Motriza Privacy Policies - Data Protection
Institutional Page

Privacy Policies

Learn how we protect and handle your personal data. At Motriza we are committed to transparency and security in the management of your information.

Protected Data
Mexican Regulations
ARCO Rights
View Service Terms View Site Map

Last Update

Version 1.0

Content Index

1 General Provisions 2 Collected Data 3 ARCO Rights 4 Transfers 5 Security Measures 6 Sensitive Data 7 Cookies 8 Minor Protection 9 Policy Changes 10 Final Provisions

1. General Provisions

Chapter I

1.1 Purpose and Scope

This Comprehensive Privacy Policy regulates the processing of personal data by MOTRIZA, in compliance with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and complementary regulations. This policy applies to all data collected through our website, mobile applications, physical forms, telephone communications, and any other means of interaction with our company.

1.2 Definitions

For purposes of this policy, the following shall be understood as:

Personal Data: Any information concerning an identified or identifiable natural person.
Sensitive Data: Those that may affect the most intimate sphere of their holder.
Holder: Natural person to whom the personal data corresponds.
Responsible: MOTRIZA.
Processor: Third party that processes personal data on behalf of the responsible party.
Processing: Any operation with personal data.
Transfer: Any communication of data to a person other than the responsible or processor.
ARCO: Rights of Access, Rectification, Cancellation and Opposition.

1.3 Guiding Principles

The processing of personal data at MOTRIZA is governed by the principles of:

Lawfulness

We only process data when we have legal basis.

Consent

We obtain express and informed consent.

Information

We clearly communicate data processing.

Quality

We ensure data is accurate and updated.

Purpose

We clearly define processing purposes.

Loyalty

We respect holder's reasonable expectations.

Proportionality

We limit processing to what is necessary.

Responsibility

We implement adequate security measures.

2. Collected Data and Purposes

Chapter II

2.1 Categories of Collected Data

We collect the following categories of data:

A. Identification Data

• Full name • Photograph (when applicable for access credentials) • Autograph and electronic signature • Official identification documents (INE, passport) • Federal Taxpayer Registry • Date and place of birth • Nationality • Marital status

B. Contact Data

• Personal and tax address • Landline and mobile phones • Personal and corporate emails • Professional social media profiles • IP address and connection data

C. Labor and Professional Data

• Current position and functions • Specific work experience in load handling • Professional history in industrial sector • Verifiable work references • Professional certifications (NOM-029, ISO, etc.) • Education level and specializations • Specific technical skills for equipment operation

D. Patrimonial and Financial Data

• Banking information for payments and collections • Credit history (with express authorization) • Payment capacity and commercial references • Tax declarations when applicable • Insurance and policy information • Guarantees provided for contracts

E. Safety and Health Data

• Medical certificates for work at heights and confined spaces • Results of periodic drug tests • History of safety incidents and accidents • Safety training received and validity • Medical restrictions for certain specific activities • Access records to facilities and work sites

F. Specialized Technical Data

• Specific crane operator certifications (types and capacities) • Experience in specific types of equipment and brands • History of executed projects with technical details • Technical performance and competency evaluations • Results of periodic technical competency tests • Specific technical specializations (complex lifts, confined spaces, etc.)

2.2 Processing Purposes

Primary Purposes

Essential
• Processing of quotation requests and industrial crane services • Execution of contracts and purchase orders for lifting services • Payment management and electronic billing of services provided • Compliance with legal, tax and regulatory obligations of the sector • Operational communication during execution of industrial projects • Management of warranties and post-sale services of equipment and services • Evaluation of technical and financial risks for specific projects • Issuance of certifications and technical documentation required by regulations • Safety management in works and industrial projects • Logistic and operational coordination of equipment and specialized personnel

Secondary Purposes

Added Value
• Sending commercial and promotional information about new services • Invitation to events, trainings and technical updates of the sector • Conducting market studies and continuous service improvement • Development of new products and services based on market needs • Loyalty programs and special benefits for recurring customers • Satisfaction and quality surveys for process improvement • Recognition and awards for performance and safety in projects • Publication of success cases (always with client's express authorization) • Participation in social responsibility programs of the industrial sector • Generation of specialized content for social media and technical media

2.3 Legal Basis for Processing

Data processing is based on:

Express consent of holder for specific purposes
Execution of contract or pre-contractual relationship with MOTRIZA
Compliance with legal obligations applicable to industrial sector
Legitimate interests of MOTRIZA to improve services and operations
Protection of vital interests of holder or third parties in emergency situations
Exercise of rights in judicial or administrative proceedings

3. ARCO Rights and Exercise

Chapter III

3.1 Holder Rights

Access

Know what data we have and how we process it.

Rectification

Request correction of inaccurate or incomplete data.

Cancellation

Request deletion of data when no longer necessary.

Opposition

Oppose processing for specific purposes.

Revocation

Withdraw consent at any time.

Limitation

Request limitation in certain circumstances.

Portability

Receive data in structured format for transfer.

Human Decision

Right to human intervention in automated decisions.

3.2 Procedure to Exercise ARCO Rights

To exercise these rights, the holder must:

1

Submit written request in free format addressed to our Data Protection Department

2

Include information allowing holder identification (name, RFC, contact data)

3

Clearly specify the right to be exercised

4

Describe the data to which the request refers

5

Provide documentation proving identity

6

Specify address for notifications

3.3 Response Deadlines

Reception Confirmation

3 business days

Substantive Response

20 business days (extendable by 20 more)

Implementation of Measures

15 business days after response

3.4 Means to Submit Requests

Email

privacidad@motriza.com.mx

Postal Mail

[Complete address of MOTRIZA]

Web Form

www.motriza.com.mx/privacidad

Corporate Offices

In person at our facilities

3.5 Costs

Exercise of ARCO rights is free, except when:

Manifestly unfounded or excessive requests are submitted
Additional copies beyond the first are requested

In these cases, we may charge reasonable cost based on administrative costs.

4. Transfers and Remissions

Chapter IV

4.1 National Transfers

We may transfer data to:

Competent tax, judicial or administrative authorities
Financial institutions for payment processing
Insurance companies for policy and claim management
Essential service providers (hosting, cloud, software)
Subcontractors involved in project execution
Business partners for complementary services
Credit institutions for financial evaluation

4.2 International Transfers

In specific cases, we may transfer data to:

Equipment manufacturers abroad to manage warranties
International certification companies for validations
Technology providers with servers outside Mexico
International clients with binational projects
International financial institutions for specific operations

4.3 Measures for International Transfers

For international transfers we implement:

Standard contractual clauses approved by authorities
Certifications of adequate privacy mechanisms
Explicit consent of holder when required
Evaluation of protection level of destination country
Additional security measures when necessary

4.4 Data Processors

We maintain updated register of processors that includes:

Name and complete contact data
Specific services they provide to MOTRIZA
Security measures implemented by the processor
Contract date and agreement validity
Compliance audits performed periodically

5. Security Measures

Chapter V

5.1 Administrative Measures

Documented policies and procedures for data protection
Designation of Data Protection Officer with defined responsibilities
Mandatory training programs in data protection for all personnel
Periodic internal compliance audits of privacy
Confidentiality agreements with all personnel and suppliers
Documented security incident response procedures
Privacy impact assessment for new projects and systems
Updated and accessible record of processing activities

5.2 Physical Measures

Biometric access control to facilities where data is stored
Restricted areas with controlled access for sensitive documentation
Certified destruction of physical documents with personal data
Storage in secure areas with humidity and temperature control
Video surveillance systems in information storage areas
Visitor control with mandatory registration and accompaniment
Measures against natural disasters (fire, flood, etc.)

5.3 Technical Measures

Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256)
Firewalls and intrusion detection systems implemented
Role-based access control with principle of least privilege
Automated backups in secure locations
Multi-factor authentication systems for critical access
Monitoring of suspicious activity with automatic alerts
Security patches regularly updated in all systems
Network segmentation to isolate systems with sensitive data

5.4 Security Levels

We classify data into three security levels:

Low Level

General contact data and public information

Medium Level

Financial, labor and operational technical data

High Level

Sensitive, biometric and critical safety data

Each level has specific security measures proportional to the risk.

5.5 Data Retention

We retain data for:

Active client data

During commercial relationship + 10 years after

Supplier and contractor data

During relationship + 7 years after

Employee and personnel data

During relationship + 15 years after

Tax and accounting data

10 years after last movement

Safety and incident data

Permanently for history and analysis

Technical project data

Permanent for technical reference and warranties

Certification and training data

While valid + 5 years

6. Sensitive Data

Chapter VI

6.1 Definition of Sensitive Data for MOTRIZA

We consider sensitive data:

Racial or ethnic origin (for inclusion programs when applicable)
Present and future health status (mandatory medical certificates)
Genetic information (only in extreme medical cases with consent)
Religious, philosophical and moral beliefs (only if affecting task assignment)
Union affiliation (for labor compliance when applicable)
Political opinions (only in context of permits and authorizations)
Sexual preference (only relevant for non-discrimination policies)
Biometric data (fingerprints, facial recognition for access control)
Real-time geographic location data (for field personnel safety)

6.2 Sensitive Data Processing

For sensitive data we require:

Express, written and specific consent for each purpose
Clear information about potential risks of processing
Enhanced security measures proportional to risk
Specific impact assessment for sensitive data processing
Authorization from MOTRIZA Ethics Committee when applicable
Periodic review of need for sensitive data processing

6.3 Specific Cases in MOTRIZA

Health data

Only for mandatory medical certificates by safety regulations

Biometric data

Only for access control to critical areas and attendance registration

Location data

Only for field personnel safety and equipment coordination

Background data

Only with express judicial authorization or for specific security verifications

7. Cookies and Similar Technologies

Chapter VII

7.1 Types of Cookies Used by MOTRIZA

Technical cookies

Essential for MOTRIZA website operation

Preference cookies

Remember user settings on our site

Statistical cookies

Analyze site use for improvements (Google Analytics with anonymization)

Marketing cookies

Personalize ads and relevant content for industrial sector

Social media cookies

To share technical content and success cases on networks

7.2 Cookie Management in MOTRIZA

Users can:

Accept all cookies necessary for site operation
Reject non-essential cookies through configuration panel
Customize preferences by cookie category
Delete existing cookies from their browser
Configure browser to block future cookies

7.3 Similar Technologies Used

We also use:

Web beacons

For analysis of technical email openings

Local storage

For user preferences in technical applications

Pixel tags

For measurement of technical campaign effectiveness

Fingerprinting

For security in critical access (limited and anonymized)

8. Minor Protection

Chapter VIII

8.1 Minimum Age for Interaction with MOTRIZA

We do not collect data from minors under 18 years old without:

Express consent of parents or legal guardians
Express legal authorization for specific cases
Justification of absolute need and proportionality

8.2 Age Verification

We implement mechanisms to:

Age verification

Verify age in online service request forms

Documentary validation

Validate identification documents in hiring processes

Specialized training

Train personnel in detection and handling of cases with minors

Specific protocols

Establish specific protocols for situations involving minors

9. Policy Changes

Chapter IX

9.1 Modification Procedure

We may modify this policy:

Due to applicable legislative or regulatory changes
Due to changes in our internal processes affecting data processing
Due to improvements in privacy and data protection practices
Due to significant technological changes requiring adjustments

9.2 Change Notification

We notify changes through:

Website

Featured publication on our website www.motriza.com

Email

Communication by email to active clients and registered contacts

Facilities

Visible notice in our corporate and operation facilities

Version Update

Update of version date in all relevant documents

9.3 Previous Versions

We maintain archive of:

Complete History

All previous versions of privacy policy

Validity Dates

Specific validity dates of each version

Change Log

Changes made between versions with detailed justification

Queries and Clarifications

History of queries and clarifications about the policy

10. Final Provisions

Chapter X

Validity

This policy enters into force on

Publication

Permanently available at www.motriza.com.mx/privacidad

Acceptance

Use of MOTRIZA services implies acceptance of this policy

Jurisdiction

For disputes, parties submit to courts of Torreón, Coahuila, Mexico

Last update:

Version 1.0
Service Terms
Return to Top
Site Map