At Bridgemarkets, a digital platform owned by Golden Atlantic Group S.A., Panama, Bella Vista – Obarrio. Calle 51 E and Federico Boyd, Edificio Hábitat Plaza, Floor 5, office 500-3 A, we are firmly committed to protecting the privacy and personal data of our users, clients, suppliers, and commercial partners.
This Privacy and Data Use Policy clearly and transparently describes how we collect, use, store, share, transfer, and protect your personal information when you access, browse, or use the website www.bridgemarkets.com (hereinafter, the “Website”). This policy complies with Law 81 of 2019 on Personal Data Protection of the Republic of Panama, as well as with international privacy principles established in the General Data Protection Regulation (GDPR) of the European Union, where applicable.
Definitions
For a better understanding of this policy, the following definitions are established:
DATA CONTROLLER
The data controller for personal data collected through the website www.bridgemarkets.com is:
Golden Atlantic Group S.A.
Address: Panama, Bella Vista – Obarrio. Calle 51 E and Federico Boyd, Edificio Hábitat Plaza, Floor 5, office 500-3 A
Contact email: info@bridgemarkets.com
Phone: +507-201-8474
Golden Atlantic Group S.A., in its capacity as controller, determines the purposes and means of personal data processing, and commits to ensuring the confidentiality, integrity, security, and availability of users’ personal information, complying with the provisions of Law 81 of 2019 on Personal Data Protection and other applicable international regulations.
In the event that data processors are appointed or data transfers to third parties are carried out, Golden Atlantic Group S.A. will ensure that such third parties offer adequate guarantees of compliance regarding data protection.
Likewise, the controller has adopted appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or destruction.
DATA WE COLLECT
Within the framework of the Bridgemarkets platform’s operation, and to provide our services efficiently and securely, we collect various categories of personal data. The collection of this information is carried out directly from the user, from their interaction with our website, or through technological tools such as cookies. This data may include, among others, the following:
a) Contact Information
Data that allows direct communication with the user, such as:
Full name
Email address
Phone number
b) Commercial Identification Data
In the case of companies or corporate users registered on the platform, additional information may be collected, including:
Company name
Registration or tax identification number
Business address
Legal representative or authorized contact
c) Website Usage Information
We collect data about how users interact with the website, such as:
IP address
Browser type and version
Operating system and device type
Pages visited and duration of visit
Date and time of access
Referral URL
d) Technical and Navigation Data
We use analytical tools and technologies such as cookies and log files to collect technical data that helps us improve website performance:
Cookies and similar technologies (see specific cookies section)
Unique device identifiers
Server logs
Approximate geolocation data (based on IP)
PURPOSES OF PROCESSING
Golden Atlantic Group S.A., in its capacity as data controller, uses the information collected from Bridgemarkets users exclusively for legitimate and necessary purposes related to the operation and provision of its services. In this regard, we process your personal data for the following purposes:
a) Provision of Platform Services
Provide access, authentication, and functionalities within the website www.bridgemarkets.com.
Allow the registration and management of user accounts, both individual and corporate.
Facilitate interaction between users (e.g., wholesale buyers and sellers) in the digital commerce environment.
b) Management of Commercial Operations
Process orders, payments, and invoicing.
Intermediation with sellers.
Manage inquiries, support requests, and customer service regarding the digital platform.
c) Operational and Commercial Communications
Send important notifications about account operation, changes in terms and conditions, policies, or security updates.
Communicate promotions, news, newsletters, satisfaction surveys, and commercial offers, provided the user has given their express consent when required.
d) Website Improvement and Technical Analysis
Analyze browsing behavior and site usage to improve user experience, system functionality, and interface design.
Conduct statistical studies, usage metrics, service performance, and optimization of internal processes.
e) Compliance with Legal Obligations
Comply with current legal regulations, including, but not limited to, tax, customs, commercial, and personal data protection legislation.
Address requirements from judicial, administrative, or regulatory authorities, as provided by law.
LEGAL BASIS FOR PROCESSING
The processing of your personal data by Golden Atlantic Group S.A., in the context of using the Bridgemarkets platform, is based on one or more of the following legal bases, as applicable:
a) Express Consent of the Data Subject
We process your personal data when you have given your free, specific, informed, and unambiguous consent, for example, by registering on the platform, accepting our privacy policies, or subscribing to commercial communications. You can withdraw your consent at any time, without retroactive effect, through the enabled means.
b) Performance of a Contractual Relationship
Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. This includes processing orders, payments, logistics management, and access to specific platform functionalities.
c) Compliance with Legal Obligations
We process your data when necessary to comply with legal or regulatory obligations that apply to us, including, but not limited to:
Tax and customs regulations
Prevention of fraud and financial crimes
Requirements from competent authorities (administrative, judicial, regulatory)
d) Legitimate Interest of the Controller
We may process your personal data based on our legitimate interest, provided that your fundamental rights and freedoms do not override it. Some examples include:
Improving platform functionality and security
Performing statistical analysis on site usage
Detecting and preventing fraudulent or malicious activities
Protecting our rights in legal or contractual proceedings
DATA TRANSFER AND ASSIGNMENT
In the development of our activities and to ensure the efficient operation of the Bridgemarkets platform, we may share your personal data with third parties, always under the principles of legality, necessity, proportionality, security, and confidentiality. The categories of recipients may include:
a) Service Providers
We may share personal data with third parties acting as data processors, who provide services on behalf of Golden Atlantic Group S.A., such as:
Hosting and cloud storage service providers.
Data analysis platforms and browsing metrics.
Email sending and marketing automation tools.
Payment platforms and financial gateways.
IT security and cybersecurity providers.
These third parties are contractually obligated to process data according to our instructions and cannot use them for their own purposes. Furthermore, they must guarantee an adequate level of protection in accordance with this policy and current legislation.
b) Administrative, Tax, or Judicial Authorities
We may disclose personal data when necessary to:
Comply with a legal obligation or judicial order.
Address valid requirements from public authorities, such as supervisory bodies, tax entities, customs, or financial entities.
In all these cases, the information will be delivered in a controlled manner and in accordance with the mechanisms established by law.
c) Commercial Partners of the Bridgemarkets Ecosystem
Within the framework of the platform’s operation, we may share data with strategic allies and commercial partners exclusively to:
Facilitate transactions between wholesale buyers and sellers.
Coordinate logistics, customs, and distribution processes.
Verify commercial and contact information for operational or security purposes.
Processing by these third parties will be limited to the purposes necessary to operate within the Bridgemarkets ecosystem, under confidentiality agreements and in accordance with this policy.
d) International Data Transfers
In the event that personal data is transferred to third parties located in countries outside of Panama, we will ensure that these countries have adequate levels of protection, equivalent or compatible with Law 81 and, where applicable, with the GDPR. When necessary, standard contractual clauses or other valid mechanisms will be signed to ensure the legal security of such transfers.
RIGHTS OF THE PERSONAL DATA SUBJECT
As the data subject of personal data processed by Golden Atlantic Group S.A., you have the right to exercise control over your information, in accordance with the provisions of Law 81 of 2019 on Personal Data Protection of Panama and, where applicable, the General Data Protection Regulation (GDPR).
The rights you can exercise are the following:
a) Right of Access
You have the right to obtain confirmation as to whether or not we are processing your personal data, as well as to access information related to:
The categories of data processed.
The purpose of the processing.
The recipients or categories of recipients to whom the data has been or will be disclosed.
The envisaged period for which the data will be stored.
b) Right to Rectification or Update
You can request the correction, modification, or updating of inaccurate, incomplete, or outdated personal data.
c) Right to Erasure or Deletion (“Right to be Forgotten”)
You have the right to request the erasure of your personal data when:
The purpose for which they were collected no longer exists.
You withdraw your consent (and there is no other legal basis for processing).
There is unlawful processing.
A legal obligation so establishes.
Note: This right may be limited by legal or contractual requirements that require the temporary retention of some data.
d) Right to Object
You can object to the processing of your personal data when there are legitimate reasons related to your particular situation, unless there are compelling legal or legitimate reasons that prevail.
e) Right to Withdraw Consent
You can withdraw your previously granted consent for the processing of your data at any time, without affecting the lawfulness of the processing carried out prior to the withdrawal.
Exercise of Rights
To exercise any of the aforementioned rights, you can contact us through the following means:
Email: info@bridgemarkets.com
Suggested subject: “ARCO Rights Exercise”
You must include the following minimum information:
Full name of the data subject
Identification document or equivalent verification method
Right you wish to exercise
Clear and precise description of your request
Means to receive the response
Once your request is received, we will evaluate its relevance and, if valid, respond within a maximum period of thirty (30) business days, as established by Panamanian regulations. In case additional information is required to address the request, we will contact you within that period.
INFORMATION SECURITY
At Golden Atlantic Group S.A., we are committed to ensuring the security, confidentiality, integrity, and availability of the personal data we process through the Bridgemarkets platform. To do this, we implement appropriate technical, organizational, and administrative measures to prevent unauthorized access, loss, alteration, improper disclosure, or destruction of information.
Applied measures include, but are not limited to:
Encryption of data in transit and at rest, to protect the confidentiality of information transmitted through public networks or stored on servers.
Firewalls and intrusion detection systems (IDS/IPS) to prevent malicious or unauthorized access.
Physical and logical access controls, including multi-factor authentication for authorized personnel.
Secure password management and periodic credential renewal policies.
Continuous monitoring and activity logs, to identify potential vulnerabilities or security incidents.
Staff training on privacy practices and personal data protection.
Periodic risk assessments and security audits to identify and correct system weaknesses.
Likewise, we require our suppliers and commercial partners to maintain equivalent or superior levels of security and confidentiality in the processing of personal data shared with them.
USE OF COOKIES
The website www.bridgemarkets.com uses its own and third-party cookies with the aim of improving the browsing experience, analyzing site usage, remembering your preferences, and offering you personalized content.
What are cookies?
Cookies are small text files that are stored on the user’s device (computer, smartphone, tablet, etc.) when they access a website. These files allow the user to be recognized on future visits and store information about their activity within the site.
Purposes of using cookies:
Bridgemarkets uses cookies for the following purposes:
Improve website navigation and functionality, facilitating the use of certain sections or remembering previous actions.
Analyze usage patterns, allowing us to understand how users interact with the site to continuously improve its structure and content.
Remember user preferences, such as selected language, region, or specific settings.
Personalize the content displayed, including ads or suggestions based on your browsing behavior and preferences (if you allow it).
Types of cookies used:
Technical and functional cookies: necessary for the proper functioning of the site. They do not require consent.
Analytical or performance cookies: allow measuring site activity and generating browsing statistics.
Personalization cookies: adapt content to your preferences and behaviors.
Advertising or third-party cookies: managed by third parties (such as Google Analytics, Meta/Facebook Pixel, etc.) to offer relevant advertising.
Cookie management:
You can accept, reject, or configure the use of cookies at any time through:
The cookie settings panel available on the website when you first enter or from the footer.
Your browser settings, where you can delete or block existing cookies. Please note that disabling certain cookies may affect the functionality of the site.
Consent:
By continuing to browse this website without modifying your settings, it will be understood that you accept the use of cookies, unless you indicate otherwise through the enabled means. In cases requiring prior consent (such as non-essential cookies), it will be requested through a banner or pop-up notice.
For more information on how we manage your personal data and your rights, please consult our full Privacy Policy.
DATA RETENTION
Golden Atlantic Group S.A. will retain your personal data only for the time strictly necessary to fulfill the purposes for which they were collected, or failing that, for the period required by applicable legal, contractual, or regulatory provisions.
Retention criteria:
Specific retention periods may vary depending on the type of data and the purpose of processing, but generally the following criteria will be considered:
Data necessary for service provision: Will be retained for the duration of the commercial, contractual, or registered user relationship, and for a reasonable additional period during which liabilities arising from such relationship may arise.
Compliance with legal or regulatory obligations: Will be retained for the time required by tax, commercial, accounting, customs, or anti-money laundering laws.
Data used for analysis, statistics, or service improvements: Will be anonymized or pseudonymized, whenever possible, and retained in a way that they cannot be directly linked to an individual.
Data processed based on consent (e.g., subscriptions or marketing): Will be retained as long as you do not withdraw the granted consent or request its deletion.
Secure deletion:
Once legal deadlines are met or when the data is no longer necessary for the purposes for which it was collected, it will be securely deleted, anonymized, or destroyed, through mechanisms that prevent its recovery, unauthorized access, or subsequent use.
CHANGES TO THIS PRIVACY POLICY
Golden Atlantic Group S.A. reserves the right to modify, update, or supplement this Privacy and Data Use Policy at any time, in order to adapt it to legislative, regulatory, technological changes, or modifications in the functionalities of the Bridgemarkets platform.
Notification of changes:
Any modification will be duly published on our website www.bridgemarkets.com, in this same section.
In case the changes involve a different or substantial processing of personal data (e.g., new purposes or new categories of recipients), the user will be notified through the registered contact means, and where applicable, their express consent will be requested again.
Effective date of changes:
Modifications will take effect from their publication on the website, unless a different date is expressly indicated.
Recommendation:
We recommend that you periodically review this policy to stay informed about how we protect your information and about your rights as a data subject.
APPLICABLE LEGISLATION
This Privacy and Data Use Policy is governed by and interpreted in accordance with the legislation in force in the Republic of Panama, in particular by the provisions of Law 81 of March 26, 2019 on Personal Data Protection, its regulations, and other applicable complementary regulations.
Additionally, where relevant —due to the data subject’s place of residence, service provider’s location, or type of operation— the principles and provisions of the General Data Protection Regulation (EU Regulation 2016/679 – GDPR) of the European Union will also be observed, especially concerning transparency, lawfulness of processing, data subject rights, and international data transfers.
Golden Atlantic Group S.A. is committed to ensuring compliance with the aforementioned legal provisions, as well as adopting appropriate measures to protect the fundamental rights and freedoms of personal data subjects.
