UNITECR PERSONAL DATA PROTECTION POLICY

INTRODUCTION

This policy is issued in compliance with the Federal Law on the Protection of Personal Data Held by Private Parties (FLPPDPP) and its applicable regulations in Mexico. The purpose is to ensure that UNITECR (hereinafter, "the Company") processes personal data responsibly and complies with legal obligations to protect the rights of data subjects.

DEFINITIONS

  • Personal Data: Any information concerning an identified or identifiable natural person.
  • Data Subject: The natural person to whom the personal data belongs.
  • Data Controller: The natural or legal person who determines the purposes of the personal data processing.
  • Data Processor: The natural or legal person who processes personal data on behalf of the Data Controller.

OBJECTIVE

The objective of this policy is to establish principles and guidelines for the processing of personal data carried out by UNITECR, in order to ensure the privacy and security of data subject information and to comply with applicable legal obligations.

SCOPE OF APPLICATION

This policy applies to all personal data processing activities carried out by UNITECR and to all databases containing personal information in the Company's possession.

POLICIES

Information about the Data Controller and Data Processor Data Controller: Latin American Association of Refractories Manufacturers (ALAFAR)

Purposes of Personal Data Processing

Personal data will be processed for the following purposes:

  • Management of registrations and participation in UNITECR events.
  • Communication of information related to UNITECR events and activities.
  • Sending relevant information about the refractory industry.

Sharing data with third parties for the organization of events and related activities.

Processing of Data Subjects' Personal Data

Data subjects' personal data will be treated confidentially and will only be used for the purposes authorized by data subjects, except in cases where the law allows or requires their processing without consent.

Data Subject Rights

Data subjects of personal data have the right to:

  • Access their personal data.
  • Rectify their personal data if they are inaccurate or incomplete.
  • Cancel their personal data when they consider it is not being used properly.
  • Object to the processing of their personal data for certain purposes.

Revoke their consent for the processing of their personal data.

Security Measures

The Company will implement technical, administrative, and physical security measures to protect personal data against loss, theft, unauthorized access, disclosure, alteration, or destruction.

Transfer of Personal Data

The Company may transfer personal data to third parties, whether national or foreign, only when necessary to fulfill previously established purposes and with the prior consent of the data subject or in cases allowed by law.

Data Protection Officer

The Company will appoint a Data Protection Officer, responsible for ensuring compliance with this policy and handling data subjects' requests.

POLICY EFFECTIVENESS

This policy is effective from 25.09.2023 and will be reviewed and updated periodically to ensure compliance with current regulations and the Company's needs.