Privacy Policy

The “Privacy Policy” presented here aims to protect the personal data managed, handled, or used by FindSchedule (“FS”) in the course of its business activities through the website find-schedule.com (“Website”) and the mobile applications linked to that website. FS’s Privacy Policy is divided into two parts: (i) Policies and Procedures related to the fundamental right of Habeas Data, and (ii) Policies and Procedures for the protection and handling of personal data.

I. Manual of Policies and Procedures regarding the fundamental right of Habeas Data.

1. Object:

   The purpose of this manual is to ensure the fundamental right of Habeas Data for all individuals who have provided information subject to this special protection to FindSchedule in the course of its business activities.

2. Definiciones:

   • Information Owner: This is the natural or legal person to whom the information in a database refers, and is the subject of the right to habeas data.
   • Information Source – Source: This is the person, entity, or organization that receives or knows personal data from the Information Owners, by virtue of a commercial or service relationship, or any other type. By legal authorization or the Information Owner’s consent, it provides this data to an Information Operator, who in turn discloses it to the End User.
   • Information Operator – Operator: An information operator is the person, entity, or organization that receives personal data about various Information Owners from the Information Source, manages them, and makes them known to Users.
   • User: The user is the natural or legal person who can access personal information about one or more Information Owners provided by the Operator or the Source, or directly by the Information Owner.
   • Personal Data: Any piece of information linked to one or more specific individuals or entities that can be associated with a natural or legal person. Personal data can be public, semi-private, or private.
   • Public Data: Data qualified as such according to the mandates of the law or the Constitution and all those that are not semi-private or private. Public data includes, among other things, information contained in public documents, duly executed judicial sentences not subject to confidentiality, and those related to the civil status of individuals.
   • Semi-private Data: Semi-private data is information that is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of people or society in general, such as financial and credit-related data in commercial or service activities.
   • Private Data: Private data is information that, due to its intimate or reserved nature, is only relevant to the owner.

3. Qualities in which FindSchedule can act:

   FindSchedule may act as an Operator, Source, or User, in accordance with the current regulations and this Manual. When FindSchedule acts as a Source and provides information directly to Users without involving an Operator, FS will have the dual role of Source and Operator, taking on the duties and responsibilities of both. If FindSchedule acts as a Source of information, it is responsible for the quality of the data provided to the Operator. This responsibility involves complying with duties and responsibilities to protect the Data Owner’s rights. When FindSchedule acts as an Operator, it must adhere to the duties and responsibilities established by law to protect the rights of the Data Owner. Unless FS, acting as an operator, is also the source of the information and therefore has no commercial or service relationship with the Data Owner, it will not be responsible for the quality of the data supplied by the Source. When FS acts as a User, it must comply with the duties and responsibilities to protect the Data Owner’s rights. In cases where FindSchedule, acting as a user, directly provides information to an Operator, it will have the dual role of User and Source, taking on the duties and responsibilities of both.

4. Principles in Personal Data Administration

   • Principle of Truth or Quality of Records or Data: The information in databases managed by FS must be truthful, complete, accurate, up-to-date, verifiable, and understandable. FS will refrain from recording and disclosing partial, incomplete, fragmented, or misleading data;
   • Purpose Principle: FS will inform the Data Owner of the purpose for which it collects the information, either before or simultaneously with obtaining the respective authorization.
   • Restricted Circulation Principle: In the administration of personal data, Find Schedule adheres to limits derived from the nature of the data, legal provisions, and principles of personal data administration, especially those related to information temporality and purpose.
   • Information Temporality Principle: FS will not provide information to Users or third parties when it is no longer necessary for the purpose for which it was collected.
   • Comprehensive Interpretation of Constitutional Rights Principle: In handling information on Personal Data, FS will interpret current regulations to adequately protect constitutional rights, such as habeas data, the right to a good name, the right to honor, the right to privacy, and the right to information. FS will interpret the rights of Data Owners in harmony and balance with the right to information provided in the Constitution and other applicable constitutional rights;
   • Security Principle: FindSchedule will handle the Personal Data it collects or provides with the necessary technical measures to ensure the security of records, preventing their tampering, loss, consultation, or unauthorized use;
   • Confidentiality Principle: FS will ensure that all its employees, collaborators, advisors, and related individuals involved in the administration of non-public Personal Data guarantee the confidentiality of information, even after their relationship with any of the tasks related to data administration has ended.

5. Information Circulation:

   Personal information collected or provided by Find Schedule to Operators, in accordance with the law, may be delivered verbally, in writing, or made available to the following persons and under the following terms:

   1. To the Data Owners, to persons duly authorized by them, and to their successors through the consultation procedure outlined here.
   2. To information Users, within the parameters of the law.
   3. To any judicial authority, upon prior court order.
   4. To public entities of the executive branch, when knowledge of such information directly corresponds to the fulfillment of their functions.
   5. To control bodies and other agencies for disciplinary, fiscal, or administrative investigations when the information is necessary for the ongoing investigation.
   6. To other Operators, with the authorization of the Data Owner, or when not requiring the owner’s authorization, the destination database has the same purpose or a purpose that includes that of the Operator providing the data.
   7. To other persons authorized by law.

6. Rights of Data Owners:

   Data Owners whose Personal Data is collected or provided by Find Schedule will have the following rights:

   1. With Find Schedule acting as an operator:
      1. Exercise the fundamental right to habeas data using the consultation or claims procedures, without prejudice to other constitutional and legal mechanisms.
      2. Request respect and protection of other constitutional or legal rights through the use of the claims and petitions procedure.
      3. Request proof of the certification of the existence of the authorization issued by the Source or the User.
      4. Request information about Users authorized to obtain information.

      Even though the management of public information does not require the consent of the owner, BH is subject to the principles of personal data management when handling personal data.

   2. Against Find Schedule when acting as a Source of information:
      1. Exercise fundamental habeas data and petition rights, compliance with which can be done through the Operator, if it exists, in accordance with the procedures for consultations and claims outlined in this document.
      2. Request information or request the update or correction of Data, which the Operator will carry out based on the information provided by the Source, as established in the procedures for consultations and claims developed here.
      3. Request proof of authorization, when required.
   3. Against Find Schedule when acting as a User:
      1. Request information about how the User is using the information, when the information has not been provided by the Operator, or when the Operator’s figure is not required.
      2. Request proof of authorization, when required.

7. Duties of Find Schedule when acting as an Operator:

   Find Schedule will have the following duties when acting as an Operator of Personal Data:

   1. Ensure, at all times, the Data Owner’s full and effective exercise of the right to habeas data and petition, meaning the ability to know the information about them existing in the database and request the update or correction of data. This will be done through the consultation or claims mechanisms outlined in this document.
   2. Ensure that, in the collection, processing, and circulation of data, the other rights of the Data Owners established by law are respected.
   3. Allow access to information only to individuals who, in accordance with legal provisions, can have access to it.
   4. Comply with this manual of policies and procedures, which ensures the proper fulfillment of the fundamental rights of habeas data and petition of the Data Owners.
   5. Request certification from the Source of the existence of the authorization granted by the Owner when such authorization is required.
   6. Securely maintain records stored to prevent their deterioration, loss, alteration, unauthorized or fraudulent use.
   7. Periodically and promptly update and rectify data whenever the Sources report changes.
   8. Process the requests, queries, and claims made by the Data Owners, as stipulated in this manual.
   9. Indicate in the respective individual record that certain information is under discussion by its Owner, when the request for rectification or update has been made and this process has not yet been completed.
   10. Circulate information to Users within the parameters established by this manual and the law.
   11. Comply with the instructions and requirements issued by the supervisory authority regarding compliance with the law, regarding the fundamental right of habeas data.

8. Duties of Find Schedule when acting as a Source of Information:

   Find Schedule must comply with the following duties when acting as a Source of Information:

   1. Ensure that the information provided to Operators of databases or Users is truthful, complete, accurate, up-to-date, and verifiable.
   2. Report periodically and promptly to the Operator all updates regarding the data previously provided and take other necessary measures to ensure that the information provided to the Operator remains updated.
   3. Rectify the information when it is incorrect and inform the relevant Operators.
   4. Report the information to the Operator in a timely manner.
   5. Request, when applicable, and keep a copy or evidence of the respective authorization granted by the Data Owners, and make sure not to provide any data to the Operators that has not been previously authorized, when such authorization is necessary.
   6. Certify, every six months, to the Operator, that the provided information is authorized when required.
   7. Handle the complaints and requests from the Holder as stipulated in this manual and by law.
   8. Inform the Operator when certain information is under dispute by the Holder, upon receipt of a request for rectification or update, so that the Operator includes a mention in the database to that effect until the process is completed.
   9. Follow the instructions and requirements issued by the supervisory authority regarding compliance with the law concerning the fundamental right to data protection (Habeas data).

9. Duties of BH when acting as an Information User regarding Personal Data:

   BH must fulfill the following duties when acting as a User of information regarding Personal Data:

   1. Maintain confidentiality regarding the information provided by Data Operators, Sources, or Information Holders and use the information solely for the purposes for which it was provided.
   2. Inform the Holders, upon request, about the use being made of the information.
   3. Safeguard the received information with due security measures to prevent its deterioration, loss, alteration, unauthorized or fraudulent use.
   4. Comply with the instructions and requirements issued by the supervisory authority regarding compliance with the law concerning the fundamental right to data protection (Habeas data).

10. Processing Requests, Inquiries, and Complaints.

    BH will process requests, inquiries, and complaints regarding the right to data protection of Information Holders according to the following procedure:

    1. Inquiry Process: Information Holders or their successors may inquire about the personal information held in any database managed by BH. BH will provide these individuals, duly identified, with all the information contained in the individual record or linked to the identification of the Holder. The request or inquiry should be made in writing to the email [email protected]. The request or inquiry will be addressed within a maximum period of ten (10) business days from the date of receipt. Suppose it’s not possible to address the request or inquiry within that time frame. In that case, BH will inform the interested party, stating the reasons for the delay and indicating the date by which their request will be addressed, which shall not exceed five (5) business days following the expiration of the initial term. BH will address the request or inquiry thoroughly, providing all the requested information in full.
    2. Complaint Process: Information Holders or their successors who believe that the information contained in their individual record in a database managed by BH should be corrected or updated may file a complaint with BH, which will be processed under the following rules: The complaint shall be made in writing addressed to the email [email protected], including the Holder’s identification, a description of the facts giving rise to the complaint, the address, and, if applicable, supporting documents. If the written complaint is incomplete, BH will request the necessary information from the interested party to complete it. If a month passes from the date of the request without the requester providing the required information, it will be assumed that they have withdrawn their complaint or request. Once the complete complaint or request is received, BH will include a note in the individual record within a maximum period of two (2) business days stating “complaint in process” and its nature. This information must be maintained until the complaint is resolved and must be included in the information provided to Users. The maximum period within which BH will address the complaint or request will be fifteen (15) business days from the day following the date of receipt. Suppose it’s not possible to address the complaint within that time frame. In that case, BH will inform the interested party, stating the reasons for the delay and indicating the date by which their complaint will be addressed, which shall not exceed eight (8) business days following the expiration of the initial term. In cases where there is an information source independent of BH, BH must forward the complaint to the Source within a maximum period of two (2) business days, which will resolve and inform BH of the response within a maximum period of ten (10) business days. In any case, BH will respond to the Holder within a maximum period of fifteen (15) business days from the day following the date of submission of the complaint, extendable by eight (8) additional business days as indicated in the previous section. If the complaint is filed with the Source, it will proceed to resolve it directly but must inform BH of the complaint’s receipt within two (2) business days so that BH can comply with the obligation to include the note stating “complaint in process” and its nature within the individual record, which BH must do within two (2) business days of receiving the information from the Source. To respond to the complaint, BH or the source, as applicable, will conduct a thorough verification of the Holder’s observations or arguments, ensuring that all relevant information is reviewed to provide a complete response to the Holder. When the Holder seeks to enforce their right to data protection through a judicial process and once the Source has been notified of the lawsuit, it will inform the Operator within two (2) business days so that the Operator can comply with the obligation to include the note stating “information under judicial discussion” and its nature within the individual record, which the Operator must do within two (2) business days of receiving the information from the Source and for the entire duration of obtaining a final ruling. The same procedure must be followed if the Source initiates a judicial process against the Holder of the information regarding the reported non-compliance obligation and the Holder proposes merit exceptions.

II. Policies and Procedures Manual for the Protection and Treatment of Personal Data

1. Objective:

   The purpose of this Policies and Procedures Manual is to ensure that the processing of personal data received, requested, or delivered by Find Schedule, which is subject to treatment according to the law, is carried out in compliance with the legal protection established on the subject, especially guaranteeing the rights of the data subjects.

2. Definitions:

   1. Authorization: Prior, express, and informed consent of the data subject to carry out the Processing of Personal Data;
   2. Privacy Notice: Physical, electronic, or any other format document generated by the Data Controller made available to the data subject for the processing of their personal data. In the Privacy Notice, Find Schedule will communicate to the data subject the information regarding the existence of the information processing policies applicable to them, how to access them, and the characteristics of the processing intended for the personal data.
   3. Database: Organized set of Personal Data subject to Processing.
   4. Personal Data: Any information linked or that can be associated with one or more identified or identifiable natural persons;
   5. Private Data: Data that, due to its intimate or reserved nature, is only relevant to the data subject.
   6. Sensitive Data: Sensitive data refers to those that affect the privacy of the data subject or whose improper use may lead to discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or promoting interests of any political party or ensuring the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
   7. Data Processor: A person who, either independently or in association with others, carries out the Processing of personal data on behalf of the Data Controller. Find Schedule may process personal data through Data Processors.
   8. Data Controller: A person who, either independently or in association with others, decides on the database and/or the Processing of the data. According to the law, Find Schedule is the Data Controller of the personal data contained in its databases.
   9. Data Subject: Natural person whose personal data is subject to Processing;
   10. Processing: Any operation or set of operations performed on Personal Data, such as collection, storage, use, circulation, or deletion thereof.
   11. Controller:
       • Name: Find Schedule, operated by the LaComuna group.
       • City: Office C9 – Plaza Paraíso. Zip code 77710. Mexico.
       • Email: [email protected]
       • Phone of the controller: (+52) 984 107 5426
       • Department in charge: Customer Service and Marketing Department.
       • Find Schedule will communicate any changes to the Privacy Policies to the Data Subjects before their implementation.

3. Principles of Protection and Treatment of Personal Data

   In the development, interpretation, and execution of the policies for the protection and treatment of Personal Data, Find Schedule will be governed by the following principles:

   • Legality Principle: Processing is a regulated activity that must comply with what is established by law;
   • Purpose Principle: Processing must serve a legitimate purpose in accordance with the Constitution and the Law, which Find Schedule will inform the Data Subject about;
   • Freedom Principle: Find Schedule will only carry out Processing with the prior, express, and informed consent of the Data Subject. Find Schedule will not obtain or disclose personal data without prior authorization or in the absence of a legal or judicial mandate relieving consent.;
   • Accuracy or Quality Principle: Information subject to Processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. Find Schedule will not process partial, incomplete, fragmented data, or data that may lead to error.;
   • Transparency Principle: In Processing, Find Schedule will guarantee the Data Subject’s right to obtain, at any time and without restrictions, information from the Data Controller or Data Processor regarding the existence of data concerning them;
   • Access and Restricted Circulation Principle: In Processing, Find Schedule adheres to the limits arising from the nature of personal data, legal provisions, and the Constitution. In this sense, Find Schedule will only process data by persons authorized by the Data Subject and/or by persons provided for by law;
   • Security Principle: Information subject to Processing by the Data Controller or Data Processor (depending on the role performed or the figure used) must be handled with the technical, human, and administrative measures necessary to provide security to the records, avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access;
   • Confidentiality Principle: All persons involved in the Processing of personal data that do not have a public nature are obligated to guarantee the confidentiality of the information, even after their relationship with any of the tasks comprising the Processing has ended, and may only provide or communicate personal data when it corresponds to the development of activities authorized by law.
   • In the development of the purpose and freedom principles, in the data collection, Find Schedule must limit itself to personal data that are relevant and appropriate for the purpose for which they are collected or required by current regulations. Except in cases expressly provided for by law, Find Schedule will not collect personal data without the authorization of the Data Subject.
4. Persons to whom information may be provided: Find Schedule will provide information regarding personal data under its administration to the following persons:
   1. To the Data Subjects, their successors, or their legal representatives;
   2. To public or administrative entities exercising their legal functions or by court order;
   3. To third parties authorized by the Data Subject or by law.

5. Treatment of Sensitive Personal Data

   Law 1581 of 2012 prohibits the processing of sensitive data except in the following cases: (i) when the Data Subject gives consent, (ii) the processing is necessary to safeguard the vital interests of the Data Subject who is physically or legally incapacitated, (iii) the processing is carried out as part of legitimate activities and with the necessary guarantees by a foundation, NGO, association, or any other nonprofit organization whose purpose is political, philosophical, religious, or union-related, provided that it exclusively refers to its members or individuals who maintain regular contacts due to its purpose, (iv) the processing relates to data necessary for the recognition, exercise, or defense of a right in a judicial process, and (v) the processing has a historical, statistical, or scientific purpose, in which case measures must be taken to anonymize the Data Subjects.

6. Treatment of Personal Data of Children and Adolescents:

   It should be noted that although Law 1581 of 2012 prohibits the processing of personal data of children and adolescents, except for those that are public, the Constitutional Court clarified that regardless of the nature of the data, their processing can be carried out “provided that the purpose pursued with such processing responds to the best interest of children and adolescents and ensures without exception the respect for their prevailing rights.” For this purpose, Find Schedule, its employees, officials, and processors will consider that the processing of personal data of minors must respond to their best interest and that respect for their fundamental rights, such as the promotion, protection, and recovery of health, must be ensured. When authorization for the processing of data is granted through a representative, the representative shall ensure the exercise of the minor’s right to be heard before granting authorization and shall consider the opinion of the minor taking into account their maturity, autonomy, and capacity to understand the matter. Additionally, the following roles are included in this document: Administrator of personal data databases: Find Schedule employee or processor responsible for and carrying out the processing of one or more databases containing personal information. The Customer Service and Marketing Department will coordinate and process the handling and response to petitions, complaints, and claims related to the personal data protection law that Data Subjects submit to Find Schedule.

7. Purpose and Treatment to which Personal Data will be Subjected

   Find Schedule processes the personal data of its customers, users, partners, employees, officials, contractors, and suppliers in the course of its activities. This is done directly, through its employees, officials, or authorized agents. Likewise, it shares the data with third parties located in the USA and abroad with whom contracts are concluded for the transfer and/or transmission of personal data, as appropriate, to keep them safe and protected following applicable rules and standards and in compliance with specific regulations on the matter. At all times, you can check the active advertisers and affiliates with whom we can share users’ data at this link. At all times, Data Subjects may, free of charge, know, update, rectify, and correct their personal information. Data processing includes collection, storage, management, use, transfer, transmission, and destruction, as permitted by law, and is carried out for the following specific purposes:

   1. Promotion and advertising of products and services offered by Find Schedule to the public, through:
      1. Responding to inquiries made by users;
      2. Developing monitoring and evaluation of the service provided to each client, according to their particular experience.
      3. Sending information and content of specific interest.
      4. Offering personalized services for each user according to the collected information and particular interests.
   2. Maintaining periodic and effective communication with users of our platform, clients, affiliates, employees, officials, suppliers, and any person regarding whom we are authorized to process their personal data, through:
      1. Offering and promoting, through any means, the services provided by Find Schedule, by affiliated companies, or by any other company;
      2. Sending invitations to participate in projects, studies, and/or events organized by Find Schedule, its affiliated or related companies, as well as any other company that has some kind of relationship with the services provided through the platform.
   3. Achieving adequate provision of services offered by Find Schedule through:
      1. Allowing access to information about requests, complaints, and claims made by users, clients, affiliates, contractors, and suppliers in connection with activities carried out by Find Schedule.
      2. Accounting, administrative, commercial, informational, marketing, and sales purposes.
      3. Transmission of personal data to processors for storage on servers located inside and/or outside the United States.
      4. Any other purpose that corresponds to the link generated between the Data Subjects and the company.

8. Responsibilities of the Data Controller

   When Find Schedule acts as the Data Controller of personal data, it shall be responsible for fulfilling the following duties:

   1. Ensure that the Data Subject at all times fully and effectively exercises the right to habeas data.
   2. Request and keep, under the conditions provided by law, a copy of the respective Authorization granted by the Data Subject.
   3. Properly inform the Data Subject about the purpose of the collection and the rights granted to them by virtue of the authorization granted.
   4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, unauthorized or fraudulent use, or access.
   5. Ensure that the information provided to the Data Processor is truthful, complete, accurate, up-to-date, verifiable, and understandable.
   6. Update the information by timely communicating to the Data Processor any changes regarding the data previously provided and taking other necessary measures to keep the information provided to them updated.
   7. Rectify the information when it is incorrect and communicate the pertinent information to the Data Processor.
   8. Provide the Data Processor, as appropriate, only with data whose processing is previously authorized in accordance with the provisions of the law.
   9. Require the Data Processor at all times to respect the conditions of security and privacy of the Data Subject’s information.
   10. Handle inquiries and complaints in the terms indicated in the legal provisions.
   11. Adopt an internal manual of policies and procedures to ensure proper compliance with the law, especially for the handling of inquiries and complaints.
   12. Inform the Data Processor when certain information is under discussion by the Data Subject, once the respective claim has been filed and the process has not been concluded.
   13. Inform, upon request of the Data Subject, about the use given to their data.
   14. Inform the data protection authority when violations of security codes occur and there are risks in the management of the information of the Data Subjects.
   15. Comply with the instructions and requirements issued by the supervisory authority regarding compliance with the law, regarding the protection and processing of Personal Data.

9. Rights of Data Subjects

   Data Subjects shall have the following rights:

   1. Know, update, and rectify their Personal Data against the Data Controllers or Data Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fractionated data, that lead to error, or those whose processing is expressly prohibited or has not been authorized.
   2. Request proof of the authorization granted to the Data Controller, except when expressly exempted as a requirement for processing, in accordance with the provisions of the law.
   3. Be informed by the Data Controller or Data Processor, upon request, regarding the use given to their Personal Data.
   4. File complaints with the supervisory and oversight entity for breaches of the aforementioned law and other rules that modify, add to, or complement it.
   5. Revoke the Authorization and/or request the deletion of the data when the principles, rights, and constitutional and legal guarantees are not respected in the Processing. The revocation and/or deletion shall proceed when the supervisory and oversight entity has determined that the Controller or Processor has engaged in conduct contrary to the law and the Constitution in the Processing.
   6. Access their personal data that has been subject to Processing free of charge.
   7. Find Schedule will keep proof of the authorization granted by the Data Subjects for the Processing of their data.

10. Policies adopted by Find Schedule for the Protection and Processing of Personal Data

    Find Schedule adopts the following policies for the protection and Processing of Personal Data:

    1. Comply with all current Spanish legal regulations that dictate provisions for the protection of Personal Data.
    2. Find Schedule carries out the Processing of Personal Data for which it must obtain Authorization through a physical document, electronic means, data messages, Internet, website, or also verbally or by phone or in any other format that allows its subsequent consultation to unequivocally verify that without the consent of the Data Subject, the data would never have been captured and stored in electronic or physical media. Likewise, it may be obtained through clear and unequivocal conduct of the Data Subject that reasonably concludes that they gave their consent for the handling of their Personal Data.
    3. Find Schedule will request authorization from the Data Subjects for personal data and will keep evidence of this.
    4. Any Processing of Personal Data carried out by Find Schedule must correspond to the purposes mentioned in the authorization granted by the Data Subject when the situation warrants it.
    5. The Personal Data subject to Processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. Find Schedule will maintain the information under these characteristics as long as the Data Subject promptly informs of any updates.
    6. Personal Data will only be processed by those Find Schedule Officials who have permission to do so, or who, within their functions, are responsible for carrying out such activities, or by the Processors.
    7. Find Schedule will not make Personal Data available for access through the Internet or other mass communication media unless it is public information or technical measures are established to control access and restrict it only to persons authorized by law or by the Data Subject.
    8. Any Personal Data that is not Public Data will be treated by Find Schedule as confidential, even when the contractual relationship or the link between the Data Subject of the Personal Data and Find Schedule has ended.
    9. The Data Subject, directly or through duly authorized persons, may consult their Personal Data at any time, especially whenever there are modifications to the Privacy Policies.
    10. Find Schedule will provide, update, ratify, or delete Personal Data upon request of the Data Subject to correct partial, inaccurate, incomplete, fractionated information that leads to error or that has been processed before the law’s enforcement and that has no Authorization or is prohibited.
    11. When requested, whether through a request, query, or complaint by the Data Subject, regarding how their Personal Data is used, Find Schedule must provide such information.
    12. Upon request of the Data Subject and when there is no legal or contractual obligation to remain in the databases of Find Schedule, the Personal Data must be deleted. In the event of a partial revocation of the Authorization for the Processing of Personal Data for some purposes, Find Schedule may continue to use the data for other purposes for which such revocation does not apply.
    13. The policies established by Find Schedule regarding the Processing of Personal Data may be modified at any time. All modifications will be made in compliance with current legal regulations, and they will enter into force and have effects from their publication through the mechanisms provided by Find Schedule so that Data Subjects are aware of the information processing policy and the changes that occur in it.
    14. Personal Data may only be processed for the time and to the extent justified by the purpose of its Processing.
    15. Find Schedule will be more stringent in the application of information processing policies when it comes to the use of the Personal Data of children and adolescents, ensuring the protection of their fundamental rights.
    16. Personal Data subject to Processing must be handled by providing all the necessary human and technical measures for their protection, ensuring that it cannot be copied, altered, deleted, consulted, or in any way used without authorization or for fraudulent use.
    17. When any of the tasks related to the Processing of Personal Data by third parties, contractors, or Processors ends, and even after their contractual or employment relationship with Find Schedule has ended, they are obliged to maintain the confidentiality of the information in accordance with current regulations on the subject.
    18. Find Schedule will not transfer information related to Personal Data to countries that do not have adequate levels of data protection, according to the standards set by the SIC.
    19. The Data Subject may primarily exercise their rights by submitting inquiries and complaints to Find Schedule via email: [email protected]
    20. When there is a Data Processor of Personal Data Information, Find Schedule must ensure that the information provided to them is truthful, complete, accurate, up-to-date, verifiable, and understandable. Additionally, Find Schedule shall communicate any updates on time to ensure that the information is always updated.
    21. In the event of a Data Processor of Personal Data Information, Find Schedule shall provide, as appropriate, Personal Data information only whose Processing has been authorized by the Data Subject when required..
    22. Find Schedule will inform the Data Processor of Personal Data Information, if any, when certain information is under discussion by the Data Subject, once the respective claim has been filed, and the respective process has not been concluded.
    23. When there is a Data Processor of Personal Data Information, it will be required to respect the security and confidentiality conditions of the Data Subject’s information established by Find Schedule at all times.

11. Temporal Limitations on Personal Data Processing

    Find Schedule can only collect, store, use, or share personal data for a reasonable and necessary amount of time, based on the purposes that justified the processing, following applicable regulations and considering administrative, accounting, fiscal, legal, and historical aspects of the information. Once the purpose(s) of the processing is fulfilled, Find Schedule or the Data Processor, as applicable, will proceed to delete the personal data they hold. However, personal data must be retained when required to fulfill a legal or contractual obligation.

12. Authorization:

    Find Schedule, without prejudice to the exceptions provided by law, will obtain prior and informed authorization from the Data Subject to process their personal data, which must be collected through any means that allows subsequent consultation. Find Schedule, as the Data Controller, will establish mechanisms to obtain authorization from the data subjects or those authorized in accordance with the law, ensuring their consultation. These mechanisms may be predetermined through technical means that facilitate automated expression by the Data Subject. Authorization must be expressed: (i) in writing, (ii) orally, or (iii) through unequivocal actions by the Data Subject that reasonably indicate consent. Find Schedule will retain evidence of the authorization granted by the Data Subjects for the processing of their data.

    1. Cases Where Authorization is Not Required, Find Schedule will not require the Data Subject’s authorization for the processing of their personal data in the following cases:
       1. Information required by a public or administrative entity exercising its legal functions or by judicial order;
       2. Data of a public nature;
       3. Cases of medical or health emergencies;
       4. Information processing authorized by law for historical, statistical, or scientific purposes;
       5. Data related to the Civil Registry of Persons.
    2. Information to the Data Subject When acting as the Data Controller, Find Schedule must inform the Data Subject clearly and explicitly of the following when requesting authorization:
       1. The processing to which their personal data will be subjected and its purpose;
       2. The voluntary nature of responding to questions about sensitive data or data concerning children and adolescents;
       3. The rights they have as Data Subjects;
       4. The identification, physical or electronic address, and telephone number of the Data Controller.

       Find Schedule will retain evidence of compliance with this provision, and upon request, will provide the Data Subject with a copy of the information.

13. Procedure for Exercising Rights by Data Subjects

    Data Subjects must address their inquiries, requests, or complaints in writing to the email [email protected]. For this purpose, they will use the Request and Complaint Form on the Processing of Personal Data attached (See Annex I).

    1. Procedure for Requests and Inquiries: Data Subjects or their heirs may inquire about the personal information of the Data Subject held in any database managed by Find Schedule. The Data Controller or Data Processor must provide them with all the information contained in the individual record or linked to the identification of the Data Subject. Find Schedule must respond to requests and inquiries within ten (10) business days from the date of receiving the request. Suppose it is not possible to comply within this time frame. In that case, the interested party must be informed of the reasons for the delay and the date by which their request or inquiry will be addressed, within a maximum of five (5) business days following the expiration of the initial term.
    2. Procedure for Complaints: The Data Subject or heir who believes that the information contained in a database needs to be corrected, updated, or deleted, or who notices the alleged non-compliance with any of the duties contained in the law or in this Policy, may file a complaint with Find Schedule, which will be processed under the following rules:
       1. The name and address of the Data Subject or any other means to receive the response, and the name and address of their legal representative, if acting through one.
       2. Documents proving the identity or personality of their representative.
       3. A clear and precise description of the personal data regarding which the Data Subject seeks to exercise any rights.
       4. If applicable, attach other elements or documents that facilitate the location of the personal data.

       The complaint shall be addressed to the Office of Data Protection and Processing, through the customer service and marketing departments. If the complaint is incomplete, the interested party will be required to remedy the shortcomings within five (5) days following its receipt. If, after two (2) months from the date of the requirement, the applicant has not provided the requested information, it will be considered that they have withdrawn the complaint. Once the complete complaint is received, a note stating “complaint in process” and the reason for it will be included in the database within a maximum period of two (2) business days. This note must be maintained until the complaint is resolved. The maximum term to address the complaint shall be fifteen (15) business days from the day following the date of its receipt. Suppose it is not possible to address the complaint within this period. In that case, Find Schedule will inform the interested party of the reasons for the delay and the date by which their complaint will be addressed, which in no case shall exceed eight (8) business days following the expiration of the initial term.

    3. Procedure for Revocation of Authorization and/or Request for Data Deletion: Data Subjects may request Find Schedule at any time to delete their personal data and/or revoke the authorization granted for their Processing by filing a complaint, in accordance with the provisions of this manual. If, after the respective legal term has expired, Find Schedule has not deleted the personal data, the Data Subject shall have the right to request the supervisory authority to order the revocation of the authorization and/or the deletion of the personal data. However, requests for deletion of information and revocation of authorization shall not be granted when the Data Subject has a legal or contractual obligation to remain in the database.s.

14. Modifications and Validity

    Modifications made to this policy will be published on the website and will take effect five (5) business days following the date of publication. The last modification to the Privacy Policy of Find Schedule was made on September 9, 2023, and entered into force on September 9, 2023.

Annex I

Request and Complaint Form Regarding the Processing of Personal Data:

DATA OF THE DATA SUBJECT

LAST NAME:

FIRST NAME:

IDENTIFICATION:  CC ________ TI _____ OTRO _____ NÚMERO: ________________

PHYSICAL AND EMAIL ADDRESS:

PERSONAL DATA RELATED TO WHICH THE REQUEST OR COMPLAINT IS MADE:

REQUEST OR DESCRIPTION OF THE EVENTS THAT GIVE RISE TO THE COMPLAINT:

SIGNATURE: