Privacy notice | MONEX Grupo Financiero

Monex Grupo Financiero, S.A. de C.V. (hereinafter, the “Organization”); a company duly organized under the law of Mexico and with its offices at Avenida Paseo de la Reforma No. 284, 15th floor, Colonia Juárez, C.P. 06600, Alcaldía Cuauhtémoc, Mexico City, Mexico; has among its main purposes to establish a financial institution recognized for its trust and transparency, in compliance with applicable laws and regulations through a philosophy of continuous improvement.

Considering the foregoing and in compliance with the Federal Law for the Protection of Personal Data Held by Private Parties (hereinafter referred to as the “Law”), we inform you that this Organization is the Data Controller (including the collection, disclosure, storage, use, transfer, or disposal, hereinafter referred to as “Processing”) of Personal Data and Sensitive Personal Data (as such terms are defined in the Law, hereinafter collectively referred to as “Personal Data”) that it collects from you. This Privacy Notice informs you of the purposes and characteristics of the Processing to which your Personal Data will be subjected.

Personal Data.

The Organization will process your Personal Data, namely:

1) Identification, Immigration, and Contact: Information: Including full name, address, date and place of birth, nationality, marital status, gender, information related to the identification of legal entities (including: full name or business name, incorporation details, address, current bylaws, powers of attorney and granted authority), landline and/or mobile phone number, email address, website or web page, Sole Population Registry Code (CURP) or its foreign equivalent, Federal Taxpayers’ Registry Code (Registro Federal de Contribuyentes, RFC) with code number or tax identification number or foreign equivalent, Handwritten signature, Initials, Advanced Electronic Signature serial number, Official Identification (including all data contained therein).
2) Financial or Asset-Related: (including information required by payment systems): Which include Income, Expenses, Insurance, Assets, Property, as well as Geolocation and bank account information (including: account holder’s name, account number, CLABE account number, associated card numbers, and bank name).
3) Employment and Academic Information: This includes occupation, profession, business activity or line of business, positions or roles held, information about your employer, principal, or client, and information related to your participation in the formation and operation of legal entities.
4) IT: Including cookies and/or web beacons (including data authentication), username, password, and other authentication factors.
5) Biometric: Necessary for identification and authentication, including physical and physiological characteristics such as fingerprints, facial recognition, voice, iris, or retina scans.

As applicable, for the processing of financial or asset-related data, or data considered sensitive personal data, the Organization will obtain your express written consent via a handwritten signature captured through physical means or through any other technology, such as an electronic signature or any authentication mechanism established for this purpose.

Methods for Collecting Personal Data.

To fulfill the purposes set forth in this Privacy Notice, your Personal Data may be collected in various ways: (i) when you provide it directly; (ii) when you visit the website or use the services through the website or any electronic or communication medium made available by the Organization, such as cookies and/or web beacons, including data authentication; (iii) indirectly when they come from lawful public sources or, as applicable, when they are provided by Credit Reporting Agencies, Financial Institutions belonging to Monex Grupo Financiero, S.A. de C.V. , and/or legal entities belonging to the same Business Group to which the Organization belongs; and (iv) through other sources permitted by law.

When you visit or use the services through the website or any electronic or communication medium made available by the Organization, this Privacy Notice is subject to the Terms and Conditions hereof, which constitute a legal agreement between the user and the Organization. Please note that you may disable certain cookies and/or web beacons used by your web browser by following the deactivation procedure provided therein.

The Organization may collect and process the personal identification and contact data of third parties, whether as represented parties or to validate the information you provide to us. By providing this information, you acknowledge that you have informed said third parties about the processing of their data in accordance with this Privacy Notice and have obtained their prior consent.

The Organization may process Personal Data using technological tools, automated analysis, and models with human intervention for the purposes of identification, risk assessment, fraud prevention, regulatory compliance, transaction analysis, as well as to improve the security. Under no circumstances will decisions with significant legal effects be made based exclusively on automated processing, except in cases permitted by applicable law.

In all cases, the Organization will use technical and organizational security measures to protect your information from manipulation, loss, destruction, or access by unauthorized persons, as well as for blocking, suppression, or deletion processes, which are continuously reviewed based on international frameworks and standards regarding information security.

In the event of security breaches that significantly affect your economic or moral rights, the Organization undertakes to inform you immediately so that you may take the necessary measures to defend your rights.

Purposes of the Use of Personal Data.

Your Personal Data may be Processed for the following necessary purposes: (i) arising from a legal relationship and (ii) those appropriate and applicable in relation to the Organization, such as: (a) generally enforcing the obligations, terms and conditions from a legal relationship, (b) requesting that identification data and documents be updated when required by applicable regulations or when a resolution is issued by an authority with jurisdiction, and (c) for legitimate, specific purposes consistent with the Organization’s business activities, operations, and management.

For purposes of the foregoing, you are understood to tacitly consent to the Processing of your personal data, acknowledging that you have read, understood, and accepted the terms of this Privacy Notice, when, having been made available to you, you do not express your objection and, as applicable, you use the services on the website or any electronic or communication medium made available by the Organization. If you do not agree with the terms of this Privacy Notice, you must not provide any personal information or use the services on the website or any electronic or communication medium made available by the Organization.

We also inform you that your Personal Data may be Processed for the following purposes, which are not necessary for the fulfillment of the legal relationship that gave rise to the collection: (i) Statistical purposes, quality and customer satisfaction surveys, analysis of consumption habits and product usage, development and improvement of products and services, and operational activities; (ii) Website administration, to improve efficiency and user experience, and for the management of notices, content, and advertising spaces; and (iii) For advertising, promotional, and telemarketing purposes; to provide personalized guidance, advice, and product sales; and to send notices regarding products and services operated by its affiliates and subsidiaries. In accordance with applicable laws and regulations, the purposes referred to in this paragraph require your consent, which may be granted, denied, or revoked in accordance with this Privacy Notice and applicable regulations.

Transfer of Personal Data.

We also inform you that your Personal Data may be transferred to third parties for the following purposes: (i) enforcing the obligations, terms and conditions from a legal relationship; (ii) to comply with current regulations; (iii) in compliance with a court order or warrant; and (iv) wherever necessary for legitimate, specific purposes consistent with the Organization’s business activities, operations, and management.

In addition to the foregoing, please be advised that your Personal Data may also be transferred to Financial Institutions belonging to Monex Grupo Financiero, S.A. de C.V. and/or legal entities belonging to the same Business Group to which the Organization belongs, for purposes other than those necessary to fulfill the legal relationship that gave rise to it, under the terms of this Privacy Notice.

In the event of a transfer of your Personal Data, to prevent misuse by third parties, such transfers will always be carried out through legal mechanisms and instruments that provide an adequate level of protection and security measures, in accordance with the nature of said data.

Means to limit the use or disclosure of data and to exercise the rights of Access, Rectification, Cancellation, and Opposition (ARCO).

We hereby inform you that, in accordance with the Law, you have the right to: access the personal data held by the Organization and details regarding the Processing thereof; have such data corrected if it is inaccurate, incomplete, or out of date; have them deleted when they are not essential to the legal relationship that gave rise to it or are excessive or unnecessary for the purposes that justified their collection; object to the processing of such data for specific purposes; restrict the use or disclosure of your information, in accordance with applicable law; and to revoke, at any time, the consent granted for the processing of your personal data.

To exercise any of the rights set forth in the preceding paragraph, you must submit a written request to the Organization, addressed to the Information Security Officer (hereinafter “Request”). Such Request must contain at least the following: (i) Name of the Data Subject; (ii) Documents proving your identity; (iii) In the case of a legal representative, the instrument evidencing your representation authority; (iv) Address for receiving communications; (v) A clear and precise description of the Personal Data regarding which you seek to exercise a right; (vi) Any other information or document that facilitates the identification of the Personal Data; as well as any other information required in accordance with applicable law and the Privacy Notice in effect at the time the Request is submitted.

The Organization provides you with the contact information for the Information Security Officer:
Email: seguridadinformacion@monex.com.mx
Tel: +(52) 5552310500
Address of the Organization: Avenida Paseo de la Reforma No. 284, 15th Floor, Colonia Juárez, Zip Code 06600, Alcaldía Cuauhtémoc, Mexico City, Mexico.

The Organization will notify you, within a maximum term of twenty business days from the date when the Request was received, of the decision reached, so that, as applicable, it may take effect within fifteen business days following the date on which the response was communicated. The aforementioned deadlines may be extended once for an equal term, provided that the circumstances of the case justify such an extension.

It is important for you to know that the revocation of the consent granted for the Processing of your Personal Data does not have retroactive effect and may hinder the fulfillment of the legal relationship that gave rise to the Processing of your data. The Organization may notify you of this situation in a timely manner prior to such revocation.

If you believe that your rights regarding your Personal Data have been violated by any conduct of employees, actions, or responses from the Organization, or if you believe that the Processing of your Personal Data violates the provisions of the Law, you may file the relevant complaint or report with the Ministry for Anti-Corruption and Good Governance (Secretaría Anticorrupción y Buen Gobierno); for more information, visit: https://www.gob.mx/buengobierno.

Changes to the Privacy Notice.

The Organization reserves the right to make modifications or updates to this Privacy Notice at any time to address new legislative or jurisprudential developments, internal policies, new requirements and market practices. The modifications will be made available to the public through the following means: (i) visible notices, brochures, or leaflets available at the Organization’s offices, branches, or customer service centers; (ii) on the website: www.monex.com.mx, under the Privacy Notice section; (iii) or via the most recent email address provided by the Organization’s customers.

Last modified: March 2026.

Banco Monex, S.A., Institución de Banca Múltiple, Monex Grupo Financiero (hereinafter, the “Organization”); a company duly organized under the law of Mexico and with its offices at Avenida Paseo de la Reforma No. 284, 15th floor, Colonia Juárez, C.P. 06600, Alcaldía Cuauhtémoc, Mexico City, Mexico; has among its main purposes to establish a financial institution recognized for its service, trust, and transparency, as well as for meeting and exceeding the expectations of its customers by offering profitable, high-quality products and services, in compliance with applicable laws and regulations through a philosophy of continuous improvement.

Considering the foregoing and in compliance with the Federal Law for the Protection of Personal Data Held by Private Parties (hereinafter referred to as the “Law”), we inform you that this Organization is the Data Controller (including the collection, disclosure, storage, use, transfer, or disposal, hereinafter referred to as “Processing”) of Personal Data and Sensitive Personal Data (as such terms are defined in the Law, hereinafter collectively referred to as “Personal Data”) that it collects from you. This Privacy Notice informs you of the purposes and characteristics of the Processing to which your Personal Data will be subjected.

Personal Data.

The Organization will process your Personal Data, namely:

1) Identification, Immigration, and Contact: Information: Including full name, address, date and place of birth, nationality, marital status, gender, information related to the identification of legal entities (including: full name or business name, incorporation details, address, current bylaws, powers of attorney and granted authority), landline and/or mobile phone number, email address, website or web page, Sole Population Registry Code (CURP) or its foreign equivalent, Federal Taxpayers’ Registry Code (Registro Federal de Contribuyentes, RFC) with code number or tax identification number or foreign equivalent, Handwritten signature, Initials, Advanced Electronic Signature serial number, Official Identification (including all data contained therein).
2) Financial or Asset-Related: (including information required by payment systems): Which include Income, Expenses, Insurance, Assets, Property, as well as Geolocation and bank account information (including: account holder’s name, account number, CLABE account number, associated card numbers, and bank name).
3) Employment and Academic Information: This includes occupation, profession, business activity or line of business, positions or roles held, information about your employer, principal, or client, and information related to your participation in the formation and operation of legal entities.
4) IT: Including cookies and/or web beacons (including data authentication), username, password, and other authentication factors.
5) Biometric: Necessary for identification and authentication, including physical and physiological characteristics such as fingerprints, facial recognition, voice, iris, or retina scans.

As applicable, for the processing of financial or asset-related data, or data considered sensitive personal data, the Organization will obtain your express written consent via a handwritten signature captured through physical means or through any other technology, such as an electronic signature or any authentication mechanism established for this purpose.

Methods for Collecting Personal Data.

To fulfill the purposes set forth in this Privacy Notice, your Personal Data may be collected in various ways: (i) when you provide it directly; (ii) when you visit the website or use the services through the website or any electronic or communication medium made available by the Organization, such as cookies and/or web beacons, including data authentication; (iii) indirectly when they come from lawful public sources or, as applicable, when they are provided by Credit Reporting Agencies, Financial Institutions belonging to Monex Grupo Financiero, S.A. de C.V. , and/or legal entities belonging to the same Business Group to which the Organization belongs; and (iv) through other sources permitted by law.

When you visit or use the services through the website or any electronic or communication medium made available by the Organization, this Privacy Notice is subject to the Terms and Conditions hereof, which constitute a legal agreement between the user and the Organization. Please note that you may disable certain cookies and/or web beacons used by your web browser by following the deactivation procedure provided therein.

The Organization may collect and process the personal identification and contact data of third parties, whether as represented parties, beneficiaries of Financial Services to provide the relevant benefits, or to validate the information you provide to us. By providing this information, you acknowledge that you have informed said third parties about the processing of their data in accordance with this Privacy Notice and have obtained their prior consent.

The Organization may process Personal Data using technological tools, automated analysis, and models with human intervention for the purposes of identification, risk assessment, fraud prevention, regulatory compliance, transaction analysis, as well as to improve the security of the financial products and services offered. Under no circumstances will decisions with significant legal effects be made based exclusively on automated processing, except in cases permitted by applicable law.

In all cases, the Organization will use technical and organizational security measures to protect your information from manipulation, loss, destruction, or access by unauthorized persons, as well as for blocking, suppression, or deletion processes, which are continuously reviewed based on international frameworks and standards regarding information security.

In the event of security breaches that significantly affect your economic or moral rights, the Organization undertakes to inform you immediately so that you may take the necessary measures to defend your rights.

Purposes of the Use of Personal Data.

Your Personal Data may be Processed for the following necessary purposes: (i) arising from a legal relationship resulting from the request or purchase of products or services from the Organization, and (ii) those appropriate and applicable in relation to the Organization, such as: (a) generally enforcing the obligations, terms, and conditions of the requested or purchased products or services, (b) requesting that identification data and documents be updated when required by applicable regulations or when a resolution is issued by an authority with jurisdiction, and (c) for legitimate, specific purposes consistent with the Organization’s business activities, operations, and management.

For purposes of the foregoing, you are understood to tacitly consent to the Processing of your personal data, acknowledging that you have read, understood, and accepted the terms of this Privacy Notice, when, having been made available to you, you do not express your objection and, as applicable, you use the services on the website or any electronic or communication medium made available by the Organization. If you do not agree with the terms of this Privacy Notice, you must not provide any personal information or use the services on the website or any electronic or communication medium made available by the Organization.

We also inform you that your Personal Data may be Processed for the following purposes, which are not necessary for the fulfillment of the legal relationship that gave rise to the collection: (i) Statistical purposes, quality and customer satisfaction surveys, analysis of consumption habits and product usage, development and improvement of products and services, and operational activities; (ii) Website administration, to improve efficiency and user experience, and for the management of notices, content, and advertising spaces; and (iii) For advertising, promotional, and telemarketing purposes; to provide personalized guidance, advice, and product sales; and to send notices regarding products and services operated by its affiliates and subsidiaries. In accordance with applicable laws and regulations, the purposes referred to in this paragraph require your consent, which may be granted, denied, or revoked in accordance with this Privacy Notice and applicable regulations.

Transfer of Personal Data.

We also inform you that your Personal Data may be transferred to third parties for the following purposes: (i) to provide the service requested or procured with the Organization; (ii) to comply with current regulations; (iii) in compliance with a court order or warrant; and (iv) wherever necessary for legitimate, specific purposes consistent with the Organization’s business activities, operations, and management.

In connection with the foregoing, pursuant to Articles 16a and 62a-Quater of the General Provisions referred to in Article 115 of the Credit Institutions Law; we hereby inform you that the Organization will provide Banco de México with the information and documentation of customers who make domestic and international fund transfers in foreign currency through the technological platform operated by said Central Bank, and Credit Institutions may consult such information for the duration of the legal relationship with the customer. The information to be provided is as follows:

For Individuals: Full name, Nationality, Date of birth, Home address, CURP, RFC code or tax identification number or equivalent, as well as the country or countries where such number or its equivalent was issued, Occupation, profession, activity, or line of business, Serial number of the Advanced Electronic Signature, Reason or purpose of the transfer, and a scanned copy of official identification.
For Legal Entities: Full name or business name, country of incorporation, date of incorporation, RFC code, tax identification number, or equivalent, as well as the country or countries in which said number or its equivalent has been assigned, Serial number of the Advanced Electronic Signature, Address of its main administrative offices, line of business, business activities, or corporate purpose, name of the legal representative, and purpose of the transfers sent.