Privacy Notice
Full Privacy Notice
(the “Notice”)
Identity and Address of the Data Controller
Flor de Mayo Estrategias, S.A.P.I de C.V (“Someone Somewhere” or the “Data Controller”) with address at Blvd. Toluca 16, San Francisco Cuautlalpan, 53370 Naucalpan de Juárez, Méx. is responsible for the use and protection of your personal data (the “Personal Data”), and informs you of the following.
What personal data do we process? ; Purposes of processing
- Primary. When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as full name, address, cell phone number, landline number, email address, date of birth and gender. Secondary. When you browse our store, we also automatically receive your computer’s internet protocol (IP) address, in order to provide us with information that helps us learn about your browser and operating system. Email marketing: With your permission, we may send you emails about our store, new products, newsletters and other updates.
Mechanisms to express your refusal to the processing of personal data for secondary and ancillary purposes.
If you do not want your personal data to be processed for Secondary Purposes, you may submit a written statement indicating your refusal or your desire to limit the processing of your personal data, following the same procedure indicated in the Section called "Means for Exercising ARCO Rights" of this Notice. Such refusal or limitation may not be a reason for us to deny you the Services.
Sensitive personal data that will be processed.
Sensitive Personal Data are those that affect the most intimate sphere of their owner, or whose improper use may lead to discrimination or entail a great risk for them. In particular, those that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical and moral beliefs, union affiliation, political opinions or sexual preference ("Sensitive Personal Data") are considered sensitive.
At Someone Somewhere we do not process Sensitive Personal Data. If for any reason you provide us with any of these data, they will be used exclusively to the extent that you have authorized it and for the minimum indispensable time.
About express consent and express written consent regarding the processing of your Personal Data, including transfers
How do you obtain my consent?
When you provide us with your personal information to complete a transaction, verify your credit card, create a purchase order, arrange a shipment or make a return, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will ask you directly for your expressed written consent.
Means for Exercising ARCO Rights (access, rectification, cancellation or opposition)
At all times you have the right to know what Personal Data we hold about you, what we use it for and the conditions of the use we give it ("Access"). Likewise, it is your right to request the correction of Personal Data in case they are outdated, inaccurate or incomplete ("Rectification"); that we delete your Personal Data from our records or databases when you consider that they are not being used in accordance with the principles, duties and obligations provided in the Current Legislation ("Cancellation"); as well as to oppose the use of your Personal Data for specific purposes ("Opposition" and together with Access, Rectification and Cancellation, the "ARCO Rights").
You may at any time access, rectify, cancel or oppose the use of your personal data by sending your request to the following email address ayuda@someonesomewhere.mx which corresponds to the department in charge of Personal Data within Someone Somewhere (the "Manager"). Said request must contain the following: (i) name of the owner and address or other means to communicate the response to your request; (ii) documents that prove your identity or the legal representation of the owner; (iii) a clear and precise description of the personal data with respect to which you wish to exercise the ARCO Rights; (iv) any other document that facilitates the location of the Personal Data, and (v) in case of rectification, the documentation that supports your request.
We will communicate the decision adopted within a maximum period of 20 (twenty) business days from the date we receive the request so that, if appropriate, we can make it effective within a period of 15 (fifteen) business days from the date we communicate said response. When circumstances justify it, the aforementioned periods may be extended for equal periods.
Mechanisms and procedures for the owner, where applicable, to revoke their consent to the processing of their Personal Data
You may at any time express your refusal to this Notice, by notifying the Manager via email at ayuda@someonesomewhere.mx, by sending a written statement indicating that you wish to revoke your consent, following the same procedure indicated in the section called "Means for Exercising ARCO Rights" of this Notice.
Transfers of personal data that are made.
We commit not to transfer your personal data to third parties without your prior consent, except for the exceptions provided in article 37 of the Federal Law on Protection of Personal Data Held by Private Parties: (i) when the transfer is provided for in a Law or Treaty to which Mexico is a party; (ii) when the transfer is necessary for medical prevention or diagnosis, the provision of health care, medical treatment or the management of health services; (iii) when the transfer is made to controlling companies, subsidiaries or affiliates under the common control of the data controller, or to a parent company or any company of the same group as the data controller that operates under the same internal processes and policies; (iv) when the transfer is necessary by virtue of a contract entered into or to be entered into in the interest of the data subject, by the data controller and a third party; (v) when the transfer is necessary or legally required for the safeguarding of a public interest, or for the procurement or administration of justice; (vi) when the transfer is precise for the recognition, exercise or defense of a right in a judicial process, and (vii) when the transfer is precise for the maintenance or fulfillment of a legal relationship between the data controller and the data subject.
Notwithstanding the foregoing, Someone Somewhere makes the following transfers:
Shopify
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases, and the general Shopify application. Your data is stored on a secure server behind a firewall.
Payments:
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
Third-party services
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies with respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Notice or our website’s Terms of Service.
Links
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using Secure Socket Layer (SSL) technology and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Age of Consent
By using this site, you represent that you are at least the age of majority in your state or province of residence, and you have given us your consent to allow any of your minor dependents to use this site.
Changes to this Notice
We reserve the right to modify this Notice at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this Notice, we will notify you here that it has been updated, so that you are aware of what information we collect, how and under what circumstances, if any, we use and/or disclose it.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.