Menu mobile
I want to donate >

Mobile Surgery International, A.C. (MSI)
General Privacy Notice

This General Personal Information Notice ("Notice") describes Mobile Surgery International, A.C. (MSI)'s handling of Personal Information for its employees and contractors located in Mexico. MSI also provides information on the General Principles applied by MSI for the processing of Personal Information. These General Principles may be supplemented by additional measures in the event of compliance with applicable legal regulations. In the event of a conflict between this Notice and any specific statutory provision, the latter shall take precedence over this Notice.

Scope

This Notice covers all operations of MSI or processing of Personal Information, including: data collection, organization, storage, adaptation or alteration, retrieval, use, consultation, disclosure by transmission, dissemination, alignment or combination, blocking, deletion, and destruction

PERSONAL INFORMATION or PERSONAL DATA: means any information relating to an identified or identifiable individual who is a resident of Mexico and is (i) an employee of MSI (including current and former employees, interns, interns, temporary workers, or applicants for employment) or (ii) MSI contractors (a term that includes consultants, independent contractors, temporary service contractors).

TRANSFER: Any communication of data made to a person other than the data controller or data processor.

Note: Customers, supplier representatives and third parties will be notified in accordance with the requirements of applicable laws.

The types of information processed are:

  • Contact Data (e.g. name, business address, business address, home address, email address, telephone numbers);
  • Demographic data (e.g., date of birth, gender, education level);
  • Historical data about the employee's career (e.g., CV, experience, promotions, training, performance, disciplinary details);
  • Organizational Details (e.g., job title, assignments, salary level, career interests);
  • Dependent Information (e.g., marital status, number of children)
  • Data Recording Time, (e.g., absences, vacations, work schedules);
  • Financial Data (e.g., salary, benefits, banking information, securities account information);
  • Social Data (e.g., photographs, recognition award information, newsletter or press release information, team event results);
  • Health-Related Data (e.g., occupational health information) and;
  • Information Technology (IT) related information (e.g., metadata related to communications, applications, and access permissions).

Personal Information includes both information related and unrelated to MSI's business activities, as well as Personal Information collected on MSI's behalf by third parties.

2. Data Collection and Use

Personal Information is generally collected by MSI where the employee or contractor maintains their employment/contractual relationship.

MSI obtains consent for the processing of information where it is legally or contractually required. In other situations and circumstances. 

MSI is committed to collecting and using Personal Information in a lawful and reasonable manner and will not collect Personal Information in a concealed manner, however, under extenuating or exceptional circumstances when required by law and/or to protect MSI's interests and/or where there is reasonable suspicion of a violation of the Company's policies or any illegal activity,  and where no other means of investigation exist, MSI may acquire Personal Information in this manner in strict accordance with applicable laws.

MSI collects and uses Personal Information about employees, contractors, patients, or family members for employment-related purposes that are necessary for the development of the employment relationship (or similar relationships of temporary employees or interns), which is necessary and relevant to recruiting, evaluating, developing, and terminating employees.

MSI also collects and uses Personal Information about employees for business-related matters that are necessary for the safe, effective, and efficient operation of MSI's business interests around the world.

Similarly, MSI collects and uses Personal Information from contractors (independent or affiliated) who may work for MSI for the purpose of managing the contractor, to maintain physical and industrial security, health, and for business-related matters necessary for the safe, effective, and efficient operation of MSI's business interests.

MSI has identified several primary purposes for which it collects and uses Personal Information about employees and contractors to the extent permitted by law, including, but not limited to, the following:

Audits: Audits of activities and operations for compliance with MSI policies and applicable laws

Asset Management: Management and administration of the use of corporate assets, e.g., computer equipment, software licenses, offices, business applications, company vehicles, office phones, cell phones, hard drive space, etc.

Business Continuity Planning: Collection and dissemination of Personal Information for inclusion in business continuity and emergency response plans.

Career Development and Resource Management: Support to career development and resource management processes by managing individuals' professional skills, performance levels, opportunity development, and job presences.

Verification of Compliance with Company Policies: Verification of the activities of individuals to ensure compliance with MSI policies, e.g., use of assets, internet, and telephone.

Contractor Management: Management of business and organizational processes related to contractors, e.g., selection, invoicing, and compliance with legal and social security obligations.

Events and Conference Management: Preparation and conduct of corporate events.

Networking: Dissemination of information between individuals for use in social networks, e.g., social clubs, integration events, networking,  and employee recognition.

Systems and Information Integrity: Recording Information to ensure the integrity of information, systems, and resources through automated checks or through actions controlled by an individual, e.g., changing records and recording events.

Occupational Health: Administration of information related to an individual's health for occupational health purposes.

Personnel Management: Facilitation of business and organizational processes related to personnel, e.g., payroll, compensation, benefits, deductions, imprisonment, and compliance with legal obligations.

Physical Security Management: Allowing physical access control to buildings and facilities.

Industrial Safety and Incidents: Recording of information related to property damage and personal injury for the purpose of administering industrial safety programs.

Security and Identity Verification: Validation of identity and access  permissions to individuals e.g. service requesters, access to computer systems and their applications as well as identity authentication for banking purposes.

Service Improvement: Improvement in the quality of services, for example: through the analysis of user opinions.

Service Request Management: Facilitating the processing of any service request (e.g., receiving, handling, resolving and collection).

Training Administration: Training of employees, contractors, and  third parties for the purposes of: professional development, education, employment certification, and compliance with legal obligations, as appropriate.

Work Organization, Planning and Management: Facilitating the organization, planning, billing and management of the work, time and costs of individuals, for example, within their normal activities, project development and organizational restructuring.

3. Disclosure and Access to Personal Information

MSI collects and stores Personal Information on a confidential basis. All employees and contractors shall respect the confidentiality of such information. "Disclosure" means processing, accessing, and/or sharing that information, or certain elements of it, with persons or organizations other than the organization that originally collected the information.

Within the MSI group, information is generally disclosed in a way that is only required "on a need to know basis" by internal recipients such as employees or contractors within the lines of business and within the Human Resources (HR), Information Technology (IT), Health, Safety, Treasury and Finance, Tax and Legal departments.

Disclosures are also made between MSI affiliates.

Personal Information is also disclosed to third-party recipients such as: Agents, Contractors and Third Party Data Processors (such as payroll providers, health insurance providers and IT providers as long as the conditions described in the previous paragraph are satisfied.  Before any Personal Information is shared or accessed by third parties, a written agreement must be made with the entities described above requiring Agents, Contractors, and Third Party Processors to: (1) not make unauthorized disclosures of Personal Information; (2) use Personal Information only for purposes specified as requested by MSI; (3) retain Personal Information only for as long as necessary for the fulfillment of the purposes and purposes it was provided for or to protect the interests of the company (e.g., until legally prescribed); and (4) maintain adequate and appropriate security measures to safeguard the information.

Disclosure to internal and external recipients may be made:

(1) To comply with the employment contract; (2) With the consent and/or authorization of the individual; (3) In accordance with the collective bargaining agreement; (4) To pursue MSI's legitimate interests; (5) Pursuant to business necessity: (6) as permitted or required by law or legal process(es) or (7) As part of an investigation into possible criminal conduct: (8) During an "emergency situation" such as when the life or vital interests of individuals are at risk.

If the information is shared with third parties or an affiliate of MSI outside of the United States, the data TRANSFER conditions (section 10) will apply in addition to the requirements described in this section.

4. Data Accuracy

MSI strives to keep the Personal Information it collects as accurate, complete, and up-to-date as necessary to fulfill the purposes for which it was collected and is used. Employees are responsible for helping to maintain the accuracy and completeness of their Personal Information and are required to notify their department or HR department when there are changes to their personal information.

5. Transparency and Notice

The purpose of this notice is to notify individuals from whom information is collected about:

(1) The identity of the MSI affiliate collecting the information;

(2) The type of information MSI collects;

(3) The purposes for which MSI collects Personal Information;

(4) The types of entities to which MSI shares Personal Information, including transfer to other countries;

(5) The data privacy and security measures and safeguards that MSI uses. This information is partly provided through this Notice and partly through other measures, such as Specific Treatment Notices.

6.Security and Confidentiality

MSI maintains appropriate administrative, technical, and physical safeguards designed to protect Personal Information against accidental or unlawful destruction, accidental loss, alteration, unauthorized access or disclosure, and other unlawful forms of processing of Personal Information in our possession.

MSI will use a variety of security measures to protect Personal Information, such as: administrative (such as with policies for access, use and retention of personal records; Information Management and Protection Policies (MPI), Records Management Guidelines, Authorization Protocols, Self-Assessments and Internal Audits); techniques (such as the use of passwords to protect documents, passwords for access and the use of login cards to workstations (computer equipment) and computer networks, backup of information from external vendors); and physical; (such as locking personal files in lockable drawers and cabinets, lockable filing cabinets, and limiting the user to servers).

As described in Section 3, third-party information processors may process Personal Information only if they contractually agree to maintain security and confidentiality safeguards.

7. Rights of Access, Rectification, Cancellation and Opposition

With respect to your personal information held by MSI and its affiliates, employees and contractors located in Mexico have the right to:

a) access your Personal Information and

b) rectify Information that is incorrect or incomplete,

c) delete and/or block Personal Information

This is in accordance with the provisions of the applicable law.

8. Processing of Sensitive Personal Information

Certain categories of Personal Information are considered Sensitive under personal data protection laws and are subject to higher levels of protection and security. The Federal Law on the Protection of Personal Data in Possession of Private Parties; considers as SENSITIVE those personal data that affect the most intimate sphere of its owner, or whose improper use may give rise to discrimination or entail a serious risk for the owner. In particular, the following categories of information are included: (1) race and/or ethnicity; (2) political opinions; (3) religious, philosophical, and/or moral beliefs; (4) union membership; (5) sexual preference; (6) present and/or future health status; (7) criminal history (including suspicion or accusation of crimes) or any proceedings relating to offenses committed or alleged to have been committed, including their outcome or sentences from such proceedings.

MSI only collects Sensitive Personal Information under limited circumstances, for example, when it requires such information to comply with processes related to the employment and administration of HR or medical treatment, or to comply with legal obligations and only as permitted by law. For example, information about trade union membership, religion or disability may be processed in order to comply with labour, tax or social security regulations.

Non-Commercial or Direct Marketing Use

MSI will not use Personal Information for marketing purposes or for direct marketing. nor does it sell, rent, or otherwise distribute information to any third party except for the purposes described in this Notice.

10. International Transfer of Information

MSI may transfer Personal Information to servers located around the world and may use information from other MSI affiliates in accordance with applicable laws. MSI has taken steps to ensure that Personal Information receives an adequate level of protection at all of its locations.  These steps may include, inter-filing, inter-filing, agreements that contain clauses that provide adequate protection for the transfer of Personal Information abroad.

11. Record Retention

MSI does not retain Personal Information longer than is necessary to achieve the purposes for which such information was collected and in the event of extended times, will retain such information to comply with applicable laws or to protect the legitimate interests of the company (e.g., statutory statutes of limitations). Retention periods are defined within the records management guidelines and in accordance with applicable national laws.

12. Questions, Comments or Complaints

MSI is committed to protecting your Personal Information, as described in this General Privacy Information Protection Notice, and as required by applicable national laws.

This General Privacy Notice is effective as of September 26, 2023:

Any updates to this Notice will be posted on the http://msi-global.com.mx/