Privacy Policy and Legal Notice



By virtue of the Constitution of the Republic of Ecuador, considering the fundamental right to  the protection of data and the right to privacy with respect to the processing of personal data, PÉREZ BUSTAMANTE & PONCE ABOGADOS CIA. LTDA. (“PBP”) has developed this Personal Data Protection Privacy Policy (the "Policy") to identify and describe the levels of protection for any personal data when this is collected, analyzed, processed, communicated, transferred, updated, filed, kept, changed or erased, in strict compliance with the principles, rights and obligations set forth in the regulations. The purpose of this Policy is to comply with the legal provisions of Ecuador, in particular with the Organic Law for Personal Data Protection published in Official Gazette Supplement 459 on May 26, 2021, which establishes the general provisions that govern the subject matter (the “Data Protection Law”).

PBP is committed to processing data in a lawful, transparent, timely manner and limited to what is necessary in relation to the relevant purposes. 



PBP, in its capacity as the data controller, has its registered address in the province of Pichincha, city of Quito, at Av. Republica del Salvador N36-140 y Naciones Unidas.


  • “Data Protection Law”: The Organic Law for Personal Data Protection published in Official Gazette Supplement 459 on May 26, 2021.
  • “Data Controller”: PBP, who determines the purpose and means of the processing of personal data.
  • “Data Subject”: A natural person whose data is subject to processing.
  • “Data Processor”: The Data Processor (where applicable) or the Data Controller identified / appointed by PBP and who acts under its instructions.
  • “Processing Activity”: Any operation or set of operations which is performed on Personal Data or sets of Personal Data.
  • “Personal Data Breach”: A breach of Personal Data (security breach) such as destruction, loss, or accidental or illegal alteration of the information.
  • “Personal Data”: Data that identifies or makes identifiable a natural person, directly or indirectly.
  • “Credit Data”: Data about the financial behavior of natural persons, to analyze their financial standing.
  • “Sensitive Data”: Data concerning ethnic origin, gender identity, cultural identity, religion, ideology, political affiliation, criminal record, immigration status, sexual orientation, health, biometric data, genetic data, and those where improper processing may give rise to discrimination or threaten or may threaten fundamental rights and freedoms.
  • “Business Partner”: Any natural or legal person, public authority, agency or other entity which has a business relationship with PBP.
  • “Service Provider” or “Data Processor”: Any natural or legal person, public authority, agency or other institution which provides its services to PBP in connection with the processing of personal data.
  • “Client”: Any person, whether natural or legal, which obtains the provision of a service from PBP.
  • “Candidate”: A natural person who sends their CV, whether directly or through a third party, and other data relating to their profession or trade for consideration in selection processes managed by PBP.
  • “Employee”: A natural person who provides a service to PBP under an employment contract.


  1. SCOPE

PBP makes the policy on the processing of personal data collected in the provision of services and/or products offered by PBP available to partners, directors, employees, collaborators, business partners, providers, visitors, clients and prospects. This is to communicate the purpose of collecting data, the processing, as well as the rights of the data subjects and the procedures that PBP implements for the exercise of the rights.  



The personal data processed by PBP may come from the following sources and be of the following types:



  • Data provided by the Data Subject: The rights holder provides identifying data (name, surname, ID card number, telephone number, email address, city, etc.).
  • Data generated by a Contract: The personal data of the data subject is obtained according to the development, maintenance or start of the relationship between the data subject and PBP.
  • Inferred Data: PBP collects personal data by means of profiling with the prior consent of the data subject.
  • Data from Third Parties: Third parties may belong to the public or private sector, and the data may be from public information or publicly accessible sources (data from public records, newspapers and official journals, telephone directories, lists of members of professional groups, credit information systems, social networks, etc.).



  • Users, Website and Social Networks:
    • Through forms on PBP’s website, and through social networks.
    • Through the automatic storage of data of users who access PBP’s website by the use of cookies.
    • Through links and hyperlinks that take users to the websites of our partners.


  • Other technological means and other:
    • By the exchange of emails.
    • By telephone calls.
    • By event forms of PBP.
    • By sales invoices.
    • By WhatsApp.
    • By the use of CRM.
    • By offers and service proposals.
    • By transmission or transfer on the part of strategic partners.



PBP will provide its privacy policy and legal notice on its website, and those who contact PBP via the website agree to comply with the policies of PBP.

We receive and store any information that you knowingly provide to us by completing any form on the website or with us. When necessary, this information may include:

  • Contact information (name, surname, email, telephone number, country and city).
  • Application information (name, surname, email, telephone number and CV).
  • Newsletter subscription information (name, surname, email, telephone number, country and city).
  • Form for exercising personal data rights.

You may choose not to provide your personal data to us; as a result, it is possible that you may not benefit from some of the services that we offer.  


  • Data of Job Candidates. For example, contact details, CV information, employment history, work references, information about training, knowledge, among others.
  • Personal Data of Potential Clients. This includes basic data (for example, name, surname, address, city, telephone number, email address, nationality, date of birth, passport, sector, written or electronic signature, voice from telephone call recordings, image from ID document).
  • Personal Data of Clients. This includes basic data (for example, name, surname, address, city, main street, neighborhood, telephone number, email address, nationality, credit information, main occupation, profession, written or electronic signature, voice from telephone call recordings, image, company/place of work, current position, employment relationship, work address, city, main street, neighborhood, income, assets, net worth. In specific cases, the following data may be collected: dependents, name of spouse, ID number of spouse, spouse’s place of work, position, address, telephone number, bank references, personal references).
  • Personal Data of Employees. Personal data of PBP’s employees, basic data such as name, telephone number, date of birth, email address. Special data such as image, credit data and health data.
  • Personal Data of Providers/Business Partners. Data of individuals or members of staff of providers. For example, contact details, information contained in emails and other business communications, bank account information; data about procured products and services, characteristics of the procured products and services, contracts, invoicing, enquiries, requests and claims made, among others.   
  • Personal Data of Website Users. For example, IP address, location information, log file data, contact details. User data and password for registration and access to Apps or web platforms of PBP.


a) Sensitive Data

In the case of sensitive data, the data subject will have the power to give explicit authorization for the processing of said data. In the event of receiving sensitive data, PBP guarantees that it will maintain the security and confidentiality of the data.

  • Image, physical appearance, voice.
  • Data concerning criminal record and biometric data.
  • Data concerning health will be processed with the duty of confidentiality and medical confidentiality as determined by the applicable law.
  • Data of minors.
  • Data of disabled people.


The collected data will be stored and/or processed in the servers in a data center, whether PBP’s own or contracted with third parties and/or providers, located within or outside the country, which meet the characteristics of a safe harbour and which guarantee all security measures for information available in physical and/or digital means directly at the offices of PBP and/or at the facilities of third parties and/or providers, and for the storage of personal data and special data duly authorized by the data subjects.  





The following principles will govern the processing of personal data at PBP from collection:

  • Principle of Legality: The personal data must be processed in strict accordance and compliance with the principles, rights and obligations established in the Constitution of Ecuador, international instruments, the Law and Regulations thereto, and other applicable regulations and case law.
  • Principle of Fairness: The processing of personal data must be fair. Therefore, it must be clear to the data subjects that personal data concerning them is being collected, used, consulted or otherwise processed, as well as the forms in which such data is or will be processed. In no case can personal data be processed by unlawful or unfair means or for unlawful or unfair purposes.
  • Principle of Transparency: The processing of personal data must be transparent. Therefore, any information or communication relating to this processing must be easily accessible and easy to understand and must use clear and plain language. The relationships derived from the processing of personal data must also be transparent.
  • Principle of Purpose: The purposes of processing must be determined, explicit, legitimate and communicated to the data subject; personal data cannot be processed for purposes other than those for which it was collected, unless new processing is allowed on one of the grounds in accordance with the bases for lawful processing indicated in the law. The processing of personal data for purposes other than those for which it was initially collected must only be permitted when it is compatible with the purposes of the initial collection. To this end, it is necessary to consider the context in which the data was collected, the information provided to the data subject in that process, and in particular the reasonable expectations of the data subject based on their relationship with the controller as to later use of the data, the nature of the personal data, the consequences of the intended further processing for data subjects, and the existence of appropriate safeguards in both the original and intended further processing operations.
  • Principle of Relevance and Minimization of Personal Data: The personal data must be relevant and limited to the extent strictly necessary to achieve the purpose of the processing.
  • Principle of Proportionality of Processing. The processing must be appropriate, necessary, timely, relevant and not excessive in relation to the purposes for which the data has been collected or the very nature of the special categories of data.
  • Principle of Confidentiality: The processing of personal data must be devised on the basis of due confidentiality and secrecy, that is, data must not be processed or communicated for a purpose other than the purpose for which it was collected, unless new processing is allowed on one of the grounds in accordance with the bases for lawful processing indicated in the law. To this end, the controller must take the technical and organizational measures to comply with this principle.
  • Principle of Quality and Accuracy: The personal data that is subject to processing must be accurate, unabridged, precise, complete, ascertainable, clear and, where necessary, kept duly up to date, so that its veracity is not altered. All reasonable measures will be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay. In the case of processing by a processor, the quality and accuracy will be the obligation of the controller of personal data.
  • Principle of Storage: The personal data will be stored for no longer than is necessary to achieve the purpose for which the data is processed. To guarantee that the personal data is not stored for longer than necessary, the controller will establish timeframes for its erasure or periodic review. Extended storage of processed personal data will only be carried out for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, provided that timely and necessary personal data security and protection guarantees are established to safeguard the rights set forth in this Policy.
  • Principle of Personal Data Security: The controllers and processors of personal data must implement all appropriate and necessary security measures, understood to be those accepted as the state of the art, whether these are organizational, technical or of any other kind, to protect the personal data from any risk, threat or vulnerability, in line with the nature of the personal data, the scope and context.
  • Principle of Demonstrated and Proactive Accountability: The controller of personal data must demonstrate that it has implemented personal data protection mechanisms, that is, compliance with the principles, rights and obligations established in the Law. For this purpose, in addition to the provisions of applicable regulations, it can make use of standards, best practices, co- and self-regulation schemes, protection codes, certification systems, data protection seals or any other mechanism that is deemed appropriate for the purposes, the nature of the personal data or the risk of the processing. The controller of personal data is obliged to account for the processing to the data subject and to the Personal Data Protection Authority. The controller of personal data must evaluate and review the mechanisms it adopts to comply with the principle of accountability in a continuous and ongoing manner, for the purpose of improving its level of efficacy as regards the application of the Law.
  • Principle of Application in Favor of the data subject: In case of doubt regarding the scope of the legal or contractual provisions applicable to personal data protection, the judicial and administrative officers will interpret and apply the provisions in the sense most favorable to the data subject.



The PBP’s employees who process personal data must verify that they comply with security standards and have proper consent for the processing of personal data. They will also be governed by the following provisions:

  1. Any client, employee or provider who provides false data will be permanently excluded from our network; additionally, PBP reserves the right to take the legal or out-of-court measures that are warranted.
  2. Only data that is necessary in the course of business will be collected, and provided that the data subject has given their prior, express and informed consent. This is with the exception of the cases in which the applicable rules allow data processing without requiring authorization.
  3. The data subjects must clearly understand the purposes for which they authorize the provision of their data. Authorizations for the processing of data will contain the purposes and will be granted by means of the signing of contracts, privacy notices, informed consent, among others. In any case, these will include both the authorization and the purposes of the personal data processing. We can use any mechanism indistinctly to formalize the user’s willingness to share their personal data and to use it. These mechanisms will comply with the minimum legal requirements and the compliance standards of the company.

Strict security and confidentiality measures will be used in the receipt of personal data and sensitive personal data. The company and its employees are committed to maintaining the confidentiality of any kind of personal data and to not disclosing any personal data to unauthorized third parties (both from PBP and externally).   



Purposes of processing data with business partners as strategic partners to provide services:

  • Sufficiently evaluate the provider for the purpose of guaranteeing an adequate level for the processing of data required to provide a service.
  • Evaluate the quality and performance of the provider in compliance with its duties.
  • Document and provide instruction about the appropriate processing of shared data assets.  
  • Comply with the standard on relationships with providers.
  • Provide the data collected from the providers to regulatory and supervisory authorities, police, and court and/or administrative authorities by reason of a legal requirement.
  • Transfer and communicate the personal data to countries that meet adequate levels of data protection, according to security standards.
  • Evaluate technical and organizational mechanisms of the provider for the protection of personal data.


Purposes of processing personal data of clients and potential clients:

  • Process and use the personal data provided by clients or prospects, whether in physical or electronic form, by means of contracts, quotes, websites, applications, among others; to send them information about the product and/or service acquired or desired to the registered email addresses or contact numbers.
  • Use the information received and/or collected to market products and/or services with strategic partners with which PBP has a business relationship.
  • Provide the collected data to the regulatory and supervisory authorities, police, and court and/or administrative authorities by reason of a legal requirement and/or use or disclose this data.
  • Contact by telephone, email and/or digital means to carry out surveys, studies and/or confirmation of personal data which is necessary for the execution of a contractual relationship.
  • Contact the data subject by email to send account statements or invoices in connection with the obligations under a contract between the parties.
  • Process and use personal data to offer services and respond to requests through automated systems that improve the quality of service. In addition, the client or potential client may be subject to analysis and profiling questions to cater to their specific interests.   
  • Allow control bodies to access data to carry out internal or external audits.
  • Keep the data subjects’ data up to date.
  • Use personal data to exchange information, communications, requests, approvals and/or any other kind of expression of will.
  • Collect identifying data to respond to requests and queries from the client when the user has contacted PBP through social networks.
  • Personal data of clients will be processed for the purpose of sending information concerning the ordinary course of business, advertising, legal newsletter, training and webinar notifications, and information that may be of interest to the client.
  • Personal data of clients may be used in order that they be contacted later by a given third party to evaluate their satisfaction with the services and to rate the services.
  • The data will be used to contact people who request and authorize this in order to respond to their requests.
  • Respond to requests for information, assistance or services.
  • Respond to complaints, claims and requests by users, including the power to contact them to appropriately process the request and respond satisfactorily.
  • Regarding processing through digital channels and the website, data can be collected, processed and stored in order to handle the procurement of services, manage applications to the company, advise and provide support to users and/or clients, and provide notifications and general information about legal situations and our services through the newsletter which can be subscribed to.
  • Give notice of changes to this Privacy Policy.
  • Comply with legally established obligations and verify compliance with contractual obligations.


Purposes of processing data of employees and candidates:

  • Record and process the information of applicants in a selection process or for future processes.
  • Contact candidates for recruitment to a given position or future selection processes if interested.
  • Verify the veracity and authenticity of the information provided in the person’s CV with the institutions that the person has studied at and been employed at.
  • Share data with providers and partners for new employee medical checks and other activities as part of the selection process.
  • Fulfill the employment obligations of PBP in its capacity as an employer, as established in employment legislation, the employment contract, the Internal Work Regulations and Corporate Policies. 
  • Carry out activities inherent in the employment relationship and the ordinary course of business of PBP.
  • Carry out control, follow-up, monitoring, supervision and, in general, facilitate the security of the facilities, assets and employees of the company.  
  • Any other purpose that is necessary to perform the corporate purpose and business activity of PBP. 
  • Inform the employee of any change to the contractual relationship. Evaluate the quality and performance of the employee in accordance with their duties under the employment contract.
  • Provide information to the control bodies for internal and external audits, as required.
  • Assign work tools for the performance of their duties (creation of corporate email accounts, mobile phones for contacting clients, signing confidentiality and non-disclosure agreements, signing the manual on appropriate data processing, appropriate use of devices provided, among others).
  • Check personal references and work references during the hiring process.
  • Process information of relatives for benefits and, in case of emergency, to contact family members.


In addition to the above, PBP can process personal data in other ways in accordance with the legal bases that authorize it to do so and for which the data subject will receive the necessary information in relation to such processing, and PBP will request the data subject’s consent if this is necessary.



In compliance with the legal framework for the protection of personal data, PBP states that it will use adequate and sufficient mechanisms to obtain the authorization and prior, free, specific, informed and unequivocal consent of the data subject through different forms, the website or in any other format that guarantees subsequent consultation, for the processing of personal data in the applicable database of PBP.  

The data subject is clearly, fully and expressly informed of the processing that their personal data will be subject to, as well as the optional nature of providing sensitive data and their rights as a data subject, as well as the identification and the address or email address of the data controller.

PBP, as the data controller, will keep evidence of the authorization given by the data subjects or, otherwise, the legal basis for the processing carried out.

The data subject will have the power to withdraw consent at any time, without retroactive effect, that was previously given to authorize the processing of their data for a given purpose.




PBP will not sell, exchange, lease or share the personal data of the data subject except in the forms established in this Policy.

PBP will share information with service providers or with the companies with whom it has a partnership, which contribute to improving or facilitating operations. PBP will ensure that standards of protection are met, by means of signing contracts or agreements whose purpose is the privacy and confidentiality of the personal data of the data subject.

The data subject will have the power to accept that PBP discloses or shares personal data with third parties that are service providers or companies that are partners, affiliated or related to PBP.

PBP will cooperate with the authorities with which it must act to guarantee compliance with the Law. PBP will collaborate with the competent authorities in order to safeguard the integrity and security of the community and of its data subjects. However, PBP may disclose the personal data to the authorities or third parties without the data subject’s consent due to court orders, when this is permitted by law, or for the prevention of money laundering or the financing of terrorism.    

By means of the data subject’s authorization, PBP will be authorized to transfer personal data in whole or in part to any of the controlled companies, parent companies and/or related companies of PBP, on any basis and at the time and in the manner and conditions it deems appropriate. PBP will guarantee the privacy and security of the data.  



The personal data of the data subjects will be stored for the time necessary to achieve the indicated purposes. When PBP no longer needs to use the personal data to achieve the purposes for which the data was collected, or to meet contractual or legal obligations, the personal data will be erased from the system and records. PBP will take the necessary measures to anonymize the personal data so that the data subject is no longer identifiable.   



When a processing activity, and specifically the implementation of a new technology or information system, will likely result in the processing of personal data and an elevated risk to individual rights and freedoms—having particular regard to the nature, scope, context and purpose of the proposed processing activity—an impact assessment will be conducted on the protection of data before the processing activity is implemented.



PBP will comply with all technical and organizational measures applicable in security measures for the protection of personal data. Industry standards for the protection of data confidentiality will be used, including, in other measures: layered protection schemes, firewall, network segmentation, access control to servers and services, endpoint detection and response system, cloud backup and encryption of hard drives. PBP considers the personal data of the data subjectto be an asset which must be protected from any loss or unauthorized access. To that end, PBP uses various security techniques to protect such data from unauthorized access by holders of the data within or outside the company.   

The information within PBP can only be accessed by those teams or employees who need to know the information. PBP ensures that it implements the rights and management policies within the company, and it takes all necessary measures to guarantee that employees, advisors and service providers keep the files confidential.

PBP is not responsible for illegal interception or breach of its systems or databases by unauthorized persons.  



Right of Access: The data subject can check their personal data that is being processed by PBP. The data subject has the right to know and obtain from the controller, free of charge, access to all their personal data and information without having to present any justification. The controller of personal data must establish reasonable methods which allow the exercise of this right, which must be addressed within a period of fifteen (15) days.

Right to Rectification and Updating: The data subject has the right to obtain from the controller the rectification and updating of their inaccurate or incomplete personal data. To do this, the data subject must present the justifications whenever it is relevant. The controller must deal with the request within a period of fifteen (15) days and in this same period it must inform the recipient of the data, if relevant, about the rectification so that the recipient updates it.

Right to Erasure: The data subject has the right to have the controller erase their personal data when: 1) The processing does not comply with the principles established in the law; 2) The processing is not necessary or relevant for the purpose; 3) The personal data has achieved the purpose for which it was collected or processed; 4) The period for keeping the personal data has expired; 5) The processing affects fundamental rights or individual freedoms; 6) The data subject revokes the consent given, or indicates not having given it for one or more specific purposes, without having to have any justification; or 7) There is a legal obligation. The controller of personal data will implement methods and techniques to eliminate, make illegible or render unrecognizable, definitively and safely, the personal data. This obligation must be met within the period of fifteen (15) days from receipt of the data subject’s request and will be free of charge.

Right to Object: The data subject has the right to object to or deny the processing of their personal data in the following cases: 1) it does not affect the fundamental rights and freedoms of third parties, the law permits it, and it does not concern public information, or public interest or processing ordered by law. 2) The processing of personal data is for the purpose of direct marketing; the data subject will have the right to object at any time to the processing of personal data which concerns them, including profiling, in which case the personal data will no longer be processed for these purposes. 3) When the data subject’s consent for the processing is not necessary as a result of a legitimate interest, and it is justified by a particular personal situation of the data subject, provided a law does not state otherwise. The controller will no longer process the personal data in these cases, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of claims. This request must be dealt with within the period of fifteen (15) days.

Right to Portability: The data subject has the right to receive their personal data from the controller in a compatible, up to date, structured, commonly used, interoperable and machine-readable format, preserving its characteristics; or to transmit it to other controllers. The data subject may request the controller to transfer or communicate their personal data to another controller where technically feasible and the controller cannot claim any impediment to slow down the access, transmission or re-utilization of data by the data subject or by another controller. When the transfer of data has been completed, the controller who makes the transfer will erase it unless the data subject stipulates its storage.

Right to the Suspension of Processing: The data subject will have the right to obtain from the controller the suspension of processing of the data when any of the following conditions are met: 1) When the data subject contests the accuracy of the personal data, while the controller verifies the accuracy of the data. 2) The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; 3) The controller no longer needs the personal data for the purposes of the processing, but the data subject needs the personal data for the establishment, exercise or defense of claims; 4) When the data subject has objected to processing, while it is verified whether the legitimate grounds of the controller override those of the data subject. When the data subject contests the accuracy of the personal data, the controller, while verifying the accuracy, must show in the same database containing the contested data that it has been challenged by the data subject. The controller may process the personal data which has been subject to the exercise of this right by the data subject only in the following cases: for the establishment, exercise or defense of claims; in order to protect the rights of another natural or legal person; or for reasons of important public interest.

Right Not to be Subject to a Decision Based Solely or Partly on Automated Assessments: The data subject has the right not to be subject to a decision based solely or partly on assessments which are the product of automated processes, including profiling, which produces legal effects concerning them or which threaten their fundamental rights and freedoms.



The data subject may take any of the actions described above by contacting PBP at the following email address:



All requests to exercise personal data rights must be sent to the department in charge of data protection at PBP with the subject line – Personal Data Protection.

The data subject can exercise their personal data rights at any time, and PBP must respond to the request within a maximum of fifteen (15) days from the date it receives the request. PBP can ask the data subject for a clarification of, or further details about, the information in the request within five (5) days of receiving the request. As a result, the data subject will have ten (10) days from the day after receiving the notification to clarify or complete the request.  

If the data subject clarifies or completes the request within the period provided, PBP will respond to the request in the corresponding timeframe. An unsuccessful request can be archived with a notification stating the reasons sent to the data subject. This does not prevent the data subject from submitting a new request.

data subjects can, at any time, rectify, know and update their data, among others, in the face of partial, inaccurate, incomplete, fragmented or misleading data, or data the processing of which is specifically prohibited or has not been authorized. Moreover, the data subject or their representative can request the correction or updating of their data.

The request will be made in writing and will include the following information:

  • i) Identification of the data subject or the representative (full name, ID or passport number, and address or email address for notifications). The details of the person being represented will also be included.
  • ii) A clear and precise description of the personal data in respect of which the person wishes to exercise any of the rights, and any detail that helps the personal data to be found at the institution the data was provided to.
  • iii) A clear and precise explanation of the request.
  • iv) Identification of the right or rights the person wishes to exercise.
  • v) Documents that prove the person’s identity and legal representation.



PBP may amend this Policy and/or emailing practices. If PBP amends this Policy, it will notify the data subject by publishing an updated version of the Policy in this section or by sending an email or giving notice on the main page or other sections to keep the data subject up to date with the changes made. The data subject must decide whether or not to accept the changes to the Policy. If the data subject does not accept the new terms and conditions of the Policy, the link between the data subject and PBP will be dissolved and the data subject’s personal data will not be used other than for the purpose stated at the time it was obtained.

If the data subject has any concerns about the processing of their personal data, they can contact PBP at the following email address: The response time to any request will be 15 business days from the day on which the request was received, in accordance with the Organic Law for Personal Data Protection.



This Policy will come into effect as of December 2023. Personal data that has been stored, used or transmitted will be kept in PBP’s databases for the time required to fulfill the purposes set forth in this document or for the company to fulfill its legal obligations.

However, the information will be reviewed each year to check the accuracy of the data and the purpose of continuing the processing.





Legal Information

In accordance with the Organic Law for Personal Data Protection, we inform you that the content of this website ( (the “Site”) belongs to Sebastián Pérez Arteta, with registered office at Edificio Mansión Blanca, Av. República de El Salvador N36-140, Quito 170505, Ecuador, Taxpayer No. 1790379663001 (“PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA”).  

This legal notice governs the terms of use of this Site.


Acceptance by User

This Legal Notice governs the access, navigation and use of the following Site ( that PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS Cia LTDA makes available to internet users. Therefore, access to the Site confers the condition of user and, with it, implies acceptance of the terms of use of the Site. If you do not agree to the terms, you must refrain from using the Site.   

The user is informed, and accepts, that access to this Site does not lead in any way to the start of a commercial relationship with PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA.


Content and Use 

Use of the Site by the user must be responsible, in good faith, in accordance with existing laws and this Legal Notice and with respect for the intellectual and industrial property rights of PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA.

The Site provides a wide range of information, services and data. The user bears responsibility for the correct use of the Site.  

The use of any content from the Site for purposes that are or may be illegal is completely forbidden, as is any action that causes or may cause damage or changes of any kind to the Site or its content without the consent of PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA.

The company reserves the right to make changes to its Site as it sees fit without notice. The company may change, remove or add content and the services provided through the Site and the way that these are presented or located on its servers.


Responsibilities and Guarantees

PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA declares that it has taken the required measures, within its possibilities and the state of technology, that allow the correct functioning of the Site as well as the absence of viruses and harmful components. However, PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA cannot be responsible for the following situations including but not limited to:

  • The continuity and availability of the content.
  • That the content will be error-free or that any defects will be corrected. 
  • Absence of viruses and/or other harmful components.
  • Damages caused by any person who breaches the security systems of PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA.
  • The use that users may make of the content on the Site. Consequently, PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA does not guarantee that use of the Site content by users conforms with this legal notice, or that diligent use of the Site is made.   
  • Use of the Site by minors or the sending of their personal data without the permission of their guardians, the guardians being responsible for their internet use.
  • The content that the user can access through unauthorized links or links introduced by users through comments or similar tools.
  • The introduction of incorrect data by the user or a third party.


PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA can temporarily suspend access to the Site, without notice, to carry out maintenance, repairs, updates or improvements. Consequently, in no event will PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA be liable for any damages arising from the lack of availability or accessibility of the Site or disruption to the Site. However, if circumstances allow, PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA will inform the user sufficiently early of the planned date for the suspension of content. 


Furthermore, PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA is committed to eliminating or, where appropriate, blocking content that may affect or be contrary to existing laws, the rights of third parties or morals and public order.


Link Policy

PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA is not responsible for the content of websites that the user may access through links on its Site, and it declares that in no event will it examine or exercise any kind of control over the content of other websites. Likewise, it does not guarantee the technical availability, accuracy, veracity, validity or legality of external sites which may be accessed through the links.


Intellectual and Industrial Property Policy

PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA is the exclusive owner of the rights to its website and social networks. Therefore, all content, graphic design and codes that form part of ( are the exclusive property of PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA. The reproduction, distribution, public communication, transformation, or any other activity performed with the content is prohibited, even if sources are cited, unless prior, express and written consent is obtained from PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA.


PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA does not authorize any kind of use of its intellectual and industrial property rights or any other property or right related to the Site, and in no event will access and navigation by users be understood to imply a waiver, transfer, license or assignment, in full or in part, of said rights by PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA. Any use of content that is not previously authorized by PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA will be considered as a serious breach of intellectual or industrial property rights and will give rise to the liability established by law. PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA reserves the right to take the corresponding action in and out of court against the user. 


Data Protection Clause

In accordance with existing regulations on Personal Data Protection, users are informed that their data will be added to the Record of Processing Activities of PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA in order to eventually be able to carry out the contracted services. 

In accordance with existing regulations, PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA states that the data will be retained for the period strictly necessary to perform the services provided.

Likewise, the data will be processed in a lawful, fair, transparent, adequate, relevant, limited, precise and up-to-date manner. For this reason, PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA is committed to taking all reasonable technical and security measures for the data to be removed or rectified without delay when it is inaccurate. 

In accordance with data protection regulations, users may exercise the right of access, to update, rectification, erasure, suppression, portability, and to object to the processing of their personal data, as well as to withdraw consent to processing of personal data.

The request must be sent to the following email address:


Reservation of the Right to Amend this Legal Notice

PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA reserves the right to amend this legal notice to adapt it to any regulatory change or new regulation, for technical reasons, due to changes in the services offered by PÉREZ BUSTAMANTE Y PÉREZ ABOGADOS CIA LTDA or due to strategic decisions by the company. In these cases, reasonable notice will be given on this Site of the changes to be made and from when these will take effect.

Should the user disagree with the changes, user must stop using the Site. Use of the Site after changes are made will imply acceptance of the changes by the users.



Should any of these provisions be considered null, invalid or inapplicable, the provision (or section that is declared null, invalid or inapplicable) will be void, without this affecting the validity and applicability of the remaining provisions.


Applicable Law and Competent Jurisdiction

These general conditions, including the annexes and all related matters, will be governed by, and must be interpreted in accordance with, Ecuadorian law. Any action or proceeding arising out of or in connection with this duty will be subject to the jurisdiction and venue of the courts of Quito, and the parties expressly waive any other forum that may correspond. 


Contact Us

You can contact us at: