Data Protection Policy
The Protection of Your Data is Our Objective
At Morgan & Morgan, we recognize the importance of maintaining the privacy and sensitivity of the information we hold in our database, particularly personal information about people we deal with, whether they are clients, users, collaborators, candidates, suppliers, or others.
As attorneys in practice and legal service providers, we have a professional and ethical obligation to keep confidential all information we receive as part of our attorney-client relationship. In addition, we are committed to safeguarding the information we store and/or process of all individuals, whether natural or legal.
In this Data Protection Policy ("Policy"), we set forth the practices we have implemented in our companies in relation to the handling of your data, from its collection, use and with whom we share such information.
This Policy supplements all prior agreements, whether oral or written, between You and us with regarding the collection, use and disclosure of your personal, commercial, or financial information.
To whom this Policy applies
This policy applies to us, as the custodian of the database and as the party responsible for the processing of your personal data, and to you, as the natural or legal person, as the data holder.
When we talk about "Us," we mean "Morgan & Morgan Legal" and "Morgan & Morgan".
When we talk about "You," we refer to you as client, user, visitor, employees, candidate, supplier, or person who for any other reason shares your data with us.
Legal basis of this Policy
This Policy is based on Law 81 of March 26, 2019 (Panama) on Personal Data Protection, which seeks the protection of the rights of natural persons as holders of their personal data, regarding the use of such data.
Law 81 applies to all databases located in the territory of the Republic of Panama, when personal data of nationals or foreigners is stored, or when the responsible of handling the data is domiciled in the Republic of Panama. Databases of subjects regulated by special laws are exempt, provided that these laws establish minimum technical standards necessary for equal or greater protection than those established by Law 81.
Below you will find the definitions that are provided by Law 81 for the terminology we use in this policy.
Types of Data
- Personal data. Any information concerning natural persons which identifies them or makes them identifiable. We treat all personal data as confidential data.
- Confidential data. Data that by its nature should not be known be public knowledge or unauthorized third parties, including data protected by law, by confidentiality or non-disclosure agreements, to safeguard information. In the cases of Public Administration, are those data whose processing is limited for the purposes of this administration or if the express consent of the owner is given, without prejudice to the provisions of special laws or by the regulations that develop them. Access to confidential data will always be restricted.
- Sensitive data. Data that refers to the intimate sphere of its holder, or whose misuse may give rise to discrimination or entail a serious risk to the owner. By way of example, personal which reveal aspects such as racial or ethnic origin; religious, philosophical, and moral beliefs or convictions; trade union affiliation or political opinions; data relating to health, life, sexual preference or orientation, genetic data, or biometric data, among others, subject to regulation and aimed at uniquely identifying a natural person, are considered sensitive.
- Data storage. Preservation or custody of data in a database established in any medium provided, including Information and Communication Technologies (TICs for the abbreviation in Spanish).
- A structured set of data of any nature, created by any form or modality, organization, or storage, which allows the data to be related to each other, as well as to perform any type of processing or transmission of these by its custodian.
- Accessible source. Databases that are not of restrictive access or contain any reservation to queries, or that are public access, such as official governmental publications, the media, telephone directories and lists of persons belonging to a group of professionals containing only name, title or profession, activity, work, or business address, as well as information indicating their membership in organizations.
- Data holder. Natural or legal person to whom the data relates.
- Database custodian. Natural or legal person, subject to public or private law, profitable or not, acting in the name and on behalf of the data controller and is responsible for the custody and preservation of the database.
- Controller. Natural or legal person, public or private law, profitable or not, who is responsible for decisions related to the processing of data and who determines the purposes, means and scope, as well as issues related to these.
- Data processing. Any operation or complex of operations or technical procedures, whether automated or not, that makes it possible to collect, store, record, organize, elaborate, select, extract, confront, interconnect, associate, dissociate, communicate, assign, exchange, transfer, transmit or cancel data, or use them in any other way.
- Manifestation of the will of the data holder, by means of which the processing of such data is carried out.
- Data blocking. Temporary restriction of any access to or processing of stored data.
- Deletion or cancellation of data. To permanently delete or erase data stored in databases, regardless of the procedure used to do so.
- Data modification. Any change to the content of data stored in databases.
- Dissociation or anonymization procedure. Any data processing that prevents the information available in the database from being associated with a particular or determinable natural person.
- Data transfer. Making known, disclose, communicating, exchanging and/or transmitting, in any form and by any means, from one point to another, intra or extra-border, the data to natural or legal persons other than the holder, whether determined or undetermined.
Our Guiding Principles
- We only collect your personal data with your knowledge and consent.
- When we collect your personal data, we inform you about the purpose and we will only use it for the stated purposes.
- We will only ask you for the necessary personal data related to the stated purpose.
- Veracity and Accuracy. We will always ensure that your data is accurate and kept up to date. Remember that updating is a shared responsibility.
- Data security. We have taken appropriate technical and organizational measures against the unauthorized and unlawful processing of your personal data and information. You can rest assured that we have a robust technological platform, international expert advice and a highly specialized team that has developed a strategy to continuously optimize the safety of your personal data.
- We will always seek to communicate our data protection policies in an easy-to-understand language.
- All persons who by their role have access to your data are obliged not to disclose it. We have internal processes, policies, and tools to support us in maintaining the confidentiality of your data.
- When we obtain your data, we make sure we have your consent and document it for future inquiries.
- If required by you, we will share your personal data in a timely manner in a generic and common format.
We take care of your Rights as a Personal Data Owner.
- You may obtain your personal data, know its origin and the purpose for which it has been collected.
- You may request correction of your personal data if you believe that it is incorrect, irrelevant, incomplete, outdated, inaccurate, false, or impertinent. In such case we will proceed with the corresponding correction within 5 working days following the request.
- You may request deletion of your data if you believe it is incorrect, irrelevant, incomplete, outdated, inaccurate, false, or irrelevant.
- When you consider that there are justified and legitimate reasons relating to something in particular, you may refuse to provide your personal data or to be subject to certain processing, as well as to revoke your consent.
- If requested by you, we will share your personal data in a generic and common format within a period not exceeding 10 business days from the request.
Please note that to protect your rights we may delete, cancel, modify, or block your personal data without a request from you when there is evidence of inaccuracy of your data. When the accuracy of your data cannot be established or is of doubtful validity, we may block your data.
HOW AND WHY WE COLLECT PERSONAL INFORMATION
As a forensic firm and legal service provider, we collect personal data as part of our professional activities in order to serve our clients.
We never collect personal data without your knowledge and consent. We do not use your personal data for purposes other than those stated.
It is important to note that we do not disclose or sell your personal information or business contact information to third parties to enable them to market their products and services.
If you are a client or potential client
When you request a service or quote for a service, we may collect your information and data as part of the introductory process, to understand, access and assist you with your legal needs, to comply with obligations under special laws or to ensure that the information is correct and up to date, among others. We only collect your data through legal and consented means.
Some of the information we typically collect is:
- Basic information and personal data to unequivocally identify you: full name, date of birth, nationality, passport, or identification number. If you are a legal entity, your role within the organization.
- Contact details to be able to communicate with you and for invoicing: physical address, email address, and telephone numbers. if you are a legal entity, domicile, and tax identification number.
- Necessary information to comply with the “Know Your Client” policy and Due Diligence requirements: in addition to the data mentioned in the above points, a copy of your identification document and proof of address. If you are a legal entity, certificate of existence or equivalent, among others.
Generally, you provide information and data during our relationship. However, as it becomes necessary to provide the requested services and/or comply with legal obligations, we may validate or collect information about you with the different databases, such as those of other companies in our economic group, or through third parties such as accessible sources, other authorities and/or state entities and service providers.
We use your personal data only in our regular professional activities and to comply with our contractual obligations or agreements entered into to provide you with our services, to conduct verifications for possible conflicts or anti money laundering searches, to comply with our legal obligations in the jurisdictions where we operate and to defend your legal rights, as well as to comply with court and/or administrative orders if necessary.
As part of our professional relationship, we may send you information about our legal services, about new products or services, events and news about our company or other companies in our economic group. You may at any time withdraw your consent by notifying us at [email protected].
If you visit us at our facilities
We use video surveillance around and inside our offices to maintain the security of our clients, employees, and other visitors, as well as to protect us from theft, fraud, and property damage. Therefore, when you visit us in our facilities, you may be recorded. All recordings are destroyed after a certain period of time and will not be used for purposes other than those described herein.
If you visit us on our websites or service portals
When you browse our websites or use our online services, we may collect technical information, such as your IP address to optimize the operation and security of our technology platforms. Upon entering one of our customer service portals, such as payment portals, we also collect the information that you provide to us at the time and that it is strictly necessary for it to fulfill the purpose for which it was designed, for example to transfer payment for an invoice. In all cases we always seek your convenience and security of your data.
If you provide a service to us as a supplier or participate in a bidding process
When you are our supplier or tender with us, we may ask you for general information about your business, such as public registration, contact details, business references, references in the APC (for its abbreviation in Spanish), officers and any other information that is required to perform due diligence and assess the risk of a contractual relationship.
If you are an employee or candidate
When you apply for a position with us, we collect the information you provide to us with your resume. In addition, we may be collecting additional information through your references. We use this information to evaluate candidates to fill a position with us or other company in our economic group. If not hired, the information is kept for a certain time and will then be deleted. If hired, your information will be part of our employee database, for which we may request and store additional information, to develop the employment relationship.
HOW WE SHARE OR TRANSFER YOUR INFORMATION
During our business relationship, we provide information to our staff for reasonable business purposes and to provide services to you. Our staff is trained to keep the confidentiality and security of your data.
As part of an economic group, we may share some information between our companies for the sole purpose of providing the service to you or developing the relevant business relationship. We ensure that at all times they guarantee the same level of data protection that we demand.
To provide some of our services, we may sometimes use external service providers or professionals who work with us, such as experts, translators, IT service providers, banks, and others, who may have access to your personal data. In these cases, we require these providers to comply with practices and policies that ensure the security and confidentiality of your personal information and they are not processed for purposes other than those specified above.
Some of our companies, headquarters or service providers may be located in different jurisdictions. Where it is necessary to transfer or transmit your personal information for the stated purpose, we always ensure that the protection and confidentiality of your data is kept as if it were in national territory.
Please always keep in mind that we must and will provide your data and basic information to government authorities if requested and required to do so by law.
The information we collect is strictly used for the purposes indicated. Our collaborators' access to your information is restricted and limited only to those who have authorization and training in the proper handling of client information.
We have adopted and implemented physical, electronic, procedural and security safeguards to ensure that your information is kept confidential and secure as required by law and our internal procedures and practice.
Retention of Information
You agree that we may store and use information about You in our records for the purposes described in this Policy, even if you cease to be a client, subject to applicable laws.
Accuracy of Personal Information
As long as there is a business relationship with Us, you must at all times provide and keep all personal information up-to-date, and you must notify us as soon as there are changes to it so that we can update our databases and ensure that there are no mishaps in our contractual relationship.
Access to Your Information and Procedure to Exercise Your Rights
To request information about the data we store about you, corrections, or cancellations, please contact us via [email protected], indicating the details of your request, as well as your name, phone number, identification, and your client or employee number, if available. We will answer you within 5 business days.
Term of this Policy
This Privacy Statement was updated as of March 25, 2021. We may revise and change our Privacy Statement at any time to update our privacy commitment to you based on current privacy laws and best practices.