Privacy Policy

Last updated 1/12/2023

Otay-Tijuana Venture, L.L.C. (the “Company”), owner of the pedestrian cross-border bridge located across the border between the United States of America and Mexico, commercially known as the “Cross Border Xpress” (hereinafter, the “CBX”), whose address to receive notices in Mexico is Área de llegadas internacionales del Aeropuerto de Tijuana, Carretera al Aeropuerto S/N, Colonia Nueva Tijuana, Tijuana, Baja California, C.P. 22435, and to receive notices in the United States of America is 2745 Otay Pacific Drive Otay Mesa, CA 92154, enters into this privacy policy in compliance with sections 15 and 16 of the Federal Act of Protection of Personal Information in Possession of Individuals (Ley Federal de Protección de Datos Personales en Posesión de Particulares), and the privacy laws of the United States of America and the state of California, including the California Consumer Privacy Act (“CCPA”) (hereinafter, collectively referred to as the “Law”). The foregoing for the purposes of stating that Company is responsible for the use, treatment and protection of the personal information that you (hereinafter, the “Beneficiary”) provide in connection with the services to be rendered by Company to Beneficiary and, in connection therewith, hereby informs the Beneficiary of the following:

Contact Information for CBX:

For everything related to the use and protection of the Beneficiary’s personal information, the Beneficiary may email us at privacy@crossborderxpress.com. Beneficiary may also contact us via post in Mexico and the United States as noted above.

Consent to Facial Recognition Scan:

By using the CBX cross-border bridge, you consent to a scan of your face through our video analytics system (SAFR) to help analyze passenger flows, reduce passenger congestion and improve operations and security. Scans obtained through the SAFR are not connected to your personal information and only used for analytics purposes as described herein.

Minors:

Other than information required to complete a transaction and provided by an adult, parent, or guardian, CBX does not knowingly collect personal information from Beneficiaries who are children under the age of 18. If a child under 18 has provided us with personal information without parental or guardian consent, the parent or guardian may contact us by emailing us at privacy@crossborderxpress.com. We will remove the information and unsubscribe the child from any electronic marketing lists. We may ask children for explicit consent from their parents or guardians before we provide a product or service to them.

Collection of Personal Information:

To carry out the purposes described in this privacy policy, we will collect directly from you the following categories of personal information:

• Identifiers, including full name, address, email, telephone number, government ID, and DOB.
• Certain personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as your name, signature, address, telephone number, passport number, government-issued ID.
• Protected classification characteristics under the Law, including your gender, race, military status, national origin, and citizenship.
• Commercial information, including purchasing history and airline data.
• Biometric information, including faceprints or other physical patterns.
• Sensitive personal information, including, without limitation, health information, conditions and disabilities, to enable us to provide the Beneficiary with the respective available special care services, as applicable.

We inform the Beneficiary that we will integrate to the Beneficiary’s files the Beneficiary’s personal information collected during the registration process in our website and/or kiosks on the CBX premises, or at locations where we operate, which will include, full name, address, country of birth, phone, email, date of birth, tax ID number (in the event an invoice is required), address for tax purposes (in the event an invoice is required), and flight number(s), travel origin, travel destination and date of flight(s) that the Beneficiary takes from Tijuana International Airport, passport number and United States of America visa (if applicable).

As part of our operating system, we will process the following data, without saving or keeping them in our data base or files beyond the time reasonably necessary to process the Beneficiary’s transaction: (i) credit card number, (ii) its date of expiration and (iii) credit card security code.

In addition, we will indirectly collect information from you, including internet or other similar network activity information obtained from your use of this site. This site uses cookies and/or web beacons to obtain information about the Beneficiary’s web browser and pages the Beneficiary views on the Beneficiary’s computer. These cookies are managed by Company and other providers to inform, optimize, and publish ads based on the Beneficiary’s prior visits to this website. The techniques that we use for the collection of data do not include use of the Beneficiary’s name, email address, mail address or phone number. The Beneficiary may choose to deactivate cookies through the Beneficiary’s web browser.

Purposes for which we will use the Beneficiary’s personal information:

The personal information of the Beneficiary will be used for the following primary business purposes, which are necessary to render the services that we will provide the Beneficiary in connection with the use of the CBX Bridge:

• Registering the Beneficiary in our systems, and sending the Beneficiary information and promotions in connection with CBX.
• Providing the Beneficiary with information and the services CBX offers.
• Contacting and sending the Beneficiary communications or emails in connection with any matter related to the services to and from the terminal to be provided by us, or that the Beneficiary inquires about or purchase through CBX.
• Payment and refund processing, including the issuance of proof of payments and/or invoices. Responding to any questions or concerns that the Beneficiary contacts us about.
• Compliance with applicable regulations and requests for information from the competent governmental authorities

The Beneficiary’s personal information may also be used for the following secondary purposes:

• In case of emergency, contacting the persons indicated as the Beneficiary’s references
• Sending the Beneficiary birthday greetings.
• Sending the Beneficiary promotional information about offerings.
• Seeking the Beneficiary’s participation in surveys or other means to obtain the Beneficiary’s feedback to improve our services.

If the Beneficiary does not want the Beneficiary’s personal information be used for the above-mentioned secondary purposes, the Beneficiary may opt out by sending an email to privacy@crossborderxpress.com, specifying for which of the secondary purpose(s) the Beneficiary does not want the Beneficiary’s personal information be used for. Declining to have the Beneficiary’s personal information used for any of these secondary purposes will not prevent us from offering the Beneficiary the other services, and the Beneficiary will have a period of five (5) business days from the date the Beneficiary acquired the services of CBX to state the Beneficiary’s refusal.

Transfer of the Beneficiary’s personal information:

We may disclose personal information that we collect, or you provide as described in this policy:

• Identifiers: immigration and customs authorities, service providers such as LAZ Parking California, LLC in connection with terminal and parking staffing services and Stellar Protective Group in connection with security services; social media service providers, cloud storage and digital architecture service providers, IT service providers, professional service providers such as accountants and attorneys.
• Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): immigration and customs authorities, service providers such as LAZ Parking California, LLC in connection with terminal and parking staffing services and Stellar Protective Group in connection with security services; social media service providers, cloud storage and digital architecture service providers, IT service providers, professional service providers such as accountants and attorneys.
• Protected classification characteristics under the Law: immigration and customs authorities, survey providers, cloud storage and digital architecture service providers, IT service providers, professional service providers such as accountants and attorneys.
• Commercial information: Stellar Protective Group in connection with security services, social media service providers, cloud storage and digital architecture service providers, IT service providers, professional service providers such as accountants and attorneys.
• Biometric information: immigration and customs authorities, Stellar Protective Group in connection with security services, social media service providers, cloud storage and digital architecture service providers, IT service providers, professional service providers such as accountants and attorneys.
• Sensitive personal information: Stellar Protective Group in connection with security services, social media service providers, cloud storage and digital architecture service providers, IT service providers, professional service providers such as accountants and attorneys.

The Beneficiary’s personal information may also be transferred:

• To contractors, service providers, and other third parties we use to support our business.
• To fulfill the purpose for which you provide it.
• For any other purpose disclosed by us when you provide the information.
• With your consent.

The Beneficiary’s personal information may be transferred to the following legal or natural persons, in which event we will not require the Beneficiary’s consent to make such a transfer:

• Insurance companies with which Company has an agreement to provide the Beneficiary with the benefits of the applicable insurance.
• To authorities to whom we must do so by virtue of applicable laws, to comply with applicable laws and regulations.
• Grupo Aeroportuario del Pacífico, S.A.B. de C.V., operating the Tijuana airport, and its subsidiaries.
• Airport and immigration officials, and authorities of any kind of Mexico and/or the United States of America, to make crossing the border more efficient or safe, or as required or requested by such authorities pursuant to applicable laws.
• Financial institutions or banks with whom we have, or will have, an agreement to process payments for the services provided by Company.

Retention Period:

CBX will retain information as follows: We will retain information about you for so long as we have a legal or business purpose for it or a legal requirement to maintain it. Once we no longer have a legal or business purpose for the information and no legal requirement to maintain the information, we will promptly purge the information.

Security measures to protect the Beneficiary’s personal information:

The Beneficiary’s personal information will be kept under strict confidentiality. To reasonably prevent the unauthorized use, treatment and disclosure of the Beneficiary’s personal information, we have implemented physical, technical, and administrative measures in accordance with applicable laws. In particular, we have a leader on privacy matters and a privacy officer, a privacy policy, training courses for our employees, restricted access to personal information only to authorized users, an inventory of personal information (duly classified by category of information) and of the systems of use, risk analysis and contractual provisions. Further, we inform the Beneficiary that the Beneficiary’s personal information have been, and will be, collected and handled by Company pursuant to the provisions of the Law at all times.

Sales and “Sharing” of Personal Data:

In the preceding twelve (12) months, CBX has not sold personal information.

In the preceding twelve (12) months, CBX has not shared your personal information for targeted or cross contextual behavioral advertising.

Rights under the Law:

In accordance with applicable law, the Beneficiary may have the right to (i) know what personal information of the Beneficiary we have, for what purposes it is used, and when we use such information, and the conditions of such use (Access), as well as to know the specific pieces of information collected; (ii) request correction of the Beneficiary’s personal information in the event that it is out of date, inaccurate, or incomplete (Rectification); (iii) request that we delete the Beneficiary’s personal information from our files or data bases, including when it is deemed that such personal information is not being used in accordance with the term of applicable laws (Cancelation), and (iv) to object to the use of the Beneficiary’s personal information for specific purposes to the extent that the failure to use the Beneficiary’s personal information does not affect our (or the relevant service provider’s) ability to provide the services the Beneficiary has hired (Opposition).

In addition, the Beneficiary has the right to revoke at any time the consent the Beneficiary has previously given on how to use the Beneficiary’s personal information, unless such revocation is contrary to the terms of applicable laws, in which event we will inform the Beneficiary of that in our response to the Beneficiary’s request to revoke the Beneficiary’s consent.

If the Beneficiary would like to exercise any of these rights, or if the Beneficiary wants to know the procedures, requirements and periods to exercise the foregoing rights, as well as the right to revoke the Beneficiary’s consent, please contact Company in one of the following ways:

• Via email address: privacy@crossborderxpress.com.
• Via post in Mexico: Cross Border Xpress, Área de llegadas internacionales del Aeropuerto de Tijuana, Carretera al Aeropuerto S/N, Colonia Nueva Tijuana, Tijuana, Baja California, C.P. 22435
• Via post in the United States: Cross Border Xpress, 2745 Otay Pacific Drive Otay Mesa, CA 92154
• Via toll free: (888) 767-7430
• Via webform here.

We may need to validate your request. In order to validate your request, we may ask you for the following information: your name, email address, or travel booking information. Only you or an authorized agent may make a request related to your personal information. To designate an authorized agent to make a request on your behalf, please provide us with a power of attorney or other legally binding written document signed by you and identifying your agent. We may also verify the identity of your designated agent.

We will use the information you provide to verify your request against the records we maintain. We will not use the information you provide to verify your request for any other purpose. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

You may have the option to appeal a denial of your request. To do so, please email us at privacy@crossborderxpress.com.

We will not discriminate against you for exercising any of your rights under the Law.

We will work at all times to ensure the protection of the Beneficiary’s personal information in compliance with any applicable laws. The Federal Institute of Access to the Information and Protection of Data (Instituto Federal de Acceso a la Información y Protección de Datos) is the governmental entity responsible for disseminating awareness of the privacy rights within Company, promoting the exercise of such privacy rights, supervising the compliance of the provisions set forth in the Federal Act of Protection of Personal Information in Possession of Individuals (Ley Federal de Protección de Datos Personales en Posesión de Particulares).

Privacy policy changes:

Company may amend and/or update this privacy policy, and we will inform the Beneficiary of any amendment or update on our website www.crossborderxpress.com by posting the date of such amendment or update near the link to this Privacy Policy.

Consent:

In such cases as required pursuant to the provisions of the Law, prior to collecting the Beneficiary’s financial, proprietary or sensitive information, we will request the Beneficiary’s express written (or electronic) consent to this Privacy Policy. By accessing Company’s sales’ system and hiring our services, the Beneficiary is granting the required consent.