I
Objective
To guarantee individuals’ rights over the control of their personal information and over its confidentiality, integrity and availability.
II
Guidelines
This document constitutes the Privacy Notice for the purposes of the Federal Law on the Protection of Personal Data Held by Private Parties and the provisions arising from or related to it. This Privacy Notice applies to the personal information collected about the Data Owner by “TBR Software S.A. de C.V.” (hereinafter Edgebound), in its capacity as Data Controller, with address at Torre Virreyes, Pedregal 24, Floor 3, Col. Molino del Rey, Miguel Hidalgo, which shall also serve to receive notices. This Privacy Notice is subject to the following terms and conditions.
III
Definitions
For the purposes of this Notice and in accordance with the Federal Law on the Protection of Personal Data Held by Private Parties, the following terms shall mean:
- Privacy Notice
- A physical and/or electronic document generated by the controller and made available to the data owner prior to the processing of their personal data.
- Personal Data
- Any information concerning an identified or identifiable natural person.
- ARCO Rights A · R · C · O
- The rights of Access, Rectification, Cancellation and Opposition that, under the LFPDPPP and subject to the exceptions set out in it and in this Notice, each Data Owner has in relation to the Personal Data collected by the Controller and/or its Processors.
- Controller
- The natural or legal person who decides on the processing of the Data Owner’s Personal Data; in this case, Edgebound.
- Processor
- The natural or legal person who, alone or jointly with others, processes Personal Data on behalf of the Controller.
- Data Owner
- The natural person who owns the Personal Data, or who is authorized to provide a third party’s Personal Data under applicable law, and who provides such Personal Data to the Controller.
- Transfer
- Any communication of data made to a person other than the controller or processor.
- Portal
- The reference to www.edgebound.ai.
- Tacit Consent
- The Data Owner shall be deemed to have consented to the processing of their data when, having been made available the Privacy Notice, they do not express their opposition.
ARCO rights in detail
- Access. The Data Owner’s right to know the Personal Data concerning them held by the Controller or its Processors, as well as to whom it has been shared and for what purpose.
- Rectification. The right to have their Personal Data corrected when it is inaccurate or incomplete.
- Cancellation. The right to request at any time the deletion of their Personal Data, which will occur once the blocking period has elapsed. Blocking involves identifying and retaining the data once the purpose for which it was collected has been fulfilled, in order to determine possible liabilities, until the legal or contractual statute of limitations. If the data had previously been transferred and is still processed by third parties, the Controller will inform the relevant third party of such request so that it also proceeds accordingly.
- Opposition. The right to request at any time, provided there is a legitimate cause, that the Controller stop processing their Personal Data.
IV
Data Owner’s Consent
For the purposes of Article 17 of the LFPDPPP, the Data Owner states that: (i) this Privacy Notice has been made known to them by the Controller; (ii) they have read, understood and agreed to the terms set out in this Notice, and therefore grant their consent regarding the processing of their Personal Data; and (iii) they grant their consent for Edgebound, or its processors, to transfer Personal Data to domestic or foreign third parties, on the understanding that the processing such third parties give to their data must comply with this Notice.
When the Personal Data collected includes sensitive or financial data, by signing the corresponding contract —whether in print or by electronic means and their corresponding consent-formation processes (for example, providing data through dialog windows, or the on-screen display and review of terms and conditions)— the Data Owner’s express consent is constituted under the second paragraph of Article 8 of the LFPDPPP.
If the Data Owner does not object to the terms of this Notice within the following 48 hours after it was made available, its content shall be deemed agreed and consented, under the third paragraph of Article 8 of the LFPDPPP. The Data Owner’s consent may be revoked at any time without retroactive effects.
The Data Owner’s consent will not be required for the processing of Personal Data by the Controller or third parties in any of the cases set out in Article 10 of the LFPDPPP.
V
Purpose of the Privacy Notice
The purpose of this Notice is to establish the terms and conditions under which Edgebound (or the Processor it designates):
- Will receive and protect the Data Owner’s Personal Data in order to protect their privacy and their right to informational self-determination, in compliance with the LFPDPPP.
- Will use the Data Owner’s Personal Data.
- Will, where applicable, transfer Personal Data to third parties.
The Controller will collect and process the Data Owner’s Personal Data —information that can reasonably identify them— through the receipt of documents, whether in print and/or digital format.
VI
Information collected
The information the Controller may collect includes, by way of example and without limitation: name and surnames; date of birth; age; marital status; nationality; home, work or tax address; personal or work email address; personal or work phone number; mobile phone number; credit card, debit card or bank account number; Federal Taxpayer Registry (RFC) code; Unique Population Registry Code (CURP); IMSS affiliation number; as well as others of a similar nature.
Collection may take place when the Data Owner communicates by phone with the Controller or its Processors, through direct delivery, by email, or by using its websites —through the voluntary provision of information in dialog windows, or through automatic data-capture tools. Such tools allow the collection of information sent by your browser, such as browser type, user language, access times and the address of websites used to access the Controller’s sites.
Documentation for identity verification
To verify the Data Owner’s identity, Edgebound may collect: the voter ID card; for foreigners, the Resident Card (temporary or permanent); the discharged National Military Service card; the RFC certificate; the CURP; proof of address (water, property-tax or electricity bill); and the special credit report issued by a Credit Information Company. The Controller may also collect Personal Data from publicly accessible sources and other commercially available sources to which the Data Owner may have consented to share their information.
VII
Purpose of the Personal Data
The Data Owner’s Personal Data is collected and processed to enable the Controller to carry out the following activities and primary purposes:
- Provide business and corporate services in everything related to the software, hardware and electronics industry in general.
- Provide technical corporate advisory and consulting services, as well as training and project control.
- Provide installation, advisory and training services in the use and development of software, hardware, computing equipment, communications and electronics in general.
- Development, installation, advisory and maintenance of computing equipment and software, communications equipment and electronics in general.
Secondary purposes
Additionally, the Data Owner’s personal information will be used for the following purposes that are not necessary to fulfill the legal relationship between Edgebound and the Data Owner:
If the Data Owner does not want their data used for secondary purposes, they may state so at any time. Refusal to use the data for these purposes will not be grounds to deny the user the services and activities contracted with Edgebound.
In accordance with Article 14 of the LFPDPPP and Article 25, second paragraph, of the Privacy Notice Guidelines, if this Notice is not made known to the Data Owner directly or personally, they will have 5 business days to state their refusal to process their data for the secondary purposes.
Edgebound needs to share your Personal Data with providers of database administration and management services; automated processing of Personal Data and its storage; email authentication and validation; audit services; and other services of a similar nature.
VIII
Use of cookies
The correct functioning of Edgebound’s sites and those of its providers requires enabling “cookies” in your internet browser. Cookies are small data files transferred by the website to your computer’s hard drive when you browse the site. They may be session or persistent: session cookies do not remain after you close the browser, while persistent cookies remain until they are deleted or expire.
In most browsers, cookies are accepted automatically by default; you can adjust your browser preferences to accept or reject cookies. Disabling cookies may disable various functions of Edgebound’s websites or prevent them from displaying correctly. If you prefer to delete cookie information, you can clear the files at the end of each browser session.
On this site you can manage your cookie categories —essential, analytics and marketing— at any time from the Cookie preferences link in the site footer.
Web beacons and email links
On its websites and in HTML-formatted emails, Edgebound may use Web beacons (also known as internet tags, pixel tags and clear GIFs), alone or in combination with cookies, to collect information about site usage and email interaction. A Web beacon is an electronic single-pixel (1×1) image or GIF that can recognize information processed on your computer, such as the time and date the site and its sections are viewed. Emails that include links let Edgebound know whether you activated that link and visited the destination page — information that may be included in your profile.
IX
Data transfers
Once the terms of this Notice have been read, understood and agreed, the Data Owner consents for the Controller or any Processor to transfer Personal Data to domestic or foreign third parties, on the understanding that the processing such third parties give to the data must comply with this Notice.
The Data Owner acknowledges and accepts that the Controller does not require authorization or confirmation to carry out domestic or international Personal Data transfers in the cases provided for in Article 37 of the LFPDPPP or in any other exception case provided for by it or other applicable law.
X
Safeguarding and security of Personal Data
The Controller and/or its Processors will retain the Data Owner’s Personal Data for as long as necessary to process their requests for information, products and/or services, as well as to maintain accounting, financial and audit records under the LFPDPPP and current commercial, tax and administrative law.
The Personal Data collected will be protected by appropriate administrative, technical and physical security measures against damage, loss, alteration, destruction or unauthorized use, access or processing, in accordance with the LFPDPPP and its derived regulation. Nevertheless, Edgebound does not guarantee that unauthorized third parties cannot access its physical or logical systems; consequently, it will not be liable for the damages that may arise from such unauthorized access.
XI
Information Security Policy
At Edgebound we are committed to protecting the confidentiality, integrity and availability of information across all our operations, including software development, technology project management and the provision of consulting and digital strategy services.
Our Information Security Policy is aligned with the ISO/IEC 27001:2022 standard and establishes the reference framework for the secure management of information assets, as well as for compliance with applicable legal, regulatory and contractual requirements. This policy applies to all employees, contractors, suppliers and third parties with access to information, systems or infrastructure owned by or under the responsibility of Edgebound.
Commitments of executive management
- Establish, maintain and continuously improve the Information Security Management System (ISMS).
- Ensure compliance with information security objectives.
- Provide the resources needed to implement appropriate controls.
- Foster a culture of security within the organization.
Fundamental principles
- Confidentiality
- Information is accessible only to authorized persons.
- Integrity
- Information is protected against unauthorized or improper modification.
- Availability
- Information is available in a timely manner to those who require it.
Edgebound periodically reviews its Information Security Management System as part of its commitment to continuous improvement and the protection of its stakeholders’ information.
XII
Procedure to exercise ARCO rights
To exercise ARCO rights, the Data Owner or their representative must submit a written request for Access, Rectification, Cancellation or Opposition with the following information and documentation:
- The Data Owner’s name and address or other means to communicate the response to their request.
- Documents proving their identity (simple copy, printed or electronic, of voter ID, passport or temporary/permanent Resident Card) or, where applicable, the legal representation of the Data Owner (a simple power of attorney with handwritten signatures of the Data Owner and the agent, with their official IDs).
- A clear and precise description of the Personal Data over which they seek to exercise one of the ARCO rights.
- Any other element or document that facilitates locating the Data Owner’s Personal Data.
For rectification requests, the Data Owner must also indicate the changes to be made and provide documentation supporting their request.
Exercise your rights
Receipt and handling of ARCO requests
For the receipt, registration and handling of requests to exercise your right of access, rectification, cancellation and opposition, as well as to limit the use or disclosure of your data and the other rights provided for in the LFPDPPP, contact:
The Controller or its Processors will respond to the Data Owner within a maximum of twenty business days from the date the request is received, communicating the determination adopted so that, if applicable, it is made effective within the fifteen days following the date the response is communicated. For access requests, delivery will proceed after verifying the identity of the requester or their legal representative. These timeframes may be extended only under the terms of the LFPDPPP.
Delivery of the Personal Data will be free of charge; the Data Owner will only be responsible for justified shipping costs or the cost of reproduction in copies or other formats. For cancellation requests, in addition to the provisions of this Notice, Article 26 of the LFPDPPP will apply, including the cancellation exception cases set out therein.
XIII
Changes to the Privacy Notice
Edgebound reserves the right to periodically update this Notice to reflect changes in our information practices. It is the Data Owner’s responsibility to periodically review the content of the Privacy Notice at www.edgebound.ai.
See the Privacy Notice for Candidates →
Last updated: June 2026 · TBR Software S.A. de C.V.