data are up to date, in other words, that they are exact, complete, relevant and correct.

• Meeting the provisions of the Federal Money Laundering Prevention and Identification Act.

• Providing the services the Data Owners ask for and taking the action necessary to do so.

• Formalizing the contractual relationship between Data Owners and the Data Controller and meeting contractual obligations.

• Offering Data Owners products and services over the electronic media that the Data Controller makes available.

• Updating the database of customers, users and potential customers.

• Dealing with enquiries, complaints and claims and receiving comments and suggestions.

• Conducting quality and service surveys.

• Designing, developing, analyzing and publicizing and/or promoting new products and services.

• Ascertaining the opinion, satisfaction and experience of Data Owners regarding the services they have received.

• Taking any action necessary if Data Owners fail to meet any of their legal and/or contractual obligations regarding unlawful conduct or payments.

2. Secondary; not needed for the existence and maintenance of and compliance with the legal relationship between the Data Controller and Data Owners, including:

• Sending notices about offers, promotion marketing, advertising and commercial prospecting.

• Following through service requests.

• Sending invitations to events, conferences or workshops.

• Producing statistical information on the services that the Data Controller offers.

5. RESTRICTIONS TO THE USE OR DISCLOSURE OF PERSONAL DATA.

ISATEL Laboratorios has the administrative, security, physical and technical means and internal privacy policies and programs to prevent disclosure of protected Personal Data, in accordance with the privacy notice and applicable laws.

These means ensure that the Personal Data will be handled in accordance with strict protection controls and protocols.

The Personal Data are handled in strict confidence, so the rights thereof shall be obtained, transferred and exercised in accordance with the principles of correct and lawful use, adhering to the principles of lawfulness, consent, information, quality, purpose, loyalty, proportionality and responsibility on a permanent basis.

6. RIGHTS OF ACCESS, RECTIFICATION, CANCELATION OR OPPOSITION.

“ARCO” rights are the rights of Access, Rectification, Cancelation and Opposition that everyone has to protect their Personal Data. Data Owners are entitled to have access to their Personal Data that the Data Controller has in its possession and to know how they are being handled, to correct or alter them if they are inaccurate, or cancel them if they consider that are excessive or unnecessary for the purpose for which they were compiled, or oppose their data being handled for specific purposes.

To exercise any of their ARCO rights, Data Owners may send a request to the Personal Data Department, to laboratorios@isalab.mx or personally at Avenida Tamaulipas, 1172 Local 3, Colonia Garcimarrero, Alcaldía Álvaro Obregón, C.P. 01510, Mexico City.

The Data Controller shall send Data Owners a form and instructions on how to complete it, over the same medium. Data Owners must provide the following information:

1. Full name and address, e-mail address or any other contact details for receiving answers to their requests.
2. A scanned copy of an official document that proves their identity or, if the request is not submitted personally by Data Owners, a power of attorney or any document that grants legal representation of Data Owners.
3. The right to be exercised (Access, Rectification, Cancelation and Opposition).
4. A clear and accurate description of the Personal Data for which any of the aforementioned rights is to be exercised.
5. Any other details, information or document that may be used to locate Personal Data.
6. With regard to requests to rectify Personal Data, Data Owners must specify the changes to be made and provide any relevant supporting documents.

The Data Controller must reply to Data Owners by e-mail or at the address specified, within twenty working days as from when their request is received.

Data Owners shall be entitled at all times to oppose how their Personal Data are handled for any legitimate reason. If opposition is agreed, the Data Controller may not handle the Personal Data in question.

The right of Opposition may not be exercised when the Personal Data need to be handled to meet a legal obligation that Data Owners have with the Data Controller.

The Data Controller may deny access to the Personal Data, their rectification or cancellation or not allow opposition to their handling, under any of the following circumstances:

• When the person making the request is not the Data Owner or if his/her legal representative is not duly accredited.
• When the Personal Data are not on the database of the Data Controller.
• When the rights of a third party are harmed.
• When there is a legal restriction or when a ruling of a proper authority restricts access to the Personal Data or does not allow them to be rectified, cancelled or opposed.
• When the Personal Data have already been accessed, rectified, canceled or opposed and there have been no changes to the conditions of the Personal Data in the possession of the Data Controller.

The exercising of any ARCO right does not mean that other ARCO rights may not be exercised.

If the exercising of ARCO rights is refused, the Data Controller shall inform Data Owners or their legal representative of the reason, in the time established to do so and using the media referred to above.

If Data Owners feel that the decision of the Data Controller is to their detriment or consider that their Personal Data Protection rights have been harmed, they may make a claim, objection or complaint to the National Personal Data Protection, Transparency and Access to Information Institute (“INAI”).

7. TRANSFER OF PERSONAL DATA.

ISATEL Laboratorios may transfer data to third parties in and outside of Mexico (organizations, institutions and public or private entities), without the express or tacit consent of Data Owners, under the following circumstances:

1. When the transfer is established in a law or international treaty.
2. When the transfer is needed for prevention or medical diagnosis purposes, providing healthcare, medical treatment or health services.
3. When the transfer is made to the parent or any subsidiary or affiliate under the common control of the Data Handler, to any holding company or any corporation in the same group as that of the Data Handler and that operates according to the same processes and internal policies.
4. When the transfer is necessary to establish a legal or contractual association between the Data Controller and a third party on behalf of Data Owners.
5. When the transfer is legally required or necessary to safeguard the public interest or for the administration of justice.
6. When any federal, state and/or local authority or office asks for the Personal Data of Data Owners, when discharging its functions, as part of a legal process or in the event of a court order.
7. In accordance with Article 37 of the Act or under any of the exceptions established by applicable legislation, provided that the Personal Data are handled in accordance with the privacy notice.
8. When the transfer is needed to recognize, defend or protect a right in or out of court or in any process of public order.
9. If Data Owners fail to meet any of their legal and/or contractual obligations regarding payment or any situation that may be considered as fraud or any other similar unlawful conduct.
10. When the transfer is needed to maintain or comply with a legal relationship between the Data Controller and Data Owners.

The third parties and entities that receive the Personal Data shall be informed of the privacy notice and its content and shall have the same obligations and/or responsibilities as ISATEL Laboratorios does as Data Controller.

8. RETENTION AND SECURITY OF PERSONAL DATA

The Data Controller shall retain the Personal Data of Data Owners for the time necessary according to the purposes for which they are handled and as established by the Act, the Regulations and other applicable provisions, and protect them by using suitable security measures and protocols to prevent them from being damaged, lost, altered, destroyed or their unauthorized use, access or handling.

9. DISCLAIMER

ISATEL Laboratorios shall not under any circumstances be liable for how users and/or third parties use its web site or the content thereof.

The web site of the Data Controller makes links, directories and search tools available to users so that they may access the web pages/sites owned and/or managed by third parties. The Data Controller does not have a direct relationship with nor manages these sites, so it does not approve or appropriate the products, services, contents, information, data, files and any other type of material contained thereupon for itself.

ISATEL Laboratorios also declares that it is not responsible for the use of any data or information that Data Owners provide on any web site other than www.isalab.mx. The information or Personal Data that Data Owners enter on or transfer to third-party web sites are their sole responsibility and that of the owners of said sites.

10. USE OF COOKIES AND SIMILAR TECHNOLOGY

So as to offer users a better browsing experience, the Data Controller uses certain technologies to improve the efficiency of its web site, and cybernetic tools known as cookies. Cookies are small amounts of information sent by a web site and stored on the user’s browser, so that the web site may consult the prior activity of the browser, recognize it and remember things such as user preferences.

Various types of cookies, web beacons and tracking technologies of the Data Controller and third parties may be used on the web site and applications of the Data Handler so that the purpose established in the privacy notice may be met.

Users may configure their browser to be able to control the cookies they wish to accept or reject. If their browser is configured to reject cookies, sites with cookies enabled shall not recognize users when they visit the web site again and some site functionalities may be lost.

The Data Controller does not gather Personal Data automatically on its web site and data gathered from the use of cookies is only used for statistical purposes and the functionality of the web site. Cookies are not used to identify users personally.

11. CHANGES TO THE PRIVACY NOTICE

Any changes or updates to the privacy notice will be published on the web site of ISATEL Laboratorios at www.isalab.mx, where Data Owners may use and consult the latest version.

The Data Controller reserves the right to make the changes or updates it considers necessary, at any time, which shall come into effect as soon as they are published on the web site.

12. CONSENT FOR PERSONAL DATA TO BE HANDLED

The Data Owner expressly gives its clear and informed consent to the privacy notice and authorizes the Data Controller to handle its Personal Data as established herein, in the Act, the Regulations and other applicable laws.