“bigcel”

Website and Others.

Identity and Address of the Responsible: PANTERA MOBILE SOLUTIONS, S.A.P.I. DE C.V., with the trade name “bigcel”, with a conventional address at 1a cerrada de Fuente de Leones 129A, Lomas de Tecamachalco, 53950, Naucalpan Estado de México, solely for privacy and personal data protection issues (the “Responsible”) of the legitimate, controlled, and informed processing of personal data (the “Personal Data”) of -clients and users- (the “Owner”), in accordance with its privacy policy, the Federal Law on Protection of Personal Data Held by Private Parties (the “FLPPDPPP”), its regulations, the Guidelines of the Privacy Notice (the “LAP”), current secondary regulations, as well as national and international standards on the protection of personal data.

In order to regulate the legitimate, controlled, and informed processing of Personal Data to guarantee privacy and the right to informational self-determination of individuals; the Responsible may collect through the following means: (i) personally, when the Owner provides them physically at our point of sale, (ii) directly, when the Owner enters them through the website www.bigcel.mx (the “Website”) or the mobile application of the Responsible called “BIGCEL” (the “App”) or when the Owner provides them via telephone, (iii) indirectly, when private companies transfer them to us and (iv) indirectly, when they are obtained through public access sources allowed by the FLPPDPPP; the Responsible makes available to the Owner this comprehensive privacy notice (the “Privacy Notice”) prior to obtaining the Personal Data in strict compliance with the principles of information, legality, consent, quality, purpose, loyalty, proportionality, and responsibility contemplated in the FLPPDPPP and its regulations.

Definitions

Block: The identification and preservation of Personal Data once the purpose for which they were collected has been fulfilled, solely for the purpose of determining possible responsibilities in relation to their Processing, until the legal or contractual prescription period. During this period, the Personal Data may not be subject to Processing and once it has elapsed, they will be Cancelled in the corresponding database.

Cancellation: The termination of the Processing of Personal Data by “bigcel” from a Block of the same and its subsequent deletion.

Client: Any person who acquires or uses the services provided by “bigcel”. When a Client acquires the services for use by another person, this other person will also be considered a Client for the purposes of this Privacy Notice.

Consent: Expression of the will of the Owner of the Personal Data based on which the Processing of these is carried out.

Cookies: They are data files that are stored on the hard drive of the user‘s computer or electronic communications device when browsing a specific Internet site, which allow the exchange of state information between said site and the user‘s browser. The state information may reveal session identification means, authentication, or user preferences, as well as any other data stored by the browser regarding the Internet site.

Biometric Data: Refers to data that inform about certain physical aspects that, through technical analysis, allow distinguishing the unique characteristics of each person, making it impossible for such aspects to coincide in individuals.

Personal Data: Any information concerning an identified or identifiable natural person.

Personal Financial Data: Any financial information obtained about an identified or identifiable person in relation to the provision of services.

Sensitive Personal Data: Those Personal Data that affect the most intimate sphere of the Owner, or whose misuse may give rise to discrimination or entail a serious risk to the Owner. In particular, those that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical and moral beliefs, union membership, political opinions, and sexual preference are considered sensitive.

INAI: National Institute of Transparency, Access to Information and Protection of Personal Data.

Regulation: The Regulation of the Federal Law on Protection of Personal Data Held by Private Parties.

Responsible: Natural or legal person of a private nature that decides on the Processing of Personal Data. For the purposes of this Privacy Notice, the responsible party will be “bigcel”.

Owner: The natural person to whom the Personal Data belong.

Processing: The obtaining, use, disclosure, or storage of Personal Data, by any means. Use encompasses any action of access, handling, exploitation, forwarding, transfer, or disposition of Personal Data.

Web beacons: They are a visible or hidden image inserted within a website or email, used to monitor user behavior on these media. Through these, information such as the original IP address, browser used, operating system, time of access to the page, and in the case of email, the association of the above data with the recipient can be obtained.

Personal Data to be processed:

Non-Sensitive Personal Data, Identification and contact:

• Client or User: Full name, complete address, date and place of birth, sex or gender, official identification, Federal Taxpayer Registry with homoclave (RFC), Unique Population Registry Code (CURP), handwritten, electronic and/or reliable signature, photograph, selfie, or images.

Electronic and Computer Data:

• Client or User: Home phone, cell phone, email, GPS location, Global Positioning System that allows determining the exact position in real time, associated with the App.

Sensitive Personal Data, Personal Financial and Asset Data:

• Client or User: Card number and bank account, credit references.
• Biometric Data: Client or User: Fingerprint and voice recognition of the Owner or of the person signing on their behalf. Personal Data of Minors and Incapacitated Persons:

-The Services may not be contracted by minors or persons under interdiction or incapacity at any time, consequently, the responsible party does not process this type of personal data. However, if the Owner registers Personal Data corresponding to the aforementioned Persons, the responsible party will cancel their registration and deny access to the functionalities of the App as well as the requested services, without assuming any responsibility, releasing the Responsible from any administrative and/or legal liability.

Purposes of the Processing of Personal Data:

1. Verify and confirm the identity of the Owner.
2. Provide mobile telephony service.
3. Activation, deactivation, change, and/or portability of services, equipment, or plans.
4. Provide the tools, functions, and controls available in the Responsible‘s App, whether the Owner executes or uses them through the App.
5. Provide Customer Service through our authorized sales channels, including billing.
6. Comply with obligations and exercise rights derived from the legal relationship established between the responsible party and the Owner.
7. Address requirements from any competent authority, and
8. Carry out the corresponding management to ensure that the Personal Data are always kept updated, correct, and complete, in compliance with the quality principle established by the FLPPDPPP and the LAP.

Primary Purposes: Necessary for the existence and fulfillment of the legal relationship, derived from the services that the Owner requests and formalizes with the responsible party, which consist of:

Secondary Purposes: They are not necessary for the existence and fulfillment of the legal relationship, derived from the services that the Owner requests and formalizes with the responsible party, however, they are complementary and important to provide a better service, which consist of:

1. Develop profiles of clients and users of the services.
2. Send communications related to offers, promotional messages, communications for marketing, advertising, and commercial prospecting purposes about new or existing services.
3. Conduct surveys, market studies, participate in events, contests, games, and raffles, participate in social networks, chats, and information that allows us to evaluate the quality of services.

With whom are the Personal Data shared: In compliance with the legislation, provisions, and general regulations applicable, the responsible party will communicate and, if necessary, segment the Personal Data, in the most suitable way, with those commercial partners with whom contracts have been concluded for the marketing of products and/or services offered, always for the benefit of the Owners. Likewise, with federal and/or local authorities that require it as part of an administrative and/or legal procedure, requirement, and/or supervision, or in a specific case, by a court order.

National or international transfers of Personal Data may be carried out without the consent of the Owner when one of the following cases occurs:

1. When the transfer is provided for in a Law or Treaty to which Mexico is a party;
2. When the transfer is necessary for the prevention or medical diagnosis, the provision of health care, medical treatment, or the management of health services;
3. When the transfer is made to controlling, subsidiary, or affiliated companies under the common control of the responsible party, or to a parent company or any company of the same group as the responsible party operating under the same internal processes and policies;
4. When the transfer is necessary by virtue of a contract entered into or to be entered into in the interest of the Owner, by the responsible party and a third party;
5. When the transfer is necessary or legally required for the safeguarding of a public interest, or for the procurement or administration of justice;
6. When the transfer is necessary for the recognition, exercise, or defense of a right in a judicial process, and
7. When the transfer is necessary for the maintenance or fulfillment of a legal relationship between the responsible party and the Owner.

Public Registry to Avoid Advertising (“REPEP”) of the Federal Consumer Protection Agency (“Profeco”): In order for the Owner to limit the use and disclosure of Personal Data, they may also register in the REPEP, which is managed by Profeco, so that the Personal Data are not used to receive advertising or promotions from providers or companies, in their marketing practices.

For more information on this registry, the Owner may consult the Profeco website http://www.gob.mx/profeco, or call 800 468 8722.

Means and Procedure to exercise the “ARCO” rights of access, rectification, cancellation, and opposition: Since the Owner has the right to the protection of Personal Data, access, rectification, and cancellation of the same, as well as to express their opposition or revocation, in the terms established by the FLPPDPPP, they may exercise rights or, alternatively, revoke consent in person, or through their legal representative, by generating and sending the corresponding request to the Legal Department of Pantera Mobile Solutions, SAPI de CV (“Personal Data”) of the Responsible, for which the Owner will execute the following Steps to Generate a “ARCO” rights Request (the “Request”):

First.- The Owner must consider that the protection of personal data is a right enshrined in Article 16 of the Political Constitution of the United Mexican States that allows individuals to control the information they share with various companies, as well as the right for such information to be used appropriately to prevent harm to their privacy and confidentiality.

On July 10, 2010, the Federal Law on Protection of Personal Data Held by Private Parties was published. Subsequently, on December 22, 2011, the Regulation of the Federal Law on Protection of Personal Data Held by Private Parties entered into force.

Based on the above, it is essential to inform you of relevant aspects contemplated in the regulations mentioned in the previous paragraph:

1. The natural person to whom the personal data belong is the Owner and therefore decides on them.