Privacy Notice for Employees and Applicants.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
The Company is committed to collecting and processing your personal data responsibly and in compliance with applicable data protection laws. This Employees and Applicants Personal Data Protection Notice (“Notice”) explains how Proeza and its affiliates entities (together, the “Company,” “we,” “us,” “our”) collect, process, transfer and disclose personal data relating to the Company employees and job applicants. This Notice also describes the rights you have regarding the use of your personal data, the measures the Company takes to protect the security of the data, and how you can contact us regarding our data protection practices.
1. Identifying the controller of your personal data
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Whenever the Company collects, uses or transfers your personal data for its own purposes, that company or affiliate is considered a controller of the personal data and therefore, is primarily responsible for meeting the requirements of applicable data privacy and protection laws.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Unless informed otherwise at the time your personal data is collected, the Company’s affiliate acting as a controller of your personal data will be the one in which you are applying for a position, and/or by whom you are ultimately employed or where you work. The Company responsible for the collection and processing of your personal data for the purposes described in this Notice can be found in Section 10 (“Contact Us”) below.
2. What personal data we process
⠀⠀⠀⠀⠀⠀⠀⠀⠀
A. Applicants
When you apply for a position, or interview with us, the Company collects certain information that, alone or combination with other information, refers to you. The personal data about you the Company may process can be found below:
PERSONAL DETAILS: Full name (last, first, middle); official ID, birth certificate, domicile, phone number and e-mail address, tax ID, social security number; national identification number and photograph.
COMPENSATION, STOCKS, BENEFITS AND PAYROLL DETAILS: Annual salary; bonus
information; and pay frequency.
SENSITIVE PERSONAL DATA: General health status, and psychometric tests.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
B. Employees
During the course of your employment, the Company will collect certain personal data about you relating to your working relationship with the Company, and/or your spouse, dependents, or family members (“Dependents”), where there is a legitimate reason to do so in connection with your employment relationship, for example, to administer employee benefits. Unless the Company informs you otherwise when collecting your personal data, the provision of certain of your personal data is a requirement necessary to enter into an employment contract and/or for the performance of the employment relationship with the Company. Specific information regarding what personal data (as allowed or required under applicable law) about you the Company may process can be found below.
PERSONAL DETAILS: Full name (last, first, middle); official ID, birth certificate, domicile, phone number and e-mail address, tax ID, social security number; national identification number and photograph.
COMPENSATION, STOCKS, BENEFITS AND PAYROLL DETAILS: Annual salary; bonus
information; pay frequency, amounts, dates and currency; banking details (name, address, ID/account number); payment information (credit card number, expiration date, service code).
SENSITIVE PERSONAL DATA: General health status, medical report results, psychometric test, and biometric data.
To the extent permitted by applicable law, please note that you are responsible for informing Dependents whose personal data you provide to the Company about the content of this Notice.
As indicated herein, in some circumstances, it also may be necessary for the Company to process information that is regarded as sensitive data as outlined above. The Company will only process this data where it is required or authorized under applicable employment, social security or social protection laws or other applicable laws or where it is necessary to establish, exercise or defend legal claims. Where it is necessary to process such personal data for the purposes of occupational medicine or to assess your ability to work, the Company may only process such personal data by or under the responsibility of a professional subject to the obligation of professional secrecy, as required by law.
Depending on the country in which you reside, the Company will only collect trade union membership and health-related personal data as provided by applicable data protection laws.
3. Why we process your personal data
⠀⠀⠀⠀⠀⠀⠀⠀⠀
A. Candidates
⠀⠀⠀⠀⠀⠀⠀⠀⠀
The Company will use your personal data in order to assess your suitability for a position with us and to perform the tasks relating to your possible hire. We will evaluate your credentials for available job opportunities or for a specific job opportunity you select.
The Company will process your personal data in order to administer and manage your application. Specifically, the Company needs to process your personal data in order to potentially enter into an employment contract or other contractual relationship with you.
• Process your application for employment or to render services to us.
• Communicate with you and undergo preparatory steps as necessary to enter into a contract with you.
• Assess your qualifications for a particular position (including to interview, screen, and evaluate your candidacy).
• Verify your identity and employment eligibility.
• Manage record-keeping and reporting obligations in connection with our applicant pool.
• If you are offered a position, to conduct criminal, medical, and background checks (as relevant to the respective function of your potential job).
• Operate and manage our systems.
The Company also will process your personal data for compliance with legal obligations to which we are subject.
The Company does not sell your personal data for commercial purposes.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
B. Employees
The Company will process your personal data where the processing is necessary in connection with the performance of your employment relationship with the Company.
• Prepare and execute your employment contract.
• Establish and maintain an employment relationship.
• Maintain your files updated.
• Calculate your salaries, benefits and taxes.
• Manage the payroll, collection and payments.
• Monitor the use of the work tools (computer equipment, e-mail as well as electronic devices) provided by the Company to you.
• Obtaining images (through photographs and videos) for the correct use of surveillance measures within the Company.
• Complying with the policies and procedures of the Company.
• Conduct audits and investigations to prevent and/or detect fraud or other wrongdoing that may cause a claim or damage to the company's assets or to the company's reputation.
• Carrying out or responding to legal proceedings before authorities.
The Company will process your personal data to ensure the continuity of the business.
The Company also will process your personal data for compliance with legal obligations to which the Company is subject.
The Company will not use personal data for any other purpose incompatible with the purposes described in this Notice, unless it is required or authorized by law, with your Consent, or is in your own vital interest (e.g., in the case of a medical emergency).
The Company does not sell your personal data for commercial purposes.
4. Recipients of personal data
⠀⠀⠀⠀⠀⠀⠀⠀⠀
The Company will only grant access to personal data on a need-to-know basis, and such access will be limited to the personal data that is necessary to perform the business function for which such access is granted. No authorization will be extended to access personal data on a personal basis.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Access to personal data within the Company may include your managers and their designees, personnel in HR, IT, Benefits, Proeza’s Transparency Line, travel services, audit, finance, legal and compliance, or data processing departments.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
From time to time, we may need to make personal data available to other unaffiliated third parties. Such unaffiliated third parties may include the following:
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Professional Advisors: Accountants, auditors, lawyers, bankers, insurers, and other outside professional advisors in all of the countries in which the Company operates.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Service Providers: Companies that provide products and services to us such as IT systems suppliers and support, insurance, payroll, employee expense processing, employee benefits and rewards, credit card companies, and other service providers.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Public and Governmental Authorities: Entities that regulate or have jurisdiction over the Company such as regulatory authorities, law enforcement, public bodies, and judicial bodies, including any regulatory entities outside the country in which you work.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Corporate Transaction: A third party in connection with any proposed or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of the Company’s business, assets or stock (including in connection with any bankruptcy or similar proceedings).
Public and Private Collaborations: Entities that seek to collaborate with us either of private or public nature which are compatible with its business purpose.
5. International Data transfers
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Due to the global nature of our operations, the Company may disclose and transfer certain personal data to personnel and other departments throughout.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Unless prohibited by applicable law, personal data will be transferred to our companies and affiliates in locations outside the country in which you work, where the data protection regime may be different than in the country in which you are located. Where required by applicable law, the transfer will be based on a legally adequate transfer method.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
The transfers of data to third-party vendors are secured by implementing the safeguards required under the applicable data protection law (including contractual arrangements entered into with a third party vendor). Third-party service providers are expected to protect the confidentiality and security of personal data, and only use personal data for the provision of services to the Company, and in compliance with applicable law.
6. Security measures
⠀⠀⠀⠀⠀⠀⠀⠀⠀
The Company maintains appropriate physical, organizational and technical security measures intended to prevent loss, misuse, unauthorized access, disclosure, or modification of your personal data under our control. If you have reason to believe that your personal data is no longer secure, please notify the Company immediately using the contact information supplied in Section 10 (“Contact Us”).
7. Retention period
⠀⠀⠀⠀⠀⠀⠀⠀⠀
The Company retains your personal data not longer than allowed under applicable data protection laws and, in any case, no longer, than such personal data is necessary for the purpose for which it was collected or otherwise processed, unless a longer retention period is required by applicable law.
8. Your data protection rights
⠀⠀⠀⠀⠀⠀⠀⠀⠀
To the extent required by applicable law, you are entitled to access and obtain information on the processing of your personal data, to oppose to processing of your personal data, and to have your personal data rectified or cancelled. You also are entitled to withdraw any consent that you might have given with respect to the processing of your personal data at any time with future effect and limit the use and disclosure of your personal data “Data Subject Rights”.
If you would like to exercise your data subjects rights or learn more about the processing of your personal data, please contact, us using the information provided below under Section 10 (“Contact Us”). The Company will respond to your request(s) as soon as reasonably practicable, but in any case within the legally required period of time.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
If you are not satisfied with the Company’s response or believe that your personal data is not being processed in accordance with the law, you also may contact or lodge a complaint with the competent supervisory authority or seek other remedies under applicable law.
9. Updating your personal data
⠀⠀⠀⠀⠀⠀⠀⠀⠀
The Company strives to maintain your personal data in a manner that is accurate, complete and up-to-date. However, as an employee, you have an obligation to keep your personal data up-to-date and inform the Company of any significant changes to your personal data.
10. Contact us
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Data Controller (the “Company” “we”, “us” “our”): [Proeza, S.A. de C.V.] [Metalsa, S.A. de C.V.] [Citrofrut, S.A. de C.V.] [Astrum TI, S.A. de C.V.] [Proeza Capital S.A.P.I. de C.V.]
Domicile: Av. Constitución 405 Pte., Col. Centro Monterrey, N.L. México 64000.
If you have any questions or concerns regarding this Notice or to exercise your Data Subjects Rights as outlined in Section 8 above, please contact our Local Data Protection Officer at the following email address arco.proeza@proeza.com.mx
11. Modifications
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Our Notice may change when necessary. We will send the updated versions to your email and/or it will be published in our intranet.
12. Consent
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Employees acknowledge the receipt of this Notice and grant their express consent for the processing of their personal data including transfers of their personal, sensitive and financial and economic personal data in terms of this privacy notice once they sign its employment agreement.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Applicants acknowledge that the request of their consent to process their personal data in terms of this Notice is not indicative of an employment relationship with or job offer by the Company.
⠀⠀⠀⠀⠀⠀⠀⠀⠀
Effective date: July 28th, 2021