Privacy Notice
Introduction
Gas y Petroquímica de Occidente, S.A. de C.V. (“GPO,” “we,” “us,” or the “Company”) is part of the Proman Group. GPO is engaged in the production of anhydrous ammonia, a fundamental raw material used in the manufacture of fertilizers.
We understand that your privacy is important to you and that you care about how information relating to you (“Personal Data”) is used. Therefore, we are committed to ensuring the privacy and security of the Personal Data we process from our customers, vendors, employees, and other individuals, and to protect their rights in accordance with our obligations under applicable Privacy and Data Protection laws, in particular in articles 6, paragraph A, section II, and 16, paragraph second of the Political Constitution of the United Mexican States (Constitución Política de los Estados Unidos Méxicanos – CPEUM), as well as the Federal Law on the Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares – LFPDPPP). These legal frameworks regulate the legitimate, controlled, and informed processing of personal data in order to guarantee privacy and the right to informational self-determination.
This Privacy Notice aims to give you information on how GPO collects and processes your Personal Data.
It is important to note that the protection of personal data is a personal right, so its exercise corresponds only to the owner or, as the case may be, to the person who accredits his representation.
1. What processing activities are covered under this Privacy Notice?
This Privacy Notice informs you how we collect, use, disclose, and process your Personal Data in our role as a Data Controller when you:
-
Interact or use website www.gasypetroquimicadeoccidente.com or any other service that displays or links to this Privacy Notice, including accessing or downloading materials from the resources or portals available on this to you on this website or requesting information about our products and/or services (our “website”);
-
Visit our offices;
-
Participate in our social and/or environmental programs;
-
Receive communications from us or otherwise communicate with us, including but not limited to emails, phone calls, or massages left through the contact from available on the Website;
-
Submit your application for any of our available roles through any of our channels, including email or our application platform, Viterbid, you will receive communications from us regarding your application. Your application includes all the information you choose to share with us for this purpose;
-
Provide your Personal Data for the purposes of administering or use our Services and managing our relationship with you in any manner;
-
Subscribing to our newsletter, mailings;
-
If you are a vendor, customer, and are registered in our CRM system;
-
If you submit a complaint or reach out to us through any of our channels;
-
Register for, attend or take part in an event hosted by us, or if we obtained your contact details because those were shared by the organisers of an event we attended (collectively, “Events”);
-
Participate in internal surveys, feedback programs, stakeholder or third party consultations, and satisfaction assessments;
-
Appear in photographs or video recording taken at corporate events, visits, or programs (with consent when applicable);
-
Are subject to due diligence or background checks as part of vendor onboarding or compliance review processes;
-
Interact with us on our social media platforms or through any digital campaign where we collect user engagement data.
2. Where do we collect your Personal Data from?
Personal data is any information relating to an identified or identifiable individual. This includes information you provide to us, information which is collected about you automatically, and information we obtain from third parties.
Personal Data you provide us
The Personal Data we receive from you may include contact details (full name, email address, phone number), professional or employment-related data (employer, role, position), financial account data, commercial data, job application data (CV, employment history, educational background), and the content of the messages you send to us via email.
Personal Data we collect about you automatically
To the extent permitted under the applicable law, we may collect certain types of information automatically, for example whenever you interact with our website or use our products and/ or services. This information helps us address customer support issues, improve the performance of our sites and services, maintain and or improve your user experience, and protect your account from fraud by detecting unauthorised access.
| Category of Personal Data | Types of Personal Data |
| Browser information | Collected automatically via analytics systems providers from your browser, such as IP address, referral site, login information browser type and version, time zone setting, operating system and platform. |
| Usage information | Generated by your use of our websites, applications and services, and collected normally via Cookies, web beacons, pixels or similar technologies. This includes device information such as device identifier, device operating system and model, device storage, location information, network address, system activity and information regarding the pages you visit, length of the visit, page response time, page interaction such as scrolling, clicks, and mouse overs, among others. |
| Marketing information | Website activity and preferences expressed through selection, viewing, purchase of products and offered through our website and platform; Mobile device information such as type of device, device identification number, mobile operating system. This also includes information collected via Cookies. |
Information we receive about you from other sources
From our Customers / Vendors: We receive and store your data to satisfy contract obligations. For example, when setting up new customers for our products and/ or services we collect Personal Data, such as name and e-mail address, to provide our clients with the services. To that end, someone within your company may share your personal data to us. The types of information we may collect directly from our customers include names of their employees, usernames, email addresses, phone numbers, job titles. We assume that those entities have the authority to share personal data about their employees with us.
From Third Parties, Affiliates and Business Partners: GPO is part of the Proman Group. It is possible that we receive personal data from other entities of the Proman Group. For example, if you contacted Proman and manifested an interest in our Services or products, it is likely that the Proman entity you contacted will share your personal data with GPO.
3. Our use of Cookies and Similar technologies
We use common information-gathering tools, such as tools for collecting data, cookies, web beacons, pixels, and similar technologies to collect information that may contain personal data as you navigate our Websites, our Services, or interact with emails we have sent to you.
This information includes URL information, online identifiers such as cookie data and IP addresses, other identifiers such as user ID, organization ID, username, password, email address, name, and user type, pages and files viewed, search queries, and other actions you take, information about your device such as your device ID, hardware model, app version, access times and dates, IP addresses, network connection type, carrier and region, geolocation of the website visitor, provider, plug-ins, integrations, referring website, app or ad, browser type, language, date and stamps time, and operating system.
Usage information also includes information collected via Cookies. The Cookie Banner available in the Website will notify you separately of which cookies are being collected, and will give you an option to customize and consent (or not) the Cookies we would like to collect, together with information about types and use of Cookies.
Cookies
We use cookies on our website. We use functional and strictly necessary cookies that are used to enhance the performance and functionality of our website to give the visitors a better browsing experience. We also collect analytical cookies through the use of Piwik PRO Analytics Suite (as described below). Cookies are small text files that are stored on your system and provide us with certain information.
On our website we use transient and persistent cookies. Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser. You can configure your browser settings according to your preferences and, for example, refuse the acceptance of third party cookies or all cookies. Please note that in this case you may not be able to use all functions of the website. We also use cookies to identify you for follow-up visits if you have an account with us. Otherwise you would have to log in again for each visit.
The use of cookies serves to make the use of our website a more pleasant experience for you and to optimise user-friendliness.
We also use cookies to compile statistics on the use of our website, to help us evaluate it and improve it to serve your needs. These cookies enable us to realize automatically that this is not your first visit when you return to our site. These cookies are automatically deleted after a defined period of time.
We also use cookies for marketing and advertising purposes.
Piwik PRO Analytics Suite
We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies. This allow us to improve our website and see how users and visitors interact with it. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO.
We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyze visitor behaviour, show personalized content and run online campaigns.
We host our solution on Microsoft Azure in Germany, and the data is stored for 14/25 months.
The purpose of data processing: analytics and conversion tracking based on consent. Legal basis: Art. 6 (1)(a) GDPR.
Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO’s privacy policy.
4. How and Why do we use your personal Data?
We collect and process your personal data for the following purposes and relying on the following legal bases:
| Processing Purpose | Legal Basis |
| To manage our contractual relationship with your employer or with you. This covers onboarding you as a customer, creating and administering your account, and managing our CRM system. Categories of Personal Data: Biographical information and contact information, Personal information regarding corporate clients, acount, security and authentication information. | Processing is necessary for the performance of a contract to which you are a party. Our legitimate interest in the management of customer and user account. |
| To communicate with you on service-related matters It involves communicating with you about the service, mailing, receiving service communications, etc. It also covers customer support and trouble-shooting activities such as answering your questions, complaints and disputes. Categories of personal data: Biographical information and contact information, Employment information, Communication information, Account, security and authentication information, Browser information, Usage data. | Processing is necessary for the performance of a contract of which you are a party. Processing is necessary for the purpose of the legitimate interest pursued by us to improve our services and enhance our user experience. |
| For internal business purposes and record keeping. Categories of personal data: Biographical information and contact information, Personal information regarding corporate Clients, Employment information. | Processing is necessary for the purpose of the legitimate interest pursued by us to keep records to ensure that you comply with your contractual obligations pursuant to the agreement governing our relationship with you, for internal business and research purposes as well as for record keeping purposes. Processing is also necessary to comply with our legal obligations to keep certain records. |
| To do research, improve our services and innovate. We process personal data to improve our services and for you to have a better user experience. We may aggregate your personal data with the personal data of our other clients on an de-identified basis (that is, with your personal identifiers removed), so that more rigorous statistical analysis of general patterns may lead us to providing better products and services. Some of this information may be used for marketing purposes as described below. Categories of personal data: Biographical information and contact information, Communication information, Account, security and authentication information, Browser information, Usage data, Marketing information. | Processing is necessary for the purpose of our legitimate interest to improve and run our services through information obtained through your use of our services, your interaction with customer support, your responses to our surveys, and in general, your communications with us. |
| Providing and improving our Websites Categories of personal data: Browser information, Usage information, Marketing preferences, Marketing information. | Our legitimate interest in providing relevant online content and well-functioning Websites to our customers and prospective customers regarding our service offering and related information. Our legitimate interest in maintaining the integrity and security of our Website. Your consent, when requested (e.g., for the use of cookies). |
| If you apply for a job with us at our through any of our channels or via our AI driven recruitment platform Viterbid. Viterbid is a recruitment platform embedded in our website. For more information about the use and lawful basis of Viterbid, please refer to the career section Proman | GPO. Categories of personal data: Biographical and contact details, employment and communication information, bank account and financial details, as well as official certificates and documents (e.g. diplomas), used to verify your identity and the information you have provided. This information will be collected directly by Vitebird, and each candidate will be required to sign the corresponding privacy notice with them. | Our legitimate interest in conducting recruiting activities. Processing is necessary for the performance of a contract to which you are a party. |
| If you participate in our social or environmental programs. Your data may be used for managing our social media platforms and public communications related to these program. Categories of personal data: name, contact details, videos and photos. | Your consent. |
| To enforce and defend our rights This includes initiating legal claims, preparing our defence in litigation procedures, addressing legal or administrative proceedings whether before a court or a statutory body and to investigate or settle issues, enquiries and/or disputes. Categories of personal data: Biographical information and contact information, employment information, personal information regarding corporate Clients, Communication information, Account, security and authentication information, Browser information, Usage information, Marketing information. | It is in our legitimate interest to enforce and defend our rights and to ensure that issues, enquiries and/or disputes are investigated and resolved in a timely and efficient manner. |
| Legal and Regulatory compliance (environmental, labor, tax) | Compliance with legal obligation. |
| To conduct audits, inspections, and internal investigations Including internal reviews or external audits (e.g. financial, operational, labor, environmental, data protection). Categories of personal data: Any information necessary for the audit purpose, including contact data, contracts, payroll, email exchanges. | Legal obligation and legitimate interest in corporate governance and regulatory compliance |
| To manage ethics or whistleblowing reports Handling of complaints or concerns submitted through ethics or integrity channels, including anonymous reports. Categories of personal data: Contact details (if not anonymous), reported facts, identity of individuals involved. To conduct audits, inspections, and internal investigations Including internal reviews or external audits (e.g. financial, operational, labor, environmental, data protection). Categories of personal data: Any information necessary for the audit purpose, including contact data, contracts, payroll, email exchanges. | Legal obligation to comply with ethics and anti-corruption regulations; legitimate interest in ensuring integrity and compliance. |
| To carry out due diligence on suppliers, contractors, and third parties To comply with internal compliance standards, prevent conflicts of interest, and mitigate legal, reputational, and operational risks. Categories of personal data: Biographical and employment information, financial and commercial data, legal background, identification documents. To manage ethics or whistleblowing reports Handling of complaints or concerns submitted through ethics or integrity channels, including anonymous reports. Categories of personal data: Contact details (if not anonymous), reported facts, identity of individuals involved. | Compliance with legal obligations (e.g. anti-corruption, tax, and sanctions laws), legitimate interest in risk prevention. |
| To manage access control and physical security This includes the use of video surveillance (CCTV), access cards, visitor logs, and other mechanisms to ensure the safety of our employees, facilities, and assets. Categories of personal data: Biographical information, image and video data, identification documents, date and time logs. | Legitimate interest in safeguarding facilities, personnel, and confidential information. Compliance with legal obligations (e.g. anti-corruption, tax, and sanctions laws), legitimate interest in risk prevention. |
5. Who do we share Personal Data With?
Where applicable, we share your Personal Data in the following circumstances:
Vendors, contractors, and other service providers
GPO may share personal data with services providers or other third parties that carry out functions or services in our behalf or that assist or enable our operations. These service providers include hosting, cloud service, email and collaboration service providers, website analytics companies, freelancers, product feedback or help desk/customer support and CRM service providers, head-hunters, recruitment platforms, travel agencies and travel service providers, scheduling programs and IT processing systems.
We may also share Personal Data with external professional advisors such as lawyers, auditors or accountants.
Personal Data will only be disclosed if such service providers have provided sufficient guarantees to implement appropriate technical and organizational measures to protect your personal data and that is consistent with this Privacy Notice and applicable law. Please note that these service providers will only access your personal data on a need-to-know basis as a part of their partnerships with us. If you have any questions as to how these service providers handle your personal data, you may contact us using the details provided in Section 11.
Business Transfers
We may choose to buy or sell assets, and may share and/or transfer customer information, including Personal Data, in connection with the evaluation of and entry into such transactions and based on our legitimate interest. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal data could be one of the assets transferred to or acquired by a third party.
Proman Group Companies, partners and affiliates
As already explained in Section 2, we may also share your personal data with our parent companies, subsidiaries and/or affiliates for purposes consistent with this Privacy Notice. personal data is transferred between Proman Group Entities to ensure efficient and effective business operations and to enable Proman Entities to provide customer, sales, marketing, human resource, finance, information technology, legal, quality assurance, software/product development, and other support services. We may also share your personal data with business partners to provide our products and/ or services.
Public authorities
We may share your personal data to public authorities, regulatory bodies, law enforcement agencies, or other government institutions when required to do so by applicable laws or regulations. Such disclosures may occur in response to legal obligations, court orders, or lawful requests, and only to the extent necessary to comply with those obligations. We ensure that any such sharing of data is conducted in accordance with data protection laws and with appropriate safeguards in place to protect your rights and freedoms.
6. How long do we keep your Personal Data?
We may retain your personal data for a period of time consistent with the original purpose of collection (see Section 4 above) or as long as required to fulfil our legal obligations. We determine the appropriate retention period for personal data on the basis of the amount, nature, and sensitivity of the personal data being processed and in accordance with the purpose for which it was collected, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiry of the applicable retention periods, your personal data will be deleted.
If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.
7. How do we Secure your Personal Data?
We take appropriate precautions including organizational, technical, and physical security measures to help safeguard against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the personal Data we process or use.
While we follow generally accepted standards to protect personal data, GPO cannot fully guarantee the security of the information since it may rely on the use of different security systems including the system you are using to communicate with us. You are solely responsible for protecting your password, limiting access to your devices, maintaining up-to-date and patched version of software and operating system, and signing out of our Website after your sessions.
8. Transferring your Data to Other Countries.
GPO is part of a Group that operates globally. Your personal data may be transferred to and stored by us or by our affiliates and third parties described in Section 5 above, located in other countries. Consequently, your personal data may be processed outside your jurisdiction, and in countries that may not provide for the same level of data protection as your jurisdiction.
However, we ensure that the recipient of your personal data provides an adequate level of protection, for example by entering into appropriate processing agreements and, if necessary, standard contractual clauses or an alternative lawful data transfer mechanism in accordance with the applicable regulations.
9. What are your Privacy Rights?
Subject to applicable law, as outlined below, you have a number of rights in relation to your privacy and the protection of your personal data.
In Mexico, under the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), you are entitled to exercise your ARCO rights: Access, Rectification, Cancellation, and Opposition. These rights aim to give you control over your personal data and how it is used.
Under other Privacy Laws, your rights may include the following:
-
The right to access your Personal Data;
-
The right to have your Personal Data rectified, corrected or updated;
-
The right to have your Personal Data has been sold, shared or disclosed;
-
The right to data potability, as permitted by law.
-
The right to object or restrict to the processing of your Personal Data;
-
The right not to be subject to a decision based solely on automated processing and profiling, which produces legal effects; and
-
The right to lodge a complaint before your local supervisory authority.
For any activities for which you have given your consent, you have the right to withdraw that consent at any time. Please note that the withdrawal of consent does not affect the lawfulness of any processing carried out based on your consent before it was withdraw.
Exercising your rights is free of charge. However, if a request is excessive or unfounded, we may charge a reasonable fee or deny the request.
Your Personal Data will be processed when responding to these rights requests and we may request you additional documentation to verify your identity before fulfilling your request.
If you wish to exercise your ARCO rights, please contact us by clearly specifying your request through any of the channels listed in Section 11. We will respond within 20 business days, and if appropriate, your request will be implemented within the following 15 business days, in accordance with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP).
For other types of requests, we will respond within one month, in accordance with the applicable regulations. If we require additional information to process your request or verify your identity, we will contact you. If your request cannot be fulfilled due to a legal exception or limitation, we will provide a written explanation. Should we need more time to respond, we will notify you in writing with the reason and the expected extension period.
Should you have concerns about your privacy rights or should you feel unsatisfied with our treatment, collection, or use of your Personal Data, we remind you that you have a right to lodge a complaint with the Federal Consumer Protection Agency (Procuraduría Federal del Consumidor – PROFECO), through the following link: Plataforma Nacional de Transparencia.
10. Changes to the Privacy Notice
We are constantly trying to improve our Website and services, so we may need to change this Privacy Notice from time to time. We will alert you to material changes by, for example, placing a notice on our Websites and/or by sending you an email (if you have registered your e-mail details with us) when we are required to do so by applicable law. You can see when this Privacy Notice was last updated by checking the date at the bottom of this page. You are responsible for periodically reviewing this
Privacy Notice.
11. Contact Us
For any questions or concerns about this Notice, or if you require additional information or would like to exercise your privacy rights, contact us in any one of these ways:
-
E-mail: info.gpo-mexico@proman.org
-
Write to us at: Carretera Los Mochis – Topolobampo Km. 18+600 S/N, Topolobampo, Ahome, Sinaloa, México, 81370.
-
Phone: (668) 172 3378
Your continued use of our services without objecting to the terms set forth in this Privacy Notice will be considered as your acceptance, consent, and authorization to the processing of your personal data in accordance with its provisions.