PRIVACY NOTICE (Arena Communications, S.A. de C.V.)

In compliance with the provisions of the Federal Law on the Protection of Personal Data in Possession of Private Parties (The Law) published in the Federation´s Official Gazette on March 20, 2025, the following Privacy Notice is issued.

This document is made available to the Owner at the time their personal data is collected, so that The Responsible (who collects, stores and/or handles the Owner´s personal data) informs them of the processing of the same.

1.- IDENTITY OF THE PERSON RESPONSIBLE.

Arena Communications, S.A. de C.V. (The Responsible) this legal entity, dedicated to the trading and industry in general, in particular, the creation, preparation, programming and execution of advertising in the different media, commissioned and in the interest of third-party advertisers, whether they are natural and/or legal persons, public or private,  with address at Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Area Code 06600, in México City, México, Tax ID Number ACO0001311S9.

2.- PURPOSE.

The Responsible collects the personal data provided by its customers, suppliers, service providers, business partners, advisors and/or employees, related to its corporate purpose, or from any third party related to The Responsible, who may have authorized access to the products and/or services of The Responsible.

The Owner agrees to provide his/her personal data voluntarily and freely, which are included in contracts, letters, forms, deeds, databases or other means, as appropriate, and are shared and communicated to the authorities that legally have access to them and, in the cases so required, will act in the corresponding Public Registries. The Responsible obtains the personal data from the Owner in printed form or by any electronic, optical, sound, visual means or through any other technology through the Simplified Privacy Notice.

3.- PERSONAL DATA AND SENSITIVE PERSONAL DATA SUBJECT TO PROCESSING BY THE RESPONSIBLE PARTY.

The personal data used by The Responsible may include “sensitive personal data”; therefore, without limitation, the following are related:

 INDIVIDUALS

LEGAL ENTITIES

The Owner must prove the veracity of the aforementioned information with the corresponding documentation.

3.- CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA.

Confidentiality: refers to keeping, handling, maintaining the confidentiality of personal data, including sensitive personal data referred to by Law, which are provided by the Owner to The Responsible, as well as by employees and third parties with consent, whether physical, manual or automated, by obtaining, using, recording, organizing (through database) conservation, elaboration, use, communication, dissemination, storage, possession, access, handling, use, disclosure, in the cases established by law, transfer or disposal of personal data.

In addition, The Responsible will constantly make the best efforts through manual, administrative and/or technological means and internal protection procedures, to maintain the security of the Personal Data and Sensitive Personal Data that are provided to The Responsible to prevent unauthorized access to them.The Responsible, in the case of Personal Data and Sensitive Personal Data of minors or persons in a state of interdiction or incapacity, requires the express and written consent of one of the parents or guardian or whoever exercises guardianship and custody; when the personal data and sensitive personal data correspond to a deceased person, the express written consent of the surviving spouse or one of their ascendants or descendants or of the person who proves to have a legal interest or of the person who has been previously designated by the Owner is required; in the aforementioned cases, consent will be recorded when signing this Privacy Notice or the Simplified Privacy Notice.

Handling: The Personal Data provided to the Responsible is used in an appropriate and relevant manner in relation to the purpose and requirements of the Law, so has an orderly and systematic record of customers, personnel, as well as suppliers (service providers), and to coordinate all the services they provide for the Responsible.

The Responsible reasonably carries out the classification, handling and/or purification of the documentation and/or information related to personal data (including sensitive data), which upon completion of the purpose for which they were collected, will be blocked and/or destroyed by the Responsible, in accordance with the Law.

The Owner must provide the personal data in an accurate, complete, correct and updated manner for the purposes for which they were collected, however, The Responsible may verify the accuracy of such personal data.

The Responsible makes reasonable efforts to limit the period of processing of sensitive personal data so that it is the minimum necessary, with the exceptions set out in the applicable laws.

The Responsible may transfer personal data, including sensitive personal data, to related third parties for the purpose of fulfilling the purposes for which they were collected. Appropriate use will be made, and special care will be taken when such personal data is transmitted or used by a related third party, and these must be treated under the principles of legality, purpose, loyalty, consent, quality, proportionality, information and responsibility in accordance with the Law.

The Responsible reasonably implements administrative, technical and physical measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing; any significant violation in the property or morals of the Owner will be immediately reported to the latter.

Related third parties must establish the same protection controls as The Responsible.

4.- LIMITATIONS ON USE AND DATA DISCLOSURE.

Personal Data that is provided to us through lawful or legitimate means is handled appropriately and confidentially.

 Personal Data is and will be transferable to third parties in order to (a) comply with current legal obligations, (b) comply with a judicial or legal decision, and (c) the time that is necessary for the operation and functioning of The Responsible in compliance with the provisions to which The Responsible is subject.

The Responsible adopts the necessary and reasonable measures for the cancellation, blocking, where appropriate, handling and conservation of the personal data provided to it.

The Responsible will use cookies related to its corporate purpose, when browsing its website, The Owner may: a) opting to delete all or some of the cookies from your device through your browsing settings; b) opting to prevent the installation of cookies on your device through your browser settings; c) choose to enable or disable cookies that we use directly on our website https://mx.havas.com/es/.

The Responsible is not obliged to have the consent of The Owner of the personal data for its handling, in the following cases: (i) the data are in public access sources (the personal data can be consulted publicly), (ii) the personal data are in a process of dissociation, which does not allow the Responsible to identify The Owner (iii) for the fulfillment of the contractual obligations between The Owner and The Responsible (iv) there is an emergency situation that may potentially harm an individual in his or her person or assets, (v) the treatment for medical care, prevention, diagnosis, provision of health care, or the management of health services, while The Owner is not in a position to grant consent, in terms of the provisions of the General Health Law and other applicable legal regulations and that such data processing is carried out by a person subject to professional secrecy or equivalent obligation, or (vi) by means of a court order, resolution or well-founded and reasoned mandate of a competent authority or legal provision so provides.

5.- MEANS TO EXERCISE THE RIGHTS OF THE OWNER RELATED TO THE PROCESSING OF THEIR PERSONAL DATA.

The Owner will have the right to “access” his/her personal data that are in the possession of The Responsible, through the process of request made to the person in charge of The Responsible in any of its means, records, files and backup systems, consequently, he/she may request the Responsible, at any time, to access, “rectify”, cancel or correct or oppose (ARCO) for causing damage or harm or automated processing with adverse legal effects to the processing of your personal data when they turn out to be inaccurate, incomplete or not updated.

Likewise, The Owner will have the right to request the cancellation of their personal data from the files, records, files and systems of The Responsible, initiating a blocking period in accordance with Article 24 of the Law, except in those cases in which such blocking and/or cancellation cannot be carried out in compliance with applicable laws.

For such purposes, The Owner or his/her legal representative may submit the request in writing to the Responsible, which shall contain at least the following information:

  1. Name of The Owner, address or other means of receiving notices.
  2. Documents that prove the identity or, where applicable, the legal representation of The Owner.
  3. The clear and precise description of the personal data with respect to which the exercise of the ARCO rights, which is intended to be exercised.
  4. Any other element or document that facilitates the location of personal data.
  5. In the event of rectification of personal data, the modifications to be made and the documents that support the change must be indicated.

The Responsible designates the person who will process the requests of The Owner, for the exercise of the ARCO rights by written communication by email addressed to Facundo Daniel Eroles at the address: [email protected] or through the Mexican Postal Service (Correos de México) or a courier company that registers or verifies the receipt of the document or in person at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

The Responsible will respond in accordance with the deadlines established in articles 30, 31, 32 and 33 of the Law.

The Responsible informs The Owner that the right to object will not be exercised in those cases in which the processing is necessary to comply with a legal obligation imposed on The Responsible.

The Responsible informs The Owner that the exercise of the ARCO Rights is free of charge.

7.- AMENDMENTS TO THE PRIVACY NOTICE.

The Responsible reserves the right to modify this Privacy Notice, in which case the changes made to it will be communicated through the Notice placed in a visible place at The Responsible´ s address, as well as on the page of the global computer network called https://mx.havas.com/es/ for which reason the Owner must consult the Privacy Notice on the aforementioned page or at the address of The Responsible.

 8.- INTERNATIONAL TRANSFER OF PERSONAL DATA.

The Responsible may transfer the Owner’s personal data internationally (through manual or automated procedures applied to the personal data), without the latter’s consent when:

a) Is provided for in a law or treaty to which México is a party;

b) It is made to companies of the same group or to any company of the same group of the Responsible that operates under the same internal processes and policies;

c) It is necessary by virtue of a contract entered into in the interest of The Owner;

d) For the safeguarding of a public interest, or for the procurement or administration of justice;

(e) It is necessary for the recognition, exercise or defense of a right in judicial proceedings; and

f) For the maintenance or fulfilment of a legal relationship between The Responsible and The Owner.

9.- APPLICATION OF THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (THE GDPR).

The Responsible makes its best effort with respect to the use of Personal Data; how it is obtained, how it is protected; and what period it keeps, with respect to individuals or legal persons that are part of the European Economic Community, in cases where it is applicable, in accordance with Article 3, section V, of the Law, and Article 4, 5 and Section Three of the Regulation of the Law, as well as Article 3.2 and other applicable provisions of the GDPR and other regulations of said legislation, as well as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and its Additional Protocol, relating to Supervisory Authorities and Cross-Border Data Flows, Published on June 12, 2018.

This regulation applies to the processing of personal data by a person responsible who is not established in the European Union, but in a place where the law of the Member States is applicable under public international law.

However, the laws in México related to data protection establish that The Owner may exercise their ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

 10.- IMPACT OF THE LAWS OF THE UNITED STATES OF AMERICA REGARDING THE PROTECTION OF DATA HELD BY THIRD PARTIES IN NATIONAL TERRITORY.

The requirements established in terms of data protection are those mentioned below: i.- publication of the privacy notice (manual or electronic means); ii.- the owner has rights such as access, cancellation, rectification and opposition of personal data with whom The Responsible has a relationship; iii.- ) Makes an effort to maintain security processes for the protection of personal data; iv.- The Responsible does not collect personal information from minors unless the consent of the parents and/or guardians is obtained.

The laws in México related to the protection of personal data establish that the Owner may exercise his/her ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

11.- CONSULTATIONS.

For any doubt, comment or query or request from The Owner regarding this Notice in accordance with Article 28 of the Law, The Owner may consult the Privacy Notice at the address of The Responsible, as well as on the page of the global computer network called https://mx.havas.com/es/ or submit the written at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, en la Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

  1. a) Any complaint or information about the processing of your personal data or questions regarding the Federal Law on the Protection of Personal Data in Possession of Private Parties and its Regulations, may be made to the Anti-Corruption and Good Government Ministry; and
  2. b) Applicable Law: The interpretation and application of this Privacy Notice is governed by the Federal Law on the Protection of Personal Data in Possession of Private Parties, the Code of Civil Procedure and the Federal Law of Administrative Procedure and other administrative provisions, laws and regulations that are applicable.

CONSENT: The Owner of the Personal Data freely declares to have read the content of this Privacy Notice and has no opposition to it since they have been informed by The Responsible of their data in a specific and informed manner.

PRIVACY NOTICE (HAVAS LIFE MÉXICO SA DE CV)

In compliance with the provisions of the Federal Law on the Protection of Personal Data in Possession of Private Parties (The Law) published in the Federation´s Official Gazette on March 20, 2025, the following Privacy Notice is issued.

This document is made available to the Owner at the time their personal data is collected, so that The Responsible (who collects, stores and/or handles the Owner´s personal data) informs them of the processing of the same.

1.- IDENTITY OF THE PERSON RESPONSIBLE.

Havas Life México, S.A. de C.V. (The Responsible) this legal entity, dedicated to the planning, conceptualization, any marketing and communication actions, strategies conception, creative ideas, promotional mechanisms and advertising campaigns, public relations and direct marketing, with address at: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, with Federal Taxpayers Registry PSU990108HK1.

2.- PURPOSE.

The Responsible collects the personal data provided by its customers, suppliers, service providers, business partners, advisors and/or employees, related to its corporate purpose, or from any third party related to The Responsible, who may have authorized access to the products and/or services of The Responsible.

 The Owner agrees to provide his/her personal data voluntarily and freely, which are included in contracts, letters, forms, deeds, databases or other means, as appropriate, and are shared and communicated to the authorities that legally have access to them and, in the cases so required, will act in the corresponding Public Registries. The Responsible obtains the personal data from the Owner in printed form or by any electronic, optical, sound, visual means or through any other technology through the Simplified Privacy Notice.

 3.- PERSONAL DATA AND SENSITIVE PERSONAL DATA SUBJECT TO PROCESSING BY THE RESPONSIBLE PARTY.

The personal data used by The Responsible may include “sensitive personal data”; therefore, without limitation, the following are related:

 INDIVIDUALS

LEGAL ENTITIES

The Owner must prove the veracity of the aforementioned information with the corresponding documentation.

3.- CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA.

Confidentiality: refers to keeping, handling, maintaining the confidentiality of personal data, including sensitive personal data referred to by Law, which are provided by the Owner to The Responsible, as well as by employees and third parties with consent, whether physical, manual or automated, by obtaining, using, recording, organizing (through database) conservation, elaboration, use, communication, dissemination, storage, possession, access, handling, use, disclosure, in the cases established by law, transfer or disposal of personal data.

In addition, The Responsible will constantly make the best efforts through manual, administrative and/or technological means and internal protection procedures, to maintain the security of the Personal Data and Sensitive Personal Data that are provided to The Responsible to prevent unauthorized access to them.The Responsible, in the case of Personal Data and Sensitive Personal Data of minors or persons in a state of interdiction or incapacity, requires the express and written consent of one of the parents or guardian or whoever exercises guardianship and custody; when the personal data and sensitive personal data correspond to a deceased person, the express written consent of the surviving spouse or one of their ascendants or descendants or of the person who proves to have a legal interest or of the person who has been previously designated by the Owner is required; in the aforementioned cases, consent will be recorded when signing this Privacy Notice or the Simplified Privacy Notice.

Handling: The Personal Data provided to the Responsible is used in an appropriate and relevant manner in relation to the purpose and requirements of the Law, so has an orderly and systematic record of customers, personnel, as well as suppliers (service providers), and to coordinate all the services they provide for the Responsible.

The Responsible reasonably carries out the classification, handling and/or purification of the documentation and/or information related to personal data (including sensitive data), which upon completion of the purpose for which they were collected, will be blocked and/or destroyed by the Responsible, in accordance with the Law.

The Owner must provide the personal data in an accurate, complete, correct and updated manner for the purposes for which they were collected, however, The Responsible may verify the accuracy of such personal data.

The Responsible makes reasonable efforts to limit the period of processing of sensitive personal data so that it is the minimum necessary, with the exceptions set out in the applicable laws.

The Responsible may transfer personal data, including sensitive personal data, to related third parties for the purpose of fulfilling the purposes for which they were collected. Appropriate use will be made, and special care will be taken when such personal data is transmitted or used by a related third party, and these must be treated under the principles of legality, purpose, loyalty, consent, quality, proportionality, information and responsibility in accordance with the Law.

The Responsible reasonably implements administrative, technical and physical measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing; any significant violation in the property or morals of the Owner will be immediately reported to the latter.

Related third parties must establish the same protection controls as The Responsible.

 4.- LIMITATIONS ON USE AND DATA DISCLOSURE.

Personal Data that is provided to us through lawful or legitimate means is handled appropriately and confidentially.

 Personal Data is and will be transferable to third parties in order to (a) comply with current legal obligations, (b) comply with a judicial or legal decision, and (c) the time that is necessary for the operation and functioning of The Responsible in compliance with the provisions to which The Responsible is subject.

The Responsible adopts the necessary and reasonable measures for the cancellation, blocking, where appropriate, handling and conservation of the personal data provided to it.

The Responsible will use cookies related to its corporate purpose, when browsing its website, The Owner may: a) opting to delete all or some of the cookies from your device through your browsing settings; b) opting to prevent the installation of cookies on your device through your browser settings; c) choose to enable or disable cookies that we use directly on our website https://mx.havas.com/es/.

The Responsible is not obliged to have the consent of The Owner of the personal data for its handling, in the following cases: (i) the data are in public access sources (the personal data can be consulted publicly), (ii) the personal data are in a process of dissociation, which does not allow the Responsible to identify The Owner (iii) for the fulfillment of the contractual obligations between The Owner and The Responsible (iv) there is an emergency situation that may potentially harm an individual in his or her person or assets, (v) the treatment for medical care, prevention, diagnosis, provision of health care, or the management of health services, while The Owner is not in a position to grant consent, in terms of the provisions of the General Health Law and other applicable legal regulations and that such data processing is carried out by a person subject to professional secrecy or equivalent obligation, or (vi) by means of a court order, resolution or well-founded and reasoned mandate of a competent authority or legal provision so provides.

5.- MEANS TO EXERCISE THE RIGHTS OF THE OWNER RELATED TO THE PROCESSING OF THEIR PERSONAL DATA.

The Owner will have the right to “access” his/her personal data that are in the possession of The Responsible, through the process of request made to the person in charge of The Responsible in any of its means, records, files and backup systems, consequently, he/she may request the Responsible, at any time, to access, “rectify”, cancel or correct or oppose (ARCO) for causing damage or harm or automated processing with adverse legal effects to the processing of your personal data when they turn out to be inaccurate, incomplete or not updated.

Likewise, The Owner will have the right to request the cancellation of their personal data from the files, records, files and systems of The Responsible, initiating a blocking period in accordance with Article 24 of the Law, except in those cases in which such blocking and/or cancellation cannot be carried out in compliance with applicable laws.

For such purposes, The Owner or his/her legal representative may submit the request in writing to the Responsible, which shall contain at least the following information:

  1. Name of The Owner, address or other means of receiving notices.
  2. Documents that prove the identity or, where applicable, the legal representation of The Owner.
  3. The clear and precise description of the personal data with respect to which the exercise of the ARCO rights, which is intended to be exercised.
  4. Any other element or document that facilitates the location of personal data.
  5. In the event of rectification of personal data, the modifications to be made and the documents that support the change must be indicated.

The Responsible designates the person who will process the requests of The Owner, for the exercise of the ARCO rights by written communication by email addressed to Facundo Daniel Eroles at the address: [email protected] or through the Mexican Postal Service (Correos de México) or a courier company that registers or verifies the receipt of the document or in person at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

The Responsible will respond in accordance with the deadlines established in articles 30, 31, 32 and 33 of the Law.

The Responsible informs The Owner that the right to object will not be exercised in those cases in which the processing is necessary to comply with a legal obligation imposed on The Responsible.

The Responsible informs The Owner that the exercise of the ARCO Rights is free of charge.

7.- AMENDMENTS TO THE PRIVACY NOTICE.

The Responsible reserves the right to modify this Privacy Notice, in which case the changes made to it will be communicated through the Notice placed in a visible place at The Responsible´ s address, as well as on the page of the global computer network called https://mx.havas.com/es/ for which reason the Owner must consult the Privacy Notice on the aforementioned page or at the address of The Responsible.

 8.- INTERNATIONAL TRANSFER OF PERSONAL DATA.

The Responsible may transfer the Owner’s personal data internationally (through manual or automated procedures applied to the personal data), without the latter’s consent when:

a) Is provided for in a law or treaty to which México is a party;

b) It is made to companies of the same group or to any company of the same group of the Responsible that operates under the same internal processes and policies;

c) It is necessary by virtue of a contract entered into in the interest of The Owner;

d) For the safeguarding of a public interest, or for the procurement or administration of justice;

(e) It is necessary for the recognition, exercise or defense of a right in judicial proceedings; and

f) For the maintenance or fulfilment of a legal relationship between The Responsible and The Owner.

9.- APPLICATION OF THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (THE GDPR).

The Responsible makes its best effort with respect to the use of Personal Data; how it is obtained, how it is protected; and what period it keeps, with respect to individuals or legal persons that are part of the European Economic Community, in cases where it is applicable, in accordance with Article 3, section V, of the Law, and Article 4, 5 and Section Three of the Regulation of the Law, as well as Article 3.2 and other applicable provisions of the GDPR and other regulations of said legislation, as well as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and its Additional Protocol, relating to Supervisory Authorities and Cross-Border Data Flows, Published on June 12, 2018.

This regulation applies to the processing of personal data by a person responsible who is not established in the European Union, but in a place where the law of the Member States is applicable under public international law.

However, the laws in México related to data protection establish that The Owner may exercise their ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

  10.- IMPACT OF THE LAWS OF THE UNITED STATES OF AMERICA REGARDING THE PROTECTION OF DATA HELD BY THIRD PARTIES IN NATIONAL TERRITORY.

The requirements established in terms of data protection are those mentioned below: i.- publication of the privacy notice (manual or electronic means); ii.- the owner has rights such as access, cancellation, rectification and opposition of personal data with whom The Responsible has a relationship; iii.- ) Makes an effort to maintain security processes for the protection of personal data; iv.- The Responsible does not collect personal information from minors unless the consent of the parents and/or guardians is obtained.

 The laws in México related to the protection of personal data establish that the Owner may exercise his/her ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

11.- CONSULTATIONS.

For any doubt, comment or query or request from The Owner regarding this Notice in accordance with Article 28 of the Law, The Owner may consult the Privacy Notice at the address of The Responsible, as well as on the page of the global computer network called https://mx.havas.com/es/ or submit the written at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, en la Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

a) Any complaint or information about the processing of your personal data or questions regarding the Federal Law on the Protection of Personal Data in Possession of Private Parties and its Regulations, may be made to the Anti-Corruption and Good Government Ministry; and

b) Applicable Law: The interpretation and application of this Privacy Notice is governed by the Federal Law on the Protection of Personal Data in Possession of Private Parties, the Code of Civil Procedure and the Federal Law of Administrative Procedure and other administrative provisions, laws and regulations that are applicable.

 CONSENT: The Owner of the Personal Data freely declares to have read the content of this Privacy Notice and has no opposition to it since they have been informed by The Responsible of their data in a specific and informed manner.

PRIVACY NOTICE (HAVAS MEDIA SA DE CV)

In compliance with the provisions of the Federal Law on the Protection of Personal Data in Possession of Private Parties (The Law) published in the Federation´s Official Gazette on March 20, 2025, the following Privacy Notice is issued.

This document is made available to the Owner at the time their personal data is collected, so that The Responsible (who collects, stores and/or handles the Owner´s personal data) informs them of the processing of the same.

1.- IDENTITY OF THE PERSON RESPONSIBLE.

Havas Media, S.A. de C.V. (The Responsible) this legal entity, dedicated to the trading and industry in general and in particular manner, the creation, preparation, programming and execution of advertising in different medias, on behalf of and in the interest of third-party advertisers, whether they are natural and/or legal entities, public or private, with address at: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, with Federal Taxpayers Registry MPG941109JTA.

2.- PURPOSE.

The Responsible collects the personal data provided by its customers, suppliers, service providers, business partners, advisors and/or employees, related to its corporate purpose, or from any third party related to The Responsible, who may have authorized access to the products and/or services of The Responsible.

 The Owner agrees to provide his/her personal data voluntarily and freely, which are included in contracts, letters, forms, deeds, databases or other means, as appropriate, and are shared and communicated to the authorities that legally have access to them and, in the cases so required, will act in the corresponding Public Registries. The Responsible obtains the personal data from the Owner in printed form or by any electronic, optical, sound, visual means or through any other technology through the Simplified Privacy Notice.

 3.- PERSONAL DATA AND SENSITIVE PERSONAL DATA SUBJECT TO PROCESSING BY THE RESPONSIBLE PARTY.

The personal data used by The Responsible may include “sensitive personal data”; therefore, without limitation, the following are related:

INDIVIDUALS

LEGAL ENTITIES

The Owner must prove the veracity of the aforementioned information with the corresponding documentation.

3.- CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA.

Confidentiality: refers to keeping, handling, maintaining the confidentiality of personal data, including sensitive personal data referred to by Law, which are provided by the Owner to The Responsible, as well as by employees and third parties with consent, whether physical, manual or automated, by obtaining, using, recording, organizing (through database) conservation, elaboration, use, communication, dissemination, storage, possession, access, handling, use, disclosure, in the cases established by law, transfer or disposal of personal data.

In addition, The Responsible will constantly make the best efforts through manual, administrative and/or technological means and internal protection procedures, to maintain the security of the Personal Data and Sensitive Personal Data that are provided to The Responsible to prevent unauthorized access to them.The Responsible, in the case of Personal Data and Sensitive Personal Data of minors or persons in a state of interdiction or incapacity, requires the express and written consent of one of the parents or guardian or whoever exercises guardianship and custody; when the personal data and sensitive personal data correspond to a deceased person, the express written consent of the surviving spouse or one of their ascendants or descendants or of the person who proves to have a legal interest or of the person who has been previously designated by the Owner is required; in the aforementioned cases, consent will be recorded when signing this Privacy Notice or the Simplified Privacy Notice.

Handling: The Personal Data provided to the Responsible is used in an appropriate and relevant manner in relation to the purpose and requirements of the Law, so has an orderly and systematic record of customers, personnel, as well as suppliers (service providers), and to coordinate all the services they provide for the Responsible.

The Responsible reasonably carries out the classification, handling and/or purification of the documentation and/or information related to personal data (including sensitive data), which upon completion of the purpose for which they were collected, will be blocked and/or destroyed by the Responsible, in accordance with the Law.

The Owner must provide the personal data in an accurate, complete, correct and updated manner for the purposes for which they were collected, however, The Responsible may verify the accuracy of such personal data.

The Responsible makes reasonable efforts to limit the period of processing of sensitive personal data so that it is the minimum necessary, with the exceptions set out in the applicable laws.

The Responsible may transfer personal data, including sensitive personal data, to related third parties for the purpose of fulfilling the purposes for which they were collected. Appropriate use will be made, and special care will be taken when such personal data is transmitted or used by a related third party, and these must be treated under the principles of legality, purpose, loyalty, consent, quality, proportionality, information and responsibility in accordance with the Law.

The Responsible reasonably implements administrative, technical and physical measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing; any significant violation in the property or morals of the Owner will be immediately reported to the latter.

Related third parties must establish the same protection controls as The Responsible.

 4.- LIMITATIONS ON USE AND DATA DISCLOSURE.

Personal Data that is provided to us through lawful or legitimate means is handled appropriately and confidentially.

 Personal Data is and will be transferable to third parties in order to (a) comply with current legal obligations, (b) comply with a judicial or legal decision, and (c) the time that is necessary for the operation and functioning of The Responsible in compliance with the provisions to which The Responsible is subject.

The Responsible adopts the necessary and reasonable measures for the cancellation, blocking, where appropriate, handling and conservation of the personal data provided to it.

The Responsible will use cookies related to its corporate purpose, when browsing its website, The Owner may: a) opting to delete all or some of the cookies from your device through your browsing settings; b) opting to prevent the installation of cookies on your device through your browser settings; c) choose to enable or disable cookies that we use directly on our website https://mx.havas.com/es/.

The Responsible is not obliged to have the consent of The Owner of the personal data for its handling, in the following cases: (i) the data are in public access sources (the personal data can be consulted publicly), (ii) the personal data are in a process of dissociation, which does not allow the Responsible to identify The Owner (iii) for the fulfillment of the contractual obligations between The Owner and The Responsible (iv) there is an emergency situation that may potentially harm an individual in his or her person or assets, (v) the treatment for medical care, prevention, diagnosis, provision of health care, or the management of health services, while The Owner is not in a position to grant consent, in terms of the provisions of the General Health Law and other applicable legal regulations and that such data processing is carried out by a person subject to professional secrecy or equivalent obligation, or (vi) by means of a court order, resolution or well-founded and reasoned mandate of a competent authority or legal provision so provides.

5.- MEANS TO EXERCISE THE RIGHTS OF THE OWNER RELATED TO THE PROCESSING OF THEIR PERSONAL DATA.

The Owner will have the right to “access” his/her personal data that are in the possession of The Responsible, through the process of request made to the person in charge of The Responsible in any of its means, records, files and backup systems, consequently, he/she may request the Responsible, at any time, to access, “rectify”, cancel or correct or oppose (ARCO) for causing damage or harm or automated processing with adverse legal effects to the processing of your personal data when they turn out to be inaccurate, incomplete or not updated.

Likewise, The Owner will have the right to request the cancellation of their personal data from the files, records, files and systems of The Responsible, initiating a blocking period in accordance with Article 24 of the Law, except in those cases in which such blocking and/or cancellation cannot be carried out in compliance with applicable laws.

For such purposes, The Owner or his/her legal representative may submit the request in writing to the Responsible, which shall contain at least the following information:

  1. Name of The Owner, address or other means of receiving notices.
  2. Documents that prove the identity or, where applicable, the legal representation of The Owner.
  3. The clear and precise description of the personal data with respect to which the exercise of the ARCO rights, which is intended to be exercised.
  4. Any other element or document that facilitates the location of personal data.
  5. In the event of rectification of personal data, the modifications to be made and the documents that support the change must be indicated.

The Responsible designates the person who will process the requests of The Owner, for the exercise of the ARCO rights by written communication by email addressed to Facundo Daniel Eroles at the address: [email protected] or through the Mexican Postal Service (Correos de México) or a courier company that registers or verifies the receipt of the document or in person at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

The Responsible will respond in accordance with the deadlines established in articles 30, 31, 32 and 33 of the Law.

The Responsible informs The Owner that the right to object will not be exercised in those cases in which the processing is necessary to comply with a legal obligation imposed on The Responsible.

The Responsible informs The Owner that the exercise of the ARCO Rights is free of charge.

7.- AMENDMENTS TO THE PRIVACY NOTICE.

The Responsible reserves the right to modify this Privacy Notice, in which case the changes made to it will be communicated through the Notice placed in a visible place at The Responsible´ s address, as well as on the page of the global computer network called https://mx.havas.com/es/ for which reason the Owner must consult the Privacy Notice on the aforementioned page or at the address of The Responsible.

 8.- INTERNATIONAL TRANSFER OF PERSONAL DATA.

The Responsible may transfer the Owner’s personal data internationally (through manual or automated procedures applied to the personal data), without the latter’s consent when:

a) Is provided for in a law or treaty to which México is a party;

b) It is made to companies of the same group or to any company of the same group of the Responsible that operates under the same internal processes and policies;

c) It is necessary by virtue of a contract entered into in the interest of The Owner;

d) For the safeguarding of a public interest, or for the procurement or administration of justice;

(e) It is necessary for the recognition, exercise or defense of a right in judicial proceedings; and

f) For the maintenance or fulfilment of a legal relationship between The Responsible and The Owner.

9.- APPLICATION OF THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (THE GDPR).

The Responsible makes its best effort with respect to the use of Personal Data; how it is obtained, how it is protected; and what period it keeps, with respect to individuals or legal persons that are part of the European Economic Community, in cases where it is applicable, in accordance with Article 3, section V, of the Law, and Article 4, 5 and Section Three of the Regulation of the Law, as well as Article 3.2 and other applicable provisions of the GDPR and other regulations of said legislation, as well as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and its Additional Protocol, relating to Supervisory Authorities and Cross-Border Data Flows, Published on June 12, 2018.

This regulation applies to the processing of personal data by a person responsible who is not established in the European Union, but in a place where the law of the Member States is applicable under public international law.

However, the laws in México related to data protection establish that The Owner may exercise their ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

 10.- IMPACT OF THE LAWS OF THE UNITED STATES OF AMERICA REGARDING THE PROTECTION OF DATA HELD BY THIRD PARTIES IN NATIONAL TERRITORY.

The requirements established in terms of data protection are those mentioned below: i.- publication of the privacy notice (manual or electronic means); ii.- the owner has rights such as access, cancellation, rectification and opposition of personal data with whom The Responsible has a relationship; iii.- ) Makes an effort to maintain security processes for the protection of personal data; iv.- The Responsible does not collect personal information from minors unless the consent of the parents and/or guardians is obtained.

  The laws in México related to the protection of personal data establish that the Owner may exercise his/her ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

11.- CONSULTATIONS.

For any doubt, comment or query or request from The Owner regarding this Notice in accordance with Article 28 of the Law, The Owner may consult the Privacy Notice at the address of The Responsible, as well as on the page of the global computer network called https://mx.havas.com/es/ or submit the written at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, en la Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

a) Any complaint or information about the processing of your personal data or questions regarding the Federal Law on the Protection of Personal Data in Possession of Private Parties and its Regulations, may be made to the Anti-Corruption and Good Government Ministry; and

b) Applicable Law: The interpretation and application of this Privacy Notice is governed by the Federal Law on the Protection of Personal Data in Possession of Private Parties, the Code of Civil Procedure and the Federal Law of Administrative Procedure and other administrative provisions, laws and regulations that are applicable.

 CONSENT: The Owner of the Personal Data freely declares to have read the content of this Privacy Notice and has no opposition to it since they have been informed by The Responsible of their data in a specific and informed manner.

PRIVACY NOTICE (HAVAS MEDIA REGIONES SA DE CV)

In compliance with the provisions of the Federal Law on the Protection of Personal Data in Possession of Private Parties (The Law) published in the Federation´s Official Gazette on March 20, 2025, the following Privacy Notice is issued.

This document is made available to the Owner at the time their personal data is collected, so that The Responsible (who collects, stores and/or handles the Owner´s personal data) informs them of the processing of the same.

1.- IDENTITY OF THE PERSON RESPONSIBLE.

Havas Media Regiones, S.A. de C.V. (The Responsible) this legal entity, dedicated to the trading and industry in general and in particular manner, the creation, preparation, programming and execution of advertising in different medias, on behalf of and in the interest of third-party advertisers, whether they are natural and/or legal entities, public or private, with address at: Rio Missouri número 555 oriente,  suite 3, 5to piso, Colonia del Valle, San Pedro Garza García, CP 66220, Nuevo León, México, with Federal Taxpayers Registry HMM030602KC9.

2.- PURPOSE.

The Responsible collects the personal data provided by its customers, suppliers, service providers, business partners, advisors and/or employees, related to its corporate purpose, or from any third party related to The Responsible, who may have authorized access to the products and/or services of The Responsible.

 The Owner agrees to provide his/her personal data voluntarily and freely, which are included in contracts, letters, forms, deeds, databases or other means, as appropriate, and are shared and communicated to the authorities that legally have access to them and, in the cases so required, will act in the corresponding Public Registries. The Responsible obtains the personal data from the Owner in printed form or by any electronic, optical, sound, visual means or through any other technology through the Simplified Privacy Notice.

 3.- PERSONAL DATA AND SENSITIVE PERSONAL DATA SUBJECT TO PROCESSING BY THE RESPONSIBLE PARTY.

The personal data used by The Responsible may include “sensitive personal data”; therefore, without limitation, the following are related:

INDIVIDUALS

LEGAL ENTITIES

The Owner must prove the veracity of the aforementioned information with the corresponding documentation.

3.- CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA.

Confidentiality: refers to keeping, handling, maintaining the confidentiality of personal data, including sensitive personal data referred to by Law, which are provided by the Owner to The Responsible, as well as by employees and third parties with consent, whether physical, manual or automated, by obtaining, using, recording, organizing (through database) conservation, elaboration, use, communication, dissemination, storage, possession, access, handling, use, disclosure, in the cases established by law, transfer or disposal of personal data.

In addition, The Responsible will constantly make the best efforts through manual, administrative and/or technological means and internal protection procedures, to maintain the security of the Personal Data and Sensitive Personal Data that are provided to The Responsible to prevent unauthorized access to them.The Responsible, in the case of Personal Data and Sensitive Personal Data of minors or persons in a state of interdiction or incapacity, requires the express and written consent of one of the parents or guardian or whoever exercises guardianship and custody; when the personal data and sensitive personal data correspond to a deceased person, the express written consent of the surviving spouse or one of their ascendants or descendants or of the person who proves to have a legal interest or of the person who has been previously designated by the Owner is required; in the aforementioned cases, consent will be recorded when signing this Privacy Notice or the Simplified Privacy Notice.

Handling: The Personal Data provided to the Responsible is used in an appropriate and relevant manner in relation to the purpose and requirements of the Law, so has an orderly and systematic record of customers, personnel, as well as suppliers (service providers), and to coordinate all the services they provide for the Responsible.

The Responsible reasonably carries out the classification, handling and/or purification of the documentation and/or information related to personal data (including sensitive data), which upon completion of the purpose for which they were collected, will be blocked and/or destroyed by the Responsible, in accordance with the Law.

The Owner must provide the personal data in an accurate, complete, correct and updated manner for the purposes for which they were collected, however, The Responsible may verify the accuracy of such personal data.

The Responsible makes reasonable efforts to limit the period of processing of sensitive personal data so that it is the minimum necessary, with the exceptions set out in the applicable laws.

The Responsible may transfer personal data, including sensitive personal data, to related third parties for the purpose of fulfilling the purposes for which they were collected. Appropriate use will be made, and special care will be taken when such personal data is transmitted or used by a related third party, and these must be treated under the principles of legality, purpose, loyalty, consent, quality, proportionality, information and responsibility in accordance with the Law.

The Responsible reasonably implements administrative, technical and physical measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing; any significant violation in the property or morals of the Owner will be immediately reported to the latter.

Related third parties must establish the same protection controls as The Responsible.

 4.- LIMITATIONS ON USE AND DATA DISCLOSURE.

Personal Data that is provided to us through lawful or legitimate means is handled appropriately and confidentially.

 Personal Data is and will be transferable to third parties in order to (a) comply with current legal obligations, (b) comply with a judicial or legal decision, and (c) the time that is necessary for the operation and functioning of The Responsible in compliance with the provisions to which The Responsible is subject.

The Responsible adopts the necessary and reasonable measures for the cancellation, blocking, where appropriate, handling and conservation of the personal data provided to it.

The Responsible will use cookies related to its corporate purpose, when browsing its website, The Owner may: a) opting to delete all or some of the cookies from your device through your browsing settings; b) opting to prevent the installation of cookies on your device through your browser settings; c) choose to enable or disable cookies that we use directly on our website https://mx.havas.com/es/.

The Responsible is not obliged to have the consent of The Owner of the personal data for its handling, in the following cases: (i) the data are in public access sources (the personal data can be consulted publicly), (ii) the personal data are in a process of dissociation, which does not allow the Responsible to identify The Owner (iii) for the fulfillment of the contractual obligations between The Owner and The Responsible (iv) there is an emergency situation that may potentially harm an individual in his or her person or assets, (v) the treatment for medical care, prevention, diagnosis, provision of health care, or the management of health services, while The Owner is not in a position to grant consent, in terms of the provisions of the General Health Law and other applicable legal regulations and that such data processing is carried out by a person subject to professional secrecy or equivalent obligation, or (vi) by means of a court order, resolution or well-founded and reasoned mandate of a competent authority or legal provision so provides.

5.- MEANS TO EXERCISE THE RIGHTS OF THE OWNER RELATED TO THE PROCESSING OF THEIR PERSONAL DATA.

The Owner will have the right to “access” his/her personal data that are in the possession of The Responsible, through the process of request made to the person in charge of The Responsible in any of its means, records, files and backup systems, consequently, he/she may request the Responsible, at any time, to access, “rectify”, cancel or correct or oppose (ARCO) for causing damage or harm or automated processing with adverse legal effects to the processing of your personal data when they turn out to be inaccurate, incomplete or not updated.

Likewise, The Owner will have the right to request the cancellation of their personal data from the files, records, files and systems of The Responsible, initiating a blocking period in accordance with Article 24 of the Law, except in those cases in which such blocking and/or cancellation cannot be carried out in compliance with applicable laws.

For such purposes, The Owner or his/her legal representative may submit the request in writing to the Responsible, which shall contain at least the following information:

  1. Name of The Owner, address or other means of receiving notices.
  2. Documents that prove the identity or, where applicable, the legal representation of The Owner.
  3. The clear and precise description of the personal data with respect to which the exercise of the ARCO rights, which is intended to be exercised.
  4. Any other element or document that facilitates the location of personal data.
  5. In the event of rectification of personal data, the modifications to be made and the documents that support the change must be indicated.

The Responsible designates the person who will process the requests of The Owner, for the exercise of the ARCO rights by written communication by email addressed to Facundo Daniel Eroles at the address: [email protected] or through the Mexican Postal Service (Correos de México) or a courier company that registers or verifies the receipt of the document or in person at the following address: Rio Missouri número 555 oriente,  suite 3, 5to piso, Colonia del Valle, San Pedro Garza García, CP 66220, Nuevo León, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

The Responsible will respond in accordance with the deadlines established in articles 30, 31, 32 and 33 of the Law.

The Responsible informs The Owner that the right to object will not be exercised in those cases in which the processing is necessary to comply with a legal obligation imposed on The Responsible.

The Responsible informs The Owner that the exercise of the ARCO Rights is free of charge.

7.- AMENDMENTS TO THE PRIVACY NOTICE.

The Responsible reserves the right to modify this Privacy Notice, in which case the changes made to it will be communicated through the Notice placed in a visible place at The Responsible´ s address, as well as on the page of the global computer network called https://mx.havas.com/es/ for which reason the Owner must consult the Privacy Notice on the aforementioned page or at the address of The Responsible.

 8.- INTERNATIONAL TRANSFER OF PERSONAL DATA.

The Responsible may transfer the Owner’s personal data internationally (through manual or automated procedures applied to the personal data), without the latter’s consent when:

a) Is provided for in a law or treaty to which México is a party;

b) It is made to companies of the same group or to any company of the same group of the Responsible that operates under the same internal processes and policies;

c) It is necessary by virtue of a contract entered into in the interest of The Owner;

d) For the safeguarding of a public interest, or for the procurement or administration of justice;

(e) It is necessary for the recognition, exercise or defense of a right in judicial proceedings; and

f) For the maintenance or fulfilment of a legal relationship between The Responsible and The Owner.

9.- APPLICATION OF THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (THE GDPR).

The Responsible makes its best effort with respect to the use of Personal Data; how it is obtained, how it is protected; and what period it keeps, with respect to individuals or legal persons that are part of the European Economic Community, in cases where it is applicable, in accordance with Article 3, section V, of the Law, and Article 4, 5 and Section Three of the Regulation of the Law, as well as Article 3.2 and other applicable provisions of the GDPR and other regulations of said legislation, as well as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and its Additional Protocol, relating to Supervisory Authorities and Cross-Border Data Flows, Published on June 12, 2018.

This regulation applies to the processing of personal data by a person responsible who is not established in the European Union, but in a place where the law of the Member States is applicable under public international law.

However, the laws in México related to data protection establish that The Owner may exercise their ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

 10.- IMPACT OF THE LAWS OF THE UNITED STATES OF AMERICA REGARDING THE PROTECTION OF DATA HELD BY THIRD PARTIES IN NATIONAL TERRITORY.

The requirements established in terms of data protection are those mentioned below: i.- publication of the privacy notice (manual or electronic means); ii.- the owner has rights such as access, cancellation, rectification and opposition of personal data with whom The Responsible has a relationship; iii.- ) Makes an effort to maintain security processes for the protection of personal data; iv.- The Responsible does not collect personal information from minors unless the consent of the parents and/or guardians is obtained.

 The laws in México related to the protection of personal data establish that the Owner may exercise his/her ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

11.- CONSULTATIONS.

For any doubt, comment or query or request from The Owner regarding this Notice in accordance with Article 28 of the Law, The Owner may consult the Privacy Notice at the address of The Responsible, as well as on the page of the global computer network called https://mx.havas.com/es/ or submit the written at the following address: Rio Missouri número 555 oriente,  suite 3, 5to piso, Colonia del Valle, San Pedro Garza García, CP 66220, Nuevo León, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

a) Any complaint or information about the processing of your personal data or questions regarding the Federal Law on the Protection of Personal Data in Possession of Private Parties and its Regulations, may be made to the Anti-Corruption and Good Government Ministry; and

b) Applicable Law: The interpretation and application of this Privacy Notice is governed by the Federal Law on the Protection of Personal Data in Possession of Private Parties, the Code of Civil Procedure and the Federal Law of Administrative Procedure and other administrative provisions, laws and regulations that are applicable.

 CONSENT: The Owner of the Personal Data freely declares to have read the content of this Privacy Notice and has no opposition to it since they have been informed by The Responsible of their data in a specific and informed manner.

PRIVACY NOTICE (HAVAS MEDIA SERVICES SA DE CV)

In compliance with the provisions of the Federal Law on the Protection of Personal Data in Possession of Private Parties (The Law) published in the Federation´s Official Gazette on March 20, 2025, the following Privacy Notice is issued.

This document is made available to the Owner at the time their personal data is collected, so that The Responsible (who collects, stores and/or handles the Owner´s personal data) informs them of the processing of the same.

1.- IDENTITY OF THE PERSON RESPONSIBLE.

Havas Media Services, S.A. de C.V. (The Responsible) this legal entity, dedicated to the to the rendering of professional, technical, specialized advisory and consulting services in areas of management in general, with address at: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, with Federal Taxpayers Registry HMS971215TH9.

2.- PURPOSE.

The Responsible collects the personal data provided by its customers, suppliers, service providers, business partners, advisors and/or employees, related to its corporate purpose, or from any third party related to The Responsible, who may have authorized access to the products and/or services of The Responsible.

 The Owner agrees to provide his/her personal data voluntarily and freely, which are included in contracts, letters, forms, deeds, databases or other means, as appropriate, and are shared and communicated to the authorities that legally have access to them and, in the cases so required, will act in the corresponding Public Registries. The Responsible obtains the personal data from the Owner in printed form or by any electronic, optical, sound, visual means or through any other technology through the Simplified Privacy Notice.

 3.- PERSONAL DATA AND SENSITIVE PERSONAL DATA SUBJECT TO PROCESSING BY THE RESPONSIBLE PARTY.

The personal data used by The Responsible may include “sensitive personal data”; therefore, without limitation, the following are related:

  INDIVIDUALS

LEGAL ENTITIES

The Owner must prove the veracity of the aforementioned information with the corresponding documentation.

3.- CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA.

Confidentiality: refers to keeping, handling, maintaining the confidentiality of personal data, including sensitive personal data referred to by Law, which are provided by the Owner to The Responsible, as well as by employees and third parties with consent, whether physical, manual or automated, by obtaining, using, recording, organizing (through database) conservation, elaboration, use, communication, dissemination, storage, possession, access, handling, use, disclosure, in the cases established by law, transfer or disposal of personal data.

In addition, The Responsible will constantly make the best efforts through manual, administrative and/or technological means and internal protection procedures, to maintain the security of the Personal Data and Sensitive Personal Data that are provided to The Responsible to prevent unauthorized access to them.The Responsible, in the case of Personal Data and Sensitive Personal Data of minors or persons in a state of interdiction or incapacity, requires the express and written consent of one of the parents or guardian or whoever exercises guardianship and custody; when the personal data and sensitive personal data correspond to a deceased person, the express written consent of the surviving spouse or one of their ascendants or descendants or of the person who proves to have a legal interest or of the person who has been previously designated by the Owner is required; in the aforementioned cases, consent will be recorded when signing this Privacy Notice or the Simplified Privacy Notice.

Handling: The Personal Data provided to the Responsible is used in an appropriate and relevant manner in relation to the purpose and requirements of the Law, so has an orderly and systematic record of customers, personnel, as well as suppliers (service providers), and to coordinate all the services they provide for the Responsible.

The Responsible reasonably carries out the classification, handling and/or purification of the documentation and/or information related to personal data (including sensitive data), which upon completion of the purpose for which they were collected, will be blocked and/or destroyed by the Responsible, in accordance with the Law.

The Owner must provide the personal data in an accurate, complete, correct and updated manner for the purposes for which they were collected, however, The Responsible may verify the accuracy of such personal data.

The Responsible makes reasonable efforts to limit the period of processing of sensitive personal data so that it is the minimum necessary, with the exceptions set out in the applicable laws.

The Responsible may transfer personal data, including sensitive personal data, to related third parties for the purpose of fulfilling the purposes for which they were collected. Appropriate use will be made, and special care will be taken when such personal data is transmitted or used by a related third party, and these must be treated under the principles of legality, purpose, loyalty, consent, quality, proportionality, information and responsibility in accordance with the Law.

The Responsible reasonably implements administrative, technical and physical measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing; any significant violation in the property or morals of the Owner will be immediately reported to the latter.

Related third parties must establish the same protection controls as The Responsible.

 4.- LIMITATIONS ON USE AND DATA DISCLOSURE.

Personal Data that is provided to us through lawful or legitimate means is handled appropriately and confidentially.

 Personal Data is and will be transferable to third parties in order to (a) comply with current legal obligations, (b) comply with a judicial or legal decision, and (c) the time that is necessary for the operation and functioning of The Responsible in compliance with the provisions to which The Responsible is subject.

The Responsible adopts the necessary and reasonable measures for the cancellation, blocking, where appropriate, handling and conservation of the personal data provided to it.

The Responsible will use cookies related to its corporate purpose, when browsing its website, The Owner may: a) opting to delete all or some of the cookies from your device through your browsing settings; b) opting to prevent the installation of cookies on your device through your browser settings; c) choose to enable or disable cookies that we use directly on our website https://mx.havas.com/es/.

The Responsible is not obliged to have the consent of The Owner of the personal data for its handling, in the following cases: (i) the data are in public access sources (the personal data can be consulted publicly), (ii) the personal data are in a process of dissociation, which does not allow the Responsible to identify The Owner (iii) for the fulfillment of the contractual obligations between The Owner and The Responsible (iv) there is an emergency situation that may potentially harm an individual in his or her person or assets, (v) the treatment for medical care, prevention, diagnosis, provision of health care, or the management of health services, while The Owner is not in a position to grant consent, in terms of the provisions of the General Health Law and other applicable legal regulations and that such data processing is carried out by a person subject to professional secrecy or equivalent obligation, or (vi) by means of a court order, resolution or well-founded and reasoned mandate of a competent authority or legal provision so provides.

5.- MEANS TO EXERCISE THE RIGHTS OF THE OWNER RELATED TO THE PROCESSING OF THEIR PERSONAL DATA.

The Owner will have the right to “access” his/her personal data that are in the possession of The Responsible, through the process of request made to the person in charge of The Responsible in any of its means, records, files and backup systems, consequently, he/she may request the Responsible, at any time, to access, “rectify”, cancel or correct or oppose (ARCO) for causing damage or harm or automated processing with adverse legal effects to the processing of your personal data when they turn out to be inaccurate, incomplete or not updated.

Likewise, The Owner will have the right to request the cancellation of their personal data from the files, records, files and systems of The Responsible, initiating a blocking period in accordance with Article 24 of the Law, except in those cases in which such blocking and/or cancellation cannot be carried out in compliance with applicable laws.

For such purposes, The Owner or his/her legal representative may submit the request in writing to the Responsible, which shall contain at least the following information:

  1. Name of The Owner, address or other means of receiving notices.
  2. Documents that prove the identity or, where applicable, the legal representation of The Owner.
  3. The clear and precise description of the personal data with respect to which the exercise of the ARCO rights, which is intended to be exercised.
  4. Any other element or document that facilitates the location of personal data.
  5. In the event of rectification of personal data, the modifications to be made and the documents that support the change must be indicated.

The Responsible designates the person who will process the requests of The Owner, for the exercise of the ARCO rights by written communication by email addressed to Facundo Daniel Eroles at the address: [email protected] or through the Mexican Postal Service (Correos de México) or a courier company that registers or verifies the receipt of the document or in person at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

The Responsible will respond in accordance with the deadlines established in articles 30, 31, 32 and 33 of the Law.

The Responsible informs The Owner that the right to object will not be exercised in those cases in which the processing is necessary to comply with a legal obligation imposed on The Responsible.

The Responsible informs The Owner that the exercise of the ARCO Rights is free of charge.

7.- AMENDMENTS TO THE PRIVACY NOTICE.

The Responsible reserves the right to modify this Privacy Notice, in which case the changes made to it will be communicated through the Notice placed in a visible place at The Responsible´ s address, as well as on the page of the global computer network called https://mx.havas.com/es/ for which reason the Owner must consult the Privacy Notice on the aforementioned page or at the address of The Responsible.

8.- INTERNATIONAL TRANSFER OF PERSONAL DATA.

The Responsible may transfer the Owner’s personal data internationally (through manual or automated procedures applied to the personal data), without the latter’s consent when:

a) Is provided for in a law or treaty to which Mexico is a party;

b) It is made to companies of the same group or to any company of the same group of the Responsible that operates under the same internal processes and policies;

c) It is necessary by virtue of a contract entered into in the interest of The Owner;

d) For the safeguarding of a public interest, or for the procurement or administration of justice;

(e) It is necessary for the recognition, exercise or defense of a right in judicial proceedings; and

f) For the maintenance or fulfilment of a legal relationship between The Responsible and The Owner.

9.- APPLICATION OF THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (THE GDPR).

The Responsible makes its best effort with respect to the use of Personal Data; how it is obtained, how it is protected; and what period it keeps, with respect to individuals or legal persons that are part of the European Economic Community, in cases where it is applicable, in accordance with Article 3, section V, of the Law, and Article 4, 5 and Section Three of the Regulation of the Law, as well as Article 3.2 and other applicable provisions of the GDPR and other regulations of said legislation, as well as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and its Additional Protocol, relating to Supervisory Authorities and Cross-Border Data Flows, Published on June 12, 2018.

This regulation applies to the processing of personal data by a person responsible who is not established in the European Union, but in a place where the law of the Member States is applicable under public international law.

However, the laws in México related to data protection establish that The Owner may exercise their ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

 10.- IMPACT OF THE LAWS OF THE UNITED STATES OF AMERICA REGARDING THE PROTECTION OF DATA HELD BY THIRD PARTIES IN NATIONAL TERRITORY.

The requirements established in terms of data protection are those mentioned below: i.- publication of the privacy notice (manual or electronic means); ii.- the owner has rights such as access, cancellation, rectification and opposition of personal data with whom The Responsible has a relationship; iii.- ) Makes an effort to maintain security processes for the protection of personal data; iv.- The Responsible does not collect personal information from minors unless the consent of the parents and/or guardians is obtained.

  The laws in México related to the protection of personal data establish that the Owner may exercise his/her ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

11.- CONSULTATIONS.

For any doubt, comment or query or request from The Owner regarding this Notice in accordance with Article 28 of the Law, The Owner may consult the Privacy Notice at the address of The Responsible, as well as on the page of the global computer network called https://mx.havas.com/es/ or submit the written at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, en la Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

a) Any complaint or information about the processing of your personal data or questions regarding the Federal Law on the Protection of Personal Data in Possession of Private Parties and its Regulations, may be made to the Anti-Corruption and Good Government Ministry; and

b) Applicable Law: The interpretation and application of this Privacy Notice is governed by the Federal Law on the Protection of Personal Data in Possession of Private Parties, the Code of Civil Procedure and the Federal Law of Administrative Procedure and other administrative provisions, laws and regulations that are applicable.

CONSENT: The Owner of the Personal Data freely declares to have read the content of this Privacy Notice and has no opposition to it since they have been informed by The Responsible of their data in a specific and informed manner.

PRIVACY NOTICE (HPH MÉXICO SA DE CV)

In compliance with the provisions of the Federal Law on the Protection of Personal Data in Possession of Private Parties (The Law) published in the Federation´s Official Gazette on March 20, 2025, the following Privacy Notice is issued.

This document is made available to the Owner at the time their personal data is collected, so that The Responsible (who collects, stores and/or handles the Owner´s personal data) informs them of the processing of the same.

1.- IDENTITY OF THE PERSON RESPONSIBLE.

HPH México, S.A. de C.V. (The Responsible) this legal entity, dedicated to the strategic and creative development of marketing strategies, advertising campaigns, direct mail campaigns and promotions, with address at: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, with Federal Taxpayers Registry HSP0309255Q6.

2.- PURPOSE.

The Responsible collects the personal data provided by its customers, suppliers, service providers, business partners, advisors and/or employees, related to its corporate purpose, or from any third party related to The Responsible, who may have authorized access to the products and/or services of The Responsible.

 The Owner agrees to provide his/her personal data voluntarily and freely, which are included in contracts, letters, forms, deeds, databases or other means, as appropriate, and are shared and communicated to the authorities that legally have access to them and, in the cases so required, will act in the corresponding Public Registries. The Responsible obtains the personal data from the Owner in printed form or by any electronic, optical, sound, visual means or through any other technology through the Simplified Privacy Notice.

 3.- PERSONAL DATA AND SENSITIVE PERSONAL DATA SUBJECT TO PROCESSING BY THE RESPONSIBLE PARTY.

The personal data used by The Responsible may include “sensitive personal data”; therefore, without limitation, the following are related:

 INDIVIDUALS

LEGAL ENTITIES

The Owner must prove the veracity of the aforementioned information with the corresponding documentation.

3.- CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA.

Confidentiality: refers to keeping, handling, maintaining the confidentiality of personal data, including sensitive personal data referred to by Law, which are provided by the Owner to The Responsible, as well as by employees and third parties with consent, whether physical, manual or automated, by obtaining, using, recording, organizing (through database) conservation, elaboration, use, communication, dissemination, storage, possession, access, handling, use, disclosure, in the cases established by law, transfer or disposal of personal data.

In addition, The Responsible will constantly make the best efforts through manual, administrative and/or technological means and internal protection procedures, to maintain the security of the Personal Data and Sensitive Personal Data that are provided to The Responsible to prevent unauthorized access to them.The Responsible, in the case of Personal Data and Sensitive Personal Data of minors or persons in a state of interdiction or incapacity, requires the express and written consent of one of the parents or guardian or whoever exercises guardianship and custody; when the personal data and sensitive personal data correspond to a deceased person, the express written consent of the surviving spouse or one of their ascendants or descendants or of the person who proves to have a legal interest or of the person who has been previously designated by the Owner is required; in the aforementioned cases, consent will be recorded when signing this Privacy Notice or the Simplified Privacy Notice.

Handling: The Personal Data provided to the Responsible is used in an appropriate and relevant manner in relation to the purpose and requirements of the Law, so has an orderly and systematic record of customers, personnel, as well as suppliers (service providers), and to coordinate all the services they provide for the Responsible.

The Responsible reasonably carries out the classification, handling and/or purification of the documentation and/or information related to personal data (including sensitive data), which upon completion of the purpose for which they were collected, will be blocked and/or destroyed by the Responsible, in accordance with the Law.

The Owner must provide the personal data in an accurate, complete, correct and updated manner for the purposes for which they were collected, however, The Responsible may verify the accuracy of such personal data.

The Responsible makes reasonable efforts to limit the period of processing of sensitive personal data so that it is the minimum necessary, with the exceptions set out in the applicable laws.

The Responsible may transfer personal data, including sensitive personal data, to related third parties for the purpose of fulfilling the purposes for which they were collected. Appropriate use will be made, and special care will be taken when such personal data is transmitted or used by a related third party, and these must be treated under the principles of legality, purpose, loyalty, consent, quality, proportionality, information and responsibility in accordance with the Law.

The Responsible reasonably implements administrative, technical and physical measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing; any significant violation in the property or morals of the Owner will be immediately reported to the latter.

Related third parties must establish the same protection controls as The Responsible.

 4.- LIMITATIONS ON USE AND DATA DISCLOSURE.

Personal Data that is provided to us through lawful or legitimate means is handled appropriately and confidentially.

 Personal Data is and will be transferable to third parties in order to (a) comply with current legal obligations, (b) comply with a judicial or legal decision, and (c) the time that is necessary for the operation and functioning of The Responsible in compliance with the provisions to which The Responsible is subject.

The Responsible adopts the necessary and reasonable measures for the cancellation, blocking, where appropriate, handling and conservation of the personal data provided to it.

The Responsible will use cookies related to its corporate purpose, when browsing its website, The Owner may: a) opting to delete all or some of the cookies from your device through your browsing settings; b) opting to prevent the installation of cookies on your device through your browser settings; c) choose to enable or disable cookies that we use directly on our website https://mx.havas.com/es/.

The Responsible is not obliged to have the consent of The Owner of the personal data for its handling, in the following cases: (i) the data are in public access sources (the personal data can be consulted publicly), (ii) the personal data are in a process of dissociation, which does not allow the Responsible to identify The Owner (iii) for the fulfillment of the contractual obligations between The Owner and The Responsible (iv) there is an emergency situation that may potentially harm an individual in his or her person or assets, (v) the treatment for medical care, prevention, diagnosis, provision of health care, or the management of health services, while The Owner is not in a position to grant consent, in terms of the provisions of the General Health Law and other applicable legal regulations and that such data processing is carried out by a person subject to professional secrecy or equivalent obligation, or (vi) by means of a court order, resolution or well-founded and reasoned mandate of a competent authority or legal provision so provides.

5.- MEANS TO EXERCISE THE RIGHTS OF THE OWNER RELATED TO THE PROCESSING OF THEIR PERSONAL DATA.

The Owner will have the right to “access” his/her personal data that are in the possession of The Responsible, through the process of request made to the person in charge of The Responsible in any of its means, records, files and backup systems, consequently, he/she may request the Responsible, at any time, to access, “rectify”, cancel or correct or oppose (ARCO) for causing damage or harm or automated processing with adverse legal effects to the processing of your personal data when they turn out to be inaccurate, incomplete or not updated.

Likewise, The Owner will have the right to request the cancellation of their personal data from the files, records, files and systems of The Responsible, initiating a blocking period in accordance with Article 24 of the Law, except in those cases in which such blocking and/or cancellation cannot be carried out in compliance with applicable laws.

For such purposes, The Owner or his/her legal representative may submit the request in writing to the Responsible, which shall contain at least the following information:

  1. Name of The Owner, address or other means of receiving notices.
  2. Documents that prove the identity or, where applicable, the legal representation of The Owner.
  3. The clear and precise description of the personal data with respect to which the exercise of the ARCO rights, which is intended to be exercised.
  4. Any other element or document that facilitates the location of personal data.
  5. In the event of rectification of personal data, the modifications to be made and the documents that support the change must be indicated.

The Responsible designates the person who will process the requests of The Owner, for the exercise of the ARCO rights by written communication by email addressed to Facundo Daniel Eroles at the address: [email protected] or through the Mexican Postal Service (Correos de México) or a courier company that registers or verifies the receipt of the document or in person at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

The Responsible will respond in accordance with the deadlines established in articles 30, 31, 32 and 33 of the Law.

The Responsible informs The Owner that the right to object will not be exercised in those cases in which the processing is necessary to comply with a legal obligation imposed on The Responsible.

The Responsible informs The Owner that the exercise of the ARCO Rights is free of charge.

7.- AMENDMENTS TO THE PRIVACY NOTICE.

The Responsible reserves the right to modify this Privacy Notice, in which case the changes made to it will be communicated through the Notice placed in a visible place at The Responsible´ s address, as well as on the page of the global computer network called https://mx.havas.com/es/ for which reason the Owner must consult the Privacy Notice on the aforementioned page or at the address of The Responsible.

 8.- INTERNATIONAL TRANSFER OF PERSONAL DATA.

The Responsible may transfer the Owner’s personal data internationally (through manual or automated procedures applied to the personal data), without the latter’s consent when:

a) Is provided for in a law or treaty to which México is a party;

b) It is made to companies of the same group or to any company of the same group of the Responsible that operates under the same internal processes and policies;

c) It is necessary by virtue of a contract entered into in the interest of The Owner;

d) For the safeguarding of a public interest, or for the procurement or administration of justice;

(e) It is necessary for the recognition, exercise or defense of a right in judicial proceedings; and

f) For the maintenance or fulfilment of a legal relationship between The Responsible and The Owner.

9.- APPLICATION OF THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (THE GDPR).

The Responsible makes its best effort with respect to the use of Personal Data; how it is obtained, how it is protected; and what period it keeps, with respect to individuals or legal persons that are part of the European Economic Community, in cases where it is applicable, in accordance with Article 3, section V, of the Law, and Article 4, 5 and Section Three of the Regulation of the Law, as well as Article 3.2 and other applicable provisions of the GDPR and other regulations of said legislation, as well as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and its Additional Protocol, relating to Supervisory Authorities and Cross-Border Data Flows, Published on June 12, 2018.

This regulation applies to the processing of personal data by a person responsible who is not established in the European Union, but in a place where the law of the Member States is applicable under public international law.

However, the laws in México related to data protection establish that The Owner may exercise their ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

 10.- IMPACT OF THE LAWS OF THE UNITED STATES OF AMERICA REGARDING THE PROTECTION OF DATA HELD BY THIRD PARTIES IN NATIONAL TERRITORY.

The requirements established in terms of data protection are those mentioned below: i.- publication of the privacy notice (manual or electronic means); ii.- the owner has rights such as access, cancellation, rectification and opposition of personal data with whom The Responsible has a relationship; iii.- ) Makes an effort to maintain security processes for the protection of personal data; iv.- The Responsible does not collect personal information from minors unless the consent of the parents and/or guardians is obtained.

 The laws in México related to the protection of personal data establish that the Owner may exercise his/her ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

11.- CONSULTATIONS.

For any doubt, comment or query or request from The Owner regarding this Notice in accordance with Article 28 of the Law, The Owner may consult the Privacy Notice at the address of The Responsible, as well as on the page of the global computer network called https://mx.havas.com/es/ or submit the written at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, en la Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

a) Any complaint or information about the processing of your personal data or questions regarding the Federal Law on the Protection of Personal Data in Possession of Private Parties and its Regulations, may be made to the Anti-Corruption and Good Government Ministry; and

b) Applicable Law: The interpretation and application of this Privacy Notice is governed by the Federal Law on the Protection of Personal Data in Possession of Private Parties, the Code of Civil Procedure and the Federal Law of Administrative Procedure and other administrative provisions, laws and regulations that are applicable.

CONSENT: The Owner of the Personal Data freely declares to have read the content of this Privacy Notice and has no opposition to it since they have been informed by The Responsible of their data in a specific and informed manner.

PRIVACY NOTICE (HAVAS PLUS SA DE CV)

In compliance with the provisions of the Federal Law on the Protection of Personal Data in Possession of Private Parties (The Law) published in the Federation´s Official Gazette on March 20, 2025, the following Privacy Notice is issued.

This document is made available to the Owner at the time their personal data is collected, so that The Responsible (who collects, stores and/or handles the Owner´s personal data) informs them of the processing of the same.

1.- IDENTITY OF THE PERSON RESPONSIBLE.

Havas Plus, S.A. de C.V. (The Responsible) this legal entity, dedicated to the trading and industry in general and in particular manner, the creation, preparation, programming and execution of advertising in different medias, on behalf of and in the interest of third-party advertisers, whether they are natural and/or legal entities, public or private, with address at: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, with Federal Taxpayers Registry FMC1412123B6.

2.- PURPOSE.

The Responsible collects the personal data provided by its customers, suppliers, service providers, business partners, advisors and/or employees, related to its corporate purpose, or from any third party related to The Responsible, who may have authorized access to the products and/or services of The Responsible.

 The Owner agrees to provide his/her personal data voluntarily and freely, which are included in contracts, letters, forms, deeds, databases or other means, as appropriate, and are shared and communicated to the authorities that legally have access to them and, in the cases so required, will act in the corresponding Public Registries. The Responsible obtains the personal data from the Owner in printed form or by any electronic, optical, sound, visual means or through any other technology through the Simplified Privacy Notice.

 3.- PERSONAL DATA AND SENSITIVE PERSONAL DATA SUBJECT TO PROCESSING BY THE RESPONSIBLE PARTY.

The personal data used by The Responsible may include “sensitive personal data”; therefore, without limitation, the following are related:

INDIVIDUALS

LEGAL ENTITIES

The Owner must prove the veracity of the aforementioned information with the corresponding documentation.

3.- CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA.

Confidentiality: refers to keeping, handling, maintaining the confidentiality of personal data, including sensitive personal data referred to by Law, which are provided by the Owner to The Responsible, as well as by employees and third parties with consent, whether physical, manual or automated, by obtaining, using, recording, organizing (through database) conservation, elaboration, use, communication, dissemination, storage, possession, access, handling, use, disclosure, in the cases established by law, transfer or disposal of personal data.

In addition, The Responsible will constantly make the best efforts through manual, administrative and/or technological means and internal protection procedures, to maintain the security of the Personal Data and Sensitive Personal Data that are provided to The Responsible to prevent unauthorized access to them.The Responsible, in the case of Personal Data and Sensitive Personal Data of minors or persons in a state of interdiction or incapacity, requires the express and written consent of one of the parents or guardian or whoever exercises guardianship and custody; when the personal data and sensitive personal data correspond to a deceased person, the express written consent of the surviving spouse or one of their ascendants or descendants or of the person who proves to have a legal interest or of the person who has been previously designated by the Owner is required; in the aforementioned cases, consent will be recorded when signing this Privacy Notice or the Simplified Privacy Notice.

Handling: The Personal Data provided to the Responsible is used in an appropriate and relevant manner in relation to the purpose and requirements of the Law, so has an orderly and systematic record of customers, personnel, as well as suppliers (service providers), and to coordinate all the services they provide for the Responsible.

The Responsible reasonably carries out the classification, handling and/or purification of the documentation and/or information related to personal data (including sensitive data), which upon completion of the purpose for which they were collected, will be blocked and/or destroyed by the Responsible, in accordance with the Law.

The Owner must provide the personal data in an accurate, complete, correct and updated manner for the purposes for which they were collected, however, The Responsible may verify the accuracy of such personal data.

The Responsible makes reasonable efforts to limit the period of processing of sensitive personal data so that it is the minimum necessary, with the exceptions set out in the applicable laws.

The Responsible may transfer personal data, including sensitive personal data, to related third parties for the purpose of fulfilling the purposes for which they were collected. Appropriate use will be made, and special care will be taken when such personal data is transmitted or used by a related third party, and these must be treated under the principles of legality, purpose, loyalty, consent, quality, proportionality, information and responsibility in accordance with the Law.

The Responsible reasonably implements administrative, technical and physical measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing; any significant violation in the property or morals of the Owner will be immediately reported to the latter.

Related third parties must establish the same protection controls as The Responsible.

 4.- LIMITATIONS ON USE AND DATA DISCLOSURE.

Personal Data that is provided to us through lawful or legitimate means is handled appropriately and confidentially.

 Personal Data is and will be transferable to third parties in order to (a) comply with current legal obligations, (b) comply with a judicial or legal decision, and (c) the time that is necessary for the operation and functioning of The Responsible in compliance with the provisions to which The Responsible is subject.

The Responsible adopts the necessary and reasonable measures for the cancellation, blocking, where appropriate, handling and conservation of the personal data provided to it.

The Responsible will use cookies related to its corporate purpose, when browsing its website, The Owner may: a) opting to delete all or some of the cookies from your device through your browsing settings; b) opting to prevent the installation of cookies on your device through your browser settings; c) choose to enable or disable cookies that we use directly on our website https://mx.havas.com/es/.

The Responsible is not obliged to have the consent of The Owner of the personal data for its handling, in the following cases: (i) the data are in public access sources (the personal data can be consulted publicly), (ii) the personal data are in a process of dissociation, which does not allow the Responsible to identify The Owner (iii) for the fulfillment of the contractual obligations between The Owner and The Responsible (iv) there is an emergency situation that may potentially harm an individual in his or her person or assets, (v) the treatment for medical care, prevention, diagnosis, provision of health care, or the management of health services, while The Owner is not in a position to grant consent, in terms of the provisions of the General Health Law and other applicable legal regulations and that such data processing is carried out by a person subject to professional secrecy or equivalent obligation, or (vi) by means of a court order, resolution or well-founded and reasoned mandate of a competent authority or legal provision so provides.

5.- MEANS TO EXERCISE THE RIGHTS OF THE OWNER RELATED TO THE PROCESSING OF THEIR PERSONAL DATA.

The Owner will have the right to “access” his/her personal data that are in the possession of The Responsible, through the process of request made to the person in charge of The Responsible in any of its means, records, files and backup systems, consequently, he/she may request the Responsible, at any time, to access, “rectify”, cancel or correct or oppose (ARCO) for causing damage or harm or automated processing with adverse legal effects to the processing of your personal data when they turn out to be inaccurate, incomplete or not updated.

Likewise, The Owner will have the right to request the cancellation of their personal data from the files, records, files and systems of The Responsible, initiating a blocking period in accordance with Article 24 of the Law, except in those cases in which such blocking and/or cancellation cannot be carried out in compliance with applicable laws.

For such purposes, The Owner or his/her legal representative may submit the request in writing to the Responsible, which shall contain at least the following information:

  1. Name of The Owner, address or other means of receiving notices.
  2. Documents that prove the identity or, where applicable, the legal representation of The Owner.
  3. The clear and precise description of the personal data with respect to which the exercise of the ARCO rights, which is intended to be exercised.
  4. Any other element or document that facilitates the location of personal data.
  5. In the event of rectification of personal data, the modifications to be made and the documents that support the change must be indicated.

The Responsible designates the person who will process the requests of The Owner, for the exercise of the ARCO rights by written communication by email addressed to Facundo Daniel Eroles at the address: [email protected] or through the Mexican Postal Service (Correos de México) or a courier company that registers or verifies the receipt of the document or in person at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

The Responsible will respond in accordance with the deadlines established in articles 30, 31, 32 and 33 of the Law.

The Responsible informs The Owner that the right to object will not be exercised in those cases in which the processing is necessary to comply with a legal obligation imposed on The Responsible.

The Responsible informs The Owner that the exercise of the ARCO Rights is free of charge.

7.- AMENDMENTS TO THE PRIVACY NOTICE.

The Responsible reserves the right to modify this Privacy Notice, in which case the changes made to it will be communicated through the Notice placed in a visible place at The Responsible´ s address, as well as on the page of the global computer network called https://mx.havas.com/es/ for which reason the Owner must consult the Privacy Notice on the aforementioned page or at the address of The Responsible.

 8.- INTERNATIONAL TRANSFER OF PERSONAL DATA.

The Responsible may transfer the Owner’s personal data internationally (through manual or automated procedures applied to the personal data), without the latter’s consent when:

a) Is provided for in a law or treaty to which México is a party;

b) It is made to companies of the same group or to any company of the same group of the Responsible that operates under the same internal processes and policies;

c) It is necessary by virtue of a contract entered into in the interest of The Owner;

d) For the safeguarding of a public interest, or for the procurement or administration of justice;

(e) It is necessary for the recognition, exercise or defense of a right in judicial proceedings; and

f) For the maintenance or fulfilment of a legal relationship between The Responsible and The Owner.

9.- APPLICATION OF THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (THE GDPR).

The Responsible makes its best effort with respect to the use of Personal Data; how it is obtained, how it is protected; and what period it keeps, with respect to individuals or legal persons that are part of the European Economic Community, in cases where it is applicable, in accordance with Article 3, section V, of the Law, and Article 4, 5 and Section Three of the Regulation of the Law, as well as Article 3.2 and other applicable provisions of the GDPR and other regulations of said legislation, as well as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and its Additional Protocol, relating to Supervisory Authorities and Cross-Border Data Flows, Published on June 12, 2018.

This regulation applies to the processing of personal data by a person responsible who is not established in the European Union, but in a place where the law of the Member States is applicable under public international law.

However, the laws in México related to data protection establish that The Owner may exercise their ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

 10.- IMPACT OF THE LAWS OF THE UNITED STATES OF AMERICA REGARDING THE PROTECTION OF DATA HELD BY THIRD PARTIES IN NATIONAL TERRITORY.

The requirements established in terms of data protection are those mentioned below: i.- publication of the privacy notice (manual or electronic means); ii.- the owner has rights such as access, cancellation, rectification and opposition of personal data with whom The Responsible has a relationship; iii.- ) Makes an effort to maintain security processes for the protection of personal data; iv.- The Responsible does not collect personal information from minors unless the consent of the parents and/or guardians is obtained.

 The laws in México related to the protection of personal data establish that the Owner may exercise his/her ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

11.- CONSULTATIONS.

For any doubt, comment or query or request from The Owner regarding this Notice in accordance with Article 28 of the Law, The Owner may consult the Privacy Notice at the address of The Responsible, as well as on the page of the global computer network called https://mx.havas.com/es/ or submit the written at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, en la Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

a) Any complaint or information about the processing of your personal data or questions regarding the Federal Law on the Protection of Personal Data in Possession of Private Parties and its Regulations, may be made to the Anti-Corruption and Good Government Ministry; and

b) Applicable Law: The interpretation and application of this Privacy Notice is governed by the Federal Law on the Protection of Personal Data in Possession of Private Parties, the Code of Civil Procedure and the Federal Law of Administrative Procedure and other administrative provisions, laws and regulations that are applicable.

CONSENT: The Owner of the Personal Data freely declares to have read the content of this Privacy Notice and has no opposition to it since they have been informed by The Responsible of their data in a specific and informed manner.

PRIVACY NOTICE (HAVAS WORLDWIDE MÉXICO SA DE CV)

In compliance with the provisions of the Federal Law on the Protection of Personal Data in Possession of Private Parties (The Law) published in the Federation´s Official Gazette on March 20, 2025, the following Privacy Notice is issued.

This document is made available to the Owner at the time their personal data is collected, so that The Responsible (who collects, stores and/or handles the Owner´s personal data) informs them of the processing of the same.

1.- IDENTITY OF THE PERSON RESPONSIBLE.

Havas Worldwide México, S.A. de C.V. (The Responsible) this legal entity, dedicated to the planning, conceptualize, any marketing and communication action, strategies conception, creative ideas, promotional mechanisms and advertising campaigns, public relations, with address at: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, with Federal Taxpayers Registry ERB9602136S8.

2.- PURPOSE.

The Responsible collects the personal data provided by its customers, suppliers, service providers, business partners, advisors and/or employees, related to its corporate purpose, or from any third party related to The Responsible, who may have authorized access to the products and/or services of The Responsible.

The Owner agrees to provide his/her personal data voluntarily and freely, which are included in contracts, letters, forms, deeds, databases or other means, as appropriate, and are shared and communicated to the authorities that legally have access to them and, in the cases so required, will act in the corresponding Public Registries. The Responsible obtains the personal data from the Owner in printed form or by any electronic, optical, sound, visual means or through any other technology through the Simplified Privacy Notice.

3.- PERSONAL DATA AND SENSITIVE PERSONAL DATA SUBJECT TO PROCESSING BY THE RESPONSIBLE PARTY.

The personal data used by The Responsible may include “sensitive personal data”; therefore, without limitation, the following are related:

 INDIVIDUALS

LEGAL ENTITIES

The Owner must prove the veracity of the aforementioned information with the corresponding documentation.

3.- CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA.

Confidentiality: refers to keeping, handling, maintaining the confidentiality of personal data, including sensitive personal data referred to by Law, which are provided by the Owner to The Responsible, as well as by employees and third parties with consent, whether physical, manual or automated, by obtaining, using, recording, organizing (through database) conservation, elaboration, use, communication, dissemination, storage, possession, access, handling, use, disclosure, in the cases established by law, transfer or disposal of personal data.

In addition, The Responsible will constantly make the best efforts through manual, administrative and/or technological means and internal protection procedures, to maintain the security of the Personal Data and Sensitive Personal Data that are provided to The Responsible to prevent unauthorized access to them.  The Responsible, in the case of Personal Data and Sensitive Personal Data of minors or persons in a state of interdiction or incapacity, requires the express and written consent of one of the parents or guardian or whoever exercises guardianship and custody; when the personal data and sensitive personal data correspond to a deceased person, the express written consent of the surviving spouse or one of their ascendants or descendants or of the person who proves to have a legal interest or of the person who has been previously designated by the Owner is required; in the aforementioned cases, consent will be recorded when signing this Privacy Notice or the Simplified Privacy Notice. 

Handling: The Personal Data provided to the Responsible is used in an appropriate and relevant manner in relation to the purpose and requirements of the Law, so has an orderly and systematic record of customers, personnel, as well as suppliers (service providers), and to coordinate all the services they provide for the Responsible.

The Responsible reasonably carries out the classification, handling and/or purification of the documentation and/or information related to personal data (including sensitive data), which upon completion of the purpose for which they were collected, will be blocked and/or destroyed by the Responsible, in accordance with the Law.

The Owner must provide the personal data in an accurate, complete, correct and updated manner for the purposes for which they were collected, however, The Responsible may verify the accuracy of such personal data.

The Responsible makes reasonable efforts to limit the period of processing of sensitive personal data so that it is the minimum necessary, with the exceptions set out in the applicable laws.

The Responsible may transfer personal data, including sensitive personal data, to related third parties for the purpose of fulfilling the purposes for which they were collected. Appropriate use will be made, and special care will be taken when such personal data is transmitted or used by a related third party, and these must be treated under the principles of legality, purpose, loyalty, consent, quality, proportionality, information and responsibility in accordance with the Law.

The Responsible reasonably implements administrative, technical and physical measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing; any significant violation in the property or morals of the Owner will be immediately reported to the latter.

Related third parties must establish the same protection controls as The Responsible.

 4.- LIMITATIONS ON USE AND DATA DISCLOSURE.

Personal Data that is provided to us through lawful or legitimate means is handled appropriately and confidentially.

Personal Data is and will be transferable to third parties in order to (a) comply with current legal obligations, (b) comply with a judicial or legal decision, and (c) the time that is necessary for the operation and functioning of The Responsible in compliance with the provisions to which The Responsible is subject.

The Responsible adopts the necessary and reasonable measures for the cancellation, blocking, where appropriate, handling and conservation of the personal data provided to it.

The Responsible will use cookies related to its corporate purpose, when browsing its website, The Owner may: a) opting to delete all or some of the cookies from your device through your browsing settings; b) opting to prevent the installation of cookies on your device through your browser settings; c) choose to enable or disable cookies that we use directly on our website https://mx.havas.com/es/.

The Responsible is not obliged to have the consent of The Owner of the personal data for its handling, in the following cases: (i) the data are in public access sources (the personal data can be consulted publicly), (ii) the personal data are in a process of dissociation, which does not allow the Responsible to identify The Owner (iii) for the fulfillment of the contractual obligations between The Owner and The Responsible (iv) there is an emergency situation that may potentially harm an individual in his or her person or assets, (v) the treatment for medical care, prevention, diagnosis, provision of health care, or the management of health services, while The Owner is not in a position to grant consent, in terms of the provisions of the General Health Law and other applicable legal regulations and that such data processing is carried out by a person subject to professional secrecy or equivalent obligation, or (vi) by means of a court order, resolution or well-founded and reasoned mandate of a competent authority or legal provision so provides.

 5.- MEANS TO EXERCISE THE RIGHTS OF THE OWNER RELATED TO THE PROCESSING OF THEIR PERSONAL DATA.

The Owner will have the right to “access” his/her personal data that are in the possession of The Responsible, through the process of request made to the person in charge of The Responsible in any of its means, records, files and backup systems, consequently, he/she may request the Responsible, at any time, to access, “rectify”, cancel or correct or oppose (ARCO) for causing damage or harm or automated processing with adverse legal effects to the processing of your personal data when they turn out to be inaccurate, incomplete or not updated.

Likewise, The Owner will have the right to request the cancellation of their personal data from the files, records, files and systems of The Responsible, initiating a blocking period in accordance with Article 24 of the Law, except in those cases in which such blocking and/or cancellation cannot be carried out in compliance with applicable laws.

For such purposes, The Owner or his/her legal representative may submit the request in writing to the Responsible, which shall contain at least the following information:

  1. Name of The Owner, address or other means of receiving notices.
  2. Documents that prove the identity or, where applicable, the legal representation of The Owner.
  3. The clear and precise description of the personal data with respect to which the exercise of the ARCO rights, which is intended to be exercised.
  4. Any other element or document that facilitates the location of personal data.
  5. In the event of rectification of personal data, the modifications to be made and the documents that support the change must be indicated.

The Responsible designates the person who will process the requests of The Owner, for the exercise of the ARCO rights by written communication by email addressed to Facundo Daniel Eroles at the address: [email protected] or through the Mexican Postal Service (Correos de México) or a courier company that registers or verifies the receipt of the document or in person at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

The Responsible will respond in accordance with the deadlines established in articles 30, 31, 32 and 33 of the Law.

The Responsible informs The Owner that the right to object will not be exercised in those cases in which the processing is necessary to comply with a legal obligation imposed on The Responsible.

The Responsible informs The Owner that the exercise of the ARCO Rights is free of charge.

7.- AMENDMENTS TO THE PRIVACY NOTICE.

The Responsible reserves the right to modify this Privacy Notice, in which case the changes made to it will be communicated through the Notice placed in a visible place at The Responsible´ s address, as well as on the page of the global computer network called https://mx.havas.com/es/ for which reason the Owner must consult the Privacy Notice on the aforementioned page or at the address of The Responsible.

 8.- INTERNATIONAL TRANSFER OF PERSONAL DATA.

The Responsible may transfer the Owner’s personal data internationally (through manual or automated procedures applied to the personal data), without the latter’s consent when:

a) Is provided for in a law or treaty to which México is a party;

b) It is made to companies of the same group or to any company of the same group of the Responsible that operates under the same internal processes and policies;

c) It is necessary by virtue of a contract entered into in the interest of The Owner;

d) For the safeguarding of a public interest, or for the procurement or administration of justice;

(e) It is necessary for the recognition, exercise or defense of a right in judicial proceedings; and

f) For the maintenance or fulfilment of a legal relationship between The Responsible and The Owner.

 9.- APPLICATION OF THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (THE GDPR).

The Responsible makes its best effort with respect to the use of Personal Data; how it is obtained, how it is protected; and what period it keeps, with respect to individuals or legal persons that are part of the European Economic Community, in cases where it is applicable, in accordance with Article 3, section V, of the Law, and Article 4, 5 and Section Three of the Regulation of the Law, as well as Article 3.2 and other applicable provisions of the GDPR and other regulations of said legislation, as well as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and its Additional Protocol, relating to Supervisory Authorities and Cross-Border Data Flows, Published on June 12, 2018.

This regulation applies to the processing of personal data by a person responsible who is not established in the European Union, but in a place where the law of the Member States is applicable under public international law.

However, the laws in México related to data protection establish that The Owner may exercise their ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

 10.- IMPACT OF THE LAWS OF THE UNITED STATES OF AMERICA REGARDING THE PROTECTION OF DATA HELD BY THIRD PARTIES IN NATIONAL TERRITORY.

The requirements established in terms of data protection are those mentioned below: i.- publication of the privacy notice (manual or electronic means); ii.- the owner has rights such as access, cancellation, rectification and opposition of personal data with whom The Responsible has a relationship; iii.- ) Makes an effort to maintain security processes for the protection of personal data; iv.- The Responsible does not collect personal information from minors unless the consent of the parents and/or guardians is obtained.

The laws in México related to the protection of personal data establish that the Owner may exercise his/her ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

11.- CONSULTATIONS.

For any doubt, comment or query or request from The Owner regarding this Notice in accordance with Article 28 of the Law, The Owner may consult the Privacy Notice at the address of The Responsible, as well as on the page of the global computer network called https://mx.havas.com/es/ or submit the written at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, en la Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

a) Any complaint or information about the processing of your personal data or questions regarding the Federal Law on the Protection of Personal Data in Possession of Private Parties and its Regulations, may be made to the Anti-Corruption and Good Government Ministry; and

b) Applicable Law: The interpretation and application of this Privacy Notice is governed by the Federal Law on the Protection of Personal Data in Possession of Private Parties, the Code of Civil Procedure and the Federal Law of Administrative Procedure and other administrative provisions, laws and regulations that are applicable.

CONSENT: The Owner of the Personal Data freely declares to have read the content of this Privacy Notice and has no opposition to it since they have been informed by The Responsible of their data in a specific and informed manner.

PRIVACY NOTICE (INTELLIGNOS BY HAVAS SA DE CV)

In compliance with the provisions of the Federal Law on the Protection of Personal Data in Possession of Private Parties (The Law) published in the Federation´s Official Gazette on March 20, 2025, the following Privacy Notice is issued.

This document is made available to the Owner at the time their personal data is collected, so that The Responsible (who collects, stores and/or handles the Owner´s personal data) informs them of the processing of the same.

1.- IDENTITY OF THE PERSON RESPONSIBLE.

Intellignos By Havas, S.A. de C.V. (The Responsible) this legal entity, dedicated to the rendering and hiring of technical, advisory services related to business activities, advertising, marketing, statistics, data analysis and consumer habits, which are required by individuals, legal entities, business groups and/or economic units, in México or abroad, with address at: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, with Federal Taxpayers Registry IBH210728BK6.

 2.- PURPOSE.

The Responsible collects the personal data provided by its customers, suppliers, service providers, business partners, advisors and/or employees, related to its corporate purpose, or from any third party related to The Responsible, who may have authorized access to the products and/or services of The Responsible.

 The Owner agrees to provide his/her personal data voluntarily and freely, which are included in contracts, letters, forms, deeds, databases or other means, as appropriate, and are shared and communicated to the authorities that legally have access to them and, in the cases so required, will act in the corresponding Public Registries. The Responsible obtains the personal data from the Owner in printed form or by any electronic, optical, sound, visual means or through any other technology through the Simplified Privacy Notice.

  3.- PERSONAL DATA AND SENSITIVE PERSONAL DATA SUBJECT TO PROCESSING BY THE RESPONSIBLE PARTY.

The personal data used by The Responsible may include “sensitive personal data”; therefore, without limitation, the following are related:

 INDIVIDUALS

LEGAL ENTITIES

The Owner must prove the veracity of the aforementioned information with the corresponding documentation.

3.- CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA.

Confidentiality: refers to keeping, handling, maintaining the confidentiality of personal data, including sensitive personal data referred to by Law, which are provided by the Owner to The Responsible, as well as by employees and third parties with consent, whether physical, manual or automated, by obtaining, using, recording, organizing (through database) conservation, elaboration, use, communication, dissemination, storage, possession, access, handling, use, disclosure, in the cases established by law, transfer or disposal of personal data.

In addition, The Responsible will constantly make the best efforts through manual, administrative and/or technological means and internal protection procedures, to maintain the security of the Personal Data and Sensitive Personal Data that are provided to The Responsible to prevent unauthorized access to them.The Responsible, in the case of Personal Data and Sensitive Personal Data of minors or persons in a state of interdiction or incapacity, requires the express and written consent of one of the parents or guardian or whoever exercises guardianship and custody; when the personal data and sensitive personal data correspond to a deceased person, the express written consent of the surviving spouse or one of their ascendants or descendants or of the person who proves to have a legal interest or of the person who has been previously designated by the Owner is required; in the aforementioned cases, consent will be recorded when signing this Privacy Notice or the Simplified Privacy Notice.

Handling: The Personal Data provided to the Responsible is used in an appropriate and relevant manner in relation to the purpose and requirements of the Law, so has an orderly and systematic record of customers, personnel, as well as suppliers (service providers), and to coordinate all the services they provide for the Responsible.

The Responsible reasonably carries out the classification, handling and/or purification of the documentation and/or information related to personal data (including sensitive data), which upon completion of the purpose for which they were collected, will be blocked and/or destroyed by the Responsible, in accordance with the Law.

The Owner must provide the personal data in an accurate, complete, correct and updated manner for the purposes for which they were collected, however, The Responsible may verify the accuracy of such personal data.

The Responsible makes reasonable efforts to limit the period of processing of sensitive personal data so that it is the minimum necessary, with the exceptions set out in the applicable laws.

The Responsible may transfer personal data, including sensitive personal data, to related third parties for the purpose of fulfilling the purposes for which they were collected. Appropriate use will be made, and special care will be taken when such personal data is transmitted or used by a related third party, and these must be treated under the principles of legality, purpose, loyalty, consent, quality, proportionality, information and responsibility in accordance with the Law.

The Responsible reasonably implements administrative, technical and physical measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing; any significant violation in the property or morals of the Owner will be immediately reported to the latter.

Related third parties must establish the same protection controls as The Responsible.

 4.- LIMITATIONS ON USE AND DATA DISCLOSURE.

Personal Data that is provided to us through lawful or legitimate means is handled appropriately and confidentially.

 Personal Data is and will be transferable to third parties in order to (a) comply with current legal obligations, (b) comply with a judicial or legal decision, and (c) the time that is necessary for the operation and functioning of The Responsible in compliance with the provisions to which The Responsible is subject.

The Responsible adopts the necessary and reasonable measures for the cancellation, blocking, where appropriate, handling and conservation of the personal data provided to it.

The Responsible will use cookies related to its corporate purpose, when browsing its website, The Owner may: a) opting to delete all or some of the cookies from your device through your browsing settings; b) opting to prevent the installation of cookies on your device through your browser settings; c) choose to enable or disable cookies that we use directly on our website https://mx.havas.com/es/.

The Responsible is not obliged to have the consent of The Owner of the personal data for its handling, in the following cases: (i) the data are in public access sources (the personal data can be consulted publicly), (ii) the personal data are in a process of dissociation, which does not allow the Responsible to identify The Owner (iii) for the fulfillment of the contractual obligations between The Owner and The Responsible (iv) there is an emergency situation that may potentially harm an individual in his or her person or assets, (v) the treatment for medical care, prevention, diagnosis, provision of health care, or the management of health services, while The Owner is not in a position to grant consent, in terms of the provisions of the General Health Law and other applicable legal regulations and that such data processing is carried out by a person subject to professional secrecy or equivalent obligation, or (vi) by means of a court order, resolution or well-founded and reasoned mandate of a competent authority or legal provision so provides.

5.- MEANS TO EXERCISE THE RIGHTS OF THE OWNER RELATED TO THE PROCESSING OF THEIR PERSONAL DATA.

The Owner will have the right to “access” his/her personal data that are in the possession of The Responsible, through the process of request made to the person in charge of The Responsible in any of its means, records, files and backup systems, consequently, he/she may request the Responsible, at any time, to access, “rectify”, cancel or correct or oppose (ARCO) for causing damage or harm or automated processing with adverse legal effects to the processing of your personal data when they turn out to be inaccurate, incomplete or not updated.

Likewise, The Owner will have the right to request the cancellation of their personal data from the files, records, files and systems of The Responsible, initiating a blocking period in accordance with Article 24 of the Law, except in those cases in which such blocking and/or cancellation cannot be carried out in compliance with applicable laws.

For such purposes, The Owner or his/her legal representative may submit the request in writing to the Responsible, which shall contain at least the following information:

  1. Name of The Owner, address or other means of receiving notices.
  2. Documents that prove the identity or, where applicable, the legal representation of The Owner.
  3. The clear and precise description of the personal data with respect to which the exercise of the ARCO rights, which is intended to be exercised.
  4. Any other element or document that facilitates the location of personal data.
  5. In the event of rectification of personal data, the modifications to be made and the documents that support the change must be indicated.

The Responsible designates the person who will process the requests of The Owner, for the exercise of the ARCO rights by written communication by email addressed to Facundo Daniel Eroles at the address: [email protected] or through the Mexican Postal Service (Correos de México) or a courier company that registers or verifies the receipt of the document or in person at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

The Responsible will respond in accordance with the deadlines established in articles 30, 31, 32 and 33 of the Law.

The Responsible informs The Owner that the right to object will not be exercised in those cases in which the processing is necessary to comply with a legal obligation imposed on The Responsible.

The Responsible informs The Owner that the exercise of the ARCO Rights is free of charge.

7.- AMENDMENTS  TO THE PRIVACY NOTICE.

The Responsible reserves the right to modify this Privacy Notice, in which case the changes made to it will be communicated through the Notice placed in a visible place at The Responsible´ s address, as well as on the page of the global computer network called https://mx.havas.com/es/ for which reason the Owner must consult the Privacy Notice on the aforementioned page or at the address of The Responsible.

 8.- INTERNATIONAL TRANSFER OF PERSONAL DATA.

The Responsible may transfer the Owner’s personal data internationally (through manual or automated procedures applied to the personal data), without the latter’s consent when:

a) Is provided for in a law or treaty to which México is a party;

b) It is made to companies of the same group or to any company of the same group of the Responsible that operates under the same internal processes and policies;

c) It is necessary by virtue of a contract entered into in the interest of The Owner;

d) For the safeguarding of a public interest, or for the procurement or administration of justice;

(e) It is necessary for the recognition, exercise or defense of a right in judicial proceedings; and

f) For the maintenance or fulfilment of a legal relationship between The Responsible and The Owner.

9.- APPLICATION OF THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (THE GDPR).

The Responsible makes its best effort with respect to the use of Personal Data; how it is obtained, how it is protected; and what period it keeps, with respect to individuals or legal persons that are part of the European Economic Community, in cases where it is applicable, in accordance with Article 3, section V, of the Law, and Article 4, 5 and Section Three of the Regulation of the Law, as well as Article 3.2 and other applicable provisions of the GDPR and other regulations of said legislation, as well as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and its Additional Protocol, relating to Supervisory Authorities and Cross-Border Data Flows, Published on June 12, 2018.

This regulation applies to the processing of personal data by a person responsible who is not established in the European Union, but in a place where the law of the Member States is applicable under public international law.

However, the laws in México related to data protection establish that The Owner may exercise their ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

 10.- IMPACT OF THE LAWS OF THE UNITED STATES OF AMERICA REGARDING THE PROTECTION OF DATA HELD BY THIRD PARTIES IN NATIONAL TERRITORY.

The requirements established in terms of data protection are those mentioned below: i.- publication of the privacy notice (manual or electronic means); ii.- the owner has rights such as access, cancellation, rectification and opposition of personal data with whom The Responsible has a relationship; iii.- ) Makes an effort to maintain security processes for the protection of personal data; iv.- The Responsible does not collect personal information from minors unless the consent of the parents and/or guardians is obtained.

 The laws in México related to the protection of personal data establish that the Owner may exercise his/her ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

11.- CONSULTATIONS.

For any doubt, comment or query or request from The Owner regarding this Notice in accordance with Article 28 of the Law, The Owner may consult the Privacy Notice at the address of The Responsible, as well as on the page of the global computer network called https://mx.havas.com/es/ or submit the written at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, en la Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

a) Any complaint or information about the processing of your personal data or questions regarding the Federal Law on the Protection of Personal Data in Possession of Private Parties and its Regulations, may be made to the Anti-Corruption and Good Government Ministry; and

b) Applicable Law: The interpretation and application of this Privacy Notice is governed by the Federal Law on the Protection of Personal Data in Possession of Private Parties, the Code of Civil Procedure and the Federal Law of Administrative Procedure and other administrative provisions, laws and regulations that are applicable.

CONSENT: The Owner of the Personal Data freely declares to have read the content of this Privacy Notice and has no opposition to it since they have been informed by The Responsible of their data in a specific and informed manner.

PRIVACY NOTICE (MOTECH BY HAVAS SA DE CV)

In compliance with the provisions of the Federal Law on the Protection of Personal Data in Possession of Private Parties (The Law) published in the Federation´s Official Gazette on March 20, 2025, the following Privacy Notice is issued.

This document is made available to the Owner at the time their personal data is collected, so that The Responsible (who collects, stores and/or handles the Owner´s personal data) informs them of the processing of the same.

1.- IDENTITY OF THE PERSON RESPONSIBLE.

Motech By Havas, S.A. de C.V. (The Responsible) this legal entity, dedicated to the strategic and creative development of marketing strategies, advertising campaigns, direct mail campaigns and promotions; the production of graphic and audiovisual materials; the administration, development and trading of databases, as well as the development and trading of applications (software) for marketing; the development of websites and email campaigns, online advertising and any kind of interactive applications, with address at: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, with Federal Taxpayers Registry RAB220302KH8.

2.- PURPOSE.

The Responsible collects the personal data provided by its customers, suppliers, service providers, business partners, advisors and/or employees, related to its corporate purpose, or from any third party related to The Responsible, who may have authorized access to the products and/or services of The Responsible.

The Owner agrees to provide his/her personal data voluntarily and freely, which are included in contracts, letters, forms, deeds, databases or other means, as appropriate, and are shared and communicated to the authorities that legally have access to them and, in the cases so required, will act in the corresponding Public Registries. The Responsible obtains the personal data from the Owner in printed form or by any electronic, optical, sound, visual means or through any other technology through the Simplified Privacy Notice.

 3.- PERSONAL DATA AND SENSITIVE PERSONAL DATA SUBJECT TO PROCESSING BY THE RESPONSIBLE PARTY.

The personal data used by The Responsible may include “sensitive personal data”; therefore, without limitation, the following are related:

INDIVIDUALS

LEGAL ENTITIES

The Owner must prove the veracity of the aforementioned information with the corresponding documentation.

3.- CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA.

Confidentiality: refers to keeping, handling, maintaining the confidentiality of personal data, including sensitive personal data referred to by Law, which are provided by the Owner to The Responsible, as well as by employees and third parties with consent, whether physical, manual or automated, by obtaining, using, recording, organizing (through database) conservation, elaboration, use, communication, dissemination, storage, possession, access, handling, use, disclosure, in the cases established by law, transfer or disposal of personal data.

In addition, The Responsible will constantly make the best efforts through manual, administrative and/or technological means and internal protection procedures, to maintain the security of the Personal Data and Sensitive Personal Data that are provided to The Responsible to prevent unauthorized access to them.  The Responsible, in the case of Personal Data and Sensitive Personal Data of minors or persons in a state of interdiction or incapacity, requires the express and written consent of one of the parents or guardian or whoever exercises guardianship and custody; when the personal data and sensitive personal data correspond to a deceased person, the express written consent of the surviving spouse or one of their ascendants or descendants or of the person who proves to have a legal interest or of the person who has been previously designated by the Owner is required; in the aforementioned cases, consent will be recorded when signing this Privacy Notice or the Simplified Privacy Notice. 

Handling: The Personal Data provided to the Responsible is used in an appropriate and relevant manner in relation to the purpose and requirements of the Law, so has an orderly and systematic record of customers, personnel, as well as suppliers (service providers), and to coordinate all the services they provide for the Responsible.

The Responsible reasonably carries out the classification, handling and/or purification of the documentation and/or information related to personal data (including sensitive data), which upon completion of the purpose for which they were collected, will be blocked and/or destroyed by the Responsible, in accordance with the Law.

The Owner must provide the personal data in an accurate, complete, correct and updated manner for the purposes for which they were collected, however, The Responsible may verify the accuracy of such personal data.

The Responsible makes reasonable efforts to limit the period of processing of sensitive personal data so that it is the minimum necessary, with the exceptions set out in the applicable laws.

The Responsible may transfer personal data, including sensitive personal data, to related third parties for the purpose of fulfilling the purposes for which they were collected. Appropriate use will be made, and special care will be taken when such personal data is transmitted or used by a related third party, and these must be treated under the principles of legality, purpose, loyalty, consent, quality, proportionality, information and responsibility in accordance with the Law.

The Responsible reasonably implements administrative, technical and physical measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing; any significant violation in the property or morals of the Owner will be immediately reported to the latter.

Related third parties must establish the same protection controls as The Responsible.

 4.- LIMITATIONS ON USE AND DATA DISCLOSURE.

Personal Data that is provided to us through lawful or legitimate means is handled appropriately and confidentially.

Personal Data is and will be transferable to third parties in order to (a) comply with current legal obligations, (b) comply with a judicial or legal decision, and (c) the time that is necessary for the operation and functioning of The Responsible in compliance with the provisions to which The Responsible is subject.

The Responsible adopts the necessary and reasonable measures for the cancellation, blocking, where appropriate, handling and conservation of the personal data provided to it.

The Responsible will use cookies related to its corporate purpose, when browsing its website, The Owner may: a) opting to delete all or some of the cookies from your device through your browsing settings; b) opting to prevent the installation of cookies on your device through your browser settings; c) choose to enable or disable cookies that we use directly on our website https://mx.havas.com/es/.

The Responsible is not obliged to have the consent of The Owner of the personal data for its handling, in the following cases: (i) the data are in public access sources (the personal data can be consulted publicly), (ii) the personal data are in a process of dissociation, which does not allow the Responsible to identify The Owner (iii) for the fulfillment of the contractual obligations between The Owner and The Responsible (iv) there is an emergency situation that may potentially harm an individual in his or her person or assets, (v) the treatment for medical care, prevention, diagnosis, provision of health care, or the management of health services, while The Owner is not in a position to grant consent, in terms of the provisions of the General Health Law and other applicable legal regulations and that such data processing is carried out by a person subject to professional secrecy or equivalent obligation, or (vi) by means of a court order, resolution or well-founded and reasoned mandate of a competent authority or legal provision so provides.

 5.- MEANS TO EXERCISE THE RIGHTS OF THE OWNER RELATED TO THE PROCESSING OF THEIR PERSONAL DATA.

The Owner will have the right to “access” his/her personal data that are in the possession of The Responsible, through the process of request made to the person in charge of The Responsible in any of its means, records, files and backup systems, consequently, he/she may request the Responsible, at any time, to access, “rectify”, cancel or correct or oppose (ARCO) for causing damage or harm or automated processing with adverse legal effects to the processing of your personal data when they turn out to be inaccurate, incomplete or not updated.

Likewise, The Owner will have the right to request the cancellation of their personal data from the files, records, files and systems of The Responsible, initiating a blocking period in accordance with Article 24 of the Law, except in those cases in which such blocking and/or cancellation cannot be carried out in compliance with applicable laws.

For such purposes, The Owner or his/her legal representative may submit the request in writing to the Responsible, which shall contain at least the following information:

  1. Name of The Owner, address or other means of receiving notices.
  2. Documents that prove the identity or, where applicable, the legal representation of The Owner.
  3. The clear and precise description of the personal data with respect to which the exercise of the ARCO rights, which is intended to be exercised.
  4. Any other element or document that facilitates the location of personal data.
  5. In the event of rectification of personal data, the modifications to be made and the documents that support the change must be indicated.

The Responsible designates the person who will process the requests of The Owner, for the exercise of the ARCO rights by written communication by email addressed to Facundo Daniel Eroles at the address: [email protected] or through the Mexican Postal Service (Correos de México) or a courier company that registers or verifies the receipt of the document or in person at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

The Responsible will respond in accordance with the deadlines established in articles 30, 31, 32 and 33 of the Law.

The Responsible informs The Owner that the right to object will not be exercised in those cases in which the processing is necessary to comply with a legal obligation imposed on The Responsible.

The Responsible informs The Owner that the exercise of the ARCO Rights is free of charge.

7.- AMENDMENTS TO THE PRIVACY NOTICE.

The Responsible reserves the right to modify this Privacy Notice, in which case the changes made to it will be communicated through the Notice placed in a visible place at The Responsible´ s address, as well as on the page of the global computer network called https://mx.havas.com/es/ for which reason the Owner must consult the Privacy Notice on the aforementioned page or at the address of The Responsible.

 8.- INTERNATIONAL TRANSFER OF PERSONAL DATA.

The Responsible may transfer the Owner’s personal data internationally (through manual or automated procedures applied to the personal data), without the latter’s consent when:

a) Is provided for in a law or treaty to which México is a party;

b) It is made to companies of the same group or to any company of the same group of the Responsible that operates under the same internal processes and policies;

c) It is necessary by virtue of a contract entered into in the interest of The Owner;

d) For the safeguarding of a public interest, or for the procurement or administration of justice;

(e) It is necessary for the recognition, exercise or defense of a right in judicial proceedings; and

f) For the maintenance or fulfilment of a legal relationship between The Responsible and The Owner.

 9.- APPLICATION OF THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (THE GDPR).

The Responsible makes its best effort with respect to the use of Personal Data; how it is obtained, how it is protected; and what period it keeps, with respect to individuals or legal persons that are part of the European Economic Community, in cases where it is applicable, in accordance with Article 3, section V, of the Law, and Article 4, 5 and Section Three of the Regulation of the Law, as well as Article 3.2 and other applicable provisions of the GDPR and other regulations of said legislation, as well as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and its Additional Protocol, relating to Supervisory Authorities and Cross-Border Data Flows, Published on June 12, 2018.

This regulation applies to the processing of personal data by a person responsible who is not established in the European Union, but in a place where the law of the Member States is applicable under public international law.

However, the laws in México related to data protection establish that The Owner may exercise their ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

 10.- IMPACT OF THE LAWS OF THE UNITED STATES OF AMERICA REGARDING THE PROTECTION OF DATA HELD BY THIRD PARTIES IN NATIONAL TERRITORY.

The requirements established in terms of data protection are those mentioned below: i.- publication of the privacy notice (manual or electronic means); ii.- the owner has rights such as access, cancellation, rectification and opposition of personal data with whom The Responsible has a relationship; iii.- ) Makes an effort to maintain security processes for the protection of personal data; iv.- The Responsible does not collect personal information from minors unless the consent of the parents and/or guardians is obtained.

The laws in México related to the protection of personal data establish that the Owner may exercise his/her ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

11.- CONSULTATIONS.

For any doubt, comment or query or request from The Owner regarding this Notice in accordance with Article 28 of the Law, The Owner may consult the Privacy Notice at the address of The Responsible, as well as on the page of the global computer network called https://mx.havas.com/es/ or submit the written at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, en la Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

a) Any complaint or information about the processing of your personal data or questions regarding the Federal Law on the Protection of Personal Data in Possession of Private Parties and its Regulations, may be made to the Anti-Corruption and Good Government Ministry; and

b) Applicable Law: The interpretation and application of this Privacy Notice is governed by the Federal Law on the Protection of Personal Data in Possession of Private Parties, the Code of Civil Procedure and the Federal Law of Administrative Procedure and other administrative provisions, laws and regulations that are applicable.

 CONSENT: The Owner of the Personal Data freely declares to have read the content of this Privacy Notice and has no opposition to it since they have been informed by The Responsible of their data in a specific and informed manner.

PRIVACY NOTICE (HAVAS XCHANGE SA DE CV)

In compliance with the provisions of the Federal Law on the Protection of Personal Data in Possession of Private Parties (The Law) published in the Federation´s Official Gazette on March 20, 2025, the following Privacy Notice is issued.

This document is made available to the Owner at the time their personal data is collected, so that The Responsible (who collects, stores and/or handles the Owner´s personal data) informs them of the processing of the same.

1.- IDENTITY OF THE PERSON RESPONSIBLE. Havas Xchange, S.A. de C.V. (The Responsible)

This legal entity, dedicated to the trading and industry in general of all kinds of movable assets and real estate, subject to trading; with address at: Av. Paseo de la Reforma No. 296, 44 piso, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de Mexico, Mexico, with Federal Taxpayers Registry HXC210728MD5.

 2.- PURPOSE

The Responsible collects the personal data provided by its customers, suppliers, service providers, business partners, advisors and/or employees, related to its corporate purpose, or from any third party related to The Responsible, who may have authorized access to the products and/or services of The Responsible.

 The Owner agrees to provide his/her personal data voluntarily and freely, which are included in contracts, letters, forms, deeds, databases or other means, as appropriate, and are shared and communicated to the authorities that legally have access to them and, in the cases so required, will act in the corresponding Public Registries. The Responsible obtains the personal data from the Owner in printed form or by any electronic, optical, sound, visual means or through any other technology through the Simplified Privacy Notice.

 3.- PERSONAL DATA AND SENSITIVE PERSONAL DATA SUBJECT TO PROCESSING BY THE RESPONSIBLE PARTY.

The personal data used by The Responsible may include “sensitive personal data”; therefore, without limitation, the following are related:

 INDIVIDUALS

LEGAL ENTITIES

The Owner must prove the veracity of the aforementioned information with the corresponding documentation.

3.- CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA.

Confidentiality: refers to keeping, handling, maintaining the confidentiality of personal data, including sensitive personal data referred to by Law, which are provided by the Owner to The Responsible, as well as by employees and third parties with consent, whether physical, manual or automated, by obtaining, using, recording, organizing (through database) conservation, elaboration, use, communication, dissemination, storage, possession, access, handling, use, disclosure, in the cases established by law, transfer or disposal of personal data.

In addition, The Responsible will constantly make the best efforts through manual, administrative and/or technological means and internal protection procedures, to maintain the security of the Personal Data and Sensitive Personal Data that are provided to The Responsible to prevent unauthorized access to them.The Responsible, in the case of Personal Data and Sensitive Personal Data of minors or persons in a state of interdiction or incapacity, requires the express and written consent of one of the parents or guardian or whoever exercises guardianship and custody; when the personal data and sensitive personal data correspond to a deceased person, the express written consent of the surviving spouse or one of their ascendants or descendants or of the person who proves to have a legal interest or of the person who has been previously designated by the Owner is required; in the aforementioned cases, consent will be recorded when signing this Privacy Notice or the Simplified Privacy Notice.

Handling: The Personal Data provided to the Responsible is used in an appropriate and relevant manner in relation to the purpose and requirements of the Law, so has an orderly and systematic record of customers, personnel, as well as suppliers (service providers), and to coordinate all the services they provide for the Responsible.

The Responsible reasonably carries out the classification, handling and/or purification of the documentation and/or information related to personal data (including sensitive data), which upon completion of the purpose for which they were collected, will be blocked and/or destroyed by the Responsible, in accordance with the Law.

The Owner must provide the personal data in an accurate, complete, correct and updated manner for the purposes for which they were collected, however, The Responsible may verify the accuracy of such personal data.

The Responsible makes reasonable efforts to limit the period of processing of sensitive personal data so that it is the minimum necessary, with the exceptions set out in the applicable laws.

The Responsible may transfer personal data, including sensitive personal data, to related third parties for the purpose of fulfilling the purposes for which they were collected. Appropriate use will be made, and special care will be taken when such personal data is transmitted or used by a related third party, and these must be treated under the principles of legality, purpose, loyalty, consent, quality, proportionality, information and responsibility in accordance with the Law.

The Responsible reasonably implements administrative, technical and physical measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing; any significant violation in the property or morals of the Owner will be immediately reported to the latter.

Related third parties must establish the same protection controls as The Responsible.

 4.- LIMITATIONS ON USE AND DATA DISCLOSURE.

Personal Data that is provided to us through lawful or legitimate means is handled appropriately and confidentially.

 Personal Data is and will be transferable to third parties in order to (a) comply with current legal obligations, (b) comply with a judicial or legal decision, and (c) the time that is necessary for the operation and functioning of The Responsible in compliance with the provisions to which The Responsible is subject.

The Responsible adopts the necessary and reasonable measures for the cancellation, blocking, where appropriate, handling and conservation of the personal data provided to it.

The Responsible will use cookies related to its corporate purpose, when browsing its website, The Owner may: a) opting to delete all or some of the cookies from your device through your browsing settings; b) opting to prevent the installation of cookies on your device through your browser settings; c) choose to enable or disable cookies that we use directly on our website https://mx.havas.com/es/.

The Responsible is not obliged to have the consent of The Owner of the personal data for its handling, in the following cases: (i) the data are in public access sources (the personal data can be consulted publicly), (ii) the personal data are in a process of dissociation, which does not allow the Responsible to identify The Owner (iii) for the fulfillment of the contractual obligations between The Owner and The Responsible (iv) there is an emergency situation that may potentially harm an individual in his or her person or assets, (v) the treatment for medical care, prevention, diagnosis, provision of health care, or the management of health services, while The Owner is not in a position to grant consent, in terms of the provisions of the General Health Law and other applicable legal regulations and that such data processing is carried out by a person subject to professional secrecy or equivalent obligation, or (vi) by means of a court order, resolution or well-founded and reasoned mandate of a competent authority or legal provision so provides.

5.- MEANS TO EXERCISE THE RIGHTS OF THE OWNER RELATED TO THE PROCESSING OF THEIR PERSONAL DATA.

The Owner will have the right to “access” his/her personal data that are in the possession of The Responsible, through the process of request made to the person in charge of The Responsible in any of its means, records, files and backup systems, consequently, he/she may request the Responsible, at any time, to access, “rectify”, cancel or correct or oppose (ARCO) for causing damage or harm or automated processing with adverse legal effects to the processing of your personal data when they turn out to be inaccurate, incomplete or not updated.

Likewise, The Owner will have the right to request the cancellation of their personal data from the files, records, files and systems of The Responsible, initiating a blocking period in accordance with Article 24 of the Law, except in those cases in which such blocking and/or cancellation cannot be carried out in compliance with applicable laws.

For such purposes, The Owner or his/her legal representative may submit the request in writing to the Responsible, which shall contain at least the following information:

  1. Name of The Owner, address or other means of receiving notices.
  2. Documents that prove the identity or, where applicable, the legal representation of The Owner.
  3. The clear and precise description of the personal data with respect to which the exercise of the ARCO rights, which is intended to be exercised.
  4. Any other element or document that facilitates the location of personal data.
  5. In the event of rectification of personal data, the modifications to be made and the documents that support the change must be indicated.

The Responsible designates the person who will process the requests of The Owner, for the exercise of the ARCO rights by written communication by email addressed to Facundo Daniel Eroles at the address: [email protected] or through the Mexican Postal Service (Correos de México) or a courier company that registers or verifies the receipt of the document or in person at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

The Responsible will respond in accordance with the deadlines established in articles 30, 31, 32 and 33 of the Law.

The Responsible informs The Owner that the right to object will not be exercised in those cases in which the processing is necessary to comply with a legal obligation imposed on The Responsible.

The Responsible informs The Owner that the exercise of the ARCO Rights is free of charge.

7.- AMENDMENTS  TO THE PRIVACY NOTICE.

The Responsible reserves the right to modify this Privacy Notice, in which case the changes made to it will be communicated through the Notice placed in a visible place at The Responsible´ s address, as well as on the page of the global computer network called https://mx.havas.com/es/ for which reason the Owner must consult the Privacy Notice on the aforementioned page or at the address of The Responsible.

 8.- INTERNATIONAL TRANSFER OF PERSONAL DATA.

The Responsible may transfer the Owner’s personal data internationally (through manual or automated procedures applied to the personal data), without the latter’s consent when:

a) Is provided for in a law or treaty to which México is a party;

b) It is made to companies of the same group or to any company of the same group of the Responsible that operates under the same internal processes and policies;

c) It is necessary by virtue of a contract entered into in the interest of The Owner;

d) For the safeguarding of a public interest, or for the procurement or administration of justice;

(e) It is necessary for the recognition, exercise or defense of a right in judicial proceedings; and

f) For the maintenance or fulfilment of a legal relationship between The Responsible and The Owner.

9.- APPLICATION OF THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (THE GDPR).

The Responsible makes its best effort with respect to the use of Personal Data; how it is obtained, how it is protected; and what period it keeps, with respect to individuals or legal persons that are part of the European Economic Community, in cases where it is applicable, in accordance with Article 3, section V, of the Law, and Article 4, 5 and Section Three of the Regulation of the Law, as well as Article 3.2 and other applicable provisions of the GDPR and other regulations of said legislation, as well as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and its Additional Protocol, relating to Supervisory Authorities and Cross-Border Data Flows, Published on June 12, 2018.

This regulation applies to the processing of personal data by a person responsible who is not established in the European Union, but in a place where the law of the Member States is applicable under public international law.

However, the laws in México related to data protection establish that The Owner may exercise their ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

 10.- IMPACT OF THE LAWS OF THE UNITED STATES OF AMERICA REGARDING THE PROTECTION OF DATA HELD BY THIRD PARTIES IN NATIONAL TERRITORY.

The requirements established in terms of data protection are those mentioned below: i.- publication of the privacy notice (manual or electronic means); ii.- the owner has rights such as access, cancellation, rectification and opposition of personal data with whom The Responsible has a relationship; iii.- ) Makes an effort to maintain security processes for the protection of personal data; iv.- The Responsible does not collect personal information from minors unless the consent of the parents and/or guardians is obtained.

 The laws in México related to the protection of personal data establish that the Owner may exercise his/her ARCO rights in México and in the background the application of other laws outside México, adhering to the rules of Public International Law.

11.- CONSULTATIONS.

For any doubt, comment or query or request from The Owner regarding this Notice in accordance with Article 28 of the Law, The Owner may consult the Privacy Notice at the address of The Responsible, as well as on the page of the global computer network called https://mx.havas.com/es/ or submit the written at the following address: Av. Paseo de la Reforma No. 296, piso 44, Colonia Juárez, Alcaldía Cuauhtémoc, Código Postal 06600, en la Ciudad de México, México, telephone: 55 91 77 60 00. Attention: Facundo Daniel Eroles.

a) Any complaint or information about the processing of your personal data or questions regarding the Federal Law on the Protection of Personal Data in Possession of Private Parties and its Regulations, may be made to the Anti-Corruption and Good Government Ministry; and

b) Applicable Law: The interpretation and application of this Privacy Notice is governed by the Federal Law on the Protection of Personal Data in Possession of Private Parties, the Code of Civil Procedure and the Federal Law of Administrative Procedure and other administrative provisions, laws and regulations that are applicable.

CONSENT: The Owner of the Personal Data freely declares to have read the content of this Privacy Notice and has no opposition to it since they have been informed by The Responsible of their data in a specific and informed manner

 

This Notice was posted on: