Last updated February 28, 2022
This Privacy Notice (Privacy Statement) describes the processing of personal data of users and visitors to the digital services of Romanza Wedding Photography (hereinafter, the “User / Data Subject”) collected by Photopro S. de R.L. de C.V., Photur S. de R.L. de C.V. and Photo y Foto S.A. de C.V. and its subsidiaries (hereinafter, the “Company”) through its website https://www.arcadiacrm.com and https://www.romanza.com.mx (hereinafter, the “Website”). The Company may process the personal data of users when they enter the Website and/or use the Website’s functions.
2. Personal Data
2.1 Description of the concept of Personal Data
Personal Data is understood as any information belonging to any natural person that can be used to identify directly or indirectly, is the information that describes, gives identity, characterizes, and differentiates from other individuals or groups.
The concept of Personal Data used in this Privacy Notice covers all information in any form, whether alphabetical, numeric, graphic, photographic or sound, to name a few and may be contained in any of the forms, sections or sections developed on the Website and Arcadia CRM software or any other specific digital media in point 2.3 of this Privacy Notice.
2.2 Personal data as the object of a processing
In compliance with the provisions of the Federal Law for the Protection of Personal Data in Possession of Individuals (“The Law”), “The Company” always seeks to protect and safeguard your information to prevent damage, loss, destruction, alteration, as well as unauthorized use, access, and disclosure of your personal data.
The data that the Company intends to collect from users will be detailed below:
2.2.1 Navigation Data
The ICT systems (Information and communication technologies) and software procedures that operate the Website, during its normal operation, collect some Personal Data, the transmission of which is implicit when using Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but information that, by its nature, could, through processing and association with data held by third parties, allow the identification of users.
This category includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response and the numerical code indicating the status of the response from the server data (success, error, etc.) and other parameters relating to the operating system or the computer environment of the data subject.
220.127.116.11 Links to Other Sites
Our Websites may contain links to other sites not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly encourage you to review the Privacy Notice of every site you visit. We have no control over and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.
Cookies are files containing a small amount of data that may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies also used are tags and scripts to collect and track information and to improve and analyze our service. The user can always refuse any cookie from the same settings of your browser. However, if you do not accept all cookies, you may not be able to use some parts of our service or they may be limited.
2.2.3 Staying Data
Due to our business nature, in order to create a basic file with the user information, it is necessary to find data of the vacation reservation and event of the Data Subject and/or his/her companions, in this way they can be identified in the Arcadia CRM system and follow up on the service or products contracted with “The Company”.
For our proper operational performance and to start with the request of any request that our users may have it is necessary that the Data Owner provides personal information and about your event such as:
-The name of the Resort where the event takes place
-Range of dates in which you stayed
-Date of the event
-The room number you stayed in
This data is shared with our operational team during the first contact with each user, even if the user does not purchase the services or products of the Company, this data will be loaded into our system database for the creation of a folder to track the contracted services.
2.2.4 Personal Data
For the purposes of this Privacy Notice, the parties agree that “User” shall mean any person of any nature who enters the website and/or any of the subpages that display its content and/or the person of any nature who registers and/or uses any of the services, applications and/or forms offered through the said page.
To complete a user file below we talk about the most sensitive information that the data collection processes may obtain, and these are:
-Date of birth
-Country and city of residence
-Telephone and e-mail
-Address in case of shipment of products
Payment details: The User’s payment details will be processed directly through third parties such as the Hotel where the event takes place, Paypal or through an external collection company. “The Company” does not store, nor does it process credit/debit card or Paypal information of the “User”.
Given the nature of such information and its use by third parties, please review point 18.104.22.168 of this Privacy Notice.
2.3 Means and/or Sources of obtaining personal data
The aforementioned personal data will be collected by the Company’s personnel and/or the official digital means mentioned below. The list of members that will collect and process the data is specified in point 2.4.
Any information that the Company collects will be solely and exclusively through the following means:
Emails with the official domain: @romanza.com.mx, @arcadiacrm.com.
Website: https://romanza.com.mx and/or https://arcadiacrm.com
Official forms (Typeform, contact forms)
Direct message on Romanza Wedding Photography’s official social networks.
A special case of the official social networks of the Company
The most popular social networks are part of the tools that the Company needs for its proper functioning; just like any other media, data protection follows the same protocols.
The Company has an official account in each of the following social networks:
Any contact through digital media either by:
-Publications: Comments, links, images written in within publications.
-Contests: Contact information obtained from any contest, whose terms and conditions will be explained in the development of the same.
-Advertising: The possibility for the user to provide information by making use of the promotions presented on these platforms and are required to perform these advertising services.
-Direct Message: Direct communication through the inbox of each platform.
It is protected under the agreement of this Privacy Notice and its treatment will be with the same standards of protection established in point 2.2.
2.4 Members of the organization that will process the Personal Data
Personal Data, specifically from items 2.2.1 and 2.2.2, are stored and processed through the computer systems owned by the Company and will be processed by authorized personnel of the Company;
The data are processed exclusively by personnel specifically authorized to process them, including personnel in charge of extraordinary maintenance operations and personnel in charge of monitoring and Customer Service.
The Company declares that among the personnel who may process this information are:
-The concierge and Chief concierge are dedicated to your service and attention.
-Customer Service Agent
-Store Manager of the Hotel where the event takes place
-Photographers and/or videographers in charge of the service.
-Social Media Manager
-Administrative and/or financial personnel
Each of them have specific responsibilities for the correct processing of the information specified in the following points.
2.5 Explanation of the purpose of data processing
It is essential for the Company to remind you that the processing of Personal Data collected by any of the express means will be limited to the purposes stated in this Privacy Notice.
The data is described in points 2.2.1 and 2.2.2. are used only to obtain anonymous statistical information on the use of the Website and the websites of our customers, to ensure its proper functioning in order to identify anomalies and/or misuse and are deleted after processing.
Their processing is necessary for the fulfillment of the Company’s interests or in the exercise of the obligations conferred on the data controller. The data may be used to ascertain liability in the event of computer crimes damaging the website or third parties.
Furthermore, such data may be included in statistical reports to be prepared for the monitoring of institutional progress, as well as to improve the Company’s procedures.
For the treatment of sensitive and sensitive information of each user, obtained from points 2.2.3 and 2.3.4, it will only be used for operational purposes; that is, for the proper functioning of the chain of processes that the Company develops.
The use is limited to the operational development of the following cases:
-User creation on the Arcadiacrm.com tracking platform.
-Creation of photo and video delivery folder – Dropbox.com
-After-sales service or customer service (Search and location of the files of each user)
-Scheduling of photo and/or video sessions
-Application of current promotions
-Invoicing and administrative control
-Sending of offers and promotions*.
* In the event that the Company requires to use the information for the development of promotional emails or a newsletter, it will always notify the user and make available the means in case he/she wishes to cancel his/her subscription under the ARCO statutes explained in point number 4.
2.6. Legal basis to carry out the processing of personal data.
The applicable law of this Privacy Notice will be the same for all users of the Web Site romanza.com.mx and arcadiacrm.com anywhere in the world. Your information, including Personal Data, may be transferred to and maintained on computers located outside your state, province, country, or other governmental jurisdiction where data protection laws may differ from those of your jurisdiction. If you are located outside of Mexico and choose to provide us with any information, please note that the handling of information is handled in the United States and Mexico, including your Personal Data.
In addition, to abide by this, this Privacy Notice follows the guidelines of the Federal Law on Protection of Personal Data held by individuals of Mexican legislation.
In case of not accepting in absolute and complete form the terms and conditions of this Privacy Notice, the user must abstain from accessing, using, and observing the Web Site romanza.com.mx and arcadiacrm.com.
In case of the user accesses uses and observes the aforementioned Websites, it shall be considered as an absolute and express acceptance of this Privacy Notice.
The sole use of said Internet page grants the general public the condition of the user and implies the full and unconditional acceptance of each and every one of the general and particular conditions included in this Privacy Notice published by the Web Site at the very moment the user accesses the site.
3. Description of data protection practices
3.1 Appropriate security practices.
Under no circumstances does the Company publicly discuss Personal Data provided to access user lists. The Company declares that any controller who carries out processing of Personal Data shall establish and maintain administrative, technical, and physical security measures to protect Personal Data against damage, loss, alteration, destruction, or unauthorized use, access, or processing.
The security of your data is important to us, but please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
It is our policy to act against data traffic violations, as stipulated in the applicable legislation, including the removal or blocking of access to information, up to and including the dismissal of employees who are subject to activities that infringe the data protection rights of third parties.
On the other hand, we inform our “Users” that their personal data will not be shared with any company, authority, organization, or person other than those mentioned in this Privacy Notice and will be used exclusively for the purposes indicated.
The “User” has at all times the right to know what personal data are collected, what they are used for, and the conditions of use. Likewise, it is the right of the “User” to request the correction of his personal information in case it is incorrect or outdated, likewise, he has the right to request the deletion of his personal data from our records and databases or revoke the consent of the use of his information. As well as to oppose the use of your personal data for specific purposes. This is part of the User’s ARCO rights.
The data owner may at any time express their refusal for treatments or transfers; exercise their ARCO rights expressed in point 4, or request the portability of their personal data, to make them effective, you can go directly to the address of the company or via email at the address: firstname.lastname@example.org.
Security breaches occurring at any stage of the processing that significantly affects the economic or moral rights of the owners will be immediately reported by the controller to the owner of the data so that the latter can take the appropriate measures to defend their rights.
3.1.1 Warranties accepted as true by the Company
I.-Under this document the Company declares that the consent of the Data Owner will always be requested before processing his/her personal data.
II.-The Company declares not to obtain personal data through fraudulent means.
III.-The data processing will maintain the necessary measures to protect the vital interests of the data owner.
IV.- To process as little personal data as possible, and only those that are necessary, adequate and relevant in relation to the purposes set forth in this Privacy Notice.
V.- The personal data that the Company collects in any of the active forms on the Website will only be used for the purposes described in this Privacy Notice.
VI.- To process personal data strictly for the time necessary for legal, advertising, regulatory or legitimate purposes of the organization.
VII.- The Company undertakes to keep the Personal Data confidential, an obligation that will subsist even after terminating its relationship with the data owner or, as the case may be, with the responsible party.
3.1.2 Statements that the Data Owner accepts as true
I.-The Data Owner acknowledges that by accepting this Privacy Notice a confidentiality agreement is executed in which he/she consents to the processing of his/her personal data for one or more specific purposes described in this Privacy Notice at the request of the Company.
II.-The Data Owner expresses that the data provided on the Website are entirely personal and does not act under the identity of a third party.
III.-If the Data Owner provides personal data of third parties, he/she must ensure that this information is communicated to the Company and to the legitimate owner of the shared data.
IV.-It is declared that the data provided are updated and completely truthful.
V.- The user accepts that he/she may only print and/or copy any information contained or published on the Web Site exclusively for personal use, and therefore the commercial use of such information is expressly and strictly prohibited. All the contents offered in the Web Site romanza.com.mx and arcadiacrm.com, are the creation and property of the Company.
4. Inventory of the means available to the customer
As mentioned in point 3 of this Privacy Notice, it is stated that the user has the right to enforce his ARCO rights, each of which represents a fundamental basis for a correct treatment of the Data and to remain in full agreement with the same.
Each one is detailed below and the procedure to make them valid is described at the end.
It refers to the right that the holders of the information have to request and receive details of the processing and management of their Personal Data, this allows you to receive a copy of the Personal Data we have about you and check that we are processing them lawfully. Primarily this right refers that the Data Subject shall have the right to obtain from the Company confirmation as to whether or not Personal Data concerning him/her is being processed and, if so, access to the Personal Data and the following information:
a) The purposes of the processing
b) The categories of personal data being processed
c) The expected retention period of the personal data or, if this is not possible, the criteria used to determine such period.
The Data Owner has the right to request a rectification of the personal data provided that the information is subject to any of the following cases; When the data is:
–not up to date.
The data subject shall have the right to obtain, modify or withdraw consent for the processing of his/her personal data by the data controller; Deletion of personal data concerning him/her must be without undue delay in case the data is not being properly managed,
The Data Owner also has the right to modify or withdraw consent to the processing with respect to the receipt of the data for marketing purposes, via the Internet.
When requesting a cancellation of the Data Controller shall be obliged to delete the data provided that one of the following reasons applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
b) The data subject withdraws the consent on which the processing is based in accordance with Article 25 of the LFPDPPP, and where there is no other lawful ground for the processing.
c) The personal data have been unlawfully processed.
The controller shall not be obliged to erase the personal data when:
- It refers to the parties to a private, social or administrative contract and is necessary for its development and fulfillment;
II. They must be treated by legal provision;
III. Obstructs judicial or administrative proceedings related to tax obligations, the investigation, and prosecution of crimes, or the updating of administrative sanctions;
IV. Are necessary to protect the legally protected interests of the holder;
V. Are necessary to carry out an action in the public interest;
VI. Are necessary to comply with an obligation legally acquired by the holder,
VII. are the object of treatment for prevention or for medical diagnosis or the management of health services, provided that such treatment is carried out by a health professional subject to a duty of secrecy.
If the data owner decides to oppose the processing of personal information he/she is fully entitled to do so, provided that one of the following circumstances applies:
a) The accuracy of the personal data is contested by the data subject, for a period that allows the data controller to verify the accuracy of the personal data;
(b) The processing is unlawful and the data subject objects to the erasure of the personal data and requests instead of the restriction of their use; or
c) The controller no longer needs the Personal Data for the purposes of the processing, but the data subject needs the Personal Data for the establishment, exercise, or defense of legal claims;
d) The controller no longer needs the Personal Data for the purposes of the processing, but the data subject needs the Personal Data for the establishment, exercise or defense of legal claims.
The Company does not share Personal Data with third parties; And if applicable, the data transfers to be made, the purposes, the recipients or categories of recipients to whom the Personal Data have been or will be communicated, in particular recipients in third countries or international organizations will be informed through the means described in point 5 of this Privacy Notice.
The Company may only transmit your Personal Data in good faith when it considers that this action is necessary for the following:
-To comply with a legal obligation.
–Protect and defend the rights or property of the Company.
–Prevent or investigate possible breaches in connection with the Service.
–Protect the personal safety of users of the Service.
–Protect against legal consequences.
4.1 Means available to exercise ARCO rights
The user has at his disposal the possibility of exercising any of the aforementioned ARCO rights.
ARCO previously mentioned; In order to attend your request, it must be made in writing, directly at the office’s address or via e-mail to: email@example.com, according to the means, mechanisms, and procedures mentioned below:
I.The name of the holder and address or other means to communicate the response to your request.
II. The documents proving the identity or, as the case may be, the legal representation of the holder.
III. The clear and precise description of the personal data with respect to which the Holder seeks to exercise any of the aforementioned rights.
IV. Any other element or document that facilitates the location of the personal data.
V. Expressly indicate which of the ARCO rights you wish to exercise.
Before providing or modifying any information, it may be necessary to verify your identity and answer some security questions. This is a security measure to ensure that your Personal Data is not disclosed to anyone who is not entitled to receive it, the attention will be immediate.
We may also contact you if required to ask you for more information in relation to your request and thus speed up our response.
4.2. Specific Information
In addition to the above requirements, you must include in your request the following information, as appropriate:
Right of ACCESS: Modality in which you prefer access to be provided.
Right of RECTIFICATION: Modifications requested to be made and, if applicable, the documents and/or evidence needed to support them.
Right of CANCELLATION: Reasons for requesting the deletion of personal data.
Right to OPPOSITION: Situation that leads to request the termination of the processing of personal data, as well as the damage that would be caused by the continuation of the same or indicate the specific purposes for which you request the termination of the processing.
However, please note that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you if you proceed to object to the processing of your personal data where we rely on a legitimate interest (or the legitimate interest of a third party) and there is something in your particular situation that makes you object to the processing on this ground because you consider that it affects your fundamental rights and freedoms.
If you withdraw your consent, we may not be able to offer you certain products or services. We will inform you if this is the case at the time you withdraw your consent.
5. Our policy towards minors
Our Services are not directed to persons under the age of 18. We do not knowingly collect personally identifiable information from persons under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without his or her consent, he or she should contact the company’s help desk. If we become aware that a child under the age of 18 has provided us with Personal Data, we will take steps to remove such information from our account data.
The Company declares that it has the ability to update this Privacy Notice without the need to notify the Data Owner or users about any change in this Privacy Notice; these changes will be made according to the need to supplement, update, modify or change, any of the points established according to the legal requirements regarding data privacy.
Any such update will be reflected by the “effective date” at the top of this Privacy Notice.
We encourage you to review this Privacy Notice periodically to see if any changes have been made. Changes to this Privacy Notice become effective when they are posted on our Web pages.
Any such changes will be made when the Company, deems appropriate, and it is the sole responsibility of the user or data owner to ensure that he or she becomes aware of such changes.
7. Time the information will be kept in the system
The Company declares that it is indispensable to have the consent of the User or owner of the information to possess, treat, store and submit to processes mentioned previously, that is to say, to limit the treatment of personal data to the fulfillment of the purposes foreseen in this privacy notice and any other contract or service order in force with the Company.
When the personal data are no longer necessary for the fulfillment of the purposes set forth in the Privacy Notice and the applicable legal provisions, they are removed from our system and/or databases.
The responsible for the treatment of the data collected, by any of the means mentioned in this Notice, of a personal nature is:
Romanza Wedding Photography under the legal entities;
-Photopro S. de R.L. de C.V. ,
-Photopro S. de R.L. de C.V.,
-Photur S. de R.L. de C.V.
-Photo y Foto S.A. de C.V.
With an address at:
Local 12, Plaza Palmeiras Business Center.
Calle 11 Sur, Manzana 248, Lote 01, Col. Ejido Sur
Playa del Carmen, Q. Roo Mexico C.P.: 77712