MAIA MANAGEMENT S.A.S. ("MMG", "Maia Legal", "we"), in accordance with Colombian Statutory Law 1581 of 2012, Decree 1377 of 2013, and related regulations, adopts this Personal Data Processing Policy, which applies to all personal information collected through our digital channels, including the maia-legal.com website and our WhatsApp messaging channels.
1. Data Controller
Legal entity: MAIA MANAGEMENT S.A.S. Tax ID (NIT): 901.862.977-7 Registered address: Calle 24 #3-99, Edificio Banco de Bogotá, Suite 1102, Santa Marta, Magdalena, Colombia Legal representative: Andrew Gallie Privacy requests email:privacy@maia-management.com WhatsApp / Phone:+1 903 459 8763
maia-legal.com is the canonical legal and privacy domain for the entire Maia Group ecosystem. Maia Legal & Accounting operations are provided under the corporate registration and Tax ID of MAIA MANAGEMENT S.A.S.
2. Legal Framework
This policy is governed by:
Article 15 of the Colombian Constitution (right of habeas data)
Statutory Law 1581 of 2012 — General Personal Data Protection Regime
Regulatory Decree 1377 of 2013
Single Decree 1074 of 2015 (Commerce, Industry and Tourism Sector)
Circulars and rulings issued by the Superintendence of Industry and Commerce (SIC)
Where applicable, we also comply with the EU General Data Protection Regulation (GDPR) for data subjects in the European Economic Area.
3. Personal Data We Collect
Depending on the channel through which you interact with us, we may collect the following categories of data:
3.1. WhatsApp channel (customer-service chatbots). When you message us on WhatsApp, we collect:
Your mobile phone number (WhatsApp sender identifier)
Your WhatsApp profile name, where available
The full content of the messages you send during the chat session
Lead qualification data: nationality, city, type of service requested, approximate budget, urgency, and any other information you voluntarily share
Description of your legal, accounting, or business situation
Nationality and immigration status where relevant
Tax identification numbers (NIT, RUT, foreign TINs) in the course of professional engagements
Financial information necessary for accounting and tax compliance services
Website usage data via cookies and analytics tools
4. Purposes of Processing
We process your personal data for the following purposes:
Customer service: responding to enquiries via WhatsApp and the contact form
Lead qualification and routing: determining whether your enquiry concerns Maia Legal, Maia Realty, Lleva Lleva, or another ecosystem business unit, and directing it to the appropriate team
Provision of professional services: legal, accounting, tax, immigration, and business advisory services
Legal compliance: obligations toward DIAN, Migración Colombia, the Chamber of Commerce, the Cancillería, and other authorities
Communications: service updates, regulatory changes, and relevant information
Service improvement: website analytics and quality review of WhatsApp conversations
Marketing: management of Google Ads campaigns and authorised communications
5. Legal Basis for Processing
We process personal data on the following grounds:
Informed consent of the data subject (art. 9, Law 1581/2012). By initiating a WhatsApp conversation with us or submitting the contact form, you provide prior, express, and informed consent to the processing described herein.
Performance of a contract or pre-contractual measures at your request
Compliance with legal obligations (DIAN, SIC, immigration authorities, etc.)
Legitimate interest in providing and improving our professional services
6. Storage and Technical Infrastructure
Personal data is stored on the following infrastructure:
Netlify Blobs (session storage). WhatsApp chat sessions and lead records are stored on Netlify Blobs (Netlify, Inc., United States), as ephemeral session-oriented storage with limited retention for operational audit.
Twilio (message logs). WhatsApp messages transit through the Twilio API (Twilio Inc., United States), our messaging provider. Twilio retains message logs according to its own retention and compliance policies.
Google (analytics and advertising). Website usage data and advertising metrics are processed by Google LLC (United States) through Google Analytics and Google Ads.
Corporate email servers. Email communications related to professional engagements.
7. International Transfers
Your data may be processed in the United States by our data processors (Netlify, Twilio, Google). These transfers are conducted under articles 26 of Law 1581/2012 and 24 of Decree 1377/2013, supported by your express consent, contractual clauses with these providers, and internationally recognised security standards.
8. Data Retention
We apply the following retention periods:
Active WhatsApp sessions: retained while the conversation is active plus a reasonable operational window for follow-up.
Non-converted lead data: up to twenty-four (24) months from the last contact, unless an earlier deletion request is received.
Active clients: for the duration of the professional engagement and up to five (5) years thereafter, in accordance with art. 60 of the Colombian Commercial Code.
Accounting and tax records: ten (10) years, in accordance with the Tax Statute and related regulations.
Website analytics data: according to Google Analytics default settings.
9. Data Subject Rights (Law 1581 of 2012)
As a data subject, you have the following rights:
Access: know what personal data we hold about you and the purposes of its processing.
Rectification: request correction of partial, inaccurate, incomplete, fragmented, or misleading data.
Update: keep your data current.
Deletion: request the deletion of your data when no longer necessary or when consent is revoked, unless a legal or contractual duty to retain it applies.
Withdrawal of consent: at any time, with effects going forward.
Proof of consent: request evidence of the authorisation granted.
Information on use: be informed of how your data has been used.
Complaint to the SIC: file complaints with the Superintendence of Industry and Commerce when you consider your rights have been violated, after the internal procedure with MMG has been exhausted.
The right you wish to exercise and a specific description of the request
Notification address (email or physical)
Supporting documents, where applicable
Response timelines under Law 1581/2012:
Queries: ten (10) business days, extendable by five (5) additional business days.
Claims: fifteen (15) business days, extendable by eight (8) additional business days.
If your claim is not addressed, or you consider the response insufficient, you may file a complaint with the Superintendence of Industry and Commerce (SIC) — Colombia's national data protection authority — through www.sic.gov.co.
11. Information Security
We implement reasonable technical, human, and administrative measures to protect your data against unauthorised access, loss, alteration, or disclosure, including encryption in transit (TLS/HTTPS), role-based access control, and confidentiality agreements with our processors.
12. Cookies
This website uses analytics cookies (Google Analytics) and advertising cookies (Google Ads). You can manage your preferences through the consent banner or your browser settings. More details at our .
13. Effective Date and Amendments
This Policy is effective as of 1 May 2026. MMG may update it at any time. Material changes will be communicated through the website and, where appropriate, through the channels by which we maintain contact with you.
Data Protection Contact
Controller: MAIA MANAGEMENT S.A.S. — Tax ID 901.862.977-7