Privacy Policy

Privacy Policy

Date updated: January 10, 2022

Who are we?

In compliance with the Ley Federal de Protección de Datos Personales en Posesión de los Particulares and its Regulations (the "Law") and CONTRATOSAPP, S.A.P.I. de C.V. ("TRATO"), domiciled at Avenida Jesús del Monte no. 41, 14th floor, interior 1526-B, Colonia Jesús del Monte, municipality of Huixquilucan, Edo. de México, México, C.P. 52764; the Processing of the Personal Data collected by TRATO as Controller and Processor shall be carried out in accordance with the following terms.


Consent: Manifestation of the acceptance of the Data Subject about the processing of their Personal Data.

Cookie: The automated file that is stored on Data Subject's computer to help store preferences and other information used on TRATO websites or its platform. The stored information may be shared for any purpose described in these policies.

Biometric Data: Personal Data obtained from specific technical processing, relating to the physical, physiological or behavioral characteristics of a natural person that enable or confirm the unique identification of that person, such as facial images, voice or fingerprint data;

Personal Data: Any information concerning an identified or identifiable natural person. An identifiable natural person is any person whose identity can be established, directly or indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or more elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Processor: TRATO who, as a third party to the organization of the Controller and derived from a legal relationship with the Controller, will provide the technology and security to process the Personal Data on behalf of the Controller.

Facial Recognition: Authentication analysis performed through the comparison of images of the Data Subject to verify their identity before using certain TRATO services.

Data Controller: Natural or legal person who determines the purposes, and scope of personal data processing.

Pseudonymization: The processing of personal data in such a way that it can no longer be attributed to a Data Subject without the use of additional information, provided that such additional information appears separately and is subject to technical and organizational measures designed to ensure that the personal data is not attributed to an identified or identifiable natural person.

Data Subject: A natural person to whom the personal data belongs.

Processing: The collection, use, disclosure or storage of personal data, by any means. Using the data includes any action of access, handling, use, remission, transfer or disposal of Personal Data.

What personal data do we collect?
  1. Contact Data. The following data is obtained for the purposes of administrative control and follow-up, invoicing and service provision:
  • Name and surname
  • The organization you work for
  • Address
  • E-mail address
  • Cell phone number
  • Any other information you provide us with in connection with the purposes indicated above
  1. Identity Authentication and Biometric Data. They can be obtained for purposes of making a natural person identifiable and link their consent through Facial Recognition to a legal act in which they participate. It is done at the request of the Data Controller and/or the Data Processor. The data that can be obtained are:
  • Name and surname
  • Address.
  • Date of birth.
  • Official identification number.
  • Population identification number.
  • Biometric trace to express consent (graphic signature) with identification characteristics.
  • The person 's voice.
  • The person's image.
  • Identifier number of the network ("IP") from which the person makes the connection.
  1. Data Requested by the Data Controller. TRATO, as Data Processor, makes available to the Data Controller the technology through which it can collect information and data from Data Subjects; the use and purpose of such data must be established by the Data Controller, who may use the technologies of TRATO's Technology Platform.

4.Cookies. TRATO uses various technologies to improve the efficiency of the website and technology platform like Cookies among others. These allow you to save your preferences to provide a better browsing experience. The Cookies that can be used, with their purpose and duration are the following,

Name of the CookieDurationDescription
_ga2 yearsUsed to distinguish between users
_gid24 hoursUsed to distinguish between users.
_gat1 minuteUsed to limitate the percentage of requests.
AMP_TOKENFrom 30 seconds to a yearIncludes a token that can be used to retrieve a client ID from the AMP Client IDs service. Other possible values indicate disables, in-progress requests, or errors obtained when retrieving an ID from the AMP Client IDs service.
gac\<property-id>90 daysIncludes information of the campaign relative to the user.
__utma2 years since the configuration or update.It is used to distinguish users and sessions. The cookie is created when the JavaScript library is executed and there is no __utma cookie. The cookie is updated each time data is sent to Google Analytics..
__utmt10 minutes.Used to limit the percentage of requests.
__utmb30 minutes since configuration or update.It is used to determine new sessions or visits. The cookie is created when the JavaScript library is executed and there is no __utmb cookie. The cookie is updated every time data is sent to Google Analytics.
__utmcEnd of browser session.It is not used in ga.js. It is set to interact with urchin.js. Previously, this cookie acted in conjunction with the __utmb cookie to determine if the user was in a new session or visit.
__utmz6 months since configuration or update.Stores the traffic source or campaign that explains how the user reached the website. The cookie is created when the JavaScript library is executed and is updated each time data is sent to Google Analytics.
__utmv2 years since configuration or update.Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor-level custom variable. It was also used for the _setVar method, which is no longer available. The cookie is updated each time data is sent to Google Analytics.
__utmx18 monthsIt is used to determine the inclusion of a user in an experiment.
__utmxx18 monthsIt is used to determine the expiration of experiments in which a user has been included.
_gaexpIt depends on the duration of the experiment, normally 90 days.It is used to determine the inclusion of a user in an experiment and the expiration of the experiments in which he participates.
_opt_awcid24 hoursUsed for campaigns associated with Google Ads customer IDs.
_opt_awmid24 hoursUsed for campaigns associated with Google Ads customer IDs.
_opt_awgid24 hoursUsed for campaigns associated with Google Ads customer IDs.
_opt_awkid24 hoursIt is used for campaigns associated with Google Ads criteria IDs.
_opt_utmc24 hours.Stores the last utm_campaign query parameter.

Your consent

TRATO makes its privacy notice available to you on its website at the following link, This Privacy Notice governs your use of our products and services.

Your consent to this Privacy Notice is given when you use our website, when Personal Data is collected in order to request information about the services offered by TRATO, and/or contract the services provided by TRATO, and/or when you give express consent through electronic means to give your Biometric Data.

Your consent acknowledges that: You have read and accepted this Privacy Notice; You give your express Consent to the Processing of your Personal Data, Sensitive Personal Data, Patrimonial and Financial Data, and Biometric Data, in accordance with this Privacy Notice.

Data Storage

Your personal data will be stored in Mexico or in a different country in accordance with this Privacy Notice and applicable laws. The data that TRATO stores as a Data Controller is the one described in Contact Data. In addition, we also collect the information provided by Cookies and similar technologies, which were explained above.

What do we use your Personal Data for?

The Personal Data obtained by TRATO in its capacity as Data Processor for its customers, as well as for its own purposes as Data Controllers, are used as necessary data to provide the various services contracted such as:

  • Identity and biometric authentication data for the use of TRATO technologies.
  • Linking the consent of the individual or legal entity with a legal act in which it participates, as well as the data required for that obligation.
  • Use of digital certificates, including but not limited to, electronic signatures, public keys for the authentication of third party services without storing them.
  • For the performance of administrative functions of TRATO
  • To provide support and customer services to TRATO's users and customers.
  • In general, to provide TRATO's products and services both in its capacity as Data Controller and Data Processor.
Secondary Purposes

The Personal Data obtained for secondary purposes does not represent information required for the services provided by TRATO; the information in the items may be used for the following secondary purposes:

  • Providing administrative services.
  • Promotion of services.
  • Marketing and advertising communication.
  • Diffusion of general information such as newsletters, news, didactic material, among others.
  • Generate statistical information, once the information was pseudo-anonymized.
  • Sharing information with commercial allies to carry out a promotion and offer services.
How do we protect your Personal Data?

TRATO has implemented the necessary physical, technological and procedural security measures to safeguard and manage the information of personal data. For the handling of the information that includes Personal Data, we have implemented technological and human security protocols that guarantee the security of the information.

TRATO compromises to give its best efforts and technologies to protect, keep and maintain rigorously secret and confidential the personal data of individuals that are obtained for its own purposes as Data Processor; For this reason, TRATO may not, directly or indirectly, disclose, copy, reveal or otherwise make known to any third party, or exploit by itself or through an intermediary person either directly or indirectly, except when authorized by the Data Subject or when a court order is received to disclose only the information requested, provided that such order is based and motivated in a legal provision of greater weight to the laws on the protection of personal data. TRATO reserves the right to disclose information in case it is required to proceed against users of the platform who make direct or indirect attack to its technologies, attempt to violate with any method the technological security measures and in general any malicious use of TRATO technologies available to them

Transfer of Personal Data

TRATO in its capacity as Data Processor will not transfer Personal Data on its own account as it acts only under the instructions of the Data Controller, therefore the transfer of Personal Data in the national territory of the Data Subject or in cross-border data, will be governed by the instructions of the Data Controller, according to the terms of service contracted between TRATO and the Data Controller.

TRATO in its capacity as Data Controller does not make transfers to national or foreign third parties of the Personal Data obtained, except those that are authorized by the Data Subject or that have undergone a process of pseudonymization.

Exceptions to the transfer of personal data.

According to the applicable legislation on the protection of personal data, TRATO in its capacity as Data Controller and/or Data Processor, may carry out national or international transfer of personal data, without requiring the consent of the Data Subject in case of any or some of the following assumptions:

  • When the transfer is needed in a Mexican Law or in a Treaty to which Mexico is a party.
  • When the transfer is necessary for the prevention or medical diagnosis, the provision of health care, medical treatment or the management of health services.
  • When the transfer is made to holding companies, subsidiaries or affiliates under the common control of the responsible party, or to a parent company or any company of the same group of the responsible party that operates under the same internal processes and policies.
  • When the transfer is necessary by virtue of a contract entered into or to be entered into in the interest of the holder, by the Data Controller and a third party.
  • When the transfer is necessary or legally required for the safeguarding of a public interest, or for the procurement or administration of justice.
  • When the transfer is necessary for the recognition, exercise or defense of a right in a judicial process.
  • When the transfer is necessary for the maintenance or fulfillment of a legal relationship between the Controller and the Data Subject.
Data Subject Rights

How to administer the Cookies?

TRATO stores data about the use of its website to avoid any problems regarding its operation and to improve the user's experience within the website. This is done with the help of Cookies. Cookies can be classified according to the purpose for which the data obtained through them are processed, among which we can distinguish the following:

  • Technical Cookies: Those that allow the user to navigate through a web page, identify the session, remember elements that make up an order, make the purchase process of a product, make the application for registration or participation in an event, among others.
  • Personalization Cookies: Those that allow the user to access the service with predefined features based on criteria in the user's terminal, for example, language, type of browser through which you access the page or the locale from which you access the service.
  • Analysis Cookies: Those that allow TRATO to monitor and analyze the behavior of the Data Subject on the website. This information is used for the elaboration of the browsing profiles of the website's users in order to introduce improvements based on the analysis of the data of the use of the website by the users.

Your browser will accept Cookies and allow the collection of this information unless you configure your browser to not allow cookies to be collected on the pages you visit. You may disable the use of these mechanisms in your browser by changing its default settings.

ARCO Rights

Access Right TRATO, in its capacity as Data Controller, guarantees the right to know what Personal Data has been obtained from the Data Subject, what it is used for and the conditions of its use.

Right of Rectification TRATO, in its capacity as Data Controller, guarantees the Data Subject the right to request the correction of his/her personal information in case it is outdated, inaccurate or incomplete.

Right of Cancellation The Data Subject may request TRATO as Data Controller to remove from our records or databases, the information corresponding to his/her Personal Data when he/she considers that it is not being used in accordance with the principles, duties and obligations under the Law.

Right of Opposition TRATO, in its capacity as Data Controller, guarantees the Data Subject to exercise his/her right of non-use of the information related to his/her Personal Data, when these have been obtained without his/her consent.

Procedure for the exercise of ARCO rights when TRATO is the Data Controller.

To exercise any of the ARCO rights, the holder must submit a request by sending an email to, which must contain:

  • Name of the Data Subject and his/her e-mail address to receive notifications;
  • The documents proving the identity of the Data Subject, and if applicable, identity of his/her agent, and the document proving the representation;
  • The clear and precise description of the personal data with respect to which the exercise of any of the ARCO rights is sought, or what the Data Subject is requesting; and
  • Any other element or document that facilitates the location of the personal data, if applicable.
  • In the case of requesting rectification, you must additionally indicate the modifications to be made and provide the necessary official documentation to support your request.
  • In the right of cancellation, you must state the reasons for the elimination.
  • In the right of opposition, you must state the reasons that justify the termination of the processing of personal data and the damage or harm it would cause, or, if the opposition is partial, you must indicate the specific purposes with which you do not agree, provided that it is not a mandatory requirement.
Exercise of ARCO rights when TRATO is the Data Processor.

TRATO, in its capacity as Data Processor, provides the Controller with the technologies and methods that allow it to directly collect Personal Data from the Data Subject. Therefore, the request of ARCO rights on the information collected by the Data Controller must be directly with them.

Changes to the Privacy Notice

This privacy notice may be modified, changed or updated due to new legal requirements, our own needs for the services we offer, our privacy practices or other causes. TRATO is committed to keep the owners informed about the changes that this privacy notice may undergo, through our website and/or the technological platform and/or the direct communication channels that may be established.