en

PRIVACY AND PERSONAL DATA PROTECTION NOTICE

We, FABREGA MOLINO, a civil corporation duly registered at Card C-5545, Document 2132154, Mercantile Section, of the Public Registry, with RUC 2132154-1-5545, hereinafter FMM, with address at Calle 50, Edificio BMW Plaza, Piso 9, Panama City, Republic of Panama, and telephone (507) 301-6600, e-mail fmm@fmm.com.pa, are responsible for the processing of your personal, confidential or sensitive data, and therefore, we are responsible for their use and protection.

For what purposes do we collect your personal data?

At FMM we will use your personal, confidential and/or sensitive data for one or more of the following primary purposes, according to the services requested, namely, to:

  • Comply with due diligence and the Know Your Customer policies.
  • Provide the services required by the client.
  • Invoicing and collection activities.
  • Carry out the hiring process and labor procedures required by law, in the case of employees.
  • Employee access to FMM sites and workplace related resources.

In the event that you do not want FMM to use your information for the purposes described above, unfortunately it would not be possible to provide you with the required services, since we would not be able to comply with the obligations imposed on us by the laws in force, as regulated non-financial obliged subjects. 

In addition, we will use your information for one or more of the following secondary purposes for the service you request, but which enable and facilitate us to provide you with better service: 

  • Send information to clients on current issues, newsletters and invitations to face-to-face or virtual conferences given by FMM.  
  • Generation of metrics, statistics, reports and FMM projects. 

If you do not want us to use your information for the secondary purposes mentioned above, this will not prevent us from providing you with FMM services.  

FMM will not use your information for purposes other than those set forth in this notice and in the Privacy and Data Protection Policy.   

Which data do we collect? 

We will only request personal data that is strictly necessary for the provision of the services you require, respecting the principle of proportionality which states that “only data that is adequate, relevant and limited to the minimum necessary in relation to the purpose for which it is required shall be requested”. 

In any case these data will be of a personal and/or confidential nature, and may be:

Identification data: full name, gender, marital status, place and date of birth, age, personal identity card or passport, e-mail, country of residence, occupation or profession and nationality(ies).

Contact details: landline and/or cell phone numbers, e-mail, physical address, mailing address, post office box. 

Fiscal data: Single Taxpayer Registry (RUC). 

Confidential data: politically exposed person, source of income, bank and commercial references. 

Immigration documents: visa, work permit, and residence permit. 

Personal, confidential and/or sensitive data will only be shared when the data subject has requested services from any of the related companies such as FABREGA MOLINO MANAGEMENT, S.A. and/or FM TRUST, S.A., and has given his/her consent for the transfer of the corresponding information.

How will we store your data? 

The data collected will be stored in a structured way, in a generic and commonly used format, which allows it to be operated by different systems and/or transmitted to another controller in a file owned by FMM, which will be managed by Telecarrier, whose location will be at the City of Knowledge, Panama City. 

Personal, confidential and/or sensitive data will only be shared when the holder has requested services from any of the related companies such as FABREGA MOLINO MANAGEMENT, S.A. and/or FIM TRUST, S.A., with technological and analytical service providers, and suppliers and employees of services related to marketing and advertising, such as social networks, advertising agencies or advertising partners. 

How long will we store your data?  

As an entity regulated by the Superintendency of Non-Financial Entities, we are obliged to keep the personal data collected in the due diligence process for a minimum term of 5 years from the date on which the service was rendered. 

How will we protect personal data? 

At FMM we recognize our responsibility regarding the processing and protection of your information, so we have established security measures to adequately safeguard your information, for example: 

  • SSL encryption. 
  • Server level firewall. 
  • Security protocols to prevent unauthorized access to information systems, which are duly described in the Security Policy. 
  • Access control to systems and work equipment. 
  • Double authentication to log in to email accounts. 
  • Encrypted storage. 
  • Advanced computer security suite, details of which can be found in our security policy.

While we cannot guarantee the complete security of communications through the information systems, we can guarantee that we have taken all appropriate measures and made every effort to protect your data.  We will ensure complete confidentiality of the personal and/or confidential information you entrust to us. We are committed to perform the necessary security tests, such as simulation of cyber-attacks, among others, to verify that the systems are updated and in optimal condition.

In the event of a security breach, we will notify you immediately and take all necessary steps to address the issue immediately. 

What are your rights?

You have the right to know what personal information we have about you, how we obtained it, what we use it for, as well as the conditions of the use we make of it (Access). It is also your right to ask us to correct your personal data in case it is outdated, inaccurate or incomplete (Rectification); to remove it from our records or databases when you consider that it is not being used properly (Cancellation); as well as to oppose the use of your personal data for specific purposes (Opposition).  Likewise, you have the right to obtain a copy of the personal data in a structured, generic and commonly used format (Portability). All these rights, as a whole, are called ARCO rights. 

At any time, you may exercise these rights, which cannot be waived, except for the exceptions established in special laws.  These rights will not be absolute, since they may not be exercised in the event that there is any judicial or administrative process against the data subject. 

How can you exercise your ARCO rights? 

To request the fulfillment of your rights, you must send a formal request to FMM, addressed to José María Barranco, to the e-mail address jbarranco@fmm.com.pa.  You may also exercise your rights by submitting a formal request to be delivered to the offices of FMM.  The request, regardless of whether it is sent by email or in person, must comply with the following requirements, in order to provide you with a prompt response:  

  1. Provide the following information: 
  2. First and last names;
  3. E-mail address;
  4. Contact telephone numbers (landline and cellular);
  5. Means by which the data subject wishes to be contacted by FMM, in response to his or her request.
  6. Country, Province/ State.
  7. Attach a copy of your personal identification document (identity card or passport).
  8. In the case of being represented by an attorney, provide the power of attorney that authorizes him/her to carry out the process. 
  9. Provide a clear and precise description of the personal data with respect to which you are seeking to exercise any of your ARCO rights, revoke consent, or refusal of use of data for secondary purposes.
  10. Provide the information or document that may assist in the processing of the request, for example, the lawyer who provided the service, the area of the firm that provided the service, the procedure that was carried out, among others. 

Your requests must be answered within a maximum term of 10 business days, counted from the date on which your request is received.  When the request made by the data subject is related to the modification of the information that FMM maintains about him/her, the maximum term will be 5 working days, counted from the date on which the request was received.   

Legitimation for data processing

The basis of legitimacy for the processing of personal data carried out by FMM lies in Law 81 of March 26, 2019, and your express consent to the processing, storage and / or transfer of such data. 

Changes to the privacy policy 

FMM may modify the privacy and data protection policies at any time, due to updates and/or legal requirements, when deemed appropriate. In the event that significant changes are made that affect privacy, notifications will be made through various means of contact, such as emails, a banner on our website, a pop-up or by means of a push notification (for example, through a banner, a pop-up or a push notification), so that the data subject can review and analyze the changes made. It will always be advisable to occasionally review the policies, as minor changes may have been made to the policy. In any case, we suggest that you review this Privacy and Data Protection Policy from time to time for minor changes. 

As a sign of acceptance and as a sign of your express consent, you must check the corresponding box.