“EUREKA & CO” is the trade name of the Data Controller issuing this Privacy Notice, so that the Data Subject — that is, the individual to whom the personal data belongs, hereinafter referred to as the “Data Subject” — is informed of how the Data Controller handles their Personal Data.
Personal Data We Collect.
The Personal Data collected by the Data Controller from Data Subjects includes identification data, tax data, financial data, employment data, and contact data.
Purposes for Processing Personal Data.
The Data Controller processes the Data Subject’s Personal Data for the following purposes: (i) Primary Purposes:
All of the above purposes are essential to the legal relationship. The Data Controller does not process data for secondary purposes.
Sensitive Personal Data.
The Data Controller does not process sensitive personal data.
Personal Data of Minors.
The Data Controller does not collect Personal Data from individuals under the age of majority, given the nature of its activities.
Transfer of Personal Data.
We inform you that your personal data may be transferred to and processed by parties other than the Data Controller in the following cases: Parent companies, subsidiaries, or affiliates of the Data Controller, or any company within the same corporate group operating under the same internal processes and policies, for the following purposes:
All of the above purposes are essential to the legal relationship. These parties may only use this information to fulfill the stated purposes. Furthermore, since all of the above purposes are primary in nature, consent for the transfer is not required, pursuant to Articles 36 and 37 of the Federal Law on Protection of Personal Data Held by Private Parties. The Data Controller does not transfer the Data Subject’s personal data to domestic or international third parties.
Exercise of ARCO Rights.
The Data Subject has the right, either personally or through a representative, to request at any time Access, Rectification, Cancellation, or Objection with respect to the personal data processed by the Data Controller. To do so, the Data Subject must send a written request by email to the Personal Data Department, including the following requirements:
(i) The Data Subject’s name, address, and email address for receiving the response. (ii) Identity documents — only a voter ID, passport, military service booklet, or immigration card will be accepted, attached as a clear and legible image on both sides. (iii) If submitted through a representative, the representative’s identification and a power of attorney signed by two witnesses must also be provided, with clear and legible images attached. (iv) The relationship maintained or currently held with the Data Controller. (v) A clear and precise description of the personal data for which access, rectification, cancellation, or objection rights are being exercised. (vi) If applicable, the modifications to be made and supporting documentation for the request. (vii) The letter must be addressed to the Data Controller and its Privacy Department.
This website may contain links to other websites.
Upon accessing any such link, the user will leave the EUREKA & CO website and enter a third-party website. EUREKA & CO has no control over such websites and is not responsible in any way for the information requested or recorded on them.
The request must be sent to the Personal Data Department at [email protected], received Monday through Friday from 9:00 AM to 6:00 PM. The Data Controller will notify the Data Subject, within twenty business days from the date the access, rectification, cancellation, or objection request was received, of the decision made, to the same email address provided. The moment the Data Controller receives the request is when it enters our server, at which point an acknowledgment of receipt will be sent. Once the response has been sent within the stated timeframe, the Data Controller will have 15 business days to carry out the Access, Rectification, Cancellation, or Objection of personal data as requested. The response and, where applicable, delivery of information will be made via email. Should the Data Subject so choose and where applicable, information will be sent through the means specified by the Data Subject, provided they request it and cover the justified shipping costs or reproduction costs in copies or other formats.
Limitation of Use or Disclosure of Personal Data.
The Data Subject may exercise their right to limit the use or disclosure of their personal data at any time and unilaterally, by means of the email contacts used by the Data Controller, where the option to opt out of receiving such communications will be provided.
Use of Cookies or Any Technology for Data Collection.
The Data Controller does not use cookies or any mechanism through remote or local electronic, optical, or other technological means that would allow for the automatic and simultaneous collection of personal data.
Amendments to the Privacy Notice.
Both the Data Controller and the Data Subject acknowledge that this Privacy Notice is of unlimited duration. However, the Data Controller will endeavor to keep this Notice up to date. Any amendments to the Privacy Notice will apply to all Data Subjects. Data Subjects may be notified of amendments through a notice on the Data Controller’s website, by email, by phone, or in writing.
Consent.
Prior to providing their personal data, the Data Subject expressly consented to this Privacy Notice, which was made available to them before submitting said information on the website.
Withdrawal of Consent.
The Data Subject may withdraw, at any time, their consent to this Privacy Notice and to the processing of their Personal Data.
To withdraw consent, the Data Subject must send a written request to [email protected], including the following requirements:
(i) Identity documents — only a voter ID, passport, military service booklet, or immigration card will be accepted, attached as a clear and legible image on both sides. (ii) If submitted through a representative, the representative’s identification and a power of attorney signed by two witnesses must also be provided, with clear and legible images attached. (iii) The relationship currently held with the Data Controller. (iv) The letter must be addressed to the Data Controller and its Privacy Department.
The Data Controller will issue a response confirming the withdrawal of consent or, where applicable, providing the reasoning depending on the specific case, within 15 days of receiving the request. Deadlines are counted from the moment the email enters our server, at which point the Data Controller will send an acknowledgment of receipt. The response will be sent by email. The request will not be valid if the above requirements are not met.
Internal Privacy Department.
The Data Subject may exercise their rights and submit the inquiries outlined in this document and in applicable law through the Data Controller’s Privacy Department, to which all requests referenced herein and in the law must be directed. The Data Subject must use the email address [email protected] or the phone number (55) 52564225 to contact the Privacy Department.
Personal Data Protection Authority.
For any questions or additional information, as well as to exercise other rights and procedures beyond those outlined herein, the Data Subject may contact the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) at 800-835-4324 (toll-free) or at www.inai.org.mx.
Data Controller Identification.
EUREKANDCO, S.A. DE C.V., referred to in this document as the “Data Controller,” operating under the trade name “EUREKA & CO,” with registered address at Atlixco 87, Colonia Condesa, Cuauhtémoc, 06140, Mexico City. Last updated: February 2025.
