Skip to main content
Go to search page Work With Us

PROCEDURE FOR EXERCISING ARCO RIGHTS

Every individual, as the owner of their personal data (or through their representative), has the right to access such data, rectify it, request its cancellation, or object to its processing. These rights are known as ARCO Rights and are independent from one another, meaning that exercising any one of them is neither a prerequisite for nor an impediment to exercising another.

Right of Access

This is the right to request access to personal data contained in databases, systems, files, records, or archives used or maintained by the company, as well as to obtain information related to the conditions or general aspects of the processing thereof.

Right of Rectification

This is the right to request the correction of personal data in the company’s possession when such data is inaccurate, incomplete, or outdated.

Right of Cancellation

This is the right to request that personal data be deleted or removed from the company’s files, records, archives, systems, or databases and cease to be processed by the company. If cancellation is deemed appropriate, the data must first be blocked and subsequently deleted. However, personal data may not always be deleted, particularly when necessary for the company’s compliance with legal obligations.

Right of Opposition

This is the right to request that the company refrain from using personal information for certain purposes or require that the use thereof cease. As with cancellation, processing may not always be prevented when personal data is necessary for compliance with the company’s legal obligations.

When Does the Exercise of ARCO Rights Not Apply?

  • When the owner of the personal data or their representative is not duly accredited
  • When the personal data is not in the possession of the Data Controller
  • When third-party rights are affected
  • When there is a legal impediment or a resolution issued by a competent authority restricting access to personal data or preventing rectification, cancellation, or opposition

In such cases, the company shall respond to the request in writing and inform the requester of the reasons for inadmissibility.

Procedure

If you wish to exercise these rights regarding the processing of your personal data, please note that only you, as the owner of the personal data, or your legal representative, may submit such request.

Below is the procedure for submitting and processing an ARCO Rights request.

  1. Requirements for Submitting a Request
    1. Submit the request through the mechanism indicated in the Privacy Notice: ComplianceTJ@confie.com
    2. General information that must be included:
      • Full name of the owner of the personal data
      • Documents proving the identity of the owner or, where applicable, the authority and identity of their representative
      • Address or any other means for receiving notifications
      • Clear and precise description of the personal data with respect to which any ARCO Right is to be exercised, except in the case of the right of access
      • Description of the ARCO Right to be exercised or the specific request made by the data subject
      • Any other element or document facilitating the location of the personal data
    3. Specific information depending on the right to be exercised:
      • Access: The format in which the requester prefers the requested personal data to be provided
      • Rectification: The modifications requested to the personal data, together with supporting documentation
      • Cancellation: The reasons motivating the request for deletion of the data from the Data Controller’s files, records, or databases
      • Opposition: The legitimate reasons or circumstances leading the requester to seek termination of the processing of personal data, as well as the harm or prejudice that continued processing would cause, or the specific purposes with respect to which the right is being exercised
  1. Method of Verifying the Data Subject’s Identity

    2. The request must be accompanied by a simple copy of an official identification document belonging to the owner of the personal data and, where applicable, their representative.

    Valid official identification documents include:

    1. Voter identification card
    2. Passport
    3. Driver’s license
    4. Immigration document

    Where applicable, the authority of the representative may be verified through:

    1. A simple power of attorney letter
    2. A public instrument (document executed before a Notary Public)
  1. Deadlines for Processing Requests

    2. Once the request has been submitted with all the requirements described above, the company shall have 20 business days from the day following receipt to inform the requester whether the requested right may be exercised.

    • If the request is deemed admissible, the company shall have an additional 15 business days from the day following notification of such determination to comply with the request.

    These periods may be extended for an additional equivalent period when justified and duly communicated to the requester.