Privacy Notice

Last Updated: April 10, 2026

Responsable del Tratamiento de Datos Personales

De conformidad con el Artículo 16 de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP), se identifica al responsable del tratamiento de sus datos personales:

Nombre / Razón Social: Santiago Quiroz Rodall
Nombre Comercial: Orokin Consulting
Domicilio: Monterrey, Nuevo León, México
Correo electrónico de contacto: management@orokinconsulting.com
Teléfono / WhatsApp: +52-998-4845896
Sitio web: orokinconsulting.com

Santiago Quiroz Rodall, operando bajo el nombre comercial "Orokin Consulting", es responsable del uso, protección y tratamiento de los datos personales que usted proporcione a través de este sitio web o en el marco de la prestación de servicios de consultoría y automatización.

1. Information We Collect

We collect information in several ways:

• Contact Information: Name, email, phone number, business name, industry
• Service Data: Information you provide during discovery calls and implementation
• Usage Data: How you interact with our website (via analytics)
• Communication Data: Messages, emails, and WhatsApp conversations
• Healthcare Data: When applicable, Protected Health Information (PHI) handled under HIPAA compliance

2. How We Use Your Information

We use collected information for:

• Providing and improving our services
• Communicating with you about your account and services
• Sending marketing communications (with your consent)
• Analyzing website usage and trends
• Complying with legal obligations
• Protecting against fraud and security threats

3. Data Security & HIPAA Compliance

We implement industry-standard security measures:

• Encryption: All sensitive data is encrypted in transit (SSL/TLS) and at rest
• Access Controls: Only authorized personnel access sensitive information
• HIPAA Compliance: When handling PHI, we maintain HIPAA-compliant systems including:
  • Business Associate Agreements (BAA) with clients
  • Audit logs and monitoring
  • Breach notification procedures
  • Data de-identification protocols
• Regular Audits: We conduct regular security assessments

4. Third-Party Service Providers

We use third-party services for:

• Email & Communication: Gmail, WhatsApp Business API
• Automation: n8n, ManyChat
• Calendar & Storage: Google Calendar, Google Sheets
• Analytics: Website usage tracking

All third-party providers are contractually obligated to protect your data and use it only as necessary to provide services to us.

5. Data Retention

• Service Data: Retained for the duration of our engagement plus 3 years for compliance
• Healthcare Data (PHI): Retained per HIPAA requirements and your Service Agreement
• Website Analytics: Typically retained for 26 months
• Communications: Retained until no longer needed or as legally required

6. Your ARCO Rights (Mexico - LFPDD/LGPD)

Under Mexico's data protection laws, you have ARCO rights (Acceso, Rectificación, Cancelación, Oposición):

• Acceso (Access - LFPDD Art. 18): Request a copy of all personal data we hold about you
• Rectificación (Correction - LFPDD Art. 20): Request correction or update of inaccurate or incomplete information
• Cancelación (Deletion - LFPDD Art. 22): Request deletion of your personal data when no longer necessary (subject to legal holds)
• Oposición (Opposition - LFPDD Art. 23): Object to processing of your data for specific purposes
• Revoke Consent: Withdraw consent at any time
• Opt-out: Opt out of marketing communications
• HIPAA Rights: If applicable, exercise your HIPAA rights to Protected Health Information (PHI)

7. International Data Transfers

If you are located outside Mexico and we transfer your data internationally, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses
• Adequacy decisions by relevant authorities
• Your explicit consent where required

8. Children's Privacy

Our services are not intended for individuals under 18 years old. We do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete such information.

9. Cookies & Tracking

Our website uses cookies to:

• Remember your language preference
• Analyze website traffic
• Improve user experience

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent.

10. Changes to This Notice

We may update this Privacy Notice at any time. We will notify you of material changes by updating the "Last Updated" date at the top of this page. Your continued use of our services after changes constitutes your acceptance of the updated Privacy Notice.

11. Exercising Your ARCO Rights - Privacy Requests

To exercise your Acceso, Rectificación, Cancelación, or Oposición (ARCO) rights under LFPDD/LGPD, submit a written request including:

• Your full name and identification
• Clear description of the right you're exercising
• Details about your personal data in question
• Any supporting documentation

We will respond to your ARCO request within 20 business days as required by LFPDD Article 21.

12. Contact & Privacy Inquiries

If you have questions about this Privacy Notice or wish to exercise your ARCO rights, contact us at:

Santiago Quiroz Rodall (Orokin Consulting)
Monterrey, Nuevo León, Mexico
Phone: +52-998-4845896
Email: management@orokinconsulting.com
WhatsApp: +52-998-4845896

Privacy Request Email Subject: "LFPDD Privacy Request - [Your Name]"
Please include your request type (Acceso/Rectificación/Cancelación/Oposición) in your email.

13. Mexico LFPDD & LGPD Full Compliance Framework

As a data controller operating in Mexico, Orokin Consulting complies fully with the LFPDD (Ley Federal de Protección de Datos Personales en Posesión de Particulares) and the LGPD (Ley General de Protección de Datos Personales).

Our Obligations Under LFPDD/LGPD:

• Lawful Basis: We process personal data only with your consent or as necessary to provide contracted services
• Purpose Limitation: We use your data only for the purposes disclosed in this Privacy Notice
• Data Minimization: We collect only the personal data necessary for our services
• Accuracy: We maintain accurate, current, and complete personal data
• Security: We implement technical and organizational measures to protect your data against unauthorized access
• Retention Limits: We retain personal data only as long as necessary for the stated purposes

Your LFPDD/LGPD Rights (Derechos ARCO):

Under Mexican law, you have the following rights regarding your personal data:

• Acceso (Access): You have the right to access and obtain a copy of your personal data we hold
• Rectificación (Rectification): You can request correction of inaccurate, incomplete, or outdated personal data
• Cancelación (Cancellation): You can request deletion of your personal data when it is no longer necessary
• Oposición (Opposition): You can object to the processing of your personal data for specific purposes
• Revocation of Consent: You can withdraw your consent at any time, though this may affect our ability to provide services

Aviso de Privacidad (Privacy Notice)

This document serves as our formal Aviso de Privacidad as required by LFPDD Article 16 and LGPD Article 11. We are committed to transparency in how we collect, use, and protect your personal data.

Data Protection Authority

If you believe your rights under LFPDD/LGPD have been violated, you can file a complaint with:

INAI (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales)
Website: www.gob.mx/inai
Email: contacto@inai.gob.mx
Phone: +52 (55) 1925-4800

Data Processing Location

Personal data is processed and stored primarily in Mexico and may be transferred to other jurisdictions only with appropriate safeguards and your consent, as required by LFPDD.

← Back to Home