Privacy Policy

PRIVACY POLICY

This Privacy Policy applies to personal data that is subject to processing by Robalino Abogados Ecuador FEREC S.A. (hereinafter "Robalino Abogados") and CPA Consulting Ecuador CPAEC S.A. (hereinafter "CPA Consultores"), jointly referred to as "the Firm," within the context of a commercial, pre-contractual, and/or contractual relationship, as applicable.

POLICY CONTENT

This Privacy Policy covers the following:

  • Identification of the data controller;

  • Identification of the Data Protection Officer;

  • Definitions;

  • Collection of personal data;

  • Type of personal information collected;

  • Purposes of processing;

  • Video surveillance;

  • Legal basis for personal data processing;

  • Retention period;

  • Information security measures;

  • Handling of erroneous or inaccurate data;

  • Transfer of personal data;

  • Data subject rights;

  • Exercise of rights and claims;

  • Use of cookies;

  • Amendments to the Privacy Policy.

  • Identification of the Data Controller

The Firm is responsible for processing personal data of its employees, clients, and suppliers. Below are the details of Robalino Abogados and CPA Consultores as data controllers:

Name: Robalino Abogados Ecuador FEREC S.A

RUC: 1792573408001

Name: CPA Consulting Ecuador CPAEC S.A.

RUC: 1792717418001

Address: Av. 12 de Octubre y Lincoln N26-48, Edificio Mirage, Quito, Ecuador

Email: protecciondedatos@robalinolaw.com

Phone: 023810950

2. Identification of the Data Protection Officer (DPO)

If you need to contact the Data Protection Officer (DPO), you may do so at the following address:

Address: Av. 12 de Octubre y Lincoln N26-48, Edificio Mirage, Quito, Ecuador

Email:protecciondedatos@robalinolaw.com

Phone: 023810950

3. Definitions

  1. Personal data: Any information that identifies or makes an individual identifiable.

  2. Employees: Natural persons who are linked to the organization through employment or any other contractual modality.

  3. Clients: Natural persons who purchase or use the products, goods, or services offered by the organization, whether occasionally or habitually.

  4. Data Protection Officer: A natural person responsible for informing the data controller or processor about their legal obligations regarding data protection, ensuring regulatory compliance, and cooperating with the SPDP as a point of contact.

  5. Data Processor: A person or entity that processes personal data on behalf of and under the instructions of the data controller.

  6. Applicants: Natural persons who voluntarily provide their personal data to participate in recruitment and selection processes.

  7. Suppliers: Natural persons who provide goods, services, supplies, or resources to the organization. This category includes representatives or employees of legal entities acting as suppliers.

  8. Data Controller: A natural or legal person, private entity, or public authority that alone or jointly decides on the purposes and means of processing personal data.

  9. Data Subject: A natural person whose personal data is processed.

4. Collection of Personal Data

To provide the corresponding services, the Firm may request, through forms or similar means, the necessary personal data.

The personal data subject to processing includes all information provided by you and contained in the documents submitted at the beginning of a commercial, employment, civil, or other applicable relationship.

The Firm may also collect other personal data from publicly accessible sources.

5. Types of Personal Data Processed and Identification of Data Subjects

5.1. Applicants

  1. Identification data: Full name, date of birth, identification document, phone number, email.

  2. Professional and academic data: Academic and professional information included in CVs, employment history, references.

5.2. Employees

  1. Identification data: Full name, date of birth, identification document, phone number, email, image (photograph).

  2. Health data: Occupational medical records, medical history, family and personal background, disability, allergies, medical tests or laboratory results from occupational exams.

  3. Social circumstances: Family situation (dependents).

  4. Economic, financial, and credit data: Banking information, payroll.

  5. Biometric data: Fingerprints, facial recognition.

5.3. Clients

  1. Identification data: Full name, identification document, phone number, email.

  2. Economic, financial, and credit data: Banking information.

5.4. Suppliers

  1. Identification data: Full name, identification document, phone number, email.

  2. Economic, financial, and credit data: Bank account number, type of account, banking institution.

For the processing of special or sensitive data categories, authorization from the data subjects will be required, complying with the principles and guidelines of the Organic Law on Data Protection, particularly the principles of confidentiality and information security.

6. Purposes of Processing

The Firm processes personal data for the following purposes:

6.1. Applicants

  1. Contacting applicants;

  2. Managing personnel recruitment processes;

  3. Verifying information provided in resumes;

  4. Storing information for future selection processes;

  5. Conducting recruitment and/or selection processes.

6.2. Employees

  1. Compliance with applicable legal obligations;

  2. Formalizing and executing employment relationships;

  3. Managing employee benefits;

  4. Registering information on government platforms (Ministry of Labor, IESS);

  5. Publishing images/videos on social media and the Firm’s website, with prior authorization;

  6. Conducting occupational medical exams;

  7. Registering facility access;

  8. Maintaining workplace safety and risk prevention standards;

  9. Conducting performance and workplace climate evaluations.

6.3. Clients

  1. Fulfilling contractual obligations;

  2. Contacting clients and prospects;

  3. Sending quotations and service proposals;

  4. Executing service agreements;

  5. Sending information via digital means;

  6. Providing information on relevant products/services;

  7. Handling complaints, claims, and requests.

6.4. Suppliers

  1. Compliance with contractual obligations.

  2. Management of supplier selection and qualification.

  3. Contract execution.

  4. Management of the commercial relationship for the provision of services or the commercialization of goods in favor of the company.

We collect personal information only to the extent necessary to achieve the specific purpose. The information will not be used for purposes incompatible with those described above.

The processing activities carried out by the Firm are not currently based on automated decisions. If this changes, the Data Subject will be duly informed.

7. Video Surveillance

For the security of facilities, assets, and individuals, the Firm monitors video surveillance cameras inside its premises.

The information collected through video surveillance systems and access logs will be used to ensure the security of individuals, establishments, movable assets, and infrastructure by implementing a formal control of physical access to the Firm’s premises for suppliers, clients, employees, applicants, and other visitors.

8. Legal Basis for the Processing of Personal Data

The legal bases for processing the information held by the Firm are:

a) The express consent of the data subjects or their legal representatives, voluntarily provided in accordance with applicable regulations;

b) Legal mandate, when required by any authority or regulatory body, or when the law expressly mandates the corresponding processing;

c) Fulfillment of contractual obligations undertaken with clients or suppliers;

d) Processing of personal data obtained from publicly accessible sources;

e) To protect the vital interests of the data subjects or another natural person;

f) Legitimate interest of the data controller or third parties.

Consent will not be required when the information originates from public sources; is requested by a public or administrative entity in the exercise of its legal functions or by judicial order; in cases of medical or health emergencies, or when processing is required by law.

In accordance with the Organic Law on Data Protection, the financial and credit data of the data subject will only be processed for analysis purposes upon prior authorization from the data subject and will not be communicated or disclosed to unauthorized third parties or used for secondary purposes.

9. Data Retention Period

Data will be retained for the time strictly necessary to fulfill the corresponding purpose, as well as for the period established by law or regulations applicable to the Firm.

After this period, such information may be kept properly anonymized or pseudonymized for statistical and internal analysis purposes.

10. Information Security Measures

The Firm has policies, procedures, and security standards in place to protect and preserve the integrity, confidentiality, and availability of personal information:

  • The Firm implements necessary physical, organizational, and technical security measures based on risk management results related to personal data processing.

  • The data collected by the Firm is stored in databases with access policies designed to ensure confidentiality and security in processing.

11. Handling of Incorrect or Inaccurate Data

The data subject must ensure that the personal data they provide is true, accurate, complete, and up-to-date and will be responsible for its accuracy and updating. Therefore, the data subject will be liable for any false, excessive, or inaccurate information they voluntarily provide and for any direct or indirect, verifiable damages this may cause.

If all required personal data is not provided, the Firm reserves the right to withhold services or benefits from the data subjects if their data is not provided or is provided with errors, inaccuracies, or incorrect information.

12. Transfer or Disclosure of Personal Data

Personal information may only be accessed by authorized persons, and its disclosure will be limited to the purposes authorized by the data subject, without prejudice to compliance with legal or contractual obligations requiring access to the provided information.

12.1. Recipients Due to Legal Obligation or Judicial Requirement

The Firm shares information with competent public authorities based on compliance with legal and/or judicial orders requiring access to the information provided by the Firm’s employees, clients, or suppliers.

12.2. Private Recipients

The Firm shares your personal information with specific data processors or recipients who act as service providers and have been previously verified regarding their handling of personal data. Some of our providers have servers abroad; therefore, international data transfers may occur for registration and storage purposes.

13. Rights of Data Subjects

Data subjects have the rights granted to them under the Organic Law on Personal Data Protection, its regulations, and other applicable laws, which are outlined below:

13.1. Access:

The data subject, personally or through their legal representatives, may request information from the Firm about their personal data and the processing carried out without justification, provided the request is reasonable and does not constitute an abuse of rights.

13.2. Rectification and Updating:

If the data subject can verify the inaccuracy or outdated status of their personal data stored by the Firm, they may request an update or modification.

Take in consideration that the information you provide to the Firm must be truthful and accurate. The Firm may review and cross-check the provided information with databases or publicly accessible sources.

13.3. Erasure

The data subject may request the deletion of their personal data when there is no longer a reason for its processing, when the contractual relationship has ended, or when retention is no longer necessary for the original purpose.

As a limitation to the above, the Firm may retain your information if required by authorities for investigations, public interest, or if there is a legal obligation to maintain it beyond the specified period.

13.4. Objection

The data subject may object to the processing of their personal data if they verify that it is being processed for purposes other than those necessary to fulfill their contractual relationship.

13.5. Portability

The data subject has the right to receive their personal data in a compatible, updated, structured, commonly used, interoperable, and machine-readable format from the Firm.

Through the right to portability, the data subject may request that their data be transmitted to other controllers (other companies or institutions).

13.6.Suspension of Processing

The data subject may request the temporary suspension of data processing when:

a) The accuracy of the stored personal data is contested.

b) It is presumed that the processing carried out is unlawful.

c) The Firm no longer needs the personal data for processing purposes, but the User requires it for the formulation, exercise, or defense of claims.

d) The User believes that the processing is not justified for reasons of legitimate or public interest. In this case, it must be determined whether the processing is effectively legitimized under the indicated legal bases.

13.7. Right Not to Be Subject to Automated Decision-Making

The data subject has the right not to be subject to a decision based solely or partially on automated processing, including profiling, which produces legal effects on them or affects their fundamental rights and freedoms, when any of the conditions established by applicable regulations are met.

14. Exercising Rights or Filing Claims

To exercise the rights established in this policy, in accordance with the Organic Law on Personal Data Protection (LOPDP), complete the Rights Exercise Form and send your request to the following email: protecciondedatos@robalinolaw.com

Requests will be processed within the timeframes established in the Organic Law on Personal Data Protection, through the Firm’s Data Protection Officer, who can be contacted for inquiries or clarifications at the declared address.

15. Cookies

The Firm’s websites may use cookies to identify visited web pages, track browsing frequency, and collect certain information about your browsing experience and preferences.

The personal data requested from you or provided through your browsing on our website or applications helps us manage, provide, and improve the services you have requested.

For more information about the use of cookies on our websites, please refer to our Cookie Policy.

16. Amendments to the Privacy Policy

Updates to this document will be notified through the websites or digital channels made available by the Firm. Therefore, it is your responsibility to review them periodically.