MASSAT & GARCÍA CONSULTING SERVICIOS, S.C. (hereinafter «MGCS«) in compliance with the Mexican federal law on the Protection of Data held by Private Parties («LFPDPP») and regulation 2016/679 of the European Parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data («RGPD»), is responsible for your data and is committed to ensuring that your personal information is protected and not misused.

The purpose of this Privacy Notice is to inform our prospects, customers, suppliers, candidates, employees maintaining a working or commercial relationship with MGCS, the data that MGCS may collect, the purposes for which we will handle your personal data, the term of conservation of your data and other aspects that are of essential importance regarding your personal data and/or sensitive data.



Oxford No. 30, Col. Juárez, Cuauhtémoc, 06600, Mexico City, Mexico.



MGCS has a Delegate for protecting personal data whose mission is to enforce the rules in force on personal data protection. You can contact him at the following email:


Under the provisions of the RGPD and the LFPDPP, by accepting this Privacy Notice, the Client and User GIVE THEIR informed, express, free and unequivocal CONSENT to process the personal data collected through our website.

MGCS collects the personal data set forth hereinafter from its prospects, clients, job applicants (hereinafter «Clients and Users») through any lawful means: website, direct collection, emails, phone calls, etc., the context of providing its services.

MGCS collects, under its legal and regulatory obligations, the following information and only with the consent of its Clients and Users:

  • Data relating to the identity of Clients and Users: first names, last names, date, and place of birth, sex, marital status, nationality, photograph, Unique Population Registration Code (CURP), copy of identity documents (identity card, passport, driving license, residence permit);
  • Clients’ and Users’ contact details: professional/individual address, landline or cell phone, fax, email;
  • Data relating to job applicants: curriculum vitae, cover letter, academic data, professional references;
  • Tax data: Tax address, Federal Taxpayer Registration Number (RFC) or tax registration number for foreigners; FIEL (electronic signature), SAT (Tax Administration Service) portal passwords, current and previous years’ tax returns;
  • Accounting data: Client’s accounting file, accounting backups, Client’s accounting books;
  • Banking data: bank details of the Client’s account(s), credit history, electronic bank passwords, account tests, withdrawals, transfers, direct debits, bank or credit card payments, payment methods;
  • Data relating to the economic and socio-professional situation of Clients and Users: socio-professional category, income level, assets;
  • Data relating to the Client’s family: a copy of marriage certificate, birth certificate, death certificate;
  • Corporate data: Articles of Incorporation, powers of Attorney, Notarial deeds, corporate books;
  • Public data and social networks: data from publicly available sources, social networks (if necessary), third parties references;
  • Minors’ privacy: Unless the parents or guardians of minors give us their consent, we will not enter into acts with minors or approve applications for employment or services from minors. We may, however, dispose of personal information of minors for various purposes, subject to parental or guardian consent;
  • Sensitive data: We may request sensitive data from our employees, such as chronic diseases, blood type, or allergies, to avoid activities that may put the health of our employees at risk and to provide first aid support if necessary. These essential data are collected exclusively for the employment relationship and will be treated only for the purposes outlined in this Privacy Notice.

These data are collected by MGCS when requesting information, quotations, receiving applications or when offering or contracting any product, operation, or service. The data will be updated throughout the relationship with its Clients and Users.

The Clients and Users guarantee that the data provided are true, accurate, complete, and updated, being these responsible for any damage or prejudice, direct or indirect, that could be caused as a result of the breach of such obligation, beyond the possibility that Clients and Users can exercise their right of rectification.

Suppose a Customer or User provides us with data from third parties, as the person responsible or in charge of processing. In that case, they will be responsible for compliance with all applicable data protection regulations. Also, the interested party guarantees that it has obtained all legally required consents, authorizations, and/or approvals before including the personal data of third parties on our website.

Refusal to communicate to MGCS or part of this personal data may lead to the impossibility of continuing the business or work relationship with MGCS.

MGCS cannot guarantee the absolute invulnerability of the systems. Therefore, it assumes no responsibility for damages resulting from alterations that third parties could cause in computer systems, electronic documents, or files.


The data collected in the contact forms (name and email address required) and job offers on our website are not recorded in an automated file.


Under the applicable regulation, any treatment carried out by MGCS meets specific, explicit, and legitimate objectives.

These purposes are essential to answer your requests/mails/emails as prospects, job applicants and for the conclusion and execution of our services, for the respect of our legal and regulatory obligations, or meet to an objective of safeguarding our interests injustice:

Main purposes:

Contractual and pre-contractual purposes.

  • Contact a candidate if his profile interests MGCS ;
  • As far as employees are concerned, respect the terms and conditions of the employment relationship;
  • To grant social and legal benefits, to offer training and promotions according to skills and abilities, and to keep a record of the fulfillment of obligations ;
  • Protect the safety and integrity of people in our facilities;
  • Concluding and executing fee proposals;
  • The provision of accounting, tax, and legal services and the invoicing of these services;
  • To comply with the general terms and conditions relating to any legal relationship that exists or will exist with our Clients and Users and the obligations arising from there, including the payment of compensation.

Legal and Regulatory Purposes

  • Verification and confirmation of the identity of our Clients and Users;
  • Fulfillment of the accounting, contractual, fiscal, social security, and legal obligations of our Clients and Users such as procedures before the Ministry of Finance and Public Credit, Ministry of Labor, Mexican Institute of Social Security, National Institute for the Promotion of Workers’ Housing, among others;
  • Risk assessment and management for our clients to comply with legal or regulatory obligations;
  • Security and fraud prevention;
  • Anti-money laundering prevention;
  • Management of tax, social and legal declarations for our Clients;
  • Regarding our employees, complying with tax, labor, and social security regulations, even after the termination of the employment relationship, including accounting and financial review processes and the preservation of the respective backup;

Secondary purposes:

Legitimate purposes.

  • Inform about new MGCS services related to those already contracted or acquired as a client;
  • Communicate on changes related to our services;
  • To perform periodic evaluations of our services to improve their quality;
  • Offer exclusive benefits that may be of interest to you under your relationship as a client, employee, aspiring employee, among others;
  • Carrying out commercial, marketing, and statistical actions;
  • Management of the content of our social networks;
  • Sending newsletters on current regulations, among others.

The treatment of data that MGCS can carry out includes evaluating, analysis, use, manipulation, exploitation, transfer, elimination, conservation, safeguard, access, and any other analogous treatment that may be necessary for MGCS.


In terms of the applicable legislation, MGCS may share your personal data, only with your permission, with the following authorities and/or persons only if necessary for the performance of its mission:

  • National banks and credit institutions for the payment of salaries and/or labor benefits ;
  • Tax and social security authorities: SAT, IMSS, INFONAVIT, SAR, and INFONACOT in compliance with their obligations.
  • Notaries public for authentication purposes.

MGCS does not transfer to third parties its Clients or Users’ personal data without their consent, safeguarding in this way the protection and confidentiality of their personal data under the terms of article 37 of the LFPDPPP. Nevertheless, MGCS may transfer your personal data when this transfer is provided for the LFPDPPP and/or the RGPD.


MGCS retains its Customers and Users’ personal data only to fulfill the purposes set out in this Privacy Policy and may retain the data only to comply with legal or regulatory obligations.

Clients’ personal data, firm communications, personnel files, prospects files, payroll documents are retained for 5 to 10 years from the expiration of the contract, the termination of commercial or labor relations, or the last contact, in accordance with the applicable Mexican tax legislation.

Concerning newsletters, data will be kept until the Client or User withdraws their consent.

MGCS undertakes that all information will be kept for the period indicated in this Privacy Policy, under the regulations in force and the conditions agreed upon with Customers and Users.


The information generated, manipulated, and stored in the company’s equipment in the ordinary course of its activities, is the Customer and Users’ property and the responsibility of MGCS.

MGCS has adopted and will maintain the necessary security, administrative, technical, and material measures to protect Customers’ and Users’ personal data against damage, loss, modification, destruction, unauthorized use, access, or processing of the latter.


MGCS will not transfer Customers’ or Users’ personal data to third parties located outside the European Union.


Our website does not allow the use of cookies.


As the owner of your personal data, you have the right : (i) to access your personal data held by MGCS and know the details of their processing, (ii) to rectify them in case they are outdated, inaccurate, or incomplete, (iii) to cancel them when you consider that they are not used in accordance with the applicable principles, duties, and obligations, or (iv) to object to their processing for specific purposes. These rights are known as «ARCO Rights». (V) limit the use or disclosure of personal data or object to the use of personal data provided to MGCS.


You may exercise your rights by submitting your written request to our address or by mail to the following email address, enclosing the following information and documents with your request:

  • Identification data and a copy of the holder’s identification of the personal data and/or his legal representative. If the request is submitted through a legal representative, it must be accompanied by a copy of a power of attorney.
  • A clear and precise description of the personal data for which it seeks to exercise ARCO’s rights, as well as the right(s) to be exercised. The request must be signed at the end of the document and initialed at each page’s bottom.
  • Address to hear and receive MGCS’s reply and, if applicable, future communications and/or notifications, or your wish that our reply and/or future notifications or replies be sent by email, indicating the respective account.

If the exercise of ARCO’s rights is by email, expressly indicate your wish to receive MGCS‘s response to your request by email, indicating the appropriate email address.

Once the request to exercise ARCO rights has been delivered to MGCS, regardless of the form in which it is received, MGCS will have 5 (five) days to collect additional information. If additional information is not required, MGCS will publish the corresponding response within a maximum of 20 (twenty) business days from receipt. We will inform you by the chosen means of contact. Once MGCS‘s response is received, you have 15 (fifteen) business days to provide your response. In case of dissatisfaction, you can contact MGCS immediately by the means indicated.

In case you do not respond to MGCS‘s answer within the indicated term, MGCS will consider in good faith that you agree with the answer.


MGCS reserves the right to make changes or modifications to this Privacy Policy at any time, as a result of new legal requirements, as well as our own needs for the services we provide. We undertake to keep you informed of any changes to this Privacy Policy through our web page:


 As the personal data owner referred to in this Privacy Policy, you accept this Privacy Policy understanding and accepting this Privacy Policy.

Last published update date, _____ of 2021.