Integral Privacy Notice

WELCOME TO MADTECH!

Legal warning: PLEASE CAREFULLY READ THIS INTEGRAL PRIVACY NOTICE (the “Notice”) THAT WE MAKE AVAILABLE TO YOU IN COMPLIANCE WITH: (A) ARTICLE 16, SECOND PARAGRAPH OF THE POLITICAL CONSTITUTION OF THE UNITED MEXICAN STATES (the “CPEUM”); THE FEDERAL LAW ON PROTECTION OF PERSONAL DATA HELD BY PRIVATE PARTIES (the “Law”); (B) THE REGULATIONS OF THE FEDERAL LAW ON PROTECTION OF PERSONAL DATA HELD BY PRIVATE PARTIES (the “Regulations”); (C) THE PRIVACY NOTICE GUIDELINES (the “Notice Guidelines” and together with the CPEUM, the Law, and the Regulations, the “Current Legislation”).

By providing us with your Personal Data, you are expressing your express consent to the Processing of your Personal Data in accordance with the provisions herein, except in cases where express written consent is required under the Current Legislation. As Controllers of your Personal Data, we will ensure that it is relevant, correct, and kept up-to-date. When your Personal Data is no longer necessary for the fulfillment of the purposes set forth in this Notice, as well as the applicable legal provisions, we will proceed to cancel it.

If you provide us with personal data of third parties; then, you expressly declare that you have the corresponding authorization to share said information in accordance with the Current Legislation and you agree to send the documentation evidencing such authorization to MadTech when requested.

You may revoke your consent to this Notice at any time in accordance with the provisions of the Section titled “MECHANISM AND PROCEDURE FOR REVOKING CONSENT”.

At MadTech, we have appropriate technical, administrative, and organizational security measures to guarantee a level of security that protects your Personal Data against any: destruction, loss, accidental or unlawful alteration, and unauthorized communication or access, such as:

Pseudonymization and encryption of personal data,
The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services,
The ability to restore availability and access to Personal Data in a timely manner in the event of a physical or technical incident,
A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.

However, in the event that we have a security breach, we will notify you immediately upon becoming aware of said breach, when it significantly affects your property or moral rights, so that you can take the corresponding measures in defense of your rights.

Personal data is information corresponding to an identified or identifiable natural person (the “Data Subject”), such as name, identification number, location data, an online identifier, or one or more elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of the Data Subject (“Personal Data”).

IDENTITY AND ADDRESS OF THE CONTROLLER

At MAD.TECH INTELLIGENCE (“MadTech”), with address for hearing and receiving notifications located at Calle Bajío no. 360, Colonia Hipódromo Condesa, Demarcación Territorial Cuauhtémoc, C.P. 06100, CDMX, Mexico, we know how important the protection of the Personal Data you share with us is to you. The purpose of this Notice is to inform you of any operation or set of operations, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other type of enabling access, alignment or combination, restriction, erasure, or destruction (“Processing”) of your Personal Data.

We commit to Processing your Personal Data only in accordance with the provisions of this Notice and exclusively for the authorized purposes as set forth herein. Keep in mind that at all times, you are the sole Data Subject of the Personal Data you provide; by sharing it with MadTech, we will act as “Controllers” of the Processing.

This Notice applies to any site owned by MadTech, web or mobile applications, and digital tools, regardless of the form and place of access (the “Platform”).

PURPOSES OF PROCESSING

Primary. At MadTech, we collect your Personal Data for the following purposes:

To respond to Data Subjects' requests and questions;
To comply with the legal relationship established with Data Subject users by virtue of our terms and conditions (the “Terms and Conditions”) and this Notice;
Processing, updating, modifying, canceling, and/or confirming MadTech's services, products (the “Services”) and information related to them sent by MadTech to Data Subjects through the Platform, phone calls, and/or email; and,
To comply with the obligations contracted by the Data Subject with Madtech by virtue of the Services; (vi) to respond to requests to exercise cancellation of consent for Personal Data or ARCO Rights (as defined in the MEANS TO EXERCISE ARCO RIGHTS Section of the Notice) from Data Subjects.

Secondary. Likewise, the Personal Data collected may be used for the following purposes that are not necessary for the Services, but that help us provide better service to Data Subjects:

Evaluation of Service quality;
Receiving news, offers, promotions, and information from MadTech;
Sending newsletters; as well as
Sending information for marketing, advertising, and commercial prospecting purposes from MadTech

MECHANISMS TO REFUSE PROCESSING OF PERSONAL DATA FOR SECONDARY OR ACCESSORY PURPOSES

If you do not want us to use your Personal Data for secondary purposes (e.g., marketing, advertising, and newsletters), you can opt-out at any time by: (i) clicking the “Unsubscribe” link included at the bottom of each email; or (ii) sending an email to contacto@mad.tech with the subject “No secondary purposes”. Your decision will not affect the Primary Purposes.

WHAT PERSONAL DATA DO WE PROCESS?

At MadTech, we only collect your Personal Data to the extent that you provide it to us and in accordance with the Purposes established in this Notice.

CATEGORY OF PERSONAL DATA	DESCRIPTION
Identification data	Name.
Contact data	Landline phone; and Cellphone.
Academic data	We do not collect academic data. If for any reason you provide us with any of this data, it will be used exclusively to the extent you have authorized and for the minimum time necessary.
Employment data	Company you work for; Position Industry
Physical characteristics data	We do not collect data on physical characteristics. If for any reason you provide us with any of this data, it will be used exclusively to the extent you have authorized and for the minimum time necessary.
Patrimonial or financial data*	We do not collect patrimonial or financial data. If for any reason you provide us with any of this data, it will be used exclusively to the extent you have authorized and for the minimum time necessary.
Biometric data*	We do not collect biometric data. If for any reason you provide us with any of this data, it will be used exclusively to the extent you have authorized and for the minimum time necessary.

For the collection of Personal Data indicated with an asterisk (*), we require your express written consent. Please check the box at the end of the Notice to express your conformity.

SENSITIVE PERSONAL DATA TO BE PROCESSED

Sensitive personal data is data that affects the most intimate sphere of its Data Subject, or whose improper use may give rise to discrimination or entail a serious risk for them. In particular, data that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical, and moral beliefs, union membership, political opinions, or sexual preference are considered sensitive (“Sensitive Personal Data”).

At MadTech, we do not collect Sensitive Personal Data. If for any reason you provide us with any of this data, it will be used exclusively to the extent you have authorized and for the minimum time necessary.

INDIRECT COLLECTION OF PERSONAL DATA

We may obtain Personal Data through means other than the Data Subject, such as suppliers/business partners, technology platforms that provide us services, publicly accessible directories or databases, and, where applicable, social media profiles/pages with publicly visible information.

When this occurs, we will make this Privacy Notice available to you before its use or at the first contact we have with you, and we will indicate, when appropriate, the origin and categories of data obtained.

By way of example, the categories that could be received indirectly are: identification and contact; employment and academic data linked to professional references; and Platform usage records generated by our service providers (e.g., hosting/analytics). We do not process sensitive personal data through this means, unless you authorize it in accordance with applicable legislation.

You may object to this processing or exercise your ARCO Rights through the means indicated in the MEANS TO EXERCISE ARCO RIGHTS section.

When the Law allows processing without making the notice available (e.g., exceptional cases provided in the Law/Regulations), we will act according to those rules.

PERSONAL DATA TRANSFERS

We commit not to transfer your Personal Data to third parties without your prior consent, except for the exceptions provided in Article 37 of the Law: (i) when the transfer is provided for in a Law or Treaty to which Mexico is a party; (ii) when the transfer is necessary for prevention or medical diagnosis, the provision of healthcare, medical treatment, or the management of health services; (iii) when the transfer is made to holding companies, subsidiaries, or affiliates under the common control of the controller, or to a parent company or any company of the same group as the controller that operates under the same internal processes and policies; (iv) when the transfer is necessary by virtue of a contract concluded or to be concluded in the interest of the Data Subject, by the Controller and a third party; (v) when the transfer is necessary or legally required for the safeguarding of a public interest, or for the procurement or administration of justice; (vi) When the transfer is necessary for the recognition, exercise, or defense of a right in a judicial proceeding, and (vii) When the transfer is necessary for the maintenance or fulfillment of a legal relationship between the Controller and the Data Subject.

Outside of the above exceptions, we may perform national or international transfers for the purposes indicated below. Transfers marked with (*) require your consent; you may grant it via the acceptance box at the end of this Notice. If you do not grant your consent for such transfers, they will not be made.

THIRD-PARTY RECIPIENT OF THE PERSONAL DATA	PURPOSE	COUNTRY	REQUIRES CONSENT?
Amazon Web Services, Inc. (AWS)*	Hosting and cloud infrastructure to operate the Platform; service continuity, backup, and security; storage of information related to your account and operation	United States of America	Yes (*), except when the transfer is made exclusively for the maintenance or fulfillment of the legal relationship with the Data Subject (Art. 37, Sec. VII)

For the transfers indicated with an asterisk (*), we require your consent. Please check the box at the end of the Notice to express your conformity.

Note: In all cases, the third-party recipient will assume the same data protection obligations as MadTech under this Notice, and will apply appropriate security measures. When transfers are international, we will enter into contractual clauses and apply appropriate technical/organizational measures.

REGARDING EXPRESS CONSENT AND EXPRESS WRITTEN CONSENT FOR THE PROCESSING OF YOUR PERSONAL DATA (INCLUDING TRANSFERS)

Please read carefully the legends accompanying the sections WHAT PERSONAL DATA DO WE PROCESS?, SENSITIVE PERSONAL DATA TO BE PROCESSED, and PERSONAL DATA TRANSFERS, which indicate the cases in which we require your express consent or your express written consent.

a. What do we mean by each type of consent?

Express consent: unequivocal manifestation of will through a clear affirmative action (e.g., checking a box, sending a confirming email, clicking “I Accept”).
Express written consent: can be granted by handwritten signature or electronic signature, or by checking boxes in digital media accompanied by technical evidence (date and time, IP address, fingerprint/ticket of the accepted text and user), which we keep as a record linked to the Data Subject.

b. Cases where we will request express written consent

The processing of patrimonial or financial data;
The processing of sensitive personal data; and
The transfers indicated in the transfers table with the symbol (*), except for the exceptions in Article 37 of the Law.

c. Scope and withdrawal of consent

The consent you grant is not retroactive and you can withdraw it at any time through the means indicated in the MEANS TO EXERCISE ARCO RIGHTS section, without affecting the lawfulness of the processing carried out previously.
When the Law permits processing without express written consent.

For clarity: by providing us with your Personal Data, you give express consent; when you check the acceptance box or sign electronically/in-writing, you will be granting express written consent for the cases that require it according to the cited sections.

DATA RETENTION AND BLOCKING PERIODS

We will retain your Personal Data only for the time necessary to: (i) fulfill the primary purposes described; (ii) meet legal obligations and authority requirements; and (iii) within the applicable statute of limitations for the exercise or defense of actions. Once these periods have concluded, your data will remain blocked only for the time strictly necessary for responsibilities arising from the processing and will subsequently be securely deleted or irreversibly anonymized.

MEANS TO EXERCISE ARCO RIGHTS (Access, Rectification, Cancellation, or Opposition)

You have the right at all times to know what Personal Data we have about you, what we use it for, and the conditions of use we give it (“Access”). Likewise, it is your right to request the correction of your Personal Data if it is outdated, inaccurate, or incomplete (“Rectification”); that we delete your Personal Data from our records or databases when you consider that it is not being used in accordance with the principles, duties, and obligations provided for in the Current Legislation (“Cancellation”); as well as to object to the use of your Personal Data for specific purposes (“Opposition” and together with Access, Rectification, and Cancellation, the “ARCO Rights”).

You may exercise your ARCO Rights at any time by sending your request to the department in charge of Personal Data within MadTech (the “Officer”) through the following means:

Email: contacto@mad.tech;
Phone (informative): +52 55 5202 1600
Address for hearing and receiving notifications: Calle Bajío no. 360, Colonia Hipódromo Condesa, Demarcación Territorial Cuauhtémoc, C.P. 06100, CDMX, Mexico

Your request must contain the following: (i) name of the Data Subject and address or other means to communicate the response to your request; (ii) documents that prove your identity or the legal representation of the Data Subject; (iii) a clear and precise description of the personal data with respect to which you wish to exercise ARCO Rights; (iv) any other document that facilitates the location of the Personal Data, and (v) in case of Rectification, the documentation that supports your petition.

We will communicate the decision adopted to you within a maximum period of 20 (twenty) business days from the receipt of the request so that, if it is deemed appropriate, we can make it effective within 15 (fifteen) business days from communicating said response. When circumstances justify it, the referred periods may be extended for equal periods.

MECHANISMS AND PROCEDURES FOR THE DATA SUBJECT TO, IF APPLICABLE, REVOKE CONSENT TO THE PROCESSING OF THEIR PERSONAL DATA

You may revoke your consent to this Notice at any time, by notifying the Officer's email contacto@mad.tech, sending a written statement indicating that you wish to revoke your consent, following the same procedure indicated in the Section titled “MEANS TO EXERCISE ARCO RIGHTS” of this Notice.

OPTIONS AND MEANS OFFERED BY THE CONTROLLER TO DATA SUBJECTS TO LIMIT THE USE OR DISCLOSURE OF THEIR PERSONAL DATA; PORTABILITY OF YOUR PERSONAL DATA

You may at any time limit the Processing of your Personal Data or its disclosure, as well as request that we transmit it to third parties (“Portability”), by following the same procedure in the “MEANS TO EXERCISE ARCO RIGHTS” section above and indicating in detail in writing your wish to limit the Processing or disclosure or to transmit said Personal Data.

When the limitation prevents the provision of the Services, the Processing will continue as you have authorized until the completion of the Service.

PROCEDURE AND MEANS TO COMMUNICATE CHANGES TO THE PRIVACY NOTICE

We constantly try to improve our services, so we reserve the right to change this Privacy Notice at times. We will alert you to any changes by posting a notice on the MadTech site. To continue using our services, you must accept each update to our Notice.

COOKIES, WEB BEACONS, AND TRACKING TECHNOLOGIES

On our Platform, we do not use cookies, web beacons, or other tracking technologies to profile you or for analytical or advertising purposes. Only technical server logs (e.g., IP address, date and time, requested URL) are generated for site security, operation, and maintenance purposes.

If in the future we implement cookies or similar technologies, we will inform you in advance and request your corresponding consent, enabling accept/reject/configure mechanisms.

MINORS

At Madtech, we do not collect Personal Data from minors under 18 years of age. If you are a minor and for any reason provide us with this information, upon realizing it through our verification process, we will proceed to the immediate cancellation of your personal data.

If you believe we may have Personal Data from a minor in our records, we ask you to contact us via email at the following address: contacto@mad.tech.

We strongly recommend that minors under 18 years of age ask their parents for permission before sending information about themselves over the Internet, and we encourage parents to teach their children safe Internet practices.

INFORMATION ABOUT INAI

If you believe your right to the protection of your Personal Data has been harmed by any conduct or omission on our part, or you presume any violation of the provisions set forth in the Current Legislation, you may file your complaint or report with the National Institute for Transparency, Access to Information and Personal Data Protection (INAI). For more information, we suggest you visit its official site: www.inai.org.mx.

Publication: November 05, 2025
Last update: November 05, 2025