top of page
Privacy Notice
 

PRIVACY NOTICE

In compliance with the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties (in spanish “Protección de Datos Personales en Posesión de los Particulares”) (the “Law”), published in the Official Gazette of the Federation on March 20, 2025, the following Privacy Notice is hereby issued.

This document is made available to the Data Subject at the time their personal data is collected, for the purpose of informing them about the processing of their data by the Responsible (the subject that collects, stores, and/or handles the personal data of the Data Subject).

 

​

1.- IDENTITY OF THE RESPONSIBLE.

Licenciado Francisco Javier Mazoy Cámara, Federal Commercial Public Notary númber 2 in Baja California Sur, “Correduría Pública y Servicios”, S.C. y “Lex Advisors”, S.C. (jointly the “Responsible”), we are individual and legal entities, respectively, engaged in the provision of legal services in accordance with Mexican law, with a registered address at: Paseo Finisterra No. 136, Suites 2, 6 y 10, colonia Campo de Golf, San José del Cabo, Los Cabos, Baja California Sur, 23406, México.

 

2.- PURPOSE.

The Responsible collects personal data provided by its clients, suppliers, service providers, business partners, and/or employees, in connection with legal services and/or federal commercial notarial services and/or notarial services, or from any third party related to such services who may have authorized access to the Responsible’s products and/or services. The Data Subject voluntarily and freely agrees to provide their personal data, which may be included in contracts, letters, forms, deeds, databases, or other applicable means, such data may be shared with and disclosed to authorities who are legally entitled to access them and, in applicable cases, will be entered in the corresponding Public Registries. The Responsible obtains personal data from the Data Subject in printed form or by any electronic, optical, audio, visual, or other technological means, through a Simplified Privacy Notice.

 

 

3.- PERSONAL DATA AND SENSITIVE PERSONAL DATA PROCESSED BY THE RESPONSIBLE.

Among the personal data processed by the Responsible, certain information may be considered “sensitive personal data”; without limitation, the following may be included:

 

INDIVIDUALS

  • Full name (paternal surname, maternal surname, and given name(s)).

  • Home address (street, exterior number, and, if applicable, interior number; neighborhood; postal code; municipality or borough; city or town; state; and country).

  • Nationality.

  • Date and place of birth.

  • Marital status.

  • Current profession or occupation.

  • Economic activity or business line.

  • Telephone number.

  • Email address.

  • Unique Population Registry Code, in spanish “Clave Única de Registro de Población” (CURP)

  • Federal Taxpayer Registry, in spanish “Registro Federal de Contribuyentes” (RFC).

  • Information on family or third-party references.

  • Educational background

  • Training or certifications.

  • Gender.

  • Financial information (bank account numbers, income, expenses, banking and/or commercial references, among others).

  • Tax identification number.

  • Immigration status.

  • Biometric data (such as fingerprints, when applicable).

  • Asset-related information (movable or immovable property, including legal description, location, area, measurements boundaries, boundaries; capital shares in business or other types of entities)

  • Social security number or its equivalent in another country.

 

LEGAL ENTITIES

  • Legal name or corporate name.

  • Commercial activity or corporate purpose.

  • Federal Taxpayer Registry, in spanish “Registro Federal de Contribuyentes” (RFC).

  • Registered and/or fiscal address (street, exterior number, and, if applicable, interior number; neighborhood; postal code; municipality or borough; city or town; state; and country).

  • Date of incorporation.

  • Nationality.

  • Telephone number.

  • Email address and website, if applicable.

  • Name, nationality, and applicable information of shareholders or partners, as well as of the person authorized to legally bind the entity to the transaction, which may include: administrator(s), director, manager, legal representative, or attorney-in-fact.

 

The Data Subject must provide documentary evidence supporting the accuracy of the information listed above.

 

 

3.- CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA.

Confidentiality: Refers to safeguarding, managing, and maintaining the confidentiality of personal data including sensitive personal data as defined by the Law provided by the Data Subject to the Responsible, as well as by employees and third parties with consent. Such data may be handled physically, manually, or automatically through collection, use, recording, organization (in databases), retention, development, use, communication, dissemination, storage, possession, access, handling, utilization, disclosure (as permitted by law), transfer, or any other disposition of the personal data.

 

 

The Responsible shall make constant and reasonable efforts through manual, administrative, and/or technological means, as well as internal protection procedures, to maintain the security of the Personal Data and Sensitive Personal Data provided, in order to prevent unauthorized access.

 

 

In the case of Personal Data and Sensitive Personal Data of minors or individuals under legal guardianship or incapacity, the express written consent of a parent, legal guardian, or custodian is required. If the personal data or sensitive personal data pertains to a deceased individual, the express written consent of the surviving spouse, a direct ascendant or descendant, a legally interested party, or someone previously designated by the Data Subject is required. In such cases, consent shall be recorded through the signature of this Privacy Notice or the corresponding Simplified Privacy Notice.

 

 

 

 

Processing: The Personal Data provided to the Responsible is used appropriately and relevantly in relation to its purpose and in compliance with legal requirements. The Responsible maintains an organized and systematic record of clients, personnel, and providers (service providers), and coordinates all services provided to or by the Responsible.

 

The Responsible reasonably classifies, manages, and/or purges documentation and/or information related to personal data (including sensitive data). Once the purpose for which the data was collected has been fulfilled, the data shall be blocked and/or destroyed in accordance with the provisions of the Law. However, due to the professional, public trust, or legally vulnerable nature of the Responsible's activities, personal data may be retained, blocked, and/or safeguarded for the time periods established by applicable laws. The Responsible may designate authorized personnel to access such data or documentation.

 

 

 

The Data Subject is required to provide accurate, complete, correct, and up-to-date personal data for the purposes for which they were collected. However, the Responsible may verify the accuracy of the provided data.

 

The Responsible shall make reasonable efforts to limit the processing period of sensitive personal data to the minimum necessary, except in cases provided by applicable laws related to public trust, vulnerable activities, or the Responsible’s professional obligations.

 

 

The Responsible may transfer personal data, including sensitive data, to third parties for the fulfillment of the purposes for which the data was collected. Appropriate use shall be ensured, and special care will be taken when such data is transferred to or used by a related third party. These data must be processed under the principles of lawfulness, purpose, loyalty, consent, quality, proportionality, transparency, and accountability in accordance with the Law.

 

 

The Responsible implements, within its reasonable capabilities, administrative, technical, and physical measures to protect personal data against damage, loss, alteration, destruction, or unauthorized use, access, or processing; any significant breach that may affect the property or moral rights of the Data Subject shall be immediately reported to the latter.

 

 

Third parties involved shall be required to implement the same protection controls as the Responsible.

 

4.- LIMITATIONS ON THE USE AND DISCLOSURE OF DATA.

The Personal Data provided through legal or legitimate means is handled appropriately and confidentially.

 

 

Personal Data may be transferred to third parties in order to: (a) comply with applicable legal obligations; (b) comply with a judicial or legal ruling; and (c) for as long as necessary for the operation and functioning of the Responsible in accordance with the regulations to which it is subject.

 

 

The Responsible adopts the necessary and reasonable measures for the cancellation, blocking, handling (as applicable), and preservation of the personal data provided.

 

The Responsible may use cookies related to legal services, when browsing the Responsible’s website, the Data Subject may: a) choose to delete all or some cookies from their device through browser settings; b) choose to prevent the installation of cookies on their device through browser settings; c) choose to enable or disable the cookies we use directly on our website: https://www.lexadvisorsmx.com

 

 

 

The Responsible is not required to obtain the Data Subject’s consent for the processing of their personal data in the following cases: (i) the data is obtained from publicly accessible sources (personal data that is publicly available); (ii) the personal data has been subjected to a dissociation process, making the Data Subject unidentifiable by the Responsible; (iii) to fulfill contractual obligations between the Data Subject and the Responsible; (iv) an emergency arises that could potentially harm an individual or their property; (v)  treatment for medical care, prevention, diagnosis, provision of health care services, or health service management, in cases where the Data Subject is not in a condition to provide consent, in accordance with the General Health Law and other applicable legal provisions, and where such data is processed by a person subject to professional confidentiality or an equivalent obligation; or (vi) when required by court order, legal resolution, justified mandate by a competent authority, or applicable legal provision.

 

 

 

5.- MEANS FOR EXERCISING THE DATA SUBJECT’S RIGHTS REGARDING THE PROCESSING OF THEIR PERSONAL DATA.

 

The Data Subject has the right to “access” their personal data held by the Responsible, by submitting a request to the designated person in charge, through any of the Responsible’s records, files, and storage systems. Accordingly, the Data Subject may at any time request access, “rectify”, cancel, correct or oppose (if the processing causes harm, damage, or involves automated processing with adverse legal effects) to the processing of their personal data (ARCO rights), when such data is inaccurate, incomplete, or outdated.

 

 

 

 

Likewise, the Data Subject has the right, when applicable, to request the cancellation of their personal data from the files, records, archives, and systems of the Responsible, which will initiate a blocking period pursuant to Article 24 of the Law. However, such blocking and/or cancellation may not be possible when the nature of the Responsible’s profession, vulnerable activity, or function involving public trust requires the blocking and/or cancellation cannot be implemented, as provided by applicable laws.

 

To exercise these rights, the Data Subject or their legal representative may submit a written request to the Responsible, including at least the following information:

 

  1. Name of the Data Subject and address or other means for receiving notifications.

  2. Documents proving the identity of the Data Subject, or where applicable, the legal representation thereof.

  3. A clear and precise description of the personal data with respect to which the ARCO rights are intended to be exercised.

  4. Any other element or document that facilitates the location of the personal data.

  5. In the case of a request for rectification of personal data, the modifications to be made and the documents supporting the change must be indicated.

 

The Responsible has designated the individual responsible for processing ARCO rights requests of the Data Subject, such requests may be submitted by email to María Isabel Yee Savin at marisayee@lexadvisors.com.mx, or by means of  certified mail through Servicio Postal Mexicano (Correos de México) or another courier service that provides delivery confirmation, or in person at the following address: Paseo Finisterra No. 136, Suites 2, 6 y 10, colonia Campo de Golf, San José del Cabo, Los Cabos, Baja California Sur, 23406 México. Attention: María Isabel Yee Savin.

 

The Responsible will respond within the timeframes established in Articles 30, 31, 32, and 33 of the Law.

 

The Responsible hereby informs the Data Subject that the right to object will not be applicable when the processing of data is required to comply with a legal obligation imposed on the Responsible, or when, due to the nature of the Responsible’s profession, vulnerable activity, or public trust function, such objection or cancellation cannot be exercised under applicable laws.

 

 

 

The Responsible informs the Data Subject that exercising ARCO rights is free of charge. However, if rectification of personal data in a public instrument is required due to changes made after the execution of such instrument, the correction will be subject to applicable fees, duties, and costs, which the Data Subject or their representative hereby accepts.

 

 

 

In addition, if the Data Subject expressly requests and authorizes the Responsible in writing to share their information and/or documentation with a third party unrelated to the original purpose for which the data was collected, whether by email or other means, such disclosure or transfer (physical or electronic) may incur costs and expenses payable by the Data Subject, which the Data Subject or their representative expressly accepts.

 

6.- CHANGES TO THE PRIVACY NOTICE.

 

The Responsible reserves the right to modify this Privacy Notice. In said case, the changes will be communicated through a notice placed in a visible location at the Responsible’s address and on the website www.lexadvisorsmx.com, and the Data Subject shall consult the Privacy Notice at the aforementioned website or at the Responsible’s physical address.

 

 

7.- INTERNATIONAL TRANSFER OF PERSONAL DATA.

The Responsible may transfer the Data Subject’s personal data internationally (through manual or automated procedures), without the Data Subject’s consent when:

 

a) Provided by a law or treaty to which Mexico is a party;
b) The transfer is made to entities within the same corporate group or any other company of the same group that operates under the same internal processes and policies as the Responsible;

c) The transfer is necessary due to a contract entered into in the interest of the Data Subject;

d) It is necessary for the safeguarding of public interest or the administration of justice;

e) It is necessary for the recognition, exercise, or defense of a right in a judicial proceeding; and

f) It is necessary for the maintenance or fulfillment of a legal relationship between the Responsible and the Data Subject.

 

8.- APPLICATION OF THE GENERAL DATA PROTECTION REGULATION (GDPR or RGPD for its acronym in Spanish) OF THE EUROPEAN UNION.

The Responsible makes every reasonable effort to ensure proper use of personal data; how it is obtained, how it is protected; and for how long it is retained, regarding individuals or legal entities that are part of the European Economic Area, when applicable, pursuant to article 3, fraction V of the Mexican Data Protection Law, articles 4, 5, and Third Section of the Regulation of the Law, article 3.2 of the GDPR and other relevant provisions of said legislation, including the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and its Additional Protocol regarding supervisory authorities and transborder data flows, published on June 12, 2018.

 

 

This regulation applies to the processing of personal data by a responsible not established in the Union but located in a place where the law of the Member States applies by virtue of Public International Law.

 

 

Nonetheless, Mexican data protection regulations provide that the Data Subject may exercise their ARCO rights in Mexico, and the application of other foreign laws shall remain secondary, in accordance with the principles of Public International Law.

 

 

9.- IMPACT OF UNITED STATES DATA PROTECTION LAWS ON DATA HELD BY THIRD PARTIES IN MEXICO.

 

Data protection requirements include the following: i.- Publication of a privacy notice (through manual or electronic means); ii.- The Data Subject has rights such as access, cancellation, rectification, and opposition concerning their personal data held by the Responsible or related third parties; iii.- Reasonable efforts are made to maintain security processes for data protection; iv.- The Responsible does not collect personal information from minors without the prior consent of parents and/or guardians.

 

 

 

As established under Mexican data protection law, the Data Subject may exercise their ARCO rights in Mexico, with the application of foreign laws remaining secondary and subject to the rules of Public International Law.

 

 

9A.- IMPACT OF CANADIAN LAW ON DATA HELD BY THIRD PARTIES IN MEXICO.


The Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada provides that those responsible for collecting, storing, and managing the personal data of Canadian individuals (whether by birth or naturalization) must comply with the obligations set forth in that Act, even when outside Canadian territory. However, Mexican data protection law provides that the Data Subject may exercise their ARCO rights in Mexico, and the application of PIPEDA remains secondary, subject to the rules of Public International Law.

 

 

 

 

10.- INQUIRIES.

For any questions, comments, concerns, or requests regarding this Notice and pursuant to Article 28 of the Law, the Data Subject may consult the Privacy Notice at the Responsible’s address or on the website www.lexadvisorsmx.com, or submit a written request to the following address: Paseo Finisterra No. 136, Suites 2, 6 y 10, colonia Campo de Golf, San José del Cabo, Los Cabos, Baja California Sur, 23406, México, to the attention of: María Isabel Yee Savin.

 

 

a) Any complaint, information request, or inquiry about the processing of your personal data or about the Federal Law on the Protection of Personal Data Held by Private Parties and its Regulations may be submitted to the Secretaría Anticorrupción y Buen Gobierno.

b) Applicable Law: The interpretation and application of this Privacy Notice shall be governed by the Federal Law on the Protection of Personal Data Held by Private Parties, the Code of Civil Procedure, the Federal Law of Administrative Procedure, and other applicable administrative provisions, laws, and regulations.

 

 

11.- CONSENT.

The Data Subject hereby freely states that they have read and understood the contents of this Privacy Notice and express no objection thereto, having been specifically and adequately informed by the Responsible about the processing of their personal data.

jpg%20a%20png_edited.png

Lex Advisors S.C.  

Lawyers

Paseo Finisterra #136 Suite 6 & 10 

San José del Cabo, B.C.S. 23406

Tel: (624) 142 5453 | (624) 142 5452

US & CAN predial 011 (52)

Copyright © 2021 Lex Advisors. All rights reserved.

bottom of page