Motriza Privacy Policies - Data Protection
Institutional Page

Privacy Policy

Learn how we protect and handle your personal data. At Motriza we are committed to transparency and security in handling your information.

Protected Data
Mexican Regulations
ARCO Rights
View Terms of Service View Site Map

Last Update

Version 1.0

Content Index

1 General Provisions 2 Collected Data 3 ARCO Rights 4 Transfers 5 Security Measures 6 Sensitive Data 7 Cookies 8 Minor Protection 9 Policy Changes 10 Final Provisions

1. General Provisions

Chapter I

1.1 Purpose and Scope

This Comprehensive Privacy Policy regulates the processing of personal data by MOTRIZA, in compliance with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and complementary regulations. This policy applies to all data collected through our website, mobile applications, physical forms, telephone communications, and any other means of interaction with our company.

1.2 Definitions

For the purposes of this policy, the following shall be understood as:

Personal Data: Any information concerning an identified or identifiable natural person.
Sensitive Data: Those that may affect the most intimate sphere of their owner.
Data Subject: Natural person to whom the personal data corresponds.
Data Controller: MOTRIZA.
Data Processor: Third party that processes personal data on behalf of the controller.
Processing: Any operation with personal data.
Transfer: Any communication of data to a person other than the controller or processor.
ARCO: Rights of Access, Rectification, Cancellation and Opposition.

1.3 Guiding Principles

The processing of personal data at MOTRIZA is governed by the principles of:

Lawfulness

We only process data when we have legal basis.

Consent

We obtain express and informed consent.

Information

We clearly communicate data processing.

Quality

We ensure data is accurate and updated.

Purpose

We clearly define processing purposes.

Loyalty

We respect reasonable expectations of the data subject.

Proportionality

We limit processing to what is necessary.

Accountability

We implement appropriate security measures.

2. Collected Data and Purposes

Chapter II

2.1 Categories of Collected Data

We collect the following data categories:

A. Identification Data

• Full name • Photograph (when applicable for access credentials) • Handwritten and electronic signature • Official identification documents (INE, passport) • Federal Taxpayer Registry • Date and place of birth • Nationality • Marital status

B. Contact Data

• Personal and tax address • Landline and mobile phones • Personal and corporate email addresses • Professional social media profiles • IP address and connection data

C. Employment and Professional Data

• Current position and functions • Specific work experience in cargo handling • Professional history in industrial sector • Verifiable work references • Professional certifications (NOM-029, ISO, etc.) • Education level and specializations • Specific technical skills for equipment operation

D. Patrimonial and Financial Data

• Banking information for payments and collections • Credit history (with express authorization) • Payment capacity and commercial references • Tax declarations when applicable • Insurance and policy information • Guarantees provided for contracts

E. Security and Health Data

• Medical certificates for work at heights and confined spaces • Results of periodic drug testing • Safety incident and accident history • Safety training received and validity • Medical restrictions for specific activities • Access records to facilities and work sites

F. Specialized Technical Data

• Specific crane operator certifications (types and capacities) • Experience with specific equipment types and brands • History of executed projects with technical details • Technical performance and competency evaluations • Results of periodic technical competency tests • Specific technical specializations (complex lifts, confined spaces, etc.)

2.2 Processing Purposes

Primary Purposes

Essential
• Processing industrial crane service quotation requests • Execution of contracts and purchase orders for lifting services • Payment management and electronic invoicing for provided services • Compliance with legal, tax and regulatory obligations in the sector • Operational communication during industrial project execution • Management of equipment and service warranties and after-sales service • Technical and financial risk assessment for specific projects • Issuance of certifications and technical documentation required by regulations • Worksite and industrial project safety management • Logistics and operational coordination of specialized equipment and personnel

Secondary Purposes

Added Value
• Sending commercial and promotional information about new services • Invitation to events, training, and technical updates in the sector • Conducting market studies and continuous service improvement • Development of new products and services based on market needs • Loyalty programs and special benefits for recurring customers • Satisfaction and quality surveys for process improvement • Recognition and awards for project performance and safety • Publication of success cases (always with express client authorization) • Participation in industrial sector social responsibility programs • Generation of specialized content for social media and technical media

2.3 Legal Basis for Processing

Data processing is based on:

Express consent of the data subject for specific purposes
Execution of contract or pre-contractual relationship with MOTRIZA
Compliance with legal obligations applicable to industrial sector
Legitimate interests of MOTRIZA to improve services and operations
Protection of vital interests of the data subject or third parties in emergency situations
Exercise of rights in judicial or administrative procedures

3. ARCO Rights and Exercise

Chapter III

3.1 Data Subject Rights

Access

Know what data we have and how we process it.

Rectification

Request correction of inaccurate or incomplete data.

Cancellation

Request deletion of data when no longer necessary.

Opposition

Object to processing for specific purposes.

Revocation

Withdraw consent at any time.

Limitation

Request limitation under certain circumstances.

Portability

Receive data in structured format for transfer.

Human Decision

Right to human intervention in automated decisions.

3.2 Procedure to Exercise ARCO Rights

To exercise these rights, the data subject must:

1

Submit written request in free format addressed to our Data Protection Department

2

Include information that allows identification of the data subject (name, RFC, contact data)

3

Clearly specify the right they wish to exercise

4

Describe the data to which the request refers

5

Provide documentation proving identity

6

Specify address for notifications

3.3 Response Deadlines

Reception Confirmation

3 business days

Substantive Response

20 business days (extendable by 20 more)

Implementation of Measures

15 business days after response

3.4 Means to Submit Requests

Email

privacidad@motriza.com.mx

Postal Mail

[Complete address of MOTRIZA]

Web Form

www.motriza.com.mx/privacidad

Corporate Offices

Personally at our facilities

3.5 Costs

Exercising ARCO rights is free, except when:

Manifestly unfounded or excessive requests are submitted
Additional copies beyond the first one are requested

In these cases, we may charge reasonable cost based on administrative expenses.

4. Transfers and Disclosures

Chapter IV

4.1 National Transfers

We may transfer data to:

Competent tax, judicial or administrative authorities
Financial institutions for payment processing
Insurance companies for policy and claim management
Essential service providers (hosting, cloud, software)
Subcontractors involved in project execution
Commercial allies for complementary services
Credit institutions for financial evaluation

4.2 International Transfers

In specific cases, we may transfer data to:

Equipment manufacturers abroad to manage warranties
International certification companies for validations
Technology providers with servers outside Mexico
International clients with binational projects
International financial institutions for specific operations

4.3 Measures for International Transfers

For international transfers we implement:

Standard contractual clauses approved by authorities
Certifications of adequate privacy mechanisms
Explicit consent of the data subject when required
Assessment of destination country's protection level
Additional security measures when necessary

4.4 Data Processors

We maintain updated record of processors that includes:

Name and complete contact data
Specific services they provide to MOTRIZA
Security measures implemented by the processor
Contract date and agreement validity
Periodic compliance audits conducted

5. Security Measures

Chapter V

5.1 Administrative Measures

Documented policies and procedures for data protection
Designation of Data Protection Officer with defined responsibilities
Mandatory data protection training programs for all personnel
Periodic internal compliance audits for privacy
Confidentiality agreements with all personnel and providers
Documented security incident response procedures
Privacy impact assessment for new projects and systems
Updated and accessible processing activities register

5.2 Physical Measures

Biometric access control to facilities where data is stored
Restricted areas with controlled access for sensitive documentation
Certified destruction of physical documents with personal data
Storage in secure areas with humidity and temperature control
Video surveillance systems in information storage areas
Visitor control with mandatory registration and accompaniment
Measures against natural disasters (fire, flood, etc.)

5.3 Technical Measures

Data encryption in transit (TLS 1.2 or higher) and at rest (AES-256)
Firewalls and intrusion detection systems implemented
Role-based access control with principle of least privilege
Automated backups in secure locations
Multi-factor authentication systems for critical access
Monitoring of suspicious activity with automatic alerts
Security patches regularly updated on all systems
Network segmentation to isolate systems with sensitive data

5.4 Security Levels

We classify data into three security levels:

Low Level

General contact data and public information

Medium Level

Financial, employment and operational technical data

High Level

Sensitive, biometric and critical security data

Each level has specific security measures proportional to the risk.

5.5 Data Retention

We retain data for:

Active client data

During commercial relationship + 10 years after

Provider and contractor data

During relationship + 7 years after

Employee and personnel data

During relationship + 15 years after

Tax and accounting data

10 years after last transaction

Safety and incident data

Permanently for history and analysis

Technical project data

Permanent for technical reference and warranties

Certification and training data

While valid + 5 years

6. Sensitive Data

Chapter VI

6.1 Definition of Sensitive Data for MOTRIZA

We consider sensitive data:

Racial or ethnic origin (for inclusion programs when applicable)
Present and future health status (mandatory medical certificates)
Genetic information (only in extreme medical cases with consent)
Religious, philosophical and moral beliefs (only if affecting task assignment)
Union affiliation (for labor compliance when applicable)
Political opinions (only in context of permits and authorizations)
Sexual preference (only relevant for non-discrimination policies)
Biometric data (fingerprints, facial recognition for access control)
Real-time geographic location data (for field personnel safety)

6.2 Sensitive Data Processing

For sensitive data we require:

Express, written and specific consent for each purpose
Clear information about potential processing risks
Enhanced security measures proportional to risk
Specific impact assessment for sensitive data processing
Authorization from MOTRIZA Ethics Committee when applicable
Periodic review of need for sensitive data processing

6.3 Specific Cases in MOTRIZA

Health data

Only for mandatory medical certificates required by safety regulations

Biometric data

Only for access control to critical areas and attendance registration

Location data

Only for field personnel safety and equipment coordination

Background data

Only with express judicial authorization or for specific security verifications

7. Cookies and Similar Technologies

Chapter VII

7.1 Types of Cookies Used by MOTRIZA

Technical cookies

Essential for MOTRIZA website operation

Preference cookies

Remember user settings on our site

Statistical cookies

Analyze site usage for improvements (Google Analytics with anonymization)

Marketing cookies

Personalize ads and relevant content for industrial sector

Social media cookies

To share technical content and success cases on social networks

7.2 Cookie Management at MOTRIZA

Users can:

Accept all cookies necessary for site operation
Reject non-essential cookies through configuration panel
Customize preferences by cookie category
Delete existing cookies from their browser
Configure browser to block future cookies

7.3 Similar Technologies Used

We also use:

Web beacons

For analysis of technical email openings

Local storage

For user preferences in technical applications

Pixel tags

For measuring effectiveness of technical campaigns

Fingerprinting

For security in critical access (limited and anonymized)

8. Minor Protection

Chapter VIII

8.1 Minimum Age for Interaction with MOTRIZA

We do not collect data from minors under 18 without:

Express consent of parents or legal guardians
Express legal authorization for specific cases
Justification of absolute need and proportionality

8.2 Age Verification

We implement mechanisms to:

Age verification

Verify age in online service request forms

Document validation

Validate identification documents in hiring processes

Specialized training

Train personnel in detection and handling of cases with minors

Specific protocols

Establish specific protocols for situations involving minors

9. Policy Changes

Chapter IX

9.1 Modification Procedure

We may modify this policy:

Due to applicable legislative or regulatory changes
Due to changes in our internal processes affecting data processing
Due to improvements in privacy and data protection practices
Due to significant technological changes requiring adjustments

9.2 Change Notification

We notify changes through:

Website

Featured publication on our website www.motriza.com

Email

Email communication to active clients and registered contacts

Facilities

Visible notice in our corporate and operational facilities

Version Update

Update of version date in all relevant documents

9.3 Previous Versions

We maintain archive of:

Complete History

All previous versions of the privacy policy

Effective Dates

Specific effective dates of each version

Change Log

Changes made between versions with detailed justification

Queries and Clarifications

History of queries and clarifications about the policy

10. Final Provisions

Chapter X

Effective Date

This policy becomes effective on

Publication

Permanently available at www.motriza.com.mx/privacidad

Acceptance

Use of MOTRIZA services implies acceptance of this policy

Jurisdiction

For disputes, parties submit to courts of Torreón, Coahuila, Mexico

Last update:

Version 1.0
Terms of Service
Back to Top
Site Map