Privacy Notice

Data Controller

BIMCORPMX, S.A. de C.V. [hereinafter, "BIMCORP"], with address in Mazatlán, Sinaloa, Mexico, is responsible for collecting, using, and protecting your personal data.

For BIMCORP, the confidentiality and proper protection of personal data are of the utmost importance. Therefore, we are committed to handling the personal data you provide to us responsibly and in accordance with the Federal Law on the Protection of Personal Data Held by Private Parties, its Regulations, and all other applicable legal provisions [hereinafter, the "Law"].

Handling of Your Personal Data

Our main purpose is to provide you with reliable, secure, and efficient company incorporation services, as well as other legal and non-legal services, through our Service Partners, including notaries, attorneys, and accountants.

For this purpose, BIMCORP uses technological tools that are necessary to receive, organize, analyze, and follow up on the information provided by the User, solely to address the User's request and provide the requested services.

All technology used to process your information is subject to high information security standards.

Security Measures

Your personal data is protected through administrative, physical, and technical security measures designed to prevent loss, alteration, destruction, unauthorized use, access, or disclosure.

Purposes for Which We Collect and Use Your Personal Data

Your personal data may be used to carry out any or all of the following purposes:

• To receive, analyze, and follow up on your service request.
• To identify the applicable service, legal structure, or course of action.
• To contact you to request additional information, schedule calls, follow up on the process, and provide the requested services.
• To share strictly necessary information with Service Partners, including notaries, attorneys, accountants, advisors, financial institutions, authorities, or operational third parties, when necessary to provide the requested services or carry out the relevant procedures.
• To prepare documents, create files, and carry out corporate, legal, tax, administrative, or compliance-related actions connected with the requested services.
• To respond to requests regarding ARCO Rights, revocation of consent, limitation of use or disclosure of personal data, as well as any inquiry related to the processing of your personal data.
• To comply with legal, contractual, tax, administrative, or regulatory obligations applicable to BIMCORP.

Consent for the Processing of Personal Data

Pursuant to Articles 7, 8, 11, 14, 15, and 16 of the Federal Law on the Protection of Personal Data Held by Private Parties, except where the Law requires express consent, the processing of your personal data for the primary purposes described in this Privacy Notice shall be deemed tacitly consented to when this Privacy Notice has been made available to you and you do not object to the processing of your personal data.

When BIMCORP processes financial, asset-related, or sensitive personal data, it shall obtain the express consent required under applicable law.

How We Obtain Your Personal Data

For the purposes set forth in this Privacy Notice, we may collect your personal data when you use any of our services through our website or through any other channels made available by BIMCORP, provided that you do not object to the processing of your personal data.

Personal Data That May Be Collected and Processed

The personal data that BIMCORP may collect and process includes, by way of example: name, email address, telephone number, nationality, date of birth, marital status, address, CURP, RFC, tax identification certificate, data contained in official IDs, passports, immigration documents, powers of attorney, corporate records, proof of address, corporate information, tax information, and any other documents or data voluntarily provided by the User for the provision of the requested services.

BIMCORP will not collect audio, video, or image recordings of calls, video calls, or virtual sessions, unless it exceptionally informs the User in advance and obtains the consent required under applicable law.

When BIMCORP is required to process financial, asset-related, or sensitive personal data, it shall obtain the express consent required under the Law, unless an applicable legal exception applies.

Recordings and General Collection of Information

BIMCORP informs the User that virtual sessions, calls, video calls, and any other communications held with BIMCORP will not be recorded by BIMCORP.

The information provided by the User during such sessions or communications will be used solely to address the User's request, provide the requested services, follow up on the relevant process, and improve the quality of our service, in accordance with this Privacy Notice.

If, exceptionally, BIMCORP needs to record any session or communication, it will inform the User in advance and request the consent required under applicable law.

Protection of Personal Data

BIMCORP shall adopt reasonable administrative, technical, and physical measures to protect the personal data provided by the User through the Platform, forms, documents, emails, calls, video calls, or any other means of communication with BIMCORP.

Since BIMCORP will not record virtual sessions, calls, or video calls, no audio, video, or image recordings generated from such communications will be stored.

If the User voluntarily provides documents, images, IDs, files, or any other information necessary for the provision of the services, such data will be processed only for the purposes described in this Privacy Notice.

BIMCORP will not disclose, disseminate, duplicate, sell, or transfer the User's personal data for purposes other than those disclosed in this Privacy Notice, unless the data subject has consented to such transfer or any of the exceptions permitted by the Law applies.

Notwithstanding the foregoing, personal data transfers may be carried out without the consent of the data subject when any of the cases set forth in Article 36 of the Federal Law on the Protection of Personal Data Held by Private Parties applies, including, among others, the following:

• When the transfer is provided for in an applicable law or treaty.
• When the transfer is necessary for the performance, maintenance, or fulfillment of a legal relationship between BIMCORP and the User.
• When the transfer is necessary by virtue of a contract entered into, or to be entered into, in the interest of the User, between BIMCORP and a third party.
• When the transfer is made to holding companies, subsidiaries, affiliates, entities under common control, or companies within the same corporate group as BIMCORP that operate under the same internal processes and policies.
• When the transfer is necessary or legally required to safeguard a public interest or for the administration or procurement of justice.
• When the transfer is necessary for the recognition, exercise, or defense of a right in legal proceedings.
• When the transfer is necessary for medical prevention or diagnosis, the provision of healthcare assistance, medical treatment, or the management of healthcare services.

Transfer of Personal Data

We undertake not to transfer your personal data to third parties without your prior consent, except in the cases permitted under Article 36 of the Law, and to carry out any such transfer in accordance with the Law and all other applicable provisions.

BIMCORP may share your personal data with Service Partners in connection with the services and products offered, when such Service Partners need to know the information in order to perform those services, and always subject to confidentiality and personal data protection obligations equivalent to those assumed by BIMCORP.

Use of Essential Cookies

BIMCORP uses only cookies and similar technologies that are necessary for the basic operation of the Platform, including those that allow session functionality, enable security features, and ensure the proper submission of forms or requests.

These technologies are not used for advertising, commercial prospecting, profiling, behavioral analytics, or tracking the User across other websites.

The User may configure their browser to block or delete cookies. However, because these cookies are necessary, disabling them may affect the proper functioning of the Platform.

ARCO Rights and Revocation of Consent

At any time, you have the right to access, rectify, and cancel your personal data, as well as to object to the processing thereof or revoke the consent you have granted us, so that we cease using such data.

To do so, you must send a request to hello@bimcorp.mx with the subject line: "ARCO Rights Request".

To process your request, you must attach a copy of your valid identification document, such as voter ID, passport issued by the Ministry of Foreign Affairs, military service card, or professional license, and provide the original for verification, so that the identity of the person exercising the ARCO Right may be authenticated.

If ARCO Rights are exercised through a legal representative, in addition to proving the identity of both the data subject and the representative, the corresponding power of attorney, a letter of attorney signed before two witnesses, or a statement made in person by the data subject must be provided.

If the right of rectification is exercised, the documentation supporting the requested change must also be provided, according to the personal data to be rectified.

A response to your request will be issued within twenty business days from the date on which the request is received.

Accuracy of the Data Provided

The User guarantees that the personal data provided is accurate and undertakes to inform BIMCORP of any change or update to such data in order to allow BIMCORP to provide an optimal service and user experience.

Data Retention

The personal data you provide to us will be kept confidentially for a period of six years, for the purpose of preserving evidence of the transactions and services provided.

During such period, Users may request in writing, through the communication channels identified in this Privacy Notice, that the data controller delete or deliver the corresponding personal data to the data subject.

At the end of such period, the information will be purged from our databases.

If any of the cases set forth in Articles 9 or 36 of the Law applies, and the personal data is involved in or required for any controversy, proceeding, or legal requirement, such data may not be returned or deleted until the relevant controversy or proceeding has been resolved or a final judgment has been issued.

Changes to this Privacy Notice

We reserve the right to make changes or updates to this Privacy Notice at any time, whether to comply with legislative reforms, internal policies, or new requirements for the provision or offering of our products and services.

BIMCORP will notify the User of any such changes through the email address provided by the User.

In any event, we recommend that you review this Privacy Notice each time you use our Services, in order to stay informed of any changes, modifications, or updates.

Compliance with Applicable Law

This Privacy Notice is governed by the Federal Law on the Protection of Personal Data Held by Private Parties, its Regulations, and all other applicable legal provisions in the United Mexican States.

You may access the text of the Law through the official website made available by the Federal Government, through the Chamber of Deputies of the Honorable Congress of the Union, at: https://www.diputados.gob.mx