Privacy Statement

Are You Sending a Money Transfer?

Servicio Integral de Envíos, S.A. de C.V. (the “Responsible Party”), domiciled at Av. Paseo de la Reforma No. 505, piso 17, Col. Cuauhtémoc, Alcaldía Cuauhtémoc, C.P. 06500, Mexico City, Mexico, is publishing this Privacy Notice in compliance with the provisions of the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (Mexican Federal Law on the Protection of Personal Data Held By Private Parties) and its Regulations (the “Law”).

 

What Information Do We Collect?

The Responsible Party states that it is the entity collecting your personal data, which consists of: your first name(s), maternal surname, paternal surname, age, date of birth, nationality, civil status, occupation, address (street and number, neighborhood, city, state and ZIP code), home phone number, cell phone number, email, data appearing on official identification (CURP [Clave Única de Registro de Población — Mexican unique population registry code], voter identification number, credential identification code and OCR code, year of registration, issue number and year, year of expiration, gender, identification number), photograph from your official identification, RFC (Registro federal de contribuyentes — Mexican Federal Registry of Taxpayers) number, CURP, tax residence, geolocation of your electronic device, video recordings of your face and voice, full name of Receiver abroad, credit or debit card number, and verification code (“Personal Data”), as well as any personal information derived from money transfers, membership or loyalty programs, your history of using the services and/or your preferences regarding the advertising generated or collected by virtue of the relationship between the Responsible Party and you (the “Personal Information Generated”).

In addition to the personal data mentioned above, you are also informed that, when you choose to contract the Western Union Money Transfer Service through our mobile app, the Responsible Party will collect and process your biometric data (i.e. data referring to your physical characteristics, specifically video recordings of your face and voice); your photograph from your official identification, in order to perform facial and voice recognition; as well as your biometric handwritten signature given to show your consent to the processing of these biometric data. The purpose of collecting this data is to fully identify you in order to send the data to the competent authorities within the United Mexican States for the corresponding validation, and to have the data available if required by the authorities.

Through the validation of your biometric information and the submission of your official identification, the Responsible Party is complying with its obligation to know and verify your identity as the Sender of a money transfer in the United Mexican States, in accordance with the regulations to which it is subject as a Money Transmitter.

The Responsible Party may collect your personal data indirectly or through publicly accessible sources or transfers, in addition to when You:

  • Request that it send or receive money, or when you use or request any of its products or services;
  • Send it personal information about requests, forms and/or other means;
  • Use or visit its websites online or through other mediums (for example, to complete a transaction, manage your accounts, or report your preferences);
  • Participate in one of its promotions, register for email alerts or marketing communications, or join its loyalty program;
  • Use your mobile app.

The Responsible Party will collect data on your online activity, as described in the paragraph of this Privacy Notice entitled “Use of Cookies, Web Beacons and Internet Technology.”

When collecting and processing your Personal Data, Biometric Data and the Personal Information Generated, the Responsible Party will comply with all the principles established in the Law: legality, quality, consent, information, purpose, fairness, proportionality and responsibility.

To help to protect your Personal Data from unauthorized access and use, the Responsible Party strives to use reasonable security measures. These measures may include physical, technical and procedural precautions such as IT safeguards, and secure files and buildings. It also strives to limit access to its employees, agents or representatives to only the Personal Data they need to know. Despite these efforts by the Responsible Party, third parties may illegally intercept or access your Personal Data, or transmissions sent to the Responsible Party, or may wrongly instruct you to disclose your Personal Data to them while posing as the Responsible Party, or give you incorrect information about its services. Always exercise caution and good judgment when sending money and when using the Internet and mobile technologies.

 

What Do We Use Your Information For?

The Personal Data collected and the Personal Information Generated, if any, will be used for the following primary purposes:

  • For the existence, maintenance and exercise of the legal relationship between the Responsible Party and You, when you contract the Western Union Money Transfer Service (the “Service”) with the Responsible Party.
  • To execute transactions ordered by You.
  • To provide, deliver and manage transaction history, when requested by You or any competent authority. (the “Personal Information Generated”).
  • To register you in loyalty programs.
  • To verify the veracity of the information that you provide, for the purpose of performing, managing, confirming your eligibility for the provision of the Service, and maintaining the accuracy of your records.
  • To comply with legal and regulatory obligations, including responding to court orders and legal investigations, and detecting and preventing fraud, money laundering and other illegal or illegitimate activity.
  • If requested by You, to issue, safeguard, manage and deliver electronic invoices in relation to the contracted money transfer services, which will be generated on the website of the entrusted companies (third parties) with which Servicio Integral de Envíos, S.A. de C.V. has a business relationship.
  • To validate your identity and make risk-related decisions (collecting biometric data, verifying recognition matches as they relate to any element of the face, voice, biometric electronic signature and photographs).
  • To carry out any activity set out in the provisions of the Law and/or legislation applicable to money transmitters.
  • To be able to download the Responsible Party’s mobile App, through which you will request transactions.
  • In order for You to be able create a user profile, with your username and password.
  • To fulfill any obligations that the Responsible Party has as a Money Transmitter before the Comisión Nacional Bancaria y de Valores (National Banking and Securities Commission of Mexico).
  • To execute the contractual relationship between the Holder and the Responsible Party, for the provision of the money transfer service.
  • To integrate files and databases, with the aim being for the Responsible Party to be able to provide its own services specific to its purpose and report to the competent administrative authorities and courts any information that they come to request.

The Personal Data collected and the Personal Information Generated, if any, will be used for the secondary purposes listed below, which are not necessary for the existence, maintenance and exercise of the legal relationship between You and the Responsible Party:

  • To help improve and develop the Responsible Party’s services and products.
  • To send you business communications and keep you informed about products and services, loyalty programs, promotions, rewards or other updates on the part of the Responsible Party.
  • To enable you to receive the best experience while using the Responsible Party’s websites and apps, including to store your preferences, passwords and other tracking information and activity on said websites or mobile apps; to better understand the effectiveness of the Responsible Party’s promotion campaigns; to determine whether You were directed to the Responsible Party’s website or mobile app via an advertising banner or an affiliated website or app; to deliver specific information relevant to your interests on other websites or apps; to determine whether You acted on the Responsible Party’s promotional messages; to improve how the Responsible Party’s websites or apps work and improve your experience and the operation of the Responsible Party’s business.
  • To involve you in membership or loyalty programs based on your historical use of the services.
  • To learn about your preferences regarding advertising generated or collected by virtue of the relationship between the Responsible Party and You.
  • To send you quality and satisfaction surveys regarding the services provided.

In the event that the Holder agrees to any of the promotions; loyalty , rewards or benefit programs; or decides to register, enroll or make a request to the Responsible Party to join, it will be understood that they are providing their consent to the processing of their personal data in accordance with the secondary purposes mentioned above and, where appropriate, to transfer their personal data to third parties where this is necessary or appropriate so that the Responsible Party can fulfill its obligations arising from the legal relationship between the Holder and the Responsible Party.

 

With Whom Do We Share Your Information?

The Personal Data that You are providing and/or the Personal Information Generated may be transferred by the Responsible Party, nationally or internationally, to subsidiaries or affiliates of the Responsible Party, or to any company within the same group as the Responsible Party operating under the same internal processes and policies, for the primary purposes mentioned above, to third parties with whom the Responsible Party has a commercial and business relationship, and to authorities authorized to validate your biometric, biographical and official identification information provided by You, provided that its transfer is necessary for the existence, maintenance and exercise of the legal relationship between You and the Responsible Party.

If transfers are made to third parties that are not necessary for the existence, maintenance and exercise of the legal relationship between the Responsible Party and You, whether nationally or internationally, you will be informed in advance so that you have the option, if applicable, to not provide your consent for these to be carried out, and you will be informed of the Personal Data that will be transferred, its purposes and the type, category or sector of activity to which the third parties receiving the Personal Data belong.

Third parties with whom the transfer of Personal Data is necessary under a sales or business agreement, in order to comply with the legal relationship between You and the Responsible Party.

-Tecnología Estratégica de Pagos, S.A.P.I., de C.V. (processing payments for credit or card charges submitted by the Holder)

– EDICOM México (only in the event that services provided by the Responsible Party need to be invoiced)

Institución Nacional Electoral (the National Electoral Institute of Mexico) (to verify your identity against the records of said institution)

Registro Nacional de Población (National Population Registry of Mexico) (for verification of its unique Population Register Key)

 

How Can You Limit the Use or Disclosure of Your Personal Data?

If you do not agree to your Personal Data and/or the Personal Information Generated being used for purposes other than those necessary for the legal relationship between You and the Responsible Party, please inform us in writing at the Department of Personal Data of the Responsible Party, with address at Avenida Paseo de la Reforma, 505, Piso 17, Col. Cuauhtémoc, Alcaldía Cuauhtémoc, C.P. 06500, Mexico City, Mexico or email privacymx@westernunion.com (the “Address”). In the event that this Privacy Notice has not been provided to you directly or personally, You will have 5 (five) business days from the date on which it is made known to you to communicate, to the Address, your objection to the processing of your Personal Data with respect to the purposes that are either not necessary or do not arise from the legal relationship with the Responsible Party.

In addition, should you wish to limit or suspend the processing of your personal data for advertising or promotional purposes, you can also register in the REPEP (Registro Público para Evitar Publicidad — Public Registry to Avoid Advertising) at PROFECO (Procuraduría Federal del Consumidor — the Federal Consumer Protection Agency) through its website https://repep.profeco.gob.mx

 

How Can You Exercise Your ARCO Rights and Revoke Your Consent?

You, as the Holder of the Personal Data may, at any time, exercise your rights of access, rectification, cancellation and/or opposition (“ARCO” rights) or revoke the consent that You have provided to the Responsible Party to process your Personal Data pursuant to this Privacy Notice, upon written request (the “Request”) to the Address.

  • ACCESS — to know the specific information that the Responsible Party has in their possession.
  • RECTIFICATION — to request the rectification of Personal Data in the event that they are not up to date, are inaccurate or incomplete (documentation proving the requested correction must be provided.)
  • CANCELLATION — to block and subsequently delete Personal Data from our databases when it is considered that it is not being used properly or for the purposes for which the legal relationship was established. This request shall not apply when the applicable legal provisions require that the information be retained.
  • OPPOSITION — to oppose the use of your Personal Data for specific purposes.

The Request must be sent to email address privacymx@westernunion.com, specifying at least the full name of the holder of the Personal Data, their full address and an email to which the response to the request can be sent, accompanied by official valid photo identification, proving the identity of the holder of the Personal Data or, if being submitted through a legal representative, proving the identity of the Holder and the legal representative, an attached legible copy of the power of attorney granted to the legal representative, or, if necessary, a letter of power signed before two witnesses, by which powers are granted to carry out the corresponding procedure before the Responsible Party. A clear and precise description of the Personal Data with regard to which Access, Rectification, Cancellation or Opposition is requested, or for which revocation of consent to processing is requested, and if necessary, the items or documents in which the Personal Data may operate must be provided.

In the case of requests for the rectification of Personal Data, these must include the modifications to be made and documentation supporting the request must be provided.

In the case of requests for revocation of consent, it must be clearly stated that You revoke your consent for your Personal Data to be processed by the Responsible Party, and if necessary, include the reasons for revocation. This request must be made under the same terms established in this Privacy Notice to exercise your right of Access, Rectification, Correction or Opposition.

Upon receipt of the Request, the Responsible Party’s Personal Data Department shall have a period of 20 (twenty) working days to make known in writing the resolution adopted or to extend it in the terms established in the Act, to the email address indicated by the Holder or their Legal Representative.

If the Request is upheld, the Responsible Party shall implement it within 15 (fifteen) working days following the date on which the aforementioned resolution is communicated, either in writing through paper copies or by email through electronic documents.

 

Use of Cookies, Web Beacons and Internet Technology

The Responsible Party and its service providers may use Internet technologies such as cookies, pixels and ‘web beacons’ to collect information from your computer and your mobile device (domain and host you use to access the Internet); the IP address of your device; mobile device geolocation, number and other information on and about your device (for example, device properties, settings, applications, stored information, and usage) and carrier; the browser software and operating system you use; websites you have visited or recently visited, social profile and network information; the date and time of access to the Responsible’ Party’s website, the Internet address you use to link to the Responsible Party’s website when you visit us, and cookie information.

The Responsible Party uses the above information to:

  • Help provide You with the Responsible Party’s services;
  • Allow You to switch web or application pages during your visit without having to enter your password again;
  • Temporarily track activity on the Responsible Party’s website or app and third party websites and apps;
  • Determine whether You visited the Responsible Party’s site or app through an advertising banner or a third party website or app;
  • Send you specific information relevant to your interests via email, via the Responsible Party’s website or app; and
  • Identify you when you visit the Responsible Party’s website or app, to store your preferences, to customize the content of the Responsible Party’s website or app for You, and to assist you in transactions and in accessing account information.
  • Comply with the obligation before the Comisión Nacional Bancaria y de Valores (National Banking and Securities Commission of Mexico), to obtain the geolocation of the mobile devices through which money transfer services are ordered made by Money Transmitters in Mexico.

In addition, the Responsible Party uses cookies, software and other mechanisms to help us prevent and detect fraud, theft, money laundering and other illegal or illegitimate activities. For this, information of your computer or mobile device may be used such as the domain and host that you use to access the Internet, including details such as the IP address of your device; geolocation of your mobile device, number and other information of your device (e.g. device properties, configuration, apps, store information and information in use) and the holder; the browser software and operating system used; social profile and network information.

The Responsible Party has enabled You to manage cookies or similar tools on the Responsible Party’s websites or app. The Responsible Party will only read or write cookies based on your preferences, (note: cookies set before you change your preferences are kept on your device. To turn them off please refer to your browser settings). If your browser does not support JavaScript, you can find information about the cookies used on the Responsible Party’s web site and you can manage cookies through the web browser configuration. Please note that if you disable all cookies in your browser or do not authorize or disable sharing your geolocation, this will limit the functionality of the Responsible Party’s website or app and may affect the ability to complete or generate your transaction, as the case may be. If you reside in Mexico, you may use the cookies selection tool on the Responsible Party’s site or app.

By using the mobile App, you acknowledge and authorize the Responsible Party to use cookies and web beacons.

We may provide you with support for troubleshooting issues related to your use of the App and any of the Services, including the use or deactivation of cookies at the following link: www.wu.com and via the Help section within the mobile App Menu.

 

Modifications to the Privacy Notice

The Responsible Party reserves the right to modify this Privacy Notice; in the event of any change to this Notice, it will give notification by posting a notice on the following website: www.wu.com; in the mobile app, or by sending the new Privacy Notice or corresponding changes to the email address you have provided.

This Integral Privacy Notice was last amended on February 2, 2020.

 

Consent to Personal Data Processing

By agreeing to participating in the video call with the Responsible Party, you will be deemed to be expressly and verifiable authorizing the Responsible Party to carry out facial recognition, voice recording, photo capture of you and official identification, so that they can be processed by Servicio Integral de Envíos, S.A. de C.V.  and by third parties with whom the Responsible Party has a business and commercial relationship, the above being for the purpose of fulfilling the obligations arising from the legal relationship between you and the Responsible Party and of complying with the legal regulations applicable to the Responsible Party as the Money Transmitter.

It is also expressly authorizing the Responsible Party to verify their identity against the registers administered by the National Electoral Institute and the National Population Register, in order to comply with the obligations arising from the legal relationship between you and the Responsible Party and to comply with the legal regulations applicable to the Responsible Party as a Money Transmitter.

By providing my financial information to the Responsible Party, (specifically the credit card account number and/or debit card account number, term, and the corresponding verification code) I expressly consent to the use of these as the means of payment and being processed by the Responsible Party for generating the ordered transactions.

By the Holder providing to the Responsible Party, the full name of the Beneficiary User to generate the transaction, they declare that it is with the Beneficiary User’s authorization that the transaction is completed.

The Holder declares that the Personal Data provided to the Responsible Party is accurate and up-to-date and undertakes to inform the Responsible Party of any changes to the Personal Data provided

Your Personal Data and Personal Information Generated will be treated in compliance with the security levels required by law.

You, as the Holder of the Personal Data, represent that you have read and agree to the terms and conditions of this Privacy Notice placed at your disposal prior to the processing of your personal data, knowing the purpose of the collection and processing of your Personal Data and the Personal Information Generated, as well as the procedure for the exercise of your ARCO rights and the revocation of your consent.  I agree [     ]

We inform you that the competent authority to resolve any conflict arising from the application to the Federal Law on the Protection of Personal Data in the Possession of Individuals and its Regulations is the INAI (Instituto Nacional de Acceso a la Información y Datos Personales — National Institute for Access to Personal Information and Data).