¡Empieza ahora!
Log in
Request trial

Privacy Policy

LAST UPDATED: JANUARY 11, 2025

Spanish
English
Pursuant to the provisions of (i) the Federal Law on the Protection of Personal Data Held by Private Parties (the “LFPD”); (ii) the Regulations of the LFPD; and (iii) the Privacy Notice Guidelines published in the Official Gazette of the Federation, Runa HR, S. de R.L. de C.V. (“Runa HR”), as the Controller of the personal data it collects, makes this Privacy Policy (the “Policy”) available to its customers and users of digital platforms (each referred to as the “Owner”).
 
Runa HR requires certain personal data to be processed in order to be able to create profiles for interested customers, improve, personalize and provide various products and services, set up customer accounts and profiles, and send promotional offers. Runa HR may obtain this data through:
  • (i) its website(s) and landing page(s) (the “Site”)
  • (ii) any link, microsite or access directly related to the Site and
  • (iii) software as a service called “Runa HR HR” (the “Platform”).
Runa HR reserves the right to modify the content of this Policy at any time. Any change to the Notice will be communicated to the Owner through a general notification on the Site and/or the Platform. The corresponding modification will take effect from the day following its publication.

I. Identity and address of Runa HR

Runa HR is a commercial company duly incorporated in accordance with Mexican law.
Runa HR’s address is located at Av Isaac Newton 82 Int 1, Polanco, Miguel Hidalgo, Ciudad de México, México, 11560.

II. Personal Data subject to processing

The Personal Data that Runa HR will process:
  • Personal information including: Name, gender, date of birth, social security number, federal taxpayer registration (“RFC”), telephone number and email; and
  • Information on the person’s bank account
The Client acknowledges that the aforementioned Personal Data may be stored using cloud storage. Where applicable, Runa HR will ensure that the corresponding provider complies with the provisions of the LFPD Regulations.
Runa HR will at no time collect data from the Client that may be considered sensitive, in accordance with the LFPD or its Regulations.

III. Purpose of processing data

The Personal Data processed by Runa HR will be used to carry out the following purposes:
 
Primary purposes
  • Identify the Owner;
  • Improve, personalize and provide various products and services to the Owner;
  • Configure the Owner’s account.
  • If they transfer personal data, they must establish a checkbox for the express acceptance of the terms and conditions of the privacy notice.
Secondary purposes
  • Provide training and -in general- content of interest or use to the Owners; and
  • Use the Personal Data for marketing, advertising or commercial prospecting purposes.
The Owner may express their refusal to the processing of their data for secondary purposes by sending an email to that effect to info@runahr.com, which must contain their contact information and any other information that allows a response to said report, refraining from providing confidential information of which they are not the Owner or of which they are not authorized to transfer.

IV. Consent of the Owner

The Owner declares that:
  • This Policy has been made known to him/her by Runa HR:
  • He/she has read, understood and agreed to the terms set forth in this Notice, and therefore gives his/her consent regarding the processing of his/her Personal Data, specifically regarding the purpose related to the transfer of his/her data, and;
  • The use of the Site and/or the Platform constitutes tacit confirmation of his/her consent to the provisions of this Policy. The Owner must refrain from continuing to use the Site and/or the Platform if he/she does not consent to the provisions set forth in this Policy.
Runa HR assumes that the information provided by the Owner belongs to the latter. If this is not the case, the Owner must immediately inform Runa HR of this circumstance by sending an email to info@runahr.com, which must contain their contact information and any other information that allows them to respond to this report, refraining from providing additional information that they are not the Owner of or that they are not authorized to transfer.
 
The Owner may revoke the aforementioned consent at any time. To revoke the consent provided, the Owner must communicate this circumstance to Runa HR by sending an email to info@runahr.com indicating the reasons that motivate them to communicate the revocation, as well as the information that allows Runa HR to respond and follow up on said revocation.
 
If the Owner wishes to limit the use or disclosure of any of his/her Personal Data, he/she may at any time send a statement of such limitation by sending an email to info@runahr.com, which will include the Personal Data whose processing he/she wishes to limit, the reasons for which he/she wishes to limit it, as well as the information that will allow Runa HR to follow up on said request. If the Owner’s request is granted, Runa HR will register the Owner on the exclusion list that it will have prepared for this purpose.

V. Rights of Access, Rectification, Cancellation and Opposition (“ARCO”).

The Owners have the right to:
  • Know what Personal Data is processed by Runa HR and the purposes of its processing (right of access);
  • Request the correction of their Personal Data if it is outdated, inaccurate or incomplete (right of rectification);
  • Have their Personal Data deleted from Runa HR’s records or databases when they consider that it is not being used appropriately (right of cancellation); and
  • Oppose the use of your Personal Data for specific purposes (right to object) (collectively, the “ARCO” rights)
The ARCO rights may be exercised at any time by sending an email to info@runahr.com. The request for any of the ARCO rights must be accompanied by the following:
  • The name of the Owner and/or his/her address or email address, so that Runa HR can communicate the response to your request;
  • The documents that prove the identity or, where applicable, the legal representation of the Owner;
  • The clear and precise description of the Personal Data in respect of which you seek to exercise any of the ARCO rights;
  • The reasons that support or justify the exercise of the corresponding ARCO right;
  • The format or medium in which you want Runa HR to respond to your request, when applicable;
  • Any other element or document that facilitates the follow-up to the Owner’s request.

VI. Use of cookies, web beacons or similar or analogous technologies.

Runa HR may use cookies, web beacons and other technologies to monitor your behavior as an Internet user, in order to provide you with a better service and user experience when browsing the Site and/or the Platform, as well as to offer you new products based on your preferences. The Personal Data that Runa HR obtains from these tracking technologies are particularly the following: browsing time, browsing time, sections consulted and previously accessed Internet pages, IP address of origin, browser used, operating system, making it possible to monitor your behavior as a user of Internet services.

VII. Third-party calendar integration

If the Owner chooses to use the calendar integration feature made available on the Platform, Runa HR will request additional Personal Data from the Owner's third-party calendar account — specifically, from Google or Microsoft — and will process such data under the terms of this section.

Activation of the calendar integration feature. The calendar integration feature is opt-in at two levels: the Client's account administrator must first enable it for the Client's organization, and the Owner must subsequently authorize the connection of his or her Google or Microsoft calendar account through the standard OAuth consent flow operated by Google or Microsoft. The Owner is not required to use this feature in order to use the Platform.

Data obtained from Google and Microsoft. When the Owner authorizes the connection, Runa HR obtains and stores, in encrypted form, the access credentials (OAuth tokens) necessary to interact with the Owner's calendar on his or her behalf. Using those credentials, Runa HR may:

  • Read, create, update and delete out-of-office events on the Owner's primary calendar that correspond to leave requests approved on the Platform;
  • Retrieve the list of calendars associated with the Owner's account, for the sole purpose of identifying the primary calendar on which to operate;
  • Obtain the e-mail address associated with the Owner's Google or Microsoft account, in order to link the connection to the corresponding Platform account.

The specific OAuth scopes requested from each provider are:

  • Google: https://www.googleapis.com/auth/calendar.events, https://www.googleapis.com/auth/calendar.calendars.readonly, and https://www.googleapis.com/auth/userinfo.email.
  • Microsoft: Calendars.ReadWrite and User.Read.

Purpose limitation. The calendar data obtained from Google or Microsoft will be used exclusively for the purpose of synchronizing out-of-office calendar events with leave requests approved on the Platform. Runa HR will not:

  • Read, access or store the content of calendar events other than those created by Runa HR itself to reflect leave requests;
  • Use calendar data for advertising, marketing, commercial prospecting, profiling, or the training of generative artificial intelligence models;
  • Transfer calendar data to any third party other than Google or Microsoft themselves, as strictly necessary to operate the feature.

Runa HR's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Storage and retention. OAuth access credentials for Google and Microsoft are stored in encrypted form using envelope encryption. Calendar events created by Runa HR on the Owner's calendar continue to exist on the third-party calendar service after Runa HR creates them, subject to Google's or Microsoft's own retention policies. Within the Platform, Runa HR retains only the minimum metadata needed to relate each leave request to the corresponding calendar event (for example, the event identifier assigned by Google or Microsoft).

Revocation and deletion. The Owner may disconnect his or her calendar at any time from the Account Settings section of the Platform, in which case Runa HR will delete the stored access credentials. The Client's account administrator may disable the calendar integration feature for the entire organization at any time, in which case no further synchronization will occur for any Owner associated with that organization. Access credentials are also deleted upon termination of the Client's contract with Runa HR. The Owner may additionally revoke Runa HR's access to his or her calendar directly from the Google or Microsoft account security page at any time, independently of the Platform.

Third-party controllers. Google and Microsoft are independent controllers of the Personal Data contained in the Owner's calendar account. Runa HR's processing of calendar data is limited to what is described in this section; any other processing of the Owner's calendar by Google or Microsoft is governed by the privacy policies of those providers, and not by this Policy.