Certified Translations - Accurate & Certified Translations
Certified Translations - Accurate & Certified Translations

Data Privacy and Confidentiality

October 2025

1. Responsible Party for the Processing of Personal Data

ELAN is the legal entity that, according to the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), is considered the “Responsible Party” because it decides on the processing of the personal data collected from you, the “Owner” of that data.
(In this context, the “Owner” or data subject is the individual or entity to whom the personal data corresponds, meaning any information regarding an identified or identifiable individual.)

For the Responsible Party, processing your data lawfully and in compliance with the applicable federal law is a priority.
This Privacy Notice supplements any other simplified or short-form privacy notices that the Responsible Party may have made available to you as the data owner, and it is subordinate in all that is not expressly addressed in those notices.

2. Purpose of Processing Clients’ Personal Data

The Responsible Party collects your personal data for the following purposes:

A) To provide you with the professional services you require, in accordance with the proposal presented to you by the Responsible Party. These services may include interpretation, training, and translation of simple and certified documents by an expert translator authorized by the Superior Court of Justice, as well as any related advisory services for individuals or legal entities, domestic or foreign.

B) To fulfill the obligations contracted with you in accordance with the professional services provided, and to inform you of any situation or change regarding those services.

C) To evaluate the quality of the professional services provided by the Responsible Party and to conduct client satisfaction surveys.

D) To maintain contact with you for the purpose of inviting you to conferences, courses, or events that address current topics related to the professional services the Responsible Party provides to you.

3. Personal Data Collected

To carry out the purposes described in this Privacy Notice, the Responsible Party will use personal data in the categories of identification, contact, employment, and billing information.
This may include, for example, your name, contact details, job-related information, and details needed for invoicing. No data beyond what is necessary for the stated purposes will be collected.

4. Sensitive Personal Data

The Responsible Party informs you that, to fulfill the purposes set out in this Privacy Notice, it does NOT require collecting any sensitive personal data from you.
(Sensitive personal data includes information such as racial or ethnic origin, health status, genetic data, religious, philosophical and moral beliefs, sexual orientation, political opinions, and any other data that affects the most private areas of the data subject’s life.)
We will not ask for or process such sensitive data in the provision of our services.

5. Options and Means to Limit the Use or Disclosure of Your Personal Data

You may limit the use or disclosure of your personal data – for example, to ensure it is not processed for marketing or advertising purposes by the Responsible Party – by contacting our Personal Data Department..
By making such a request, your data will be excluded from any marketing mailing lists or publicity activities at your direction.

6. Means to Exercise Rights of Access, Rectification, Cancellation, and Opposition (ARCO Rights)

You have the right to access your personal data that the Responsible Party holds and to know the details of its processing, as well as to rectify it if it is inaccurate or incomplete.
You also have the right to cancel your personal data when you believe it is not required for any of the purposes stated in this Privacy Notice, if it is being used for purposes not consented by you, or when the contractual or service relationship has ended.
Likewise, you have the right to oppose the processing of your data for specific purposes. These rights are collectively known as ARCO rights under Mexican law.

The Responsible Party’s Personal Data Department will provide you with all the necessary information and support for you to exercise your ARCO rights.
The procedure for exercising these rights begins with the submission of the corresponding request by you. The request form and information about the response times will be made available by the Personal Data Department of the Responsible Party, which you can contact as indicated in Section 5 of this Privacy Notice.

7. Procedure for Revoking Consent

At any time, you may revoke the consent that you have given to the Responsible Party for the processing of your personal data.
However, please be aware that we may not be able to honor your request or cease use of your data immediately in all cases, as there may be a legal obligation that requires us to continue processing your data.
Likewise, you should consider that for certain purposes, revoking your consent could mean that we will no longer be able to provide the service you requested, or it may result in the termination of your relationship with the Responsible Party.

To revoke your consent, it is necessary to contact the Responsible Party’s Personal Data Protection Department in order to learn about and carry out the revocation procedure.
Our team will guide you through the necessary steps to ensure your request is processed in accordance with applicable laws and within the appropriate timeframe.

8. Transfer of Personal Data Within Mexico and Abroad

Your personal data may be transferred and processed within and outside of Mexico, if necessary, for the purposes mentioned in items A) and B) of Section 2 of this Privacy Notice.
In such cases, your data could be shared with certain affiliated companies belonging to the ELAN Creative Thinking Certified Translations as needed to carry out the professional services you requested.
Please be assured that your data will remain protected, as these affiliated companies operate under the same Personal Data Protection policies and maintain their own Privacy and Data Protection frameworks, ensuring a consistent level of security.

The Responsible Party undertakes not to transfer your personal data to third parties, except when it is necessary to provide the professional services you have requested or to comply with legal obligations before competent authorities (for example, tax authorities or judicial entities).
In addition, your data may be transferred without your consent in the specific cases set forth in Article 37 of the LFPDPPP, or in the situations mentioned above that fall under the provisions of that Article.
Any such transfer will be carried out under the terms established by the law, ensuring that your rights and the security of your data are preserved.

9. Security Measures Implemented

To protect your personal data, we have implemented administrative, physical, and technical security measures aimed at preventing loss, misuse, or alteration of your information.
These measures include internal policies, secure data storage systems, and technological safeguards consistent with industry standards and legal requirements.
We continually review and enhance our security practices to ensure your personal information remains safe and confidential.

10. Right to Lodge Complaints or Inquiries with the Supervisory Authority (INAI)

If you have any complaints, questions, or require additional information regarding the processing of your personal data, or if you need guidance concerning the Federal Law on Protection of Personal Data Held by Private Parties or its Regulations, you have the right to approach the relevant supervisory authority.
In Mexico, this authority is the National Institute of Transparency, Access to Information, and Personal Data Protection (INAI).
You may direct any complaint or inquiry to the INAI, which is the government body responsible for upholding data protection rights and overseeing the enforcement of the LFPDPPP.