1. PRIVACY AND PERSONAL DATA PROTECTION POLICY
1.1. Introduction
At Assets Trust, as well as in our affiliated companies (“we,” “us,” or “our”), we recognize the importance of the information we maintain in our database, especially the privacy and personal data of our clients, potential clients, users, collaborators, and third parties.
The affiliates of Assets Trust are:
1. ATC Consulting, Inc.
2. Expansion Asset Management Corp.
This Privacy and Personal Data Protection Policy (“Policy”) establishes the practices we have implemented across our companies to comply with Law 81 of March 2019 regarding Personal Data Protection in the Republic of Panama and Executive Decree 285 of May 28, 2021, which regulates it.
It is important that you read this Policy carefully before accessing or using our services. If you do not agree with this policy, you must refrain from sharing information with us through any physical or electronic means.
1.2. What is Personal Data?
Any information concerning natural persons that identifies them or makes them identifiable, such as their name, address, email address, or telephone number.
Within personal data, we also include:
• Confidential Data. Data which, by its nature, should not be known by the public or unauthorized third parties, including information protected by law or by confidentiality/non-disclosure agreements. In the case of Public Administration, this refers to data whose processing is limited to administrative purposes or requires the express consent of the owner, without prejudice to special laws. Confidential data will always have restricted access.
• Sensitive Data. That which refers to the intimate sphere of its owner, or whose improper use could give rise to discrimination or entail a serious risk to them. This includes, but is not limited to, personal data that may reveal aspects such as racial or ethnic origin; religious, philosophical, or moral beliefs; union affiliation or political opinions; data concerning health, life, sexual preference or orientation, genetic data, or biometric data aimed at uniquely identifying a natural person.
1.3. Scope of Application
This Policy applies to all personal data collected, processed, transferred, stored, and/or used by Assets Trust and its companies in the course of our professional and commercial activities. It includes the personal data of our clients, potential clients, employees, suppliers, and third parties with whom we interact, whether natural or legal persons, who shall be the “data subjects.”
1.4. Principles Governing Personal Data Protection
• Loyalty: personal data will be collected only with the knowledge and consent of the data subject, without deception or falsehood, and without using fraudulent or illegal means.
• Purpose: personal data will be collected for specific purposes and will not be processed for purposes incompatible with those for which they were requested.
• Proportionality: we will only request data that is adequate, relevant, and limited to the minimum necessary.
• Veracity and Accuracy: personal data shall be accurate and kept up to date to reflect the current situation of the data owner. We expect your support in updating your data.
• Data Security: as the parties responsible for data processing, we have adopted the necessary technical and organizational measures to guarantee the security of the data under our custody—especially sensitive data—and will inform the owner as soon as possible if data is stolen or security is breached.
• Transparency: all information or communication to the data subject regarding their processing must be in clear and simple language, keeping them informed of their rights and the possibility of exercising ARCO rights.
• Confidentiality: all persons at Assets Trust involved in processing or accessing personal data are obliged to maintain secrecy or confidentiality, even after their employment or professional relationship with us has ended.
• Lawfulness: for processing to be lawful, data must be collected and processed with the prior, informed, and unequivocal consent of the owner or based on a legal foundation.
• Portability: the data subject has the right to obtain a structured copy of their personal data in a generic and commonly used format.
1.5. What Personal Data do we collect and How do we do it?
We collect personal data in various ways only during our regular professional activities to fulfill our obligations and provide services efficiently. We may collect data when the owner provides it voluntarily in the following ways:
• When using our website or mobile app: these visits may generate usage reports and general statistics (country, browser type, general interests) without identifying a specific person.
• When communicating with us through any medium.
• When contacting us with inquiries: we will request data to understand your needs and provide our services.
• When participating in our events: we may provide information on future events and news via the email or phone number provided.
• Through forms or surveys completed freely.
• When applying for employment: we collect information from your CV, forms, interviews, or references. If hired, this becomes part of your employee file.
We may also obtain information from public domain sources. We do not disclose or sell your personal or business contact information to third parties for their marketing purposes.
Commonly collected data includes:
• Identification data: full name, date of birth, ID/passport number, nationality, and organizational role.
• Contact data: email, phone numbers, physical address, and tax ID (for legal entities).
• Billing/Payment information.
• Due Diligence information: copies of ID, proof of address, certificates of existence for legal entities, etc.
1.6. How do we use your Personal Data?
We use your data for purposes including:
• Providing our services properly.
• Informing you about the status of your service.
• Fulfilling contractual obligations.
• Processing invoices and payments.
• Communicating regarding inquiries.
• Identifying you when you contact us.
• Complying with regulatory requirements and Panamanian law.
• Improving and developing our services.
• Sending communications about related products and services.
1.7. With whom do we share your Personal Data?
We may share your data with:
• Our staff: to provide contracted services, under strict confidentiality clauses.
• External service providers: professional services including IT management, systems, hosting, and database storage. They must comply with security practices to maintain confidentiality.
• Marketing service providers: to send customer service communications, event info, and surveys. They cannot use the info for any other purpose.
• Government/Public agencies: or judicial authorities if required or permitted by Panamanian law.
• Authorized third parties: as permitted by law or the data subject.
We do not provide information to third parties for their own marketing purposes. Some providers may be located outside of Panama; we ensure they maintain the same protection and confidentiality standards as required locally.
1.8. Links to Third-Party Sites
Our website may contain links to sites not controlled by Assets Trust. We are not responsible for the privacy practices of third parties and encourage you to review their specific policies.
1.9. How do we Protect your Personal Data?
We have implemented reasonable technological and operational security measures to protect data from unauthorized access, misuse, loss, or destruction. We perform periodic security tests. Access is restricted only to authorized personnel who require it for their functions.
Note: No internet transmission is 100% secure. If you need to send sensitive information, please contact us to facilitate a secure exchange mechanism. Inquiries: info@assetstrust.com.
1.10. Retention and Conservation of Personal Data
We keep your info while we have a relationship with you. After the relationship ends, we will retain it for a period to maintain business records for audit/analysis, comply with legal record-keeping requirements, and defend or present legal claims.
We will delete data when it is no longer necessary. Generally, we retain data for a minimum of five (5) years after the end of a relationship, or longer if required by a specific law.
1.11. Rights of Data Subjects (ARCO)
Law 81 of 2019 recognizes these basic, waivable rights:
• Right of Access: obtain stored personal data and know its origin and purpose.
• Right of Rectification: request correction of incorrect, irrelevant, incomplete, or outdated data.
• Right of Cancellation: request deletion of incorrect or irrelevant data.
• Right of Opposition: refuse to provide data or object to certain processing for legitimate reasons.
• Right of Portability: obtain a copy of data in a structured, generic format.
1.12. How to exercise ARCO Rights?
Contact us at info@assetstrust.com.
Requests for access, correction, deletion, or opposition will be addressed within the legal timeframe, provided they do not hinder administrative/judicial processes, state security, or involve data stored by legal mandate.
1.13. Changes and Updates to the Policy
We may periodically modify this Policy based on current Panamanian privacy laws. The update date is always included at the end. Changes are effective upon publication.