Privacy Notice

In compliance with the Federal Law on Protection of Personal Data Held by Private Parties, its Regulations, and the Privacy Notice Guidelines (“the Law”), Restaurantes RICLER, S.A. de C.V. (“the Controller”), located at Diego Rivera No. 50, Colonia San Ángel Inn, Álvaro Obregón, Mexico City, C.P. 01060, MEXICO, and website https://www.sanangelinn.com/, informs you that it is responsible for the use and protection of your personal data. Your data will be processed to identify and operate the management detailed below, which is necessary for providing services to our clients, including diners, suppliers, visitors, and third parties interacting with “the Controller”.
‍
The adopted privacy policies aim to inform you freely about the processing your personal data will receive, in protection of the right granted by Article 16 of the Political Constitution of the United Mexican States regarding the recognition of the right to the protection of personal data, as well as rights to access, rectify, cancel, or oppose the processing of such data in accordance with applicable law.

PERSONAL DATA PROCESSED  
The personal data collected will depend on the interaction between “the Controller” and the client, and may be grouped as follows:
• Identification data: Full name, telephone number, email address.  
• Accounting data: Invoice data.  
• Security data: Video surveillance images (CCTV).  
• For suppliers: Gate access records (name, official ID, company name, access/exit log).  
• Service provision data: Reservation management, assignment of dining area and table, purpose of visit (e.g., celebrations), requested menu, complaints, comments, and service feedback.  
• Payment data: In cases of payments made through third parties, “the Controller” will not request or retain credit/debit card information.  
• Sensitive data: Collected only in exceptional cases to identify allergies or dietary restrictions strictly necessary for service provision.

PURPOSE OF DATA PROCESSING  
“The Controller” will process your personal data for the following purposes:

Primary / Necessary:  
• Reservation management  
• Restaurant service provision  
• Billing and internal accounting control  
• Customer service (comments, complaints, suggestions)  
• Property access and security (including CCTV)  
• Compliance with applicable law  

Secondary / Not necessary:  
• Customer satisfaction and quality improvement surveys  
• Analysis of consumption habits to improve product and service offerings  
• Sending commercial communications (events, promotions, advertising)
• You may object to secondary purposes at any time by expressing your request to: privacidad@sanangelinn.com.
Refusal does not affect primary services.

LEGAL BASIS AND CONSENT  
For primary purposes, processing is based on the legal relationship with “the Controller”.  
For secondary purposes, consent may be requested.  
Sensitive data, when applicable, will require express consent and will be limited to strictly necessary purposes.

DATA TRANSFERS AND PROCESSORS  
“The Controller” may share personal data in the following cases:

• To fulfill primary obligations: system maintenance, reservation platforms, payment gateways, messaging, security, CCTV maintenance, customer support, legal and accounting advisory.  
• Legal requirement: When a governmental authority formally requests data.  
• International transfers: When applicable and with prior consent, ensuring adequate safeguards.

SECURITY MEASURES  
"The Controller" applies administrative, technical, and physical safeguards including credential controls, privilege management, access logs, periodic training, data minimization policies, encryption in transit and when applicable at rest, and secure deletion procedures.


DATA RETENTION  
Data will be retained as follows:
• Fiscal: According to legal timeframes  
• CCTV: Up to 30 days unless incidents justify extension or by order of any public prosecutor’s office and/or governmental authority.
• Access logs: Up to 6 months  
• Reservations and service data: Service lifecycle + 12 months  
• Sensitive data: They will be retained only for the time strictly necessary to attend to the specific visit, unless the client expressly requests that such data be kept for future visits

Video Surveillance and Access Control
The facilities are equipped with video surveillance / CCTV systems in common areas for the purpose of ensuring the safety of individuals located inside and in the immediate exterior proximity of the premises, under the following terms:
• Multimedia recordings are retained under the terms established in the previous section.
Access to the closed-circuit system and its content (recordings) is restricted to authorized personnel.
• At the access points to the premises, visible notices are displayed showing the identity of the “Data Controller,” the purpose of data collection, and contact information.
o Visitors may exercise their ARCO rights at any time with respect to the collected multimedia through the means indicated herein.


ARCO Rights
You may exercise your rights of Access, Rectification, Cancellation, or Objection (ARCO), as well as revoke your consent, through the following means:
• Electronically (via email): privacidad@sanangelinn.com
• In person at: Diego Rivera No. 50, San Ángel Inn, Álvaro Obregón, Mexico City, C.P. 01060, Monday to Friday
from 09:00 am to 2:00 pm.

ARCO Request
Your request must include:
• Name of the data subject and the means for communicating the response.
• Copy of valid official identification (for foreign individuals: valid passport, residency card, foreign visa, DNI (EU), driver’s license, state ID, Real ID, or identity card.)
• Clear description of the data to be revoked, as well as an express description of the right to be exercised; and
• Any element or document that facilitates locating the data.


Response to the Request
Upon receipt, the legal team representing and advising the “Data Controller” will evaluate the admissibility of the request and will communicate the final resolution within a maximum period of 20 business days. If the request is deemed appropriate, it will be enforced within the following 15 business days.

• The periods may be extended once for an equal period when warranted by the circumstances of the case.
• If the request was submitted electronically, the response will be sent to the originating email address. If submitted in writing and delivered in person, the response will be sent to the contact details provided in the request.
• The obligation of access will be considered fulfilled when the personal data is made available to the data subject, or by issuing simple copies, electronic documents, or any other means provided by the “Data Controller.”

Denial of the Request
The “Data Controller” may DENY access to personal data or the rectification, cancellation, or objection to its processing in the following cases:

• When the data subject or legal representative is not duly accredited;
• When the requested personal data is not in the possession of the “Data Controller”;
• When, as a result of the request, third-party rights are affected;
• When there is a legal impediment or an order from a competent authority restricting access or preventing rectification, cancellation, or objection; and
• When rectification, cancellation, or objection has been previously performed.

Revocation of consent and objection to secondary purposes will take effect once the admissibility is communicated and upon implementation of reasonable measures, without retroactive effects and without affecting the primary purposes of service provision or legal compliance.

Limitations on Use and/or Disclosure of Data
You may request inclusion in an internal exclusion list to stop receiving commercial communications by expressly sending your request to: privacidad@sanangelinn.com
o The “Data Controller” will also observe, when applicable, the regulations of the Public Registry to Avoid Advertising.

Minors and Third-Party Data
The “Data Controller” does not deliberately collect personal data from minors without the consent of parents or legal guardians. If you provide data of third parties, you declare that you have informed them of this Privacy Notice and obtained the necessary authorizations.

Personal Data Department
“The Data Controller” has a dedicated department responsible for always providing personalized assistance regarding the exercise of ARCO rights, revocation of consent, and limitation/disclosure of personal data. It also ensures the protection of personal data within the company.
For any questions, comments, complaints, or suggestions regarding the processing of your personal data, you may contact us through:

• Email: privacidad@sanangelinn.com
• In person: Diego Rivera No. 50, San Ángel Inn, Álvaro Obregón, Mexico City, C.P. 01060
o Office hours: Monday to Friday; 09:00 am to 2:00 pm


Revocation of Consent
You may revoke the consent you have granted for the processing of your personal data; however, please consider that not all requests can be fulfilled immediately, as certain legal obligations may require continued processing.
Additionally, for certain purposes, revocation of consent may prevent us from continuing to provide the requested service or may terminate your relationship with us, especially when primary purposes are compromised.
To initiate the revocation process, you must indicate precisely which consent you wish to revoke, sending your request electronically to privacidad@sanangelinn.com, containing:

• The data subject’s name and email address for receiving the resolution from the Personal Data Department and Legal Department;
• For foreign individuals: valid passport, residency card, foreign visa, DNI (EU), driver’s license, state ID, Real ID, or identity card.
The “Data Controller” will inform the data subject of the determination within 20 business days from receipt of the revocation request.
If admissible, it will be enforced within the following 15 business days.
o The response will be sent electronically to the email address specified in the request.
o Time periods may be extended once for an equal period when warranted by circumstances.

Limitation of Use or Disclosure of Personal Information
To limit the use and disclosure of your personal information, we offer the following means:
Registration in the Public Registry to Avoid Advertising (REPEP), managed by the Federal Consumer Protection Agency (PROFECO), to prevent your data from being used to receive advertising or promotions.
For more information, visit PROFECO’s website or contact our Personal Data Department.
• Registration in the internal exclusion list of the “Data Controller” to prevent your data from being used for marketing, advertising, or commercial prospecting. For more information, please contact our Personal Data Department.


Use of Tracking Technologies on Our Website
Our website https://www.sanangelinn.com/ stores cookies on your device to remember your preferences and analyze your usage.
By continuing to browse, you consent to the placement and use of such cookies. You may modify or delete cookie preferences at any time.
For more information on disabling cookies in your browser, please visit:
http://www.allaboutcookies.org/es/administrar-las-cookies/

Changes to Privacy Notice
This Privacy Notice may undergo modifications, changes, or updates due to compliance with new legal provisions, service needs, changes in our privacy practices, business model updates, or for other reasons.
The “Data Controller” will notify any changes through its main website: https://www.sanangelinn.com/

Violation of Your Rights
If you believe your right to personal data protection has been violated by any conduct or omission on our part, or suspect of a breach of the law, you may file a complaint before the Secretariat for Anti-Corruption and Good Governance.

For more information, please visit: https://www.gob.mx/buengobierno

Restaurantes Ricler, S.A. de C.V.
Personal Data Department

Last updated: December 2025