MERCA AMAZ INC, S.A. DE C.V., also known as Merama, (the “Responsible Party“), with address at Montes Urales #424, Floor 1, Suite/Office 01B-145, Colonia Lomas de Chapultepec Section V, Zip code 11000, Mexico City (the “Address“), makes available this privacy notice (the “Privacy Notice“) which contains the policy under which the personal data (“Personal Data“) of the individuals (the “Data Subjects“) mentioned in section III of this Privacy Notice will be collected and processed.

I. Regulatory Framework

The Responsible Party issues this Privacy Notice in compliance with the provisions of: (i) the Federal Law for the Protection of Personal Data Held by Private Parties (“Law“); (ii) the Regulations of the Federal Law for the Protection of Personal Data Held by Private Parties (“Regulations“), and (iii) the Privacy Notice Guidelines published in the Federation Official Gazette on January 17, 2013 (“Guidelines” and, together with the Law and the Regulations, the “Ordinances“).

II. Personal Data Collected

In order to comply with this section, based on article twenty-two of the Guidelines, the Responsible Party may request and store your Personal Data for compliance with the purposes described in section V of this Privacy Notice directly when the Data Subject provides it through access to this Web Page.

The Personal Data that will be processed, according to the different categories thereof, are those indicated below:

  1. Identification: all those that allow the identification of the Data Subject.
  2. Contact: All information that allows maintaining or contacting the Data Subject. 
  3. Preferences: those browsing patterns on the Web Page used to analyze and, where appropriate, offer new products and services, as well as reviews of the products shared.
  4. Profile: annual sales value.

In addition to the foregoing, the Data Subject is informed that the Responsible Party will not collect or process Sensitive Personal Data of the Data Subject through this Web Page, and therefore, in case such data is communicated to the Responsible Party, the latter will proceed to its immediate cancellation.

III. Purposes of the Processing of Personal Data

The Responsible Party, through the Website, shall process the Personal Data of the persons who access the Website, in order to learn about the various products and services of the Responsible Party. 

By virtue of this section, the Responsible Party will process Personal Data of the Data Subject, the purposes of which are listed below:

A) Primary purposes for the use of the Web Page:

  1. To analyze the browsing patterns and habits within the Web Page.
  2. To maintain the necessary communication with the Data Subject, to answer their queries, and to offer the details of the products and/or services that the Responsible Party offers to the public, with attention to the profile that the potential client may have.
  3. Analyze and improve the Responsible Party’s digital marketing strategies.
  4. To comply with the applicable regulations or requirements of the competent governmental authority.
  5. Publication of reviews to evaluate the products offered through our Web Site or other sales channels.
  6. Receive potential business offers or commercial partnerships, and therefore the information received by that means will be analyzed by the Data Subject and its legal and financial advisors, internal or external for the feasibility of such proposal. 
  7. Receive job offers, in the event that the Data Subject has provided information or requested information for positions held by the Responsible Party. 

B) Purposes that do NOT give rise to and are NOT necessary for the use of the Web Page:

  1. To elaborate surveys, studies, statistics, and reports. 
  2. To notify and offer promotions, discounts and advertising campaigns for products or services.

The Data Subject is hereby informed that the mechanism that the Representative has implemented for him/her to express his/her refusal for the processing of his/her personal data in accordance with the purposes included in subsection B), number I (one roman numeral), of this section, consists of sending a request that, under the heading “Refusal to Process Secondary Personal Data”, the Data Subject shall send to the Address or e-mail address indicated in the section Exercise of ARCO Rights of this Privacy Notice, observing the requirements set forth in the first paragraph of such section, which request shall become effective within 3 (three) business days following the receipt thereof.

IV. Remittance and Transfers of Personal Data

The treatment that the Responsible Party carries out of the Personal Data may involve the national or international transmission of the same, to controlling companies, affiliates and/or subsidiaries of the Responsible Party, other browsers on the page (in relation to the reviews advertised by the Data Subject himself), judicial and/or administrative authorities before which the Responsible Party is obliged in terms of law, as well as for the corresponding administration of justice. In all cases, the Responsible Party shall inform such third parties of the contents of this Privacy Notice. 

Purposes that Justify the Transfer of Personal Data

The purposes that justify the transfer of Personal Data of the Data Subject are those set forth in paragraphs 2, 3, 4 and 5 of subparagraph A) and in paragraphs 1 and 2 of subparagraph B), all of section V of this Privacy Notice. 

In the event that the Data Subject expresses his/her refusal regarding the transfer of his/her personal data in accordance with the aforementioned, the Data Subject shall send a request under the heading “Refusal to Transfer Personal Data” to the Address or e-mail address indicated in the section Exercise of ARCO Rights of this Privacy Notice, observing the requirements set forth in the first paragraph of said section, which request shall be effective within 3 (three) business days following receipt thereof.

All of the foregoing, with the understanding that the Responsible Party may freely transfer the Personal Data to its controllers, affiliates, subsidiaries and/or service providers for the purposes of the Responsible Party itself, since under the Regulations, these third parties would only be its Processors.

 V. Means and Procedure for the Exercise of the Rights of Access, Rectification, Cancellation or Opposition

In accordance with the Regulations, the Data Subject may exercise against the Responsible Party the access, rectification, cancellation, or opposition (the “ARCO Rights“), regarding the Personal Data concerning him/her. For purposes of the foregoing, the Data Subject shall submit to the Responsible Party a request in written form addressed to the Personal Data Protection Committee, to the attention of Alejandro del Rosal Pedraza, Pablo Jacinto Madrid Ramirez, Eloy Cantu Perez de Salazar, Salvador Gallo Korkowski and Valeria Chao Lagler and shall contain and accompany the following: (i) name of the Data Subject and address or other means to communicate the response to the request; (ii) copy of the identification document of the Data Subject, as well as the original of the same for comparison or, if applicable, in the case of the representative of the Data Subject, in addition to the above, the documents proving the identity of the representative, as well as the public deed or power of attorney signed before two witnesses, in which the powers granted, or statement in personal appearance of the Data Subject are stated; (iii) a clear and precise description of the Personal Data with respect to which it seeks to exercise any of the rights of rectification, cancellation or opposition, and (iv) any other element or document that facilitates the location of the Personal Data. Such request must be submitted at the Address or by e-mail addressed to the following e-mail address: comite-privacidad@merama.io provided that the duly certified electronic instruments that replace the identification of the Data Subject or, as the case may be, of its representative, are submitted. The exercise of the ARCO Rights shall be free of charge, and the Data Subject shall only have to cover the costs of sending, reproduction (simple copy) and, if applicable, certification of documents. However, if the same Data Subject repeats his request in a period of less than 12 (twelve) months, the costs will be the equivalent of 3 (three) times the current Measurement and Updating Unit, unless there are substantial modifications to the Privacy Notice that motivate new consultations. The hours of attention for the above requests are Monday through Friday from 8:00 to 18:00 hours.

The Responsible Party will communicate to the Data Subject within a maximum period of 20 (twenty) business days from the date on which the request for the corresponding ARCO Right was received, the determination adopted so that, if appropriate, becomes effective within 15 (fifteen) business days following the date on which the response is communicated. The term may be extended only once, for each request, up to an additional term of 15 (fifteen) business days, provided that the Responsible Party justifies the extension to the Data Subject, which must be notified before the expiration of the original term. For such purpose, the Responsible Party shall note in the acknowledgement of receipt delivered by the Data Subject the corresponding date of receipt.  

The term indicated in the previous paragraph will be interrupted in the event that the Responsible Party requires additional information from the Data Subject, because the information originally provided is insufficient or erroneous to process the request, or if the documents indicated above are not provided. For such purpose, the Responsible Party may require the Data Subject, once and within 5 (five) business days following the receipt of the request, to provide the necessary elements or documents to process the request, and the Data Subject shall have 10 (ten) business days to comply with the requirement, counted as of the day following the day it was received. If the Data Subject does not respond within such term, the corresponding request shall be deemed not to have been filed. On the contrary, in the event that the Data Subject responds to the request for information, the term for the Responsible Party to respond to the request will begin to run the day after the Data Subject has complied with the request for additional information.  

The answers given by the Responsible Party to the Data Subject who have exercised their ARCO Rights, will be made by the same means in which the request was made, dealing only with the Personal Data specifically indicated in the request in question and must be presented in a legible and understandable format. 

When the access to the Personal Data is in a physical place designated by the Responsible Party, it will grant the Data Subject a period of 15 (fifteen) business days so that he/she may come to consult them. Once this period has elapsed, if the Data Subject has not attended, a new request will be necessary.

When the Responsible Party denies the exercise of any of the ARCO Rights, it shall justify its response, informing the Data Subject the right to request the initiation of the procedure before the National Institute of Transparency, Access to Information and Protection of Personal Data. 

VI. Revocation of Consent

The consent given by the Data Subject to this Privacy Notice may be revoked at any time, without retroactive effects. The revocation of consent that the Data Subject intends to make, must be made in accordance with the means and procedure set forth in section V above.

VII. Options and Means to Limit the Use or Disclosure of Personal Data

In order to limit the use or disclosure of Personal Data, the Responsible Party keeps such Personal Data inventoried and traceable under computer equipment and/or digital platforms with limited access through the use of passwords with security specifications, only to persons who, by reason of their functions, are empowered to do so.

 In all cases, the Responsible Party uses the same security measures that it applies to its own information.

Likewise, the Responsible Party subscribes confidentiality agreements with all its personnel, in which it is contemplated that the Personal Data to which it accesses in the exercise of its functions, is confidential information and therefore, in case of disclosing such confidential information, it will be liable to pay damages, as well as the appropriate criminal, administrative and/or labor sanctions.

In turn, the Responsible Party has implemented internal policies and processes applicable to its personnel, through which Personal Data are used by a minimum number of people, limiting the use of reproduction media, and generating the obligation to block and, if necessary, destroy all those copies or reproductions of documents containing Personal Data that are not strictly indispensable for the proper performance of the functions of the Responsible Party’s personnel.

VIII. Changes to the Privacy Notice

The Responsible Party has the right to modify or update this Privacy Notice at any time, due to legislative reforms, internal policies or new requirements for the provision or offering of its services. These modifications will be available through the Web Page and will be in force from the moment of their publication in the same.

For more information visit http://inicio.inai.org.mx/SitePages/ifai.aspx

IX. Cookies Policy

Cookies are text files that are stored in the computer equipment or smart mobile devices (the “Devices“) used by the Data Subject when using the Web Page. Cookies help the Responsible Party to provide the Data Subject with a better experience when using the Website and allow the Responsible Party to improve such experience. The Responsible Party uses cookies to analyze the flow of information, personalize its Services, content, and advertising, measure promotional effectiveness, and promote trust and security on the portal, remember the preferences of the Data Subjects and make available to them the default values of the functions of the Website configured by the Responsible Party, as well as to adapt the most relevant tools for the Data Subjects. In this regard, cookies may be used to obtain personal data of the Data Subjects.

Each Data Subject may accept or reject the use of cookies by means of the configuration for such effect in the Devices used; however, it is important that the Data Subjects take into consideration that, if they do not accept the use of cookies, some functions of the Web Page may not be fully available, since some of the services or content of the same are only available through the use of cookies. The Data Subject may deactivate the use of cookies by following the procedure indicated in the configuration of the Device used to browse the Web Page. For such purposes, the Data Subject may consult the following sites: 

Firefox https://support.mozilla.org/es/kb/habilitar-y-deshabilitar-cookies-que-los-sitios-we
Google Chrome http://support.google.com/chrome/bin/answer.py?hl=es&answer=95647
Microsoft Edge https://support.microsoft.com/es-mx/help/17442/windows-internet-explorer-delete-manage-cookies
Opera http://help.opera.com/Windows/11.50/es-ES/cookies.html
Safari http://www.apple.com/legal/privacy/es/cookies/

By accepting this Privacy Notice, the Data Subject expressly consents to the processing of his or her Personal Data in accordance with this Privacy Notice, including, without limitation, Personal Data of a proprietary nature in accordance with section IV of this Privacy Notice and the transfers referred to herein, except as previously provided.

Date of last update: July 12, 2021.

Menu