Data Protection Policy

The Protection of Your Data is Our Objective

At MASCO, we recognize the importance of maintaining the privacy and sensitivity of the information we hold in our database, particularly personal information about people we deal with, whether they are clients, users, collaborators, candidates, suppliers, or others.


As accountants in practice and providers of accounting services, we have a professional and ethical obligation to keep confidential all information we receive as part of the relationship with our clients. In addition, we are committed to safeguarding the information we store and/or process of all individuals, whether natural or legal.


In this Data Protection Policy ("Policy"), we set forth the practices we have implemented in our companies in relation to the handling of your data, from its collection, use and with whom we share such information.


This Policy supplements all prior agreements, whether oral or written, between You and us with regarding the collection, use and disclosure of your personal, commercial, or financial information.

To whom this Policy applies

This policy applies to us, as the custodian of the database and as the party responsible for the processing of your personal data, and to you, as the natural or legal person, as the data holder.


When we talk about "Us", we mean “Multiple Accounting Services Corp.” or “MASCO”.


When we talk about "You," we refer to you as client, user, visitor, employee, candidate, supplier, or person who for any other reason shares your data with us.

Legal basis of this Policy

This Policy is based on Law 81 of March 26, 2019 (Panama) on Personal Data Protection, which seeks the protection of the rights of natural persons as holders of their personal data, regarding the use of such data and Executive Decree 285 of May 28, 2021 (Panama) which regulates it.


Law 81 applies to all databases located in the territory of the Republic of Panama, when personal data of nationals or foreigners is stored, or when the responsible of handling the data is domiciled in the Republic of Panama. Databases of subjects regulated by special laws are exempt, provided that these laws establish minimum technical standards necessary for equal or greater protection than those established by Law 81.


MASCO is also regulated by Law 52 of October 2016, which establishes the obligation to keep accounting records to determine legal persons and dictates other measures, and by Law 254 of November 2021, which establishes the obligation to annually prepare and submit accounting records of their Panamanian legal vehicles and additional information to their resident agent.

Definitions

Below you will find the definitions that are provided by Law 81 for the terminology we use in this policy.

Types of data

  • Personal data. Any information concerning natural persons which identifies them or makes them identifiable. We treat all personal data as confidential data.
  • Confidential data. Data that by its nature should not be known be public knowledge or unauthorized third parties, including data protected by law, by confidentiality or non-disclosure agreements, to safeguard information. In the cases of Public Administration, are those data whose processing is limited for the purposes of this administration or if the express consent of the owner is given, without prejudice to the provisions of special laws or by the regulations that develop them. Access to confidential data will always be restricted.
  • Sensitive data. Data that refers to the intimate sphere of its holder, or whose misuse may give rise to discrimination or entail a serious risk to the owner. By way of example, personal which reveal aspects such as racial or ethnic origin; religious, philosophical, and moral beliefs or convictions; trade union affiliation or political opinions; data relating to health, life, sexual preference or orientation, genetic data, or biometric data, among others, subject to regulation and aimed at uniquely identifying a natural person, are considered sensitive.

Storage

  • Data storage. Preservation or custody of data in a database established in any medium provided, including Information and Communication Technologies (TICs for the abbreviation in Spanish).
  • Database. A structured set of data of any nature, created by any form or modality, organization, or storage, which allows the data to be related to each other, as well as to perform any type of processing or transmission of these by its custodian.
  • Accessible source. Databases that are not of restrictive access or contain any reservation to queries, or that are public access, such as official governmental publications, the media, telephone directories and lists of persons belonging to a group of professionals containing only name, title or profession, activity, work, or business address, as well as information indicating their membership in organizations.

Participants

  • Data holder. Natural or legal person to whom the data relates.
  • Database custodian. Natural or legal person, subject to public or private law, profitable or not, acting in the name and on behalf of the data controller and is responsible for the custody and preservation of the database.
  • Data Controller. Natural or legal person, public or private law, profitable or not, who is responsible for decisions related to the processing of data and who determines the purposes, means and scope, as well as issues related to these.

Data Processing

  • Data processing. Any operation or complex of operations or technical procedures, whether automated or not, that makes it possible to collect, store, record, organize, elaborate, select, extract, confront, interconnect, associate, dissociate, communicate, assign, exchange, transfer, transmit or cancel data, or use them in any other way.
  • Consent. Manifestation of the will of the data holder, by means of which the processing of such data is carried out.
  • Data blocking. Temporary restriction of any access to or processing of stored data.
  • Deletion or cancellation of data. To permanently delete or erase data stored in databases, regardless of the procedure used to do so.
  • Data modification. Any change to the content of data stored in databases.
  • Dissociation or anonymization procedure. Any data processing that prevents the information available in the database from being associated with a particular or determinable natural person.
  • Data transfer. Making known, disclose, communicating, exchanging and/or transmitting, in any form and by any means, from one point to another, intra or extra-border, the data to natural or legal persons other than the holder, whether determined or undetermined.

Our Guiding Principles

  • Loyalty. We only collect your personal data with your knowledge and consent.
  • Purpose. When we collect your personal data, we inform you about the purpose and we will only use it for the stated purposes.
  • Proportionality. We will only ask you for the necessary personal data related to the stated purpose.
  • Veracity and Accuracy. We will always ensure that your data is accurate and kept up to date. Remember that updating is a shared responsibility.
  • Data security. We have taken appropriate technical and organizational measures against the unauthorized and unlawful processing of your personal data and information. You can rest assured that we have a robust technological platform, international expert advice and a highly specialized team that has developed a strategy to continuously optimize the safety of your personal data.
  • Transparency. We will always seek to communicate our data protection policies in an easy-to-understand language. Pleas also refer to sections We take care of your Rights as a Personal Data Owner and Access to Your Information and Procedure to Exercise Your Rights.
  • Confidentiality. All persons who by their role have access to your data are obliged not to disclose it. We have internal processes, policies, and tools to support us in maintaining the confidentiality of your data.
  • Legality. When we obtain your data, we make sure we have your consent and document it for future inquiries.
  • Portability. If required by you, we will share your personal data in a timely manner in a generic and common format.

HOW AND WHY WE COLLECT PERSONAL INFORMATION

As a accounting service provider, we collect personal data as part of our professional activities in order to serve our clients.


We never collect personal data without your knowledge and consent. We do not use your personal data for purposes other than those stated.


It is important to note that we do not disclose or sell your personal information or business contact information to third parties to enable them to market their products and services.


If you are a client or potential client

When you request a service or quote for a service, we may collect your information and data as part of the introductory process, to understand, access and assist you with your real estate needs, to comply with obligations under special laws or to ensure that the information is correct and up to date, among others. We only collect your data through legal and consented means.


Some of the information we typically collect is:

  • Basic information and personal data to unequivocally identify you: full name, date of birth, nationality, passport, or identification number. If you are a legal entity, your role within the organization.
  • Contact details to be able to communicate with you and for invoicing: physical address, email address, and telephone numbers. if you are a legal entity, domicile, and tax identification number.
  • Necessary information to comply with the “Know Your Client” policy and Due Diligence requirements: in addition to the data mentioned in the above points, a copy of your identification document and proof of address. If you are a legal entity, certificate of existence or equivalent, among others.


Generally, you provide information and data during our relationship. However, as it becomes necessary to provide the requested services and/or comply with legal obligations, we may validate or collect information about you with our different databases or through third parties such as accessible sources, other authorities and/or state entities and service providers.


We use your personal data only in our regular professional activities and to comply with our contractual obligations or agreements entered into to provide you with our services, to conduct verifications for possible conflicts or anti money laundering searches, to comply with our legal obligations in the jurisdictions where we operate and to defend your legal rights, as well as to comply with court and/or administrative orders if necessary.


In accordance with the provisions of article 1 of Law 52 of 2016, we will keep your data for a minimum of 5 years from the last day of the calendar year within which the transactions to which these records are applied were completed, or of the last day of the calendar year in which the legal entity ceases its operations. We will keep your personal data for a minimum of 5 years after terminating any commercial or contractual relationship. We will keep your personal data after this period for as long as necessary for us to deal with any claims or concerns arising from the processing for which they have been collected or to comply with special laws or regulations implementing them.


As part of our professional relationship, we may send you information about our legal services, about new products or services, events and news about our company. You may at any time withdraw your consent by notifying us [email protected].

If you visit us at our facilities

Both we and the building use video surveillance around and inside our offices to maintain the security of our clients, employees, and other visitors, as well as to protect us from theft, fraud, and property damage. Therefore, when you visit us in our facilities, you may be recorded. All our recordings are destroyed after a maximum of 1 year and will not be used for purposes other than those described here. For more information we recommend referring to the FINANCIAL PARK Data Protection Policy.

If you visit our Websites – Cookies Policy

When you browse our internet pages, we do not collect personal data through cookies or similar methods that allow us to identify you. However, our websites use the Google Analytics service, which is operated by Google Inc., a company located in California, USA. Google Analytics provides us with reports on the use of our pages and general statistics about the people who visit us, such as country, browser type, general interests, etc. Google Analytics uses cookies to provide its service. You have the possibility to disable Google Analytics in your browser.

For more information about how Google Analytics collects and uses your data and how to disable it, please refer to https://support.google.com/analytics/answer/6004245#zippy=%2Cnuestra-pol%C3%ADtica-de-privacidad%2Cidentificadores-y-cookies-de-google-analytics


If you send us your name and contact information such as email and telephone number through one of our subscription forms to be contacted and/or become part of our community, you give us your permission to contact you and you will be able to receive periodic emails with information about MASCO. This data will be kept until you decide to unsubscribe through the link that will be provided with each email you receive.

If you provide a service to us as a supplier or participate in a bidding process

When you are our supplier or tender with us, we may ask you for general information about your business, such as public registration, contact details, business references, references in the APC (for its abbreviation in Spanish), officers and any other information that is required to perform due diligence and assess the risk of a contractual relationship.


We will keep the personal data that you provide us during our business relationship for a minimum of 5 years after finalizing any commercial or contractual relationship. We will keep your personal data after this period for as long as necessary to deal with any complaints or representations arising from the treatment for which they have been collected or to comply with special laws or regulations implementing them.


If you are an employee or candidate

When you apply for a position with us, we collect the information that you provide us with your resume. In addition, we may be collecting further information, for example through forms, interviews, or your references. We use this information to evaluate candidates to fill a position with us. If you are not hired, we keep your data for a period of 12 months and then delete it. If hired, your information will be part of our employee database and your personnel file, for which we may request and store additional information, to develop the employment relationship. Once the employment relationship has ended, we keep your data in accordance with the special applicable laws, such as Law 51 of 2005, which reforms the Organic Law of the Social Security Fund and dictates other provisions, in which a record keeping time of 20 years is defined for the prescription of contributions, so the relevant information will be kept for at least 20 years after terminating the employment relationship.


HOW WE SHARE OR TRANSFER YOUR INFORMATION

During our business relationship, we provide information to our staff for reasonable business purposes and to provide services to you. Our staff is trained to keep the confidentiality and safety of your data. All our personnel has signed a confidentiality agreement and receives continuous training on confidentiality policies and protocols, data protection and our code of ethics, among others.


For the handling of administrative matters and, on occasions, to provide some of our services, we may turn to external service providers or professionals who work with us, such as experts, translators, IT service providers, organizational development, legal services, banks, and others, who may have access to your personal data. In these cases, we require that these providers comply with practices and policies that ensure the safety and confidentiality of your personal data and that they are not processed for purposes other than those previously specified.


Some of our service providers may be located in different jurisdictions. Where it is necessary to transfer or transmit your personal information for the stated purpose, we always ensure that the protection and confidentiality of your data is kept as if it were in national territory and always in compliance with the applicable regulations.


Please always keep in mind that we must and will provide your data and basic information to government authorities if requested and required to do so by law.

WE KEEP YOUR DATA SAFE

The information we collect is strictly used for the purposes indicated. Our employees’ access to your information is restricted and limited only to those who have authorization and training in the proper handling of personal data.


We have adopted and implemented physical, electronic, procedural and security safeguards to ensure that your information is kept confidential and secure as required by law and our internal procedures and practice.


If you have any questions about our security measures, you may contact us at [email protected].

Retention of Information

You agree that we may store and use information about You in our records for the purposes described in this Policy, even if you cease to be a client, subject to applicable laws.

Exactitud de la Información Personal

While there is a business relationship with Us, you must at all times supply and keep all personal information updated, and you must notify us as soon as changes occur to it so that we can update our databases and ensure that there are no mishaps in the contractual relationship that we maintain.

We take care of your Rights as a Personal Data Owner

  • Access. You may obtain your personal data, know its origin and the purpose for which it has been collected.
  • Rectification. You may request correction of your personal data if you believe that it is incorrect, irrelevant, incomplete, outdated, inaccurate, false, or impertinent. In such case we will proceed with the corresponding correction within 5 working days following the request.
  • Cancellation. You may request deletion of your data if you believe it is incorrect, irrelevant, incomplete, outdated, inaccurate, false, or irrelevant.
  • Opposition. When you consider that there are justified and legitimate reasons relating to something in particular, you may refuse to provide your personal data or to be subject to certain processing, as well as to revoke your consent.
  • Portability. If requested by you, we will share your personal data in a generic and usual format within a period not exceeding 10 business days from the request.

Please note that to protect your rights we may delete, cancel, modify, or block your personal data without a request from you when there is evidence of inaccuracy of your data. When the accuracy of your data cannot be established or is of doubtful validity, we may block your data.

Acceso a Su Información y Procedimiento para ejercer sus derechos

To exercise the rights detailed above, please send an email to our Data Protection Officer, attaching the completed form corresponding to your request and with the required supporting documentation. We will respond to you within no more than 5 business days.

Right of Access Request Form

Right of Rectification Request Form

Right of Cancellation Request Form

Right of Opposition Request Form

Right of Portability Request Form

Data Protection Officer

We have appointed a Data Protection Officer, who ensures the timely attention to personal data owners and competent authorities in accordance with the Personal Data Protection Law:


Data Protection Officer: Manuel Samudio

Contact: [email protected]

Office: MMG Tower, 23rd floor, Ave. Paseo del Mar, Costa del Este, Panama City

Functions of the Data Protection Officer (extract):

  • Participate in questions related to the protection of personal data
  • Inform and advise the data controller and / or the database custodian on issues related to compliance with the Personal Data Protection Act, its regulations, or any legal provision applicable to each case.
  • Supervise compliance with regulations.
  • Promote the training of people who assume tasks related to the processing of personal data.
  • Cooperate with the supervisory authority and be its liaison unit.
  • Advise the data controller and / or the database custodian in responding to the requirements or observations formally notified by the control authority.
  • Be the liaison unit with the data owners for questions regarding data processing and their rights.

Validity of this Policy

This Policy was updated as of October 29th, 2021. You agree that we may review and change our Policy at any time to update our privacy commitment to you, based on current privacy laws and best practices.


Address:

Costa del Este, Financial Park Building,

11th Floor, Office 11F


Our Phone Lines:

+507 208-7028 / +507 208-7032

+507 208-7125 / +507 208-7072

+507 208-7073

Write us

You can contact us here

Founded in 2016, committed to proper compliance with current regulations in the Republic of Panama.

Privacy

We have a robust technological platform, advice from international experts and a highly specialized team that has developed a strategy to continuously optimize the security of your personal data.