Privacy Notice - Dr. César Hernández Elenes

1. Identity of the Data Controller

Dr. César Hernández Elenes, Medical Surgeon specializing in Bariatric Surgery and General Surgery, certified by the Mexican Council of General Surgery, A.C., is responsible for the processing of your personal data. Our main office is located at C. Novena 2272-D, Calles, 21378 Mexicali, B.C., Mexico. For any matter related to the protection of your personal data, you can contact us via email at contacto@manga-gastrica.mx. We are committed to protecting your information in accordance with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and its regulatory provisions in force in 2025.

2. Purposes of Data Processing

Your personal data will be used for the following primary purposes: preliminary medical evaluation to determine your candidacy for bariatric surgery, scheduling and performing surgical procedures, post-operative follow-up, and maintenance of medical records in accordance with NOM-004-SSA3-2012. Secondary purposes include sending information about improvements in our services, conducting quality studies and continuous improvement, medical research for statistical purposes (anonymized data), and marketing communications about complementary procedures. You may refuse the processing of your data for secondary purposes at any time, without this affecting the provision of our main medical services. To express your refusal, you can contact us at privacidad@manga-gastrica.mx.

3. Personal Data Collected

We collect different categories of personal data depending on the nature of our relationship with you. Identification data includes: full name, date of birth, age, email address, phone number, postal address, and zip code. Professional contact data may include employment information if relevant to your medical evaluation. We also collect data related to your health condition that is essential for the provision of medical services: current and historical weight, body mass index (BMI), height, comorbidities associated with obesity (diabetes, hypertension, sleep apnea, etc.), previous medical and surgical history, current medications, allergies, laboratory and imaging studies, before and after procedure photographs, and complete records of the surgical procedure and post-operative evolution.

4. Sensitive Personal Data

We inform you that for the provision of bariatric surgery services, it is necessary to process personal data considered sensitive under Article 9 of the LFPDPPP. This data includes information about your health status, complete medical history, physical and mental conditions, medical diagnoses, previous and current treatments, as well as clinical photographs before and after surgery that are part of your medical record. The processing of this sensitive data requires your express consent, which is obtained through signing the preliminary evaluation form and the specific informed consent for the surgical procedure. This data is handled with the highest standards of medical confidentiality and is only accessible to authorized medical personnel directly involved in your care. You have the right to revoke your consent at any time, considering the limitations imposed by current health regulations for the preservation of medical records.

5. Personal Data Transfers

For the proper provision of our medical services, your personal data may be shared with third parties in the following cases: hospitals where surgical procedures are performed (Hospital Ángeles Pedregal, Hospital ABC Santa Fe, Centro Médico Nacional Siglo XXI), clinical laboratories for preoperative and follow-up studies, consulting medical specialists when your case requires multidisciplinary evaluation, insurance companies when you have contracted medical coverage and expressly authorize the release of information, and health authorities when required by legal provision. All these transfers are made under strict confidentiality agreements and solely for the purpose of providing you with comprehensive medical care of the highest quality. We do not make international transfers of personal data. If it becomes necessary to make any international transfer in the future, we will request your express consent in advance.

6. ARCO Rights (Access, Rectification, Cancellation, and Opposition)

As the holder of personal data, you have the rights of Access, Rectification, Cancellation, and Opposition (ARCO Rights) regarding the processing we give to your information. The right of Access allows you to know what personal data we have about you and what we use it for. The right of Rectification enables you to request correction of inaccurate or incomplete data. The right of Cancellation allows you to request that we delete your data from our databases when you consider that they are not being processed in accordance with applicable regulations. The right of Opposition allows you to oppose the processing of your data for specific purposes. To exercise any of these rights, you must send us a request to the email address privacidad@manga-gastrica.mx, clearly indicating the right you wish to exercise, your identification data, and documents proving your identity. We will respond to your request within a maximum period of 20 business days from the date we receive the request, in accordance with Article 32 of the LFPDPPP. The response will be sent to the contact method you indicate in your request.

7. Revocation of Consent

You have the right to revoke the consent you have granted us for the processing of your personal data at any time. To revoke your consent, you must submit your request via email to privacidad@manga-gastrica.mx, properly identifying yourself and specifying the data processing for which you wish to revoke your consent. It is important to note that we may not be able to honor your request immediately in all cases, as there are legal obligations that require us to continue processing your personal data. Specifically, current health regulations (NOM-004-SSA3-2012) oblige us to preserve your medical record for a minimum period of 5 years from the date of the last medical care. During this period, your medical data must remain in our files, although its use will be limited to the purposes established by law. Once the mandatory retention period has elapsed and there are no other pending legal obligations, we will proceed with the secure deletion of your information.

8. Limitation of Use and Disclosure of Data

You can limit the use or disclosure of your personal data, especially for secondary purposes such as sending promotional information, marketing communications, satisfaction surveys, and offers of complementary services. To exercise this right, you can express it through any of the following means: sending an email to privacidad@manga-gastrica.mx with the subject 'Data Use Limitation', using the unsubscribe links included in our electronic communications, or registering with the Public Registry of Users (REUS) of the Secretariat of Anti-Corruption and Good Government to avoid receiving advertising. Once we receive your limitation request, we will make it effective within no more than 5 business days. It is important to mention that the limitation of use for secondary purposes will not affect the provision of our medical services or the fulfillment of obligations derived from the doctor-patient relationship. Your data will continue to be used for primary purposes related to your medical care and compliance with legal obligations in health matters.

9. Security Measures

We have implemented technical, physical, and administrative security measures to protect your personal data against damage, loss, alteration, destruction, use, access, or improper disclosure. At the technical level, we maintain encrypted databases, access control systems with multi-factor authentication, periodic information backups on secure servers, and all communication through our website is protected by HTTPS encryption. In the physical realm, our medical facilities have controlled access, restricted areas for storage of physical medical records, and video surveillance systems in critical areas. At the administrative level, all our medical and administrative staff signs confidentiality agreements, receives periodic training in personal data protection and handling of sensitive information, and only has access to the data strictly necessary to perform their functions. We conduct periodic security audits to identify and correct possible vulnerabilities. Despite these measures, it is important that you also take precautions when providing us with information, especially when doing so through electronic means.

10. Use of Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to improve user experience, analyze site traffic, personalize content, and display relevant advertising. Cookies are small text files that are stored on your device when you visit our website. We use different types of cookies: necessary cookies (essential for basic site operation), analytical cookies (to understand how users interact with our site through tools like Google Analytics), marketing cookies (to display personalized advertising on third-party platforms), and functional cookies (to remember your preferences and improve site functionality). You have control over the use of cookies through the consent banner that appears when you visit our site for the first time, where you can accept all cookies, reject non-essential ones, or customize your preferences. For detailed information about the specific cookies we use, their purposes, retention periods, and how to manage your preferences, consult our complete Cookie Policy available at /politica-cookies. You can modify cookie settings at any time through your web browser options.

11. Modifications to the Privacy Notice

We reserve the right to update and modify this Privacy Notice at any time to reflect changes in our data processing practices, updates to applicable legislation, improvements to our security measures, or the incorporation of new services. Any modification to this Privacy Notice will be published on our website manga-gastrica.mx with the date of the last update clearly visible at the top of the document. In case of substantial changes that significantly affect the processing of your personal data, we will notify you by email to the address you have provided us, at least 10 days before the changes take effect. We recommend that you periodically review this Privacy Notice to stay informed about how we protect your information. Continued use of our services after the publication of changes constitutes your acceptance of such modifications. If you do not agree with the changes made, you may exercise your right of cancellation according to the procedure established in the ARCO Rights section.

12. Consent for Data Processing

Your consent for the processing of personal data can be granted in various ways depending on the type of interaction you have with us. When you fill out forms on our website, such as the contact form or the preliminary online evaluation, you are presented with this Privacy Notice and your express acceptance is requested through a checkbox before submitting your information. If you provide us with data through phone calls or emails, it is understood that you tacitly consent to processing in accordance with this notice. For sensitive personal data related to your health, we obtain your express consent through signing specific forms: the Preliminary Evaluation Form that you sign at your first consultation, the Informed Consent for surgical procedures that details the scope of processing of your medical data, and the specific authorization for the use of clinical photographs for medical documentation purposes and, when you expressly authorize it, for educational or promotional dissemination purposes (always anonymously). At all times, you have the right to know what the processing of your data will consist of before granting your consent.

13. Data Retention Period

The retention periods for your personal data vary according to the nature of the information and applicable legal obligations. Medical records, including all sensitive medical information related to your evaluation, diagnosis, surgical treatment, and post-operative follow-up, are retained for a minimum period of 5 years from the date of the last medical care, as established by NOM-004-SSA3-2012 for medical records. This period is mandatory and cannot be reduced, even if you request the cancellation of your data. Contact data used for secondary purposes (marketing, promotional communications, satisfaction studies) are retained until you express your opposition to processing or request their cancellation, at which time they will be deleted within no more than 30 days. Data collected through web cookies have different retention periods depending on their type, as specified in our Cookie Policy. Once the applicable retention periods have elapsed and there are no legal, accounting, or tax obligations that require maintaining the information, we will proceed with secure deletion of your data through erasure procedures that prevent their recovery.

14. Competent Authority

According to the provisions in force in 2025, the competent authority to hear complaints regarding the processing of personal data held by private parties is the Secretariat of Anti-Corruption and Good Government. This agency assumed the functions previously performed by the National Institute of Transparency, Access to Information and Protection of Personal Data (INAI), which was dissolved in April 2025. The Secretariat of Anti-Corruption and Good Government has the power to receive and process complaints for alleged violations of the Federal Law on Protection of Personal Data Held by Private Parties and its Regulations. If you consider that your right to protection of personal data has been violated, you can file a complaint with this authority. Before going to the authority, we invite you to contact us directly to resolve any concerns or complaints, as we are committed to protecting your privacy and seek to resolve any situation directly and satisfactorily. Complaints to the authority can be filed online through the official Secretariat portal or in person at their offices.

15. Legal Basis

The processing of your personal data is carried out based on applicable Mexican legislation on personal data protection and health. The main legal basis is the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), published in the Official Gazette of the Federation and its amendments in force in 2025, as well as its Regulations. In health matters, we are governed by NOM-004-SSA3-2012 for medical records, which establishes the mandatory scientific, ethical, technological, and administrative criteria in the preparation, integration, use, handling, filing, preservation, ownership, and confidentiality of medical records. Additionally, we comply with the provisions of the General Health Law, particularly regarding the handling of patient information, and regulations issued by the Federal Commission for Protection against Sanitary Risks (COFEPRIS) regarding the provision of medical services. The processing of sensitive data related to your health is also based on the express consent you grant to receive medical care, in accordance with the principle of patient autonomy recognized in health legislation.

16. Data of Minors

Bariatric surgery procedures are generally indicated for people over 18 years of age. However, in exceptional cases duly justified from a medical point of view, adolescent candidates aged 16 to 18 with severe morbid obesity and significant comorbidities that put their health at risk may be considered. In these special cases, in addition to the consent of the minor (when they have the capacity to understand the nature of the procedure), the express authorization of both parents or legal guardians is mandatory, who must sign the informed consent and all documents related to the processing of the minor's personal data. Legal representatives have at all times the right to exercise ARCO Rights and other rights regarding personal data protection on behalf of the minor. Any communication related to the medical treatment of the minor will be conducted with their parents or legal guardians. For minors under 16 years of age, bariatric surgery is not considered, so personal data from this age group is not collected. Our policy is to especially protect the privacy of minors and ensure that their data is treated with the utmost care.

17. Contact Channels for Privacy Matters

For any matter related to the protection of your personal data, exercise of ARCO Rights, revocation of consent, limitation of data use, or questions about this Privacy Notice, we make the following contact channels available to you. You can send us an email to privacidad@manga-gastrica.mx, which is the preferred channel for formal requests related to data protection. This email is directly handled by our data protection officer. You can also contact our general email contacto@manga-gastrica.mx for general inquiries about data processing. For inquiries that do not require the formality of an ARCO request, you can call the phone number available on our website during our business hours. If you prefer traditional written communication, you can send your request to our physical address: C. Novena 2272-D, Calles, 21378 Mexicali, B.C., Mexico. We ask that in all your communications you include your contact information (full name, email, and phone) so we can properly follow up on your request. We commit to responding to all your inquiries within the timeframes established by law, maintaining the confidentiality and professionalism your information deserves.

18. Last Update Date and Validity

This Privacy Notice was last updated on October 14, 2025 and becomes effective as of this date. This version replaces and renders null and void any previous privacy notice we may have published. This version incorporates the necessary updates to comply with the provisions of the Federal Law on Protection of Personal Data Held by Private Parties in force in 2025, including changes in the competent authority following the dissolution of INAI. All references to regulatory frameworks, competent authorities, and procedures reflect the current legal situation. This notice will remain in effect until a new version is published, at which time the update date and changes made will be clearly indicated. The current version will always be available on our website manga-gastrica.mx in the footer sections. We recommend checking this page periodically to stay informed of any modifications. If you have any questions about differences between versions or need to consult a previous version of this notice, you can request it through our contact channels for privacy matters.

Contact Information

For any questions related to this privacy policy, you can contact us through:

+52 686 608 6521
contacto@manga-gastrica.mx