Privacy notice

This document constitutes the Privacy Notice of Unión Fenosa México, S.A. de C.V., Fuerza y Energía de Tuxpan, S.A. de C.V., Fuerza y Energía de Naco-Nogales, S.A. de C.V., Fuerza y Energía de Hermosillo, S.A. de C.V., Fuerza y Energía de Norte Durango, S.A. de C.V., Fuerza y Energía Bii Hioxo, S.A. de C.V., Proyectos Balmes México, S.A. de C.V., GPG Energía México, S.A. de C.V., (hereinafter “GPG”), with registered office located at Avenida Marina Nacional No. 60, 6th floor, Col. Tacuba, Miguel Hidalgo Borough, CP.11410, CDMX, in accordance with the provisions of the Federal Law on Protection of Personal Data Held by Private Parties and its Regulations, as well as other legal provisions related to it. Please read carefully the Terms and Conditions contained in this “Privacy Notice”, which will apply to any type of personal and/or sensitive information collected by GPG in its capacity as the responsible party.

For the purposes of this Privacy Notice, the terms used herein and not defined shall have the meanings attributed to them by law. The purpose of this Privacy Notice is to establish the terms and conditions under which “GPG” (or the Designated Manager by “GPG”) (i) will receive and protect your Personal Data, in order to protect your privacy and your right to informational self-determination; (ii) will use your Personal Data and, (iii) will, if applicable, transfer your Data to third parties.

Definitions

For the purposes of this Privacy Notice, the following terms shall be understood as:

GPG”: Will collectively include the business group formed by the following legal entities: Unión Fenosa México, S.A. de C.V., Fuerza y Energía de Tuxpan, S.A. de C.V., Fuerza y Energía de Naco-Nogales, S.A. de C.V., Fuerza y Energía de Hermosillo, S.A. de C.V., Fuerza y Energía de Norte Durango, S.A. de C.V., Fuerza y Energía Bii Hioxo, S.A. de C.V., Proyectos Balmes México, S.A. de C.V., GPG Energía México, S.A. de C.V.

Database”: An ordered set of personal data referring to an identified or identifiable person.

Data Blocking”: Refers to the identification and conservation of Personal Data, once the purpose for which they were collected is fulfilled, and its purpose is to determine the possible responsibilities regarding their processing, until the expiration of the legal or contractual period.

Consent”: Means the expression of the will of the data subject, through which the processing of their data is carried out.

Cookies”: Small data files transferred by the website to your computer’s hard drive when browsing the site. Session cookies do not remain on your computer after you close your browser session, while persistent cookies remain on your computer until they are deleted or expire.

Personal Data”: Any information concerning an identified or identifiable individual.

Sensitive Personal Data”: Those personal data that affect the most intimate sphere of the data subject, or whose improper use could lead to discrimination or involve a serious risk for them. In particular, data that may reveal aspects such as racial or ethnic origin, present or future health status, genetic information, religious, philosophical, and moral beliefs, union affiliation, political opinions, and/or sexual preference are considered sensitive.

ARCO Rights”: The rights of access, rectification, cancellation, and opposition.

Right of Access”: The right of the data subject to know about the Personal Data related to them held by the Responsible Party or their Managers, as well as to whom they have been shared and for what purpose.

Right to Rectification”: The right of the data subject to have their Personal Data rectified when they are inaccurate or incomplete.

Right of Cancellation“: The right of the data subject to request at any time that their Personal Data be deleted, which will occur once the blocking period has expired.

Right of Opposition“: The right of the data subject to request, provided they have a legitimate cause, that the Responsible Party stop processing their Personal Data.

Responsible Party”: The legal entity to which you have provided your personal information and/or have any legal relationship with.

Data Subject”: The individual who is the holder of the Personal Data, or authorized to provide Personal Data of a third party according to applicable laws, who provides such Personal Data to the Responsible Party.

Processing”: The obtaining, use, disclosure, or storage of personal data, by any means. Use includes any action of access, management, use, transfer, or disposal of personal data.

Transfer“: Any communication of data made to a person other than the responsible party or the manager of the processing.

Links in GPG emails”: Emails that include links allowing GPG to know if you activated such a link and visited the destination web page, which information may be included in your profile.

Web beacons”: An electronic image, called a single-pixel (1×1) or GIF that can recognize information processed on your computer, such as cookies, the time and date when the site and its sections are viewed.

Personal Data Collected and its Purpose

In accordance with Articles 1, 2, 6, 7, 8, 12, 13, 16, 17, and other applicable articles of the Law on Protection of Personal Data Held by Private Parties (hereinafter The Law), and Article 6 of the Political Constitution of the United Mexican States, GPG will process personal identification data, general data, work data, academic data, migratory data, physical data and/or physical characteristics, and biometric data, and in some cases, depending on the circumstances, sensitive personal data, including health and union affiliation data.

According to Article 9 of the Law, for the collection and processing of Sensitive Personal Data, GPG must obtain the express and written consent of the data subject, under the terms of the cited article.

The collection of Personal Data may be carried out when you visit any of our facilities, corporate offices, workplaces, or through emails and/or messages via social networks, or through the use of our websites, by voluntarily providing information through dialogue windows enabled on the sites, or through the use of automatic data capture tools. These tools allow the collection of information sent by your browser to these websites, such as the type of browser you use, user language, access times, and the IP address of websites you used to access our sites.

GPG may also collect Personal Data from publicly accessible sources and other market-available sources to which the Data Subject may have consented to share their personal information or provided anonymous demographic information associated with a specific geographic area.

The purposes for the collection and processing of personal data necessary for the existence, maintenance, and fulfillment of GPG‘s activity are as follows:

Clients

  • Management of client and prospect information to maintain an updated database.
  • Management of installations (installation, verification, review, and maintenance) for service delivery as appropriate.
  • Commercial, relationship, and service management with clients and prospects.
  • Formalizing the transactional process with clients.
  • Manage collections and process payments. Information exchange with Credit Bureau Institutions.
  • Requesting and/or providing information to credit information societies about credit operations and other analogous operations conducted by our clients or prospective clients with financial entities and commercial companies as part of our credit granting process.
  • Implementing video surveillance cameras at respective facilities for security and loss prevention purposes.
  • Management and delivery of information to contractor and/or service companies that will carry out operations, activities, inspections, verifications, maintenance, emergency attention, and collection management derived from the legal relationship and service provision with our clients.
  • Marketing management (market research) for clients and prospects.
  • Satisfaction surveys and opinion interviews.
  • Market studies.

Employees

  • Management of the recruitment, selection, and hiring process of personnel.
  • Internal communication and workplace climate management.
  • Collective labor agreement management and relationship with the union on behalf of the company and exchange of information and procedures on behalf of the employee.
  • Employee participation management in social programs.
  • Management of remuneration, contributions, obligations, and benefits, as well as remunerations, taxes, and employee contributions.
  • Management of employee benefits and their family (medical checkup, scholarships, training, among others).
  • Management of employee information to ensure proper data and personnel file integration and document generation requested by the employee.
  • Attendance monitoring and physical and logical access control to company facilities and assets.
  • Risk reduction in the workplace, as well as injuries and accidents that can be prevented based on the personal data collected.
  • Study, analysis, updating, and identification of causes that could endanger safety at the workplace, such as fatigue, lack of sleep, mood, medication, and any irregular alteration that could affect the physical state required to perform
  • job functions.
  • Management of measures to prevent accidents and maintain the safety of internal and external personnel at Work Centers (alcohol tests, retina studies, and/or drug tests).
  • Performance management, evaluation, training, and development of employee skills, competencies, and safety.
  • Execution of personnel administration processes.
  • Administration and management of bank account numbers for proper payroll deposit.
  • Management of employee expenses on behalf of the company.
  • Management of employee obligations via legal and administrative procedures such as alimony payments, FONACOT loans, Infonavit loans, etc.
  • Management of the assignment and use of work assets and tools.
  • Implementation of video surveillance cameras at facilities for security and loss prevention purposes.

Suppliers

  • Management of supplier information to ensure the correct integration of data and supplier files.
  • Management of product and service purchases.
  • Management of the supplier selection, requisition, evaluation, and award process.
  • Monitoring and controlling access to facilities.
  • Management of supplier payments and credits.
  • Scheduling, controlling, and recording installations carried out by suppliers on behalf of natural gas.
  • Management of the formalization of commercial relationships.
  • Installation of video surveillance cameras at facilities for security and loss prevention purposes.
  • Monitoring attendance and controlling physical and logical access to company facilities and assets, as well as training and certification of collaborators’ employees.

Once the Data Subject provides their Personal Data or Sensitive Data to GPG, we inform you that these will be stored in secure media as permitted by technology, with access limited only to individuals and/or entities with whom GPG has a legal relationship, or those individuals or entities authorized by the Data Subject, if applicable. GPG will implement the security measures it deems appropriate to protect the use of your Personal Data and/or Sensitive Data from unauthorized third parties. In the event of a requirement by any authority, Personal Data and/or Sensitive Data may be made available to them, in strict compliance with the law.

The processing of your Personal Data, which has been made available to GPG, may be used in accordance with these terms and conditions, and it is understood that the Data Subject expressly authorizes GPG for this purpose from this moment on, unless the Data Subject expresses their refusal for the processing of their personal data concerning purposes that are not necessary for the legal relationship, using the means indicated in the section “Means to Exercise ARCO Rights.”

Transfers

In accordance with Article 36 of the Law, the following table describes the transfers of your personal data that GPG may carry out:

 

Data Transfer

Purpose

To business training companies         

Offer specialized training courses to employees

To advertising campaign companies

For marketing, advertising, or commercial prospecting purposes

To union

Transfer of personal data to responsible parties, supporting management and compliance with the collective labor contract

To insurance companies

Management of benefits (employee insurance)

To credit bureau

Transfer of personal data to determine the credit behavior of the Client or Supplier

To financial sector (banks)

Compensation, remuneration, and contributions to personnel, as well as collection and payment processing for clients and suppliers

To Courts, Justice Departments, and various Authorities

Recognition, exercise or defense, as well as compliance with requirements and/or obligations according to law

To Contractor and/or Service Provider companies

For the management and provision of any value-added service provided by and for GPG

To foreign entities

For the fulfillment of GPG’s corporate purpose and/or economic activity

To third parties, possibly within the same business group or not

For security and workplace risk prevention purposes

 

Consent of the Data Subject

In accordance with Article 17 of the law, the Data Subject declares that this Privacy Notice has been made known to them by GPG, they have read, become familiar with, and understood the terms presented, and therefore give their consent regarding the processing of their Personal Data. Additionally, the Data Subject consents to GPG or any Authorized Data Processor making transfers of Personal Data to domestic or foreign third parties, with the understanding that the processing by such third parties of the Data Subject’s Personal Data must conform to the terms established in this Notice.

GPG informs the Data Subject that they have the right to revoke the consent previously given to GPG at any time, using the means provided to exercise the ARCO rights, as listed below:

ARCO Rights

The data subject has the right to:

a) Know what personal data is held about them, how it is used, and the conditions of its use (Access). 
b) Request the correction of personal information if it is outdated, inaccurate, or incomplete (Rectification);
c) Request the deletion of records or databases when they believe it is not being used in accordance with the principles, duties, and obligations provided for in the law (Cancellation); and,
d) Object to the use of their personal data for specific purposes (Objection).


If the Data Subject does not oppose the terms of this Privacy Notice within the following 5 (five) business days from when it was made available, it will be considered as agreed and consented to its content, in accordance with the third paragraph of Article 8 of the law, noting that the Data Subject’s consent can be revoked at any time in accordance with the procedure previously indicated.

 

Means to Exercise ARCO Rights

The Data Subject shall at all times have the right to request from GPG the exercise of the rights conferred by the law, considering for cancellation the provision established in Article 26. In the event that the Personal Data has been transmitted prior to the date of rectification or cancellation and is still being processed by third parties, GPG will inform the third party in question of such a rectification or cancellation request, so that they can also proceed to make the changes.
  
The Data Subject may not oppose and/or cancel the processing of their personal data that could affect and/or restrict the fulfillment of contractual and/or commercial relationships with GPG.

Should the holder of the personal data decide to exercise any of the aforementioned rights, they must submit a request to GPG via email to the address: compliancegpgmx@naturgy.com, including the full name of the requester, a document proving their identity, and a clear, precise, and complete description of the reasons and personal data for which they seek to exercise any of the aforementioned rights. Additionally, they must provide an email address, home address, mobile phone number, or any other means that will serve as a communication channel between both parties.

GPG will have a period of 20 (twenty) days from the date the request is received to respond, determine its validity, and communicate this to the applicant. If the request is valid, GPG is obligated to fulfill the request within 15 (fifteen) days from the date the response is communicated. In the case of requests for access to personal data, GPG will proceed with the immediate delivery of the data to the Data Subject upon verifying their identity.

The response to your request will be free of charge, and the Data Subject will only have to cover justified shipping expenses or the cost of reproducing copies or other formats. If the Data Subject reiterates their request for access within a period of less than twelve months, they will be required to cover the corresponding costs equivalent to 1.5 days of the Current Minimum Wage in Mexico City, in accordance with Article 35 of the law, unless there are substantial modifications to the Privacy Notice that motivate new consultations.

Regarding requests for the cancellation of Personal Data, in addition to the provisions of this Privacy Notice, the stipulations of Article 26 of the law will apply, including the exceptions to the cancellation of Personal Data indicated therein.
GPG may collect data while you are browsing GPG’s websites. By way of example, the automatic data capture tools used by GPG on its websites include cookies, Web beacons, and links in emails. This is to ensure the correct functioning of GPG’s sites and those of its providers.

You can adjust your browser preferences to accept or reject cookies. Disabling cookies may disable various functions of GPG’s websites or cause them to display incorrectly. If you prefer to delete the information sent by GPG’s cookies, you can delete the file(s) at the end of each browser session.

GPG may use Web beacons in its websites and HTML format emails, alone or in combination with cookies, to collect information about the use of the websites and your interaction with the email.

If you prefer that GPG not collect information about your interaction with email links, you can choose to modify the format of GPG’s communications (for example, receiving the message in text format instead of HTML) or simply ignore the link and not access its content.

GPG emails may include links designed to direct you to relevant sections of the websites, redirecting you through GPG’s servers. The redirection system allows GPG to modify the URL of such links if necessary, and also enables GPG to determine the effectiveness of its online marketing campaigns. The Personal Data GPG obtains from its commercial sources may be used together with the Personal Data it collects through its websites.

Modifications to the Privacy Notice

We reserve the right to make modifications or updates to this Privacy Notice at any time, in response to legislative changes, internal policies, or new requirements for providing or offering our services or products. Therefore, it is the responsibility of the Data Subject to periodically review the content of the Privacy Notice on the site: https://www.globalpower-generation.com/en/privacy-notice/. If the Data Subject does not express any objection to the modification, GPG will assume that the Data Subject has read, understood, and agreed to the terms presented, constituting their express consent.

For more information about how we handle your personal data, covered by this privacy notice, the rights available to you, as well as any modifications to this notice, you can contact our official personal data protection department via email at: compliancegpgmx@naturgy.com.