Being a commitment from CBM INGENIERÍA EXPLORACIÓN Y PRODUCCIÓN, S.A. DE C.V. to maintain the confidentiality of the personal data that they file and based on respect for the right to privacy, the principles of legality, consent, information, quality, purpose, loyalty, proportionality, responsibility; compliance with the provisions of the Federal Law on Protection of Personal Data in Possession of Individuals hereinafter “The Law” and the Regulation of Federal Law on Protection of Personal Data in Possession of Individuals hereinafter “The Regulation”, by giving to know this privacy notice.

RESPONSIBLE DATA

The Responsible CBM INGENIERÍA EXPLORACIÓN Y PRODUCCIÓN, S.A. DE C.V., is a company legally constituted under the Mexican Laws, who designates as domicile for the purposes related to this notice the one located at Calle Enrique Ibsen 43, 5th floor, 502, Col. Polanco, Miguel Hidalgo Delegation, Postal Code 11560, in Mexico City, which is committed to maintaining the confidentiality of the personal data contained in its files and of the personal data provided by the owner.

AVAILABLE MEDIA FOR COMMUNICATION

It is the Respondent’s conviction to protect personal data that under its control has to comply with and enforce within the organization, the Federal Law on Protection of Personal Data Held by Private Parties, as well as its regulations. To do so, it makes available to the Owner the following contact information through which any request to limit the use or disclosure of Personal Data, clarification or complaints will be received.

Email:

derechosARCO@cbmex.com.mx

www.cbmex.com.mx/avisodeprivacidad.html

Address:

Calle Enrique Ibsen 43, piso 5, 502

Col. Polanco,

Delegación Miguel Hidalgo,

Código Postal 11560,

Mexico City.

The administrative, physical and technical security measures that guarantee the quality of personal data are taken into account and maintained for its treatment, taking into account the existing risks, the consequences for the owners, the nature of the data and technological development. These measures are not less than those used with the information of the organization.

PERSONAL INFORMATION

The Responsible party collects and treats the following personal data in a lawful manner, as long as no objection is expressed at the time that Personal Data is provided directly or to manifest subsequent opposition in the media described in the previous section. By only sending a free written statement expressing the desire to revoke the consent at any time.

The Holder will provide personal data such as: full name, date of birth, nationality, federal taxpayer record, nationality, sex, marital status, email, address, telephone number, among others.

Also, the owner may provide sensitive data, which will be treated under security measures provided by “The Law” or other laws, ensuring confidentiality at all times.

According to art. 40,41 and 42 of “The Regulation”, the above personal data will be used for the following purposes necessary to establish the legal relationship with the organization. Activities of internal administration and own of its social object. Consulting, assistance, support and / or operative activities Client and service management.

The treatment of the Personal Data provided by the Owner to the Responsible Party will be limited to compliance with the purposes set forth in this privacy notice and for different purposes that are compatible or analogous to those established in the aforementioned notice, without it being necessary to obtain again the consent of the Holder.

By making this Privacy Notice available to the Holder and not expressing this opposition, it shall be understood that the Holder grants the Responsible party their consent to carry out the processing of the Personal Data that may have been provided and / or that due to any of the purposes set forth in this notice provide in the future, either personally, or any electronic, optical, audio, audiovisual or through any other technology or means with which the person in charge can count.

The Responsible informs that any communication by unprotected email made through the Internet may be subject to interception, loss or possible alterations, in which case, the Holder may not demand from the Responsible any compensation for any damage resulting from the interception, theft, loss or alteration related to an email message between the parties.

The Holder states that the Personal Data provided to the Responsible Party is true and is responsible for communicating to the latter any modification to the same through the formats designated for it.

The Holder authorizes the Responsible to gather Personal Data through third parties that the Holder has authorized against the Responsible as references. It will be the responsibility of the Owner to inform those third parties about the information provided to the Responsible Party and the purposes of the same, not being the responsibility of the Responsible to inform those third parties about the content of this privacy notice.

TRANSFER

The Responsible undertakes to take care of compliance with all the legal principles of protection regarding the transfer of personal data. Similarly, it expresses its commitment to respect at all times, this privacy notice, by individuals and corporations to which the information provided may be transferred and when the transfer is necessary for the maintenance or fulfillment of a relationship legal relationship between the Responsible and the Holder.

The personal data described above can be transferred and processed by the third parties described below. All the aforementioned purposes are in the cases of art. 37 of the law, so it is not necessary to obtain consent for their transfer:

THIRD
Banks
Media
Government dependencies
Insurance companies
Professional services firms
Certifying entities
Business alliances

PURPOSE
Payment, deposit and prospecting
Promotion and fulfillment of events
Compliance with applicable legislation
Processing of insurance and guarantees
Audit, consulting and support
Validation in compliance with best practices
Services and support

Sensitive personal data are transferred to private third parties and government agencies for the purposes contained in Art. 37 of the Law:

THIRD
Federal and State Dependencies
Medical emergency services
Insurance companies

PURPOSE
Compliance with legal obligations
Medical emergency services
Life insurance procedure
The written consent will be requested when collecting your sensitive data.

By the means that are made available in the section “AVAILABLE MEDIA OF COMMUNICATION”, we will gladly receive the request of refusal to the processing of personal data. Detailed information on the use of the above personal data may be provided upon request of the owner by the mechanisms to exercise the ARCO rights described later in the section of the same name.

The detailed information of the natural or legal persons to whom the personal data is transferred may be provided upon the request of the owner in the mechanisms provided to exercise the ARCO rights.

LIMITATION OF USE AND DISCLOSURE OF DATA

The Responsible has adopted the levels of security and protection of Personal Data required by Law, additionally, may implement other means and technical measures that are within their reach to prevent loss, misuse, alteration, unauthorized access and theft of Personal Data provided by the Holder.

DEADLINE OF CONSERVATION

The Responsible will proceed to cancel and carry out the previous suppression blocking of the personal data once they fulfill the purpose that justified their treatment. The cancellation of personal data will not be made when the assumptions of articles 26 and 34 of the Law are applicable.

EXERCISE OF ARCO RIGHTS

The owner, by himself or through a duly accredited legal representative, may exercise the rights of Access, Rectification, Cancellation or Opposition, in front of the Responsible by means of an application with the following information in physical or electronic document using the means we place at his disposal described in the section “AVAILABLE MEANS OF COMMUNICATION” at the top of this notice. Name and address, as well as any additional information that may be used to contact you. Documents that prove the identity. Concise and clear description that describes the rights that you wish to exercise, as well as the personal data involved. In the case of requesting rectification of personal data, you must accompany the documentation that supports the request. Clearly indicate contact details of the owner, being important to note that in the event that it is necessary to send the documents physically, the corresponding generated costs will be charged to the requesting owner. The response to the request will be made within the deadlines set by the Law as long as they are not under the circumstances of exception of article 26 of the law and 75 of the regulation.

REVOCATION OF CONSENT

According to article 21 of “The Regulation”, at all times the owner may revoke the consent that has been granted for the processing of their personal data, in order to stop making use and transfer of them by using the mechanisms provided for it in this document.

In the same way, it is necessary to send the petition through the means mentioned in this notice and it must be accompanied by the following information: Name and address, as well as any additional information that may be used to contact you. Documents that prove the identity. Data about which you specifically want to revoke the consent. In the cases in which the Holder wishes to revoke the authorization granted to the Responsible regarding the Personal Data provided, he must make the corresponding request in the same terms established in this privacy notice to exercise the ARCO rights.

MODIFICATIONS TO THE PRIVACY NOTICE

The Responsible reserves the right to make modifications or updates to this privacy notice at any time, for the attention of internal policies or new requirements for the provision or offering of its services.

These modifications will be available through the means described in this document in the section “AVAILABLE MEANS OF COMMUNICATION” or through its page www.cbmex.com.mx or the one that will replace it.

GLOSSARY

Privacy Notice: Physical, electronic document or in any other format generated by the person in charge who is made available to the owner, prior to the processing of their personal data, in accordance with articles 15, 16 and 17 and other relative and applicable ” The law”.

Databases: The ordered set of personal data referring to an identified or identifiable person.

Blocking: The identification and preservation of personal data once the purpose for which they were collected has been achieved, with the sole purpose of determining possible responsibilities in relation to their treatment, up to the legal or contractual limitation period of these. During this period, personal data can not be processed and once this has elapsed, it will be canceled in the corresponding database.

Consent: Manifestation of the will of the owner of the data through which the treatment of them is effected.

Personal data: Any information concerning an identified or identifiable natural person.

Sensitive personal data: Personal data that affect the most intimate sphere of its owner, or whose misuse may give rise to discrimination or entail a serious risk to it. In particular, those who can reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical and moral beliefs, union affiliation, political opinions, sexual preference are considered sensitive.

ARCO Rights: Rights of Access, Rectification, Cancellation and Opposition foreseen in the Federal Law of Protection of Personal Data in Possession of Individuals. Responsible: The individual or legal entity that alone or jointly with others treats personal data on behalf of the person in charge.

Source of public access: Those databases whose consultation can be carried out by any person, with no more requirement than, if applicable, the payment of a consideration, in accordance with the provisions of the Regulations of this Law.

Law: Federal Law for the Protection of Personal Data in Possession of Individuals.

Guidelines: Privacy Notice Guidelines.

Regulation: Regulation of the Federal Law of Protection of Personal Data in Possession of Individuals.

Responsible: Private physical or moral person that decides on the processing of personal data.

Third: The natural or legal person, national or foreign, different from the owner or data controller.

Owner: The natural person to whom the personal data correspond.

Treatment: The obtaining, use, disclosure or storage of personal data, by any means. The use covers any action of access, handling, use, transfer or disposal of personal data.

Transfer: Any communication of data made to a person other than the person in charge or in charge of processing.

Headquarters Mexico City
Enrique Ibsen N° 43, Floor 5, 502,

Colonia Polanco, Delegación Miguel Hidalgo, C.P. 11560

Mexico City.
Phone: (55) 5207 6343 / 6085

Office Villahermosa, Tabasco
Avenue of the Rivers N ° 232-A

Office 101, Fracc. Tabasco 2000

C.P. 86035 Villahermosa, Tabasco
Phone: (993) 316 5224 / (993) 317 5151 / 5252