JBPM Legal Services, S.C. and/or any of its holdings, subsidiaries, affiliates, companies and/or entities belonging to the same business group (“BMA”) are aware and recognize the importance of the treatment and use of personal information. Therefore, through this Privacy Policy (“Privacy Policy”) you are hereby informed that BMA collects, uses, stores, treats, transfers, and protects certain personal information in the following terms.

This Privacy Policy is issued in accordance with the Federal Law for the Protection of Personal Data in Possession of Private Parties applicable in Mexico (“LFPDPPP”).

1. Purposes, Use and Collection.

1.1. Purposes and Use. Considering the internal, corporate, commercial, advertising, and BMA’s customer service processes, as well as from the methods of information, contracting, invoicing, follow-up and general services, you are hereby informed that BMA collects, uses and protects your Personal Data, including those classified as sensitive, with the following Purposes (“Purposes”): (i) To identify, locate and contact its owner; (ii) To send and provide information related to BMA; (iii) To send and provide information related to BMA’s services, as well as to promote, advertise and quote such services; (iv) To answer questions, doubts or concerns; (v) To conduct investigations prior to any contracting, including but not limited to, before credit information companies, Credit Bureau and judicial authorities; (vi) If applicable, to establish a commercial, professional or business relationship; (vii) To comply with and maintain all obligations or requirements that, contractually or by provision of any law or authority, BMA must comply with or enforce; (viii) To evaluate the quality of BMA’s services, as well as the support to the clients; (ix) To conduct inquiries and surveys on behalf of BMA; (x) Send notices and communications of importance concerning BMA or its services, including information related to changes in the commercial terms and conditions, or information regarding new services; (xi) Maintain the security and integrity of the individuals visiting BMA’s facilities; and (xii) Develop databases and generate statistical data for BMA’s internal control.

1.2. Personal Data. You are hereby informed that the Personal Data that BMA collects or may obtain from you and use, could be, but not limited to (“Personal Data”):

(a) Identification. (i) In the case of an individual: full name, nationality, country, age, place and date of birth, marital status, occupation, address, landline, personal and mobile telephone, data and official identification documents, biometric data consisting of fingerprints, iris, hand geometry and facial features; and, (ii) In the case of a legal entity: its corporate name, nationality, main activity or line of business, address, telephone number, place and date of incorporation, incorporation documents and other corporate documents, full name of its attorney-in-fact and the powers he/she has, as well as his/her data and official identification documents.

(b) Electronic. Email addresses and social media, among others.

(c) Tax. Tax address, proof of registration and proof of tax status of the Federal Taxpayers Registry (RFC), notice of compliance with tax obligations issued by the Tax Administration Ministry (SAT), proof of inclusion in the provisional or definitive list published by the Ministry of Finance and Public Credit (SHCP) in connection with Article 69-B of the Federal Tax Code, invoices, Internet Tax Receipts (CFDI’s), receipts for fees, and annual returns, among others.

(d) Equity. Bank information (bank institution, account number and CLABE), credit history, quotations and amount of operations or contracts, among others.

(e) Labor. Level of studies, academic history, professional credentials, professional titles, certificates, diplomas, acknowledgments and recommendations, curriculum vitae, employment application, psychometric, knowledge and technical evaluations, personal, commercial or professional references, information obtained during the interview process, union affiliation, affiliation to any public health institute (IMSS, ISSSTE or similar) and affiliation number, Retirement Savings System (SAR) number, medical history and history of affiliation and/or contracting any type of medical and/or health insurance, whether public or private, and attendance list, among others.

(f) Legal. Articles of Incorporation, powers of attorney, public instruments (deeds or policies) containing meetings of partners or shareholders regarding corporate amendments to bylaws and/or transfer of shares, contracts, agreements, judicial records, lawsuits, or judgments, among others.

In order to comply with the Purposes set forth in this Privacy Policy and/or in compliance with legal, tax, administrative and/or judicial obligations, BMA may obtain in some cases Sensitive Personal Data (“Sensitive Data”), being all those Personal Data that affect the most intimate sphere of its owner or whose improper use may give rise to discrimination or entail a serious risk to the owner. In particular, those that may reveal aspects such as racial or ethnic origin, present and future state of health, genetic information, religious, philosophical and moral beliefs, political opinions, sexual preference are considered sensitive. In accordance with article 9 of the LFPDPPP, you must express your consent for the processing of your Sensitive Data, indicating whether or not you accept the processing in the institutional forms that so indicate.

1.3. Collection. You expressly agree and authorize BMA to collect your Personal Data in any of the ways indicated below, in the understanding that such ways are indicated in an enunciative but not limited manner: (i) When you provide them through direct personal visit to BMA’s facilities; or (ii) When you provide them to BMA through email, phone call or videoconference; or (iii) When you browse to BMA’s Official Website (“Website”), or use the online services, chatbots and applications; or (iv) When you browse and contact through any of BMA’s Official Social Media (“Social Media”); or (v) When you contact BMA through electronic or digital instant messaging platforms such as SMS, WhatsApp, Telegram, Messenger and other similar; or (vi) When you contact BMA directly or indirectly through the official advertising and marketing companies that are subcontracted by BMA; or (vii) When you subscribe to BMA’s Newsletter (“Newsletter”); or (viii) When you contact BMA directly or indirectly through any individual or legal entity, national or foreign, and in general, through any third party; or (ix) When you contact us through any other mechanism allowed by Law. If you enter, transit, or remain in BMA’s facilities, you will be recorded and/or photographed for security reasons.

BMA undertakes that the Personal Data will be treated under the strictest security measures to ensure its confidentiality.

2. Transfer.

2.1. You are hereby informed that your Personal Data, including Sensitive Data, may be transferred by BMA and processed inside and outside the country, by third parties other than BMA providing in this case the indispensable data for a specific activity or service to holdings, subsidiaries, affiliates, companies and/or entities belonging to the same business group, suppliers, commission agents or third parties that provide BMA with services inherent or derived from our internal, corporate, operational, commercial, advertising, informative, and BMA’s customer services processes such as management, finance, accounting, legal, billing and collection, advertising and marketing agencies of the services offered, companies or third parties responsible for marketing, coordination and customer service, as well as to the competent federal, state and municipal authorities, solely and exclusively when it is within the exceptions indicated in the LFPDPPP. In the event that this transfer were to occur, BMA will notify this Privacy Policy to such third parties, who must adhere to it.

2.2. You are hereby informed that, if you do not expressly state your opposition to the transfer of your Personal Data, it will be understood that you have given your consent to do so.

3. Access, Rectification, Cancellation or Opposition (ARCO).

3.1. You have the right to access to your Personal Data held by BMA and to be informed of how BMA treats it, as well as to rectify them in case they are inaccurate or incomplete and to cancel them when they are excessive or unnecessary for the Purposes that justified their collection or to oppose the treatment of them for specific purposes.

3.2. If you have provided to BMA with your Personal Data for the Purposes described above and you wish to access, rectify, update, cancel, oppose or revoke the use of your Personal Data, you may request it at any time by sending an e-mail request to the contact details authorized by BMA.

3.3. Such request must contain the following requirements: full name and address, email, documents proving your identity, clear and simple description of the right you seek to exercise (reason of the request) and in the case of rectification of any of your Personal Data, you must indicate the changes to be made and provide documentation to support your request. In the event that the person submitting the aforementioned document is not the owner of the Personal Data, legal representation must be evidenced by means of a power of attorney signed before two witnesses or a public instrument, attaching identification of the owner of the Personal Data and the attorney-in-fact.

3.4. Your request will be answered within a maximum period of 20 (twenty) business days from the date BMA receives it and within this period you will receive a reply by e-mail. In order to attend to your request, BMA may require you to submit the original documents attached to your request, for this purpose, you must go to the address indicated in this document within 5 (five) business days from the date on which they are required. If you do not submit the original documents within this period, your request will be dismissed and the terms of the processing of your Personal Data will be in accordance with the provisions of this Privacy Policy.

3.5. If your request is admissible, it will be effective within 15 (fifteen) business days following the date on which BMA communicates you the answer.

3.6. BMA may deny the exercise of ARCO rights in the following cases:

(a) When you are not the owner of the Personal Data, or you have not duly evidenced the representation of the owner; or

(b) When your Personal Data does not exist in our database; or

(c) When the rights of a third party are harmed; or

(d) When there is a legal impediment or the resolution of a competent authority that restricts your ARCO rights; or

(e) When the rectification, cancellation or opposition has been previously made.

4. Consent Authorization and Revocation.

4.1. By accessing BMA’s facilities, as well as through the use of the Website, Social Media, or the subscription to the Newsletter, or the exchange of communications by telephone, videoconference, email or instant messaging applications, you give your authorization to collect, use, storage, process, transfer and protect your Personal Data in accordance with this Privacy Policy and for the Purposes, terms and conditions set forth herein.

4.2. At any time you may revoke your consent to the processing of your Personal Data. To do so, it will be necessary to send a request by e-mail to the contact details authorized by BMA, where you must expressly indicate your request.

5. Contact.

5.1. BMA works daily to limit the use or disclosure of Personal Data, therefore, has implemented policies and mechanisms that protect in a management, technical and physical way the Personal Data that you have provided in order to prevent loss, misuse or unauthorized access, publication, modification or destruction of Personal Data. These privacy practices are carried out permanently for the protection, privacy, and confidentiality that the Personal Data deserve.

5.2. For any questions or comments about the Privacy Policy, or in case you require advice or to update the Personal Data, please contact BMA at:

Av. Acueducto Nº 2100, Int. 2-C, Col. Colinas de San Javier, C.P. 44660, Guadalajara, Jalisco, México. +52 (33) 3611 2140. info@bmabogados.mx. M-F from 09:00-14:00 and from 16:00-19:00 (GTM-06:00).

6. Updates.

6.1. BMA reserves the right to make at any time, modifications or partial or total updates to the Privacy Policy, either due to changes in BMA’s internal policies, or derived from legislative reforms or jurisprudential criteria that be issued from time to time that establish new requirements or processes; the foregoing, in the understanding that the latest version of the Privacy Policy that has been published on the Website will be considered as the updated and current version of such Privacy Policy.

6.2. In case there is any change to the terms of the Privacy Policy, BMA will communicate it in a timely manner through the Website, Social Media, or by email.

6.3. Last update as of January 01, 2024.