Identity and Address of Responsible Entity
Information and Consent
Purpose of Data Collected.
Personal or sensitive data collected by Xanor, can be used for the normal operations of the Association, including forwarding it to other institutions, qualifying agencies and appropriate authorities in order to comply with the association´s purposes; being those administrative, marketing, purchasing or statistical, including, but not limited to, the following examples:
To manage and file the information of customers, providers and workers in a data base that is up to date.
To nourish the relationship with our clients, by providing relevant information about or products, services, exchanges and other activities contracted or in the process of being contracted.
For management of marketing services and other services to clients and providers.
For trading management of goods and services based on purchase orders, requests, contracts, calls for tenders, invitations to bid, etc.
For the production and management of trade documents for clients and suppliers, in printed or electronic formats.
To manage incentives for customers, suppliers and workers.
For sending promotional, marketing and telemarketing materials, including but not limited to: offers, notices and/or other promotional messages, which may include information from the association´s providers or third parties, and that will be sent unless you specifically request to the appropriate department that you do not wish to receive such notifications.
For internal statistics and indicators such as data analytics to determine which products are liked more or requested more by the customers.
To manage entrance and exit of all clients, personnel, providers, staff, workers and visitors in general into the association´s facilities for safety and control purposes, and also, in case of emergency, for evacuation and emergency plans.
To manage the process and reply to: complaints, claims, unconformities and/or warranties of products and services to clients, through the appropriate channels and mediums in order to present them.
To ensure satisfaction of clients, providers and workers through surveys and data collecting, in order to know their needs and preferences, and for other purposes of the same nature as the aforementioned ones.
Xanor will process your personal data for the aforementioned purposes following your prior consent, considering than in some cases, such consent is mandatory according to the applicable laws.
We will not use your personal data for any use incompatible with the ones that you have been informed, unless when applicable law makes it mandatory or authorizes it, or when it is your best interest.
The personal data collected by Xanor from it´s clients, providers, comercial contacts and/or web users for providing the services, are:
Personal Identity Data.
Email or postal address.
Contact names and numbers (in case they are required)
Any other personal data required in our forms or formats.
Limitation of use and divulgation of personal data.
Likewise, Xanor will limit the use of personal data and sensitive personal data at the specific request of the user, but will not be bound to cancel or erase such data when:
Such information is part of a private, social or administrative contract and its required for its development and fulfillment;
Must be treated in order to comply with a legal disposition;
Doing so would pose an obstacle for any required judicial or administrative act in regards to tax obligations, or the investigation and prosecution of crime, or to apply administrative sanctions.
It is needed to safeguard the judicially protected interests of the owner of such data.
It is needed to carry out any action of public interest.
It is needed to fulfill any obligation contracted by the owner.
It is needed for medical prevention or diagnosis or carrying out any other health related services, given that such services are performed by a health professional bound by medical confidentiality and the right and duty of secrecy.
The data collected will be kept during the time needed in order to provide the services, products or information requested, and to manage your business relationship with us, unless the user requests to Xanor to opt out, by opposing or revoking his/her consent to use or manage his/her personal data.
We will not keep your personal data longer than needed for the purpose it was collected for. This means we will erase or eliminate them from our system as soon as they are not needed any more. We take the appropriate measures to ensure that we treat and keep you information safe according to the following criteria:
Your information will only be kept only during the time that is strictly needed –as long as we have a continuous relationship with you- in order to provide you with the service requested or;
In order to comply with law, with a contract, or with any other legal obligation that we are bound to, and;
We will keep your data only during the time needed for the purpose it was processed for, or more time if it is requested by a contract or by law, or for statistical purposes, maintaining the appropriate guarantees.
We will keep your data as long as it is needed in order to fulfill our legal obligations.
Access to Personal Data
We are committed to provide you enough access so you can identify and correct any inaccuracy on the information provided. When we keep personal and identifiable information about you, we are responsible to keep a precise log with the information that you have sent us and verified for us.
If you have any questions in regards to the accuracy of the information that you previously submitted to Xanor, or if you wish to eliminate the outdated information, please contact us. When you make such request, and as long as it is practical and commercially viable to fulfill your request and there is no legal or regulatory measure that forces us to keep such information, we will eliminate the aforementioned information from our operational systems.
Rights in regards to the information of Clients and Providers.
You have the right to control the personal information that we collect, that way we can make sure that such information is truthful and accurate. You have the following rights in regards to your personal data:
1. To access the personal data that we process about you; this gives you the right to know if we have your personal data, and if we do, to obtain information and a copy of such personal data.
2. To access data information for corrections or updates; this gives you the right to have your personal data corrected or updated if they are not accurate or are outdated.
3. To cancel the use of the personal data; this right allows you to stop Xanor from using and processing your data.
4. To eliminate or erase the personal data; this right authorizes you to request erasure of your personal data, as long as that data is no longer necessary to accomplish the purposes for which they were requested.
5. Restriction of use of your personal data; this allows you to request to Xanor to process your data only on limited circumstances, with your prior consent.
Because the processing of your personal data is based on your consent, you have the right to deny such consent at any moment, by contacting the “Data Protection Officer”.
If, notwithstanding our commitment and effort to protect your personal data, you consider that your privacy rights have been violated, we strongly urge you and welcome you to contact us first, so that we can give a prompt solution to any complaint.
In case that you want to rectify, cancel or oppose any personal data that is in our database, please request so in writing, making sure you comply with the following requirements:
Name of the owner of the personal data and the address to which reply to their request should be addressed.
Proper documentation that confirms identity, or legal documentation of the person legally entitled to represent the owner.
A clear and precise description of the personal data over which you wish to exercise any of the aforementioned rights
Any other element or document that may help us to locate your personal data, and
In the case of a request for rectification, the owner of data or legal representative should indicate clearly the information that should be rectified, and provide appropriate documentation to support such change.
Our obligation of access to information will be considered fulfilled when the legally entitled person receives the personal data, or its given photocopies, electronic documents or any other means provided by Xanor to the owner.
Xanor can deny access to the personal data, rectifying or updating it, cancelling it, erasing or eliminating it or opposing to the treatment of such data, in the following cases:
If the person making the request is not the legal holder of the data, or when the legal representative does not demonstrate that such representation is valid.
When our database does not contain the personal data of the person making the request.
When the rights of a third party may be infringed upon.
When there is a legal impediment, or valid legal court order restricting the access to the personal data or not allowing the rectification, cancelation or opposition to them.
When the modification, cancellation or opposition has already happened.
Xanor will treat personal data from its clients and providers all the time, therefore, it has adopted specific measures according to the risk level posed, to ensure a proper safety level in regards to the use of data that we are treating. This is done in a strictly confidential manner and keeping the secrecy of such data, according to the applicable law and to prevent it from tampering, loss, unauthorized use or access; taking into account the advancement of technology, the nature of the data, and the risks involved.
Among the measures that we have implemented for protecting your personal data are:
1.- On site redundant encrypted servers.
2.- Layered firewalls between clients, users and servers.
3.- TLS Cyphered Suites for communications.
4.- HTTPS Transfer Protocol
Xanor complies with the guidelines established by the in compliance with the rules and regulations of the Federal Trade Commission Act and the California Civil Code and takes the appropriate measures to ensure compliance. This clause is in effect when data is managed by a third party, in order to provide the administrative services needed, maintaining confidentiality at all times.
Third Party Privacy Practices
Legal basis for the Legality of Treatment of Data.
The user has provided consent for the treatment of the personal data with one or more specific purposes.
The treatment of the data is needed in order to fulfill a contract in which the user is a part of, or; before celebrating a contract by request from the user, to take the needed steps to enter into it.
The treatment of the data is needed in order to fulfill a legal obligation, which the controller is subjected to.
The treatment of the data is needed in order to protect the vital interests of the user or of any other natural person.
The treatment of the data is needed in order to fulfill a task of public interest or by order or command of an official authority, who confers that power to the controller.
The treatment of data is needed in order to protect the legitimate interests of the user or of a third party, with the exception of such interests infringing the fundamental rights and interests of anyone that requires protection of their personal data, in particular if such person is a child.