Privacy Policy

Privacy Policy

Last Updated: April 28, 2026

This Privacy Policy (“Policy”) explains how luisenriquebernal.com (the “Website”) collects, uses, discloses, and protects your personal data. This Policy applies to all visitors, users, and individuals who access the Website from any location. By accessing and using the Website, you acknowledge that you have read, understood, and agree to the practices outlined in this Policy. Please read this Policy carefully before using the Website.

This Privacy Policy complies with the personal data protection laws of Mexico (LFPDPPP 2025), the European Union (GDPR), California (CCPA), Brazil (LGPD), Canada (PIPEDA), and other applicable jurisdictions.

1. Mexico (LFPDPPP 2025) Compliance Statement

This Website operates in full compliance with Mexico’s Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), effective March 21, 2025.

Regulatory Authority: The Secretariat of Anti-Corruption and Good Governance (Secretaría de Anticorrupción y Buen Gobierno, or SABG) is responsible for enforcement and oversight, replacing the dissolved National Institute for Transparency, Access to Information, and Protection of Personal Data (INAI).

Your ARCO Rights: You have the right to Access (Acceso), Rectification (Rectificación), Cancellation (Cancelación), and Opposition (Oposición) regarding your personal data. Contact: lebz.sap@gmail.com

2. Data Controller Information

Data Controller: Luis Enrique Bernal is the data controller responsible for personal data processing on the Website.

Contact Information:

  • Name: Luis Enrique Bernal
  • Email: lebz.sap@gmail.com
  • Phone: +52 662 4295860
  • Location: Hermosillo, Sonora, Mexico
  • Website: https://www.luisenriquebernal.com

Data Protection Officer (DPO): For data protection inquiries, contact the data controller at the above address.

3. What Personal Data Do We Collect?

3.1 Data Collected Directly From You

We collect personal data only when you voluntarily provide it through:

  • Contact Forms: Name, email address, phone number, message content, company information
  • Email Communications: Email address, name, message content, attachments
  • Scheduling Tools: Name, email, phone, availability, meeting preferences
  • Inquiries or Requests: Any information you provide when asking questions or requesting services

Voluntary Submission: We do NOT collect personal data through passive browsing. All personal data collection requires your explicit consent and voluntary action.

3.2 Data Collected Automatically

When you visit the Website, certain information is automatically collected:

  • Server Logs: IP address, device type, browser type, operating system, pages visited, time on page, referrer source
  • Cookies & Tracking: Cookie identifiers, session information, user preferences (see Cookies Policy for details)
  • Analytics Data: Pages visited, click patterns, time on site, device information (via Google Analytics)
  • Website Interaction: Links clicked, forms submitted, downloads, video views

Legal Basis (LFPDPPP): Automatic collection is necessary for Website functionality and performance analysis. This collection does NOT require explicit consent.

3.3 Data NOT Collected

We explicitly do NOT collect:

  • Sensitive personal data (health information, biometric data, racial origin, religious beliefs, political opinions, sexual orientation) unless explicitly authorized by you
  • Payment information or financial account numbers (you enter these directly with payment processors, not our servers)
  • Government ID numbers or passport information
  • Data from children under 18 years of age
  • Data from individuals who have not explicitly consented to collection
  • Browsing data from other websites (we do NOT track you across the internet)

4. How Do We Use Your Personal Data?

We use personal data collected only for the following purposes:

4.1 Primary Purposes

  • Respond to Inquiries: Answering questions, providing information, addressing concerns
  • Service Delivery: Providing consultation, guidance, or services you request
  • Communication: Sending responses to your messages, updates about requested services
  • Scheduling: Managing meeting appointments, calendar coordination
  • Follow-up: Contacting you regarding your inquiry or services discussed

4.2 Secondary Purposes

  • Website Improvement: Analyzing user behavior to improve Website functionality, user experience, and performance
  • Analytics: Understanding traffic patterns, popular content, user engagement metrics
  • Security: Detecting and preventing fraud, unauthorized access, malware, or security threats
  • Legal Compliance: Complying with legal obligations, responding to legal requests, enforcing Terms & Conditions
  • Business Operations: Internal analytics, business intelligence, strategic planning

4.3 Purposes Requiring Explicit Consent

We will NOT use your personal data for the following purposes WITHOUT your explicit, written consent:

  • Marketing or promotional communications (unless you have explicitly subscribed)
  • Selling or renting your data to third parties
  • Sharing your data with unrelated companies
  • Profiling or targeted advertising
  • Behavioral tracking across other websites
  • Automated decision-making that significantly affects your rights

5. Legal Basis for Data Processing (LFPDPPP & GDPR)

5.1 Mexico (LFPDPPP 2025)

Our legal basis for processing personal data under LFPDPPP is:

  • Explicit Consent: For data collected through contact forms and voluntary submissions, your consent is the legal basis
  • Necessity: For automatic collection (server logs, analytics) necessary for Website functionality and security
  • Legal Obligation: For data processing required by law (tax compliance, legal requests)
  • Legitimate Interest: For Website improvement and security (balanced against your privacy rights)

Principle of Legality (Article 6 LFPDPPP): All data processing is lawful, transparent, and limited to stated purposes. You have the right to know why your data is being processed.

5.2 European Union (GDPR)

Our legal basis under GDPR is:

  • Consent (Article 6(1)(a)): For optional data processing
  • Contract (Article 6(1)(b)): For service delivery
  • Legal Obligation (Article 6(1)(c)): For mandatory compliance
  • Legitimate Interest (Article 6(1)(f)): For Website improvement and security

5.3 California (CCPA) & Brazil (LGPD)

Processing is based on your explicit consent or as necessary for the services you request. You have the right to opt-out of non-essential data processing at any time.

6. Who Do We Share Your Personal Data With?

6.1 No Third-Party Sales or Sharing

We explicitly do NOT sell, rent, or share your personal data with third parties for marketing purposes. Your data is not treated as a commodity or business asset.

6.2 Data Processors & Service Providers

We may share personal data with the following categories of service providers who process data on our behalf:

  • Email Service Providers: For sending responses and communications (if applicable)
  • Analytics Providers: Google Analytics (for Website usage analytics only)
  • Hosting & Infrastructure: Web hosting providers, CDN services, security services
  • Communication Tools: Scheduling and video conferencing platforms (only if you use them)
  • Legal/Compliance: Attorneys, accountants, auditors (only if legally required)

Data Processing Agreements: All processors are contractually obligated to comply with LFPDPPP 2025, GDPR, CCPA, LGPD, and PIPEDA requirements. Processors may NOT use your data for their own purposes.

6.3 Legal Requirements

We may disclose personal data if required by law, including:

  • Court orders or legal requests from government authorities
  • Tax compliance requirements
  • Law enforcement investigations
  • Protection of legal rights or safety

We will provide notice of such disclosures when legally possible.

6.4 No International Transfers Without Protection

For users in the European Union: Personal data may be transferred to the United States or other countries only with appropriate legal safeguards, including Standard Contractual Clauses (SCCs) or other mechanisms approved by regulatory authorities.

7. Data Retention & Deletion (LFPDPPP Article 11)

7.1 Retention Schedule

Data Type Retention Period Deletion Method LFPDPPP Compliant
Contact Form Data 2 years (unless ongoing services) Permanent deletion + secure erasure ✅ Yes
Email Communications 2 years or until service ends Permanent deletion + secure erasure ✅ Yes
Analytics Data 2 years (aggregated only) Automatic deletion after expiration ✅ Yes
Server Logs 90 days Automatic deletion after 90 days ✅ Yes
Cookies Varies (see Cookies Policy) Automatic deletion upon expiration ✅ Yes
Legal/Compliance Data As required by law Deleted when no longer legally required ✅ Yes

7.2 Data Blocking & Deletion Process (LFFDPPP Article 11)

When personal data retention periods expire, we follow the LFPDPPP blocking and deletion process:

  1. Blocking (Bloqueo): Data is marked as “blocked” and made inaccessible to regular operations
  2. Deletion (Eliminación): Data is permanently deleted within 30 days of blocking
  3. Secure Erasure: Deleted data cannot be retrieved or reconstructed

7.3 Your Right to Deletion (Cancelación)

You may request deletion of your personal data at any time by contacting lebz.sap@gmail.com. We will delete your data within 20 business days, unless:

  • We are legally required to retain it for compliance purposes
  • The data is necessary to complete services you requested
  • You have an ongoing business relationship with us

8. Your Data Rights (ARCO – LFPDPPP 2025)

8.1 Access (Acceso)

You have the right to access your personal data. You can request to know:

  • What personal data we hold about you
  • The source of that data
  • The purpose for which it is being processed
  • Who has access to your data
  • How long we will retain it

To request access: Send an email to lebz.sap@gmail.com with “Access Request (Solicitud de Acceso)” in the subject line.

8.2 Rectification (Rectificación)

You have the right to correct inaccurate or incomplete personal data. If you believe any data we hold is incorrect, you can request correction.

To request rectification: Send an email to lebz.sap@gmail.com with “Rectification Request (Solicitud de Rectificación)” in the subject line, and clearly describe what data is inaccurate and what the correct information is.

8.3 Cancellation (Cancelación)

You have the right to request deletion of your personal data. We will delete your data within 20 business days unless we are legally required to retain it.

To request cancellation: Send an email to lebz.sap@gmail.com with “Cancellation Request (Solicitud de Cancelación)” in the subject line.

8.4 Opposition (Oposición)

You have the right to object to the processing of your personal data. You can oppose processing for:

  • Marketing or promotional purposes
  • Analytics or profiling
  • Automated decision-making that affects your rights
  • Any other processing that is not essential to Website functionality

To request opposition: Send an email to lebz.sap@gmail.com with “Opposition Request (Solicitud de Oposición)” in the subject line.

8.5 Response Time

We will respond to all ARCO requests within 20 business days per LFPDPPP 2025 requirements (or the applicable timeframe in your jurisdiction). If we deny a request, we will explain the legal reason for the denial.

9. Data Security & Protection

9.1 Security Measures

We implement industry-standard security measures to protect your personal data:

  • HTTPS Encryption: All data in transit is encrypted using SSL/TLS encryption
  • Secure Cookie Flags: Cookies use HttpOnly, Secure, and SameSite flags to prevent unauthorized access
  • Access Controls: Only authorized personnel have access to personal data
  • Regular Audits: We conduct regular security audits and vulnerability assessments
  • Firewalls & Detection: Firewalls and intrusion detection systems protect against unauthorized access
  • Employee Training: All staff are trained on data protection and confidentiality obligations
  • Secure Deletion: When data is deleted, it is permanently and securely erased

9.2 Limitation of Security

No system is 100% secure. We cannot guarantee absolute protection against all security threats. However, we implement reasonable and proportionate security measures to protect your data against unauthorized access, loss, or alteration.

9.3 Data Breach Notification

If we experience a data breach that affects your personal data, we will:

  • Notify you within 30 days per LFPDPPP 2025 requirements
  • Inform the regulatory authority (SABG) if legally required
  • Describe the nature of the breach and the data affected
  • Explain measures we are taking to prevent future breaches
  • Provide guidance on protective actions you can take

10. Cookies & Tracking Technologies

For detailed information about cookies, tracking pixels, local storage, and how to manage your preferences, please see our Cookies Policy.

Key Points:

  • Essential cookies are necessary for Website functionality and do not require consent
  • Analytics cookies require your opt-in consent
  • You can manage cookie preferences through browser settings or our cookie consent tool
  • You can opt-out of Google Analytics using their opt-out tool

11. Third-Party Links & Content

The Website may contain links to third-party websites not operated by Luis Enrique Bernal. This Privacy Policy does not apply to third-party websites, and we are not responsible for their privacy practices.

We recommend reviewing the privacy policies of any third-party websites before providing personal data.

12. Children’s Privacy

The Website is not intended for use by children under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete such data immediately.

If you believe we have collected data from a child, please contact lebz.sap@gmail.com immediately.

13. International Data Transfers

13.1 Cross-Border Transfers

Your personal data may be processed in the following locations:

  • Mexico: Primary processing location
  • United States: Via Google Analytics and hosting providers
  • European Union: Via Google Ireland (analytics processing)
  • Global: Via CDN and distributed systems

13.2 GDPR Data Transfer Protection

For users in the European Union: Data transfers outside the EU are protected through Standard Contractual Clauses (SCCs), Privacy Shield mechanisms, or other approved legal safeguards.

13.3 Your Consent to Transfers

By using the Website and providing personal data, you consent to international data transfers as described in this Policy, subject to appropriate legal protections.

14. Your Rights by Jurisdiction

14.1 Mexico (LFPDPPP 2025)

ARCO Rights: Access, Rectification, Cancellation, Opposition (see Section 8)

Right to Know: You can request information about your personal data processing

Right to Contest: You can contest our processing and seek remedies through SABG

14.2 European Union (GDPR)

Additional Rights: Right to portability, right to restrict processing, right to object to profiling, right to explanation of automated decisions

14.3 California (CCPA)

Additional Rights: Right to know, right to delete, right to opt-out, right to non-discrimination

14.4 Brazil (LGPD)

Additional Rights: Right to portability, right to have decisions reviewed, right to information about data sharing

14.5 Canada (PIPEDA)

Additional Rights: Right to access, right to correction, right to withdrawal of consent

15. Contact Us for Privacy Inquiries

For questions about this Privacy Policy, to exercise your ARCO rights, or to report data privacy concerns, please contact:

Luis Enrique Bernal (Data Controller)
Email: lebz.sap@gmail.com
Phone: +52 662 4295860
Location: Hermosillo, Sonora, Mexico
Website: https://www.luisenriquebernal.com

Response Time: We will respond to privacy inquiries and ARCO requests within 20 business days per LFPDPPP 2025 requirements, or within the timeframe specified by your jurisdiction’s laws.

16. Regulatory Authorities

If you have concerns about how we are handling your personal data, you may file a complaint with the relevant regulatory authority in your jurisdiction:

  • 🇲🇽 Mexico: Secretariat of Anti-Corruption and Good Governance (SABG) – https://www.gob.mx/sabg
  • 🇪🇺 EU: Your local Data Protection Authority
  • 🇺🇸 California: California Attorney General – https://oag.ca.gov/privacy
  • 🇧🇷 Brazil: LGPD Authority – https://www.gov.br/cidadania
  • 🇨🇦 Canada: Office of the Privacy Commissioner – https://www.priv.gc.ca

17. Changes to This Privacy Policy

We may update this Privacy Policy at any time to reflect changes in law, technology, or our practices. If we make material changes, we will:

  • Post the updated policy on the Website with a new “Last Updated” date
  • Notify you via email (if applicable) of significant changes
  • Request renewed consent (if required by law)

It is your responsibility to review this Policy periodically for changes. Continued use of the Website following updates constitutes your acceptance of the updated Policy.

18. Relationship to Other Policies

This Privacy Policy should be read in conjunction with:

  • Cookies Policy: Details about cookies, tracking, and consent
  • Legal Disclaimer: Limitations on liability and intellectual property rights
  • Terms & Conditions: Rules for using the Website

In case of conflict: The most restrictive policy (most protective of your privacy) will apply.

19. Data Portability (GDPR, LGPD, PIPEDA)

You have the right to request your personal data in a structured, commonly used, and machine-readable format (e.g., CSV, JSON). We will provide this within 30 days of your request at no cost.

To request data portability: Send an email to lebz.sap@gmail.com with “Data Portability Request (Solicitud de Portabilidad)” in the subject line.

20. Automated Decision-Making & Profiling

We do NOT use automated decision-making or profiling that produces significant effects on your rights or freedoms. Any decisions affecting you are made by humans, not algorithms.

If we ever implement automated processing in the future, we will obtain explicit consent and provide transparency about how the system works.

21. Accountability & Transparency

Luis Enrique Bernal is committed to transparent and accountable data processing:

  • This Privacy Policy discloses our complete data practices
  • You can request a full record of how we process your data
  • We maintain documentation of all processing activities
  • We conduct regular privacy impact assessments
  • We comply with all applicable privacy laws

22. Acknowledgment & Acceptance

By accessing and using the Website, you acknowledge that you have:

Read and understood this Privacy Policy in its entirety
Understood what personal data we collect and how we use it
Understood your ARCO rights under LFPDPPP 2025
Understood your privacy rights in your jurisdiction
Consented to the data processing practices described herein
Agreed that your data may be processed internationally with appropriate protections

If you do not agree to this Privacy Policy, you must discontinue use of the Website immediately.

This Privacy Policy is provided in English and Spanish (available upon request). In the event of any discrepancy between the English version and any translation, the English version shall prevail and be deemed the authoritative version.

LFPDPPP 2025 Compliance: This Privacy Policy complies with Mexico’s Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), effective March 21, 2025, as enforced by the Secretariat of Anti-Corruption and Good Governance (SABG).

Last Updated: April 28, 2026