PRIVACY POLICY

JOYAS DE LA TIERRA, SA DE CV, in compliance with the Federal Law on Protection of Personal Data Held by Private Parties, issues this Privacy Policy, once it receives and retains personal data of its customers, employees and suppliers, carrying out a legitimate, controlled and informed treatment, which guarantees their privacy rights and the appropriate use of said data for the manufacture and sale of silver jewelry, carrying out procedures before authorities and public institutions such as the IMSS and Infonavit, as well as for contracting major medical expense insurance policies, administrative procedures and procedures for hiring employees and suppliers of the company in its different areas, payroll and commission payments, control of collective account balances, resource management, establishing contact and communication with customers and suppliers, sending quotes, billing, price changes, etc., as well as internal control of the different activities that must be carried out to carry out the company's business.

I.- Identification of the person responsible and processing of your personal data.

In accordance with the provisions of Article 17, Section II of the Federal Law on the Protection of Personal Data Held by Private Parties, we inform you that JOYAS DE LA TIERRA, SA DE CV (the “Controller”), with address at Av. Rubén Darío #1251, Colonia Providencia, CP 44630, Guadalajara, Jalisco (the “Contact Address”), will process the personal data it collects from you under the terms of this Privacy Policy.

II.- Purposes.

The treatment will be carried out for the following purposes:

a).- Necessary for the legal relationship with the Controller:

Obtain the necessary information from customers and suppliers to carry out the employment, commercial and industrial relationship for the manufacture and sale of silver jewelry, in addition to maintaining communication via email and telephone with customers and suppliers, establishing contact for the purposes of our employment, commercial and industrial relationship, billing, price changes, etc. Likewise, for procedures before the IMSS and Infonavit, as well as for the contracting of major medical expense insurance policies, to carry out the hiring of employees and suppliers of the company. The personal data requested are the following:

1. For Clients: full name; address; telephone number; email; RFC registration card; proof of address (in the case of a legal entity); among others.
2. From Suppliers: RFC registration card; full name; address; telephone number; email; voter ID of the natural person or, where applicable, of the legal representative of the legal entity; proof of address (in the case of a legal entity); banking information, such as account number, interbank code and bank; among others.

iii. For employees: birth certificate; proof of address; voter ID; CURP; Infonavit withholding letter (in case of having credit); letter of recommendation from previous job; job application or resume.

b).- Others:

1. Make transfers of your personal data to third parties, in accordance with the Privacy Policy.

Therefore, and in order to achieve the purposes set out above, the following personal data will be processed: name, surname, address, telephone number, email, RFC, CURP, bank details such as account number and interbank code, among others.

III.- Options to limit the use or disclosure of your personal data.

The Controller has appointed a personal data officer (the “Privacy Officer”), therefore you may limit the use or disclosure of your personal data in person before “the Controller”, at the company address indicated above.

IV.- Means to revoke consent for the processing of personal data.

You may revoke your consent to the processing of your personal data in the same manner in which you gave your consent. If, after revocation, you request confirmation of the same, “the Controller” will respond expressly.

V.- Means to exercise ARCO rights.

You have the right to (i) access your personal data in our possession and know the details of the processing thereof, (ii) rectify them if they are inaccurate or incomplete, (iii) cancel them when you consider that they are not required for any of the purposes indicated in this Privacy Policy, they are being used for purposes not consented to or the contractual or service relationship has ended, or (iv) oppose the processing of them for specific purposes, as provided by law (jointly, the “ARCO Rights”).

To exercise your ARCO Rights, you must submit a request (the “ARCO Request”) to the Controller, to the attention of the Privacy Officer, at the Contact Address, accompanied by the following information and documentation.

1. Your name, address and email address so that we can communicate the response to the ARCO Request.
2. A copy of the documents that prove your identity (copy of IFE, passport or any other official identification) or, where applicable, the documents that prove your legal representation, the original of which must be presented in order to receive a response from the Controller.
3. A clear and precise description of the personal data in respect of which you seek to exercise any of the ARCO Rights.
4. Any document or information that facilitates the location of your personal data; and
5. If you request a correction of your personal data, you must also indicate the changes to be made and provide the documentation to support your request.

The Privacy Officer will respond to your ARCO Request and the reasons for his/her decision by email, within a maximum period of 20 business days, counted from the day your ARCO Request was received. If the ARCO Request is answered affirmatively or appropriately, the requested changes will be made within a maximum period of 15 business days. The Controller may notify you within the periods referred to in this paragraph of the extension of the same, for one time only, for a period equal to the original.

The Controller may deny access (the “Refusal”) for you to exercise your ARCO Rights, in the cases permitted by Law, and must inform you of the reason for such decision.

The refusal may be partial, in which case the Controller will carry out the access, rectification, cancellation or opposition in the relevant part.

The exercise of ARCO Rights will be free of charge, but if you repeat your request in a period of less than twelve months, the costs will be three days of the General Minimum Wage in force in the DF, plus VAT, unless there are substantial modifications to the Privacy Policy, which motivate new ARCO Requests. You must cover the justified shipping costs or the cost of reproduction in copies or other formats and, where applicable, the cost of document certification.

VI.- Changes or modifications to the Privacy Policy.

The Controller reserves the right to make changes or updates to this Privacy Policy at any time, with the understanding that any changes to it will be made known to you by means of the publication of a notice on the Controller's website, so we recommend that you check it frequently.

In the event of a security breach at any stage of the processing of personal data, which significantly affects your property or moral rights, the Privacy Officer will immediately notify you by email of the security breach, so that you can take the necessary measures to defend your rights. If we do not have your email address, the notification will be published on the website of the Controller.

VII.- Consent.

I consent to the processing of my personal data for the purposes necessary for the legal relationship with the Controller (Refusing to process your personal data will result in the impossibility of establishing a legal relationship with the Controller).