A. Identity and Domicile of the Data Controller

Pursuant of the provisions of the Federal Law on Protection of Personal Data Held by Individuals (hereinafter, the "LFPD"), and the remaining applicable provisions, Bello, Gallardo, Bonequi y García, S.C. (hereinafter, the "Data Controller"), with domicile for receiving notices in Agustín Manuel Chávez, número 1-001, Centro de Ciudad de Santa Fe, Zipcode: 01210, Mexico City, Mexico, expressively informs you that:

B. Personal Data Collected and Submitted to Processing

For the purposes pointed on this Privacy Notice, the Data Controller processes the following categories of personal data:

• Identification data;
• Personal data; and
• Social circumstances data.

C. Sensitive personal data processing. Health data.

The Data Controller does not collect sensitive personal data in order to carry out its purposes and the owners who are social media users must refrain from sending this kind of data through the channels available in such media.

D. Liability of the Data Controller, the social media users’ owners, and the service deliverers in social media.

The Data Controller processes personal data of the owners who are social media users through the access and management of the information that such owners who are users post or spread through the profiles created in each one of the social media platforms used to get in contact with the Data Controller. This process also includes using personal data for purposes such as the spread of activities of the Data Controller or its company group.

The Data Controller accesses, manages, and uses the personal data of the owners who are social media users only when the owners who are users stay related to the profiles that the Data Controller manages in each one of the implicit social media platforms.

The owners who are users are responsible for the accuracy, veracity, and update of the personal data posted in their social media profiles, the spreading level of their information, and the access by third parties to such information in these profiles. All owners who are social media users are recommended to check periodically the privacy configuration of the profiles in each of the websites they may be using to link with the Data Controller.

The social media service providers are responsible for the databases created with the users' personal data of such platforms. In turn, such services providers are responsible for the security measures adopted by them to safeguard the users' personal data.

In accordance with the foregoing, the Data Controller is bound to provide appropriate access, management, and use of the personal data of the owners who are users that are related to the profiles managed by the Data Controller in several social media. New databases are not created with the information and/or personal data of the owners who are social media users.

E. Processing Purposes.

a.) Original and necessary purposes

1. Followers management in social networks (Facebook, Twitter, Youtube, Foursquare, Google+, etc.);
2. Newsletter subscribers management.
3. Activities communication.
4. Followers statistics in social media.

b.) Additional purposes

1. There are none.

F. Personal data transfers

For the purposes indicated in the previous section, no data transfers are made to third parties.

G. Data Transfer Consent.

Your personal data will not be transferred to third parties without your consent, except on the cases foreseen in Article 37 of the LFPD and all cases in compliance with the conditions foreseen in Article 17 of the LFPD Regulations.

I. Exercise of ARCO rights before the providers of social network services.

The exercise of ARCO rights before the providers of social network services in which the owners-users have created a profile will be governed in accordance with the applicable legislation under the terms and conditions set forth in the Privacy Notices, Privacy Policies, and/or Legal Notices that each provider has provided in the social networks they operate and manage.

H. ARCO rights exercise

In all legally proceeding cases, you may exercise your rights to Access, Rectify, Cancel, and Oppose (ARCO) through the procedures that we have implemented.

The relevant request must fulfill all the requirements established in the current legislation, through a written notice addressed to our Personal Data Area, to the domicile indicated in this Notice, Item A.

The request must contain and be accompanied by the following:

1. Your name and domicile or another mean to inform you the response to your request;
2. The documents proving your identity or, when applicable, the legal representation;
3. The clear and precise description of the ARCO Rights that you want to exercise; and
4. Any other element or document that facilitates the localization of the personal data.

The Data Controller will inform you of the decision taken within a maximum of 20 (twenty) business days from the date it receives the relevant request. If the request is applicable, it will be effective within fifteen business days from the date on which the Data Controller communicates the response. In case the information provided in your request is incorrect or insufficient, or the necessary documents to prove your identity or the corresponding legal representation are not attached, the Data Controller, within five business days following the receipt of your request, will require the amendment of the deficiencies in order to be able to process it. In these cases, you will have ten business days to respond to the request for amendment, counted from the day after you have received this request. The request will be deemed as not filed if you do not respond within that period.

Alternatively, you may direct your request through our Personal Data Area to the email address datospersonales@bgbg.mx, in compliance with all the requirements previously numbered, establishing as Subject of the communication "ARCO Rights and/or consent withdrawal." The procedure terms will be the same as the ones mentioned in this section. The use of electronic means for the exercise of ARCO Rights authorizes the Data Controller to respond to the relevant request through the same means unless the owner clearly and expressly points out another means.

You may obtain the requested information or personal data through uncertified copies, electronic documents in conventional formats (Word, PDF, etc.), or through any legitimate means guaranteeing and accrediting the effective exercise of the requested right.

You will be responsible for keeping updated your personal data in possession of the Data Controller. Therefore, you guarantee and are responsible, in any case, for the truthfulness, accuracy, validity, and authenticity of the personal data provided and undertake to keep them duly updated, communicating any changes to the Data Controller.

J. Revocation of Consent

You may revoke your consent to the processing of your personal data, without any retroactive effect, if such revocation does not imply the impossibility of complying with obligations arising from a legal relationship in force between you and the Data Controller.

You may revoke your consent to the processing of your personal data by unsubscribing to the profile of the Data Controller in any of the relevant social networks.

The procedure for the revocation of consent will be the same as the procedure established in the section above for the exercise of ARCO rights, if applicable.

K. Limitations of the use and disclosure of your personal data

You may limit the use or disclosure of your personal data by addressing the relevant request to our Personal Data Area. The requirements for proving your identity, as well as the procedure for handling your request, will be the same requirements indicated in section "Exercise of ARCO rights".

However, we remind you that you, as owner-user of social networks, are responsible for the accuracy, veracity, and update of the personal data you publish on your social network profiles, as well as for the degree of dissemination of and access to your information which you allow or authorize to third parties through such profiles.

K. Amendments or updates to this Comprehensive Privacy Notice.

The Data Controller may amend, update, extend, or otherwise change the content and scope of this Privacy Notice at any time and at their own discretion. In such cases, we will publish such changes on our website www.bgbg.mx, Section "Privacy Notices". The changes to this Privacy Notice may also be communicated by email or through the relevant social network profile of the Data Controller, as long as such means had been established as a communication channel between you and the Data Controller during your relationship with the Data Controller or when the interface of the social networks so allows.