Privacy Policy

This Privacy Policy applies to the personal data processed by Robalino Abogados Ecuador FEREC S.A. (hereinafter "Robalino Abogados") and CPA Consulting Ecuador CPAEC S.A. (hereinafter "CPA Consultores"), collectively referred to as "the Firm," in the context of commercial, pre-contractual, and/or contractual relationships as applicable.

CONTENT OF THE POLICY

This Privacy Policy covers the following:

  1. Identification of the Data Controller

  2. Types of data to be processed and identification of data subjects

  3. Purposes of processing

  4. Legal bases for processing

  5. Data transfer and communication

  6. Information storage and security

  7. Information retention period

  8. Rights of data subjects

  9. Complaints and exercise of rights

  10. Modifications to the Privacy Policy

1. Identification of the Data Controller

The Firm, with its registered address at Av. 12 de Octubre and Lincoln N26-48, Edificio Mirage, Quito, Ecuador, telephone 023810950, and email protecciondedatos@robalinolaw.com, is responsible for the processing of personal data of its employees, clients, and suppliers.

2. Identification of the Data Protection Officer

If you need to contact the Data Protection Officer (DPO), you can do so at the following address:

  • Address: Av. 12 de Octubre and Lincoln N26-48, Edificio Mirage

  • Telephone: 023810950

  • Email: protecciondedatos@robalinolaw.com

3. Types of data to be processed and identification of data subjects

The personal data subject to processing includes all data provided by you and contained in the documents submitted at the start of the employment relationship, the provision of financial services, or any other information considered personal data disclosed to the Firm. This also includes data collected from public sources and third parties.

The information collected includes:

3.1. Job Applicants

  • Identification data: Name, surname, date of birth, identification document, telephone number, email

  • Professional and academic data: Academic and professional information contained in your CV, employment history, professional references

3.2. Employees

  • Identification data: Name, surname, date of birth, identification document, telephone number, email, image (photograph)

  • Health data: Occupational medical records, medical history, family and personal background, disabilities, allergies, lab tests from occupational exams

  • Economic, financial, and credit data: Bank information, payroll

  • Biometric data: Fingerprints, facial recognition

3.3. Clients

  • Identification data: Name, surname, identification document, telephone number, email

  • Economic, financial, and credit data: Bank information

3.4. Suppliers

  • Identification data: Name, surname, identification document, telephone number, email

  • Economic, financial, and credit data: Bank information

For special category or sensitive data, the authorization of the data subjects will be required, ensuring compliance with the principles and guidelines of the Organic Law on Personal Data Protection, particularly but not limited to the principles of confidentiality and information security.

4. Purposes of Data Processing

The Firm will process your data to manage, process, and provide information related to the provision of advisory and/or legal representation services offered.

The data processed will be those provided by the data subjects through any of the means made available by the Firm.

We inform you that our systems are not based on automated decisions, and we do not make such decisions without the consent of the data subjects.

Given the nature of the Firm's business, we will process personal data for the following purposes:

4.1. Applicants

  • Contact with the applicant

  • Management of hiring processes

  • Verification of the information provided in the resume

  • Recording and storing information for future selection processes

  • Recruitment and/or selection processes for new employees

4.2. Employees

  • Fulfillment of obligations derived from the regulations applicable to the Firm, including but not limited to labor, tax, and social security regulations

  • Generating the necessary documentation to formalize the employment relationship

  • Execution of the employment relationship

  • Administration of labor and social benefits

  • Compliance with legal and contractual obligations arising from the employment relationship

  • Recording information in platforms of governmental entities (Ministry of Labor, IESS)

  • Publishing images and/or videos, with prior authorization from the data subjects, on social networks, websites, and other communication channels of the Firm

  • Conducting occupational examinations in accordance with current regulations

  • Recording entry and exit to/from the premises

  • In cases of disability, categorization in accordance with current law

  • Maintaining security standards and preventing occupational hazards

  • Keeping a record of workers for statistical and historical purposes

  • Developing processes for performance evaluation and workplace climate

4.3. Clients

  • Fulfillment of contractual obligations

  • Contact with clients or prospects

  • Sending quotations

  • Signing and executing service provision contracts

  • Sending and communicating information through digital means

  • Providing information on products that may be of interest to the client, in line with the contracted services

  • Handling complaints, claims, and requests, including the ability to contact them to process and resolve these satisfactorily

4.4. Suppliers

  • Fulfillment of contractual obligations

  • Management of supplier selection and qualification

  • Signing contracts

  • Managing the commercial relationship for the provision of services or goods to the company

4.5. Video Surveillance
For the safety of facilities, assets, and individuals, the Firm monitors surveillance cameras within its premises.

The information collected through our video surveillance systems and access logs will be used to ensure the security of individuals, establishments, movable assets, and infrastructure by formally controlling physical access to the Firm's facilities by suppliers, clients, employees, applicants, and other visitors.

5. Legal Bases for Data Processing

The legal bases for processing the information held by the Firm are:
a) The express consent of the data subjects or their legal representatives, voluntarily provided in accordance with applicable regulations.
b) Legal mandate, when any authority or regulatory body requires it, or when the law expressly mandates the respective processing.
c) Fulfillment of contractual obligations undertaken with clients or suppliers.
d) Processing of personal data obtained from public access sources.
e) To protect the vital interests of the data subjects or another natural person.
f) Legitimate interest of the data controller or third parties.

6. Data Processing

We collect personal information only to the extent necessary to achieve the specified purpose. The information will not be used for purposes incompatible with those described above.

The personal information you provide allows us to carry out the necessary processes to provide the contracted service. Therefore, without providing this information, it will not be possible to fulfill such purposes.

The personal data we request or that you provide while browsing our website or application serve to manage, deliver, and improve the services you have requested. For example, we will process your personal data to handle inquiries you send us, send you electronic communications if requested, and/or prepare statistical reports.

The Firm's systems are not based on automated decisions and do not make such decisions without the consent of the data subject.

7. Transfer or Communication of Personal Data

Personal information can only be accessed by authorized persons, and its circulation will be limited to the purposes authorized by the data subject, without prejudice to the fulfillment of legal or contractual obligations requiring access to the provided information.

7.1. Recipients by Legal Obligation or Judicial Requirement
The Firm shares information with competent public entities based on compliance with legal and/or judicial orders requiring access to information provided by employees, clients, or suppliers of the Firm.

7.2. Private Recipients
The Firm shares your personal information with specific data processors or recipients acting as service providers, who have been previously verified regarding their handling of personal data. Some of our providers have servers abroad, and for their registration and storage, international data transfer may occur.

8. Data Storage and Security

The Firm has policies, procedures, and information security standards aimed at protecting and preserving the integrity, confidentiality, and availability of personal information.

The collected data will be stored and/or processed on the Firm’s own servers or those of contracted third parties and/or providers, located within or outside the country, that meet safe harbor standards and ensure all physical, administrative, technological, legal, and organizational measures required by law.

9. Information Retention Period

The Firm will retain personal data for as long as necessary to fulfill the corresponding purpose and for the period mandated by applicable laws and regulations.

After this time, the information may be stored in anonymized form for statistical and internal analysis purposes.

10. Rights of Data Subjects

Data subjects may request the Firm to exercise their rights under the data protection regulations.

10.1. Access
The data subject may request information about their personal data and the processing performed.

10.2. Rectification and Update
The data subject may request the correction of inaccurate or outdated personal data.

10.3. Deletion
The data subject may request the deletion of their personal data when there is no longer a reason for its processing.

10.4. Objection
The data subject may object to the processing of their personal data if it is unnecessary for the contractual relationship.

10.5. Portability
The data subject has the right to receive their personal data in a compatible, machine-readable format.

10.6. Suspension of Processing
The data subject may request a temporary halt to the processing of their data in specific cases, such as disputing the accuracy of the data.

11. Erroneous or Inaccurate Data

The data subject is responsible for ensuring that the personal data provided is true, accurate, complete, and up to date.

12. Complaints and Exercise of Rights

Data subjects may contact the Firm via email at protecciondedatos@robalinolaw.com to exercise their rights or make inquiries regarding this policy.

13. Modifications to the Privacy Policy

Updates to this document will be notified through the Firm’s websites or digital channels.