Legal framework
Privacy policy and use of personal data
OBJECTIVE: To ensure the preservation and confidentiality of the information of the patients and users of MEDICAL CENTER-SURGICAL BEAUTY S. A. S, collected with the subject of the provision of health services in accordance with the provisions of article 15 of the Constitution, the Law 23, 1981, the Decree 1377 of 2013 and the resolution 1995, 1999, and the resolution 2546 July 2, 1998. Our policy on the processing of information defines, among others, the principles we will comply to collect, store and use the personal data of patients and/or users, and to act with responsibility at the time of collecting personal information and protect your privacy, and guarantee the confidentiality of the medical History, as noted in the law.
SCOPE OF THE POLICY: The principles and provisions contained in this policy shall be applicable to the personal data of our customers, patients, employees, suppliers, partners and the general public, which means that they are registered in MEDICAL CENTER-SURGICAL BEAUTY S. A. S. This Policy shall apply to all Processing of Personal Data and Sensitive Data by the Center, its employees, and as appropriate, by those third parties with whom MEDICAL CENTER-SURGICAL BEAUTY S. A. S. remember all or part of the performance of any activity relating to, or connected with, the Processing of Personal Data or with their information systems.
MANDATORY: These policies are mandatory and strict compliance by all employees of the MEDICAL CENTER SURGICAL BEAUTY S. A. S. as well as to the contractors and third parties connected with MEDICAL CENTER-SURGICAL BEAUTY S. A. S. All employees must observe and comply with these policies in the performance of its functions, (In accordance with paragraph 1 of article 58 of the Code on the Substantive Work, it is a special obligation of the worker to "observe the precepts of the regulations and to abide by and comply with the orders and instructions in a particular way given by the employer or its representatives"). In the cases that there is no link work should include a contractual clause in which the contractor undertakes to comply with these policies.
DEFINITIONS: The expressions used in this Policy have the meaning here given, or the meaning of the law or the applicable case law to provide them.
- “Authorization”: prior, express and informed consent of the Holder to carry out the Processing of personal data;
- “Privacy notice” means the written or verbal communication generated by the controller, addressed to the Holder for the Processing of your Personal Data, by means of which we inform about the existence of the policy of Treatment of information that will be applicable to the way you access them, and the purposes of the Processing that aims to provide the Personal Data. c. “Database”: organized Set of Personal Data which are undergoing Processing.
- ”Personal data” Is any information of any kind, associated with, or that can be associated to one or more natural or legal persons determined or determinable.
- “Data public”: it Is the data that is not semi-private, private or sensitive. Are considered public data, among others, data concerning the civil status of persons, to their profession or trade, and to their quality of merchant or public server. By its nature, public data can be contained, among others, in public records, public documents, official gazettes and newsletters and judgments duly handed down that are not subject to booking
- “Sensitive data” means the Personal Data that affects the privacy of the Holder of, or whose improper use can generate its discrimination, such as those that disclose affiliations union, racial or ethnic origin, political orientation, religious beliefs, moral or philosophical, the membership of trade unions, social organizations, human rights or promote the interests of any political party or to guarantee the rights and guarantees of political opposition parties, as well as data concerning health, sex life and biometric data.
- “Charge”: it Is the natural or legal person, public or private, that by itself or in association with others, to perform the Processing of Personal Data by account and order from the manager.
- “Authorized” means the Company and all persons under the responsibility of the Company by virtue of the Authorization, and of this Policy, have the legitimacy to Treat the Personal Data of the Holder. The Authorized includes the gender of your Enabled.
- “Empowerment”, or be “Enabled”: it Is the legitimacy that expressly and in writing by the contract or document that you do your times, give the Company to third parties, in compliance with applicable Law, for the Processing of Personal Data, converting to such third parties in Charge of the Treatment delivered or made available.
- “Query”: Request of the owner of the data or the persons authorized by it or by the act to know the information contained on it in files or databases.
- “Manual”: this Is the Internal Manual of Policies and Procedures for the Protection of Personal Data of the Company, in which are contained the policies and procedures to ensure the proper fulfillment of the Law.
- “Responsible”: Is any person to whom the Policy subject to the fulfillment of this Policy to perform activities of Processing of Personal Data within, in the name of, on behalf of or for the Company, including, but not limited to, everyone who is an employee, director, representative, contractor, agent, deputy, delegate, ambassador, shareholder, partner, consultant, supplier, and customer CENTER MEDICAL-SURGICAL BEAUTY S. A. S.
- “Holder” Is the natural person or legal entity to whom the information relates, which is resting on a Base of Data and who is the subject of the right of habeas data, by being the holder of the Personal Data concerned.
- “Transfer”: it Is the Treatment that involves the communication of Personal Data within or outside the territory of the Republic of Colombia for the purpose of Treatment by the Manager for the account of the Responsible.
- “Transmission”: this Is the activity of Treatment by which to communicate Personal Data internally or with third parties, within or outside the territory of the Republic of Colombia, when such a communication has as its object the carrying of any activity of Treatment by the recipient of the Personal Data.
- “Treatment”: Is any operation or set of operations, electronic or non-electronic, that allow the collection, conservation, management, storage, modification, relationship building, use, circulation, evaluation, blocking, destruction, and, in general, the processing of Personal Data, as well as its transfer to third parties through communications, consultations, interconnections, assignments, data messages.
TYPE OF INFORMATION COLLECTED: Data general MEDICAL CENTER-SURGICAL BEAUTY S. A. S. obtained from their patients and/or users in exercise of the provision of their services, but not limited to, and whose personal information collected may include, but are not limited to:
- Name
- Place and date of birth and nationality.
- Personal Identification number (Cédula, NIT. Passport.)
- Gender.
- Address, phone, e-mail.
- Clinical data of the patient. Includes, but is not limited to: medical history, surgical findings, consultations, prescriptions, diagnoses, test results, hospital care, data nursing, consultations etc
- Contacts: family, friends, managers, curators
- Personal information, level of education, profession, religious cult, and other social content, through the office of customer care, hospital admission, or social work.
- Personal information through surveys.
- Responsible entity, or insurer of the health services.
- Company where he works. Also you get information that is collected through voluntary transfer of the patient or user, in the processes of care, in the processes of billing, in the research authorized by the patient and other power sources of information.
SENSITIVE DATA: MEDICAL CENTER-SURGICAL BEAUTY S. A. S. prohibits its employees, contractors, physicians, and co-workers, direct or indirect disclose data considered as sensitive in the constitution and the law, such as racial or ethnic origin, political preference, trade union membership, affiliation to social organizations, governmental or non-governmental organizations, human rights, religious beliefs, sexual orientation, biometric data or health, etc, which are subject to reserve and confidentiality, in particular when it comes to underage children and adolescents. It is forbidden to the processing of sensitive data, with the exception of the cases explicitly stated in article 6 of the Law 1581 of 2012 is to say, in the following cases:
- The Holder has given its express consent to such Treatment, except in cases that by law it is required for the granting of such authorization;
- The Processing is necessary to protect the vital interests of the Holder and this is physically or legally incapable. In such event, the legal representatives must give their permission;
- The Treatment is carried out in the course of the legitimate activities with appropriate guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or trade union, provided that relate exclusively to its members or to persons who have regular contact by reason of their purpose. In these events, the data may only be supplied to third parties without the permission of the Owner;
- The Processing relates to data which are necessary for the establishment, exercise or defense of a right in a judicial process;
- The Treatment has a purpose that is historical, statistical or scientific. In this event, measures must be taken, leading to the suppression of identity of the Owners.
In cases in which the Processing of sensitive data is possible, you must comply with the following obligations:
- Inform the owner that because of the sensitive data is not obligated to authorize Treatment.
- Inform the holder of the explicit and prior, in addition to the general requirements of the authorization for the collection of any kind of personal data, which the data that will be object of Treatment are sensitive and purpose of the Treatment, so as to obtain your explicit consent. However, at the time of collection of the same, the patient is in the ability to answer the questions that concern this type of data.
TREATMENT TO WHICH IT WILL BE SUBJECTED TO THE DATA:
MEDICAL CENTER-SURGICAL BEAUTY S. A. S. uses the information from their users and patients to ensure the delivery of health services, invoice, and collect before the natural or legal persons responsible for the payment, completed the Individual Record of the Provision of Services to Health (RIPS), administrative purposes, such as audits, billing, accounting, and with the consent of the holder of the information may be promoted processes of research, statistics, prevention campaigns and promotion and, in general, for use in public health policy. These can be used to: a. Activities related to the delivery of health services in the development of activities and social object of the center, such as, for example, but not limited to, activities corporate, administrative, information, marketing, petition, collection, collection, as well as for activities from the procedures themselves of the Social Security System in Health and compliance of the rules governing it. b. Contact with patients and/or users through telephone, physical, personal, and/or electronic means (such as SMS, chat, e-mail, and other means that they can be considered). c. Send notifications of changes or improvements in the delivery of services and publicity about the same in accordance with the applicable legislation, as well as to send information from journals or subjects of the health sector that we believe may be of interest to you. d. Create and manage databases (including databases with sensitive data) for the provision of the services of the center, the purpose of research, development services and/or products, studies of risk and actuarial calculations. MEDICAL CENTER-SURGICAL BEAUTY S. A. S. does not share this information with anyone outside of or not authorized in accordance with the legislation and case law in force; you may, however, be shared or provided information with the judicial or administrative authorities in exercise of their powers legal request or with health authorities.
RIGHTS OF THE HOLDERS OF THE DATA: People who are forced to comply with these policies must respect and ensure the following rights of the holders of the data: to. Know, update and rectify your personal data against those Responsible for the care or Charge of the Treatment. This right may be exercised, among other front to partial data, inaccurate, incomplete, fractioned, deceptive, or those whose Treatment is prohibited or has not been authorized. b. Request proof of the authorization granted to the Responsible of the Treatment, except when expressly exempted as a requirement for the Processing, in accordance with the provisions of article 10 of the Law 1581 of 2012. c. Be informed by the controller or the processor, upon request, in respect of the use that has been given to their personal data. d. Submit before the Superintendence of Industry and Commerce complaints for violations of the provisions of this law and other regulations that alter, add or supplement. e. Revoke the authorization and/or request the deletion of the data when the Treatment does not comply with the principles, rights and constitutional and legal protections. The cancellation and/or suppression will proceed when the Superintendence of Industry and Commerce has determined that the Treatment of the controller or processor have engaged in conduct contrary to the Constitution and the law. f. Free access to your personal data that have been processed. Without prejudice to the exceptions provided for in the law, in the Treatment requires prior authorization and informed consent of the Holder, which shall be obtained by any means which may be the object of subsequent query. However, the authorization of the Holder shall not be required in the case of: a. Information required by a public entity or administrative, in exercise of its statutory functions, or by court order; b. Data of a public nature; c. Cases of medical emergency or health; d. Treatment of information authorized by the law for the purposes of historical, statistical or scientific; and. Data related to the Civil Registry of the People.
PROCEDURE FOR EXERCISE OF RIGHTS BY HOLDERS: The Owners of personal data must file their queries, requests, or complaints in the Customer service Office located in the facilities of the MEDICAL CENTER SURGICAL BEAUTY S. A. S. in the City of Cali.
- Queries: MEDICAL CENTER-SURGICAL BEAUTY S. A. S. must respond to queries within a period of ten (10) business days from the date of receipt of the same. When it is not possible to meet this time, they must inform the person expressing the reasons for the delay and the date on which you respond to the query on a term not exceeding five (5) days.
- Claims: The registrant or assignee who consider that the information contained in a database must be the subject of correction, updating or deletion, or when you notice the alleged breach of any of the duties contained in the law or this Policy, may submit a claim to the MEDICAL CENTER SURGICAL BEAUTY S. A. S. which will be processed under the following rules: (i) The claim shall be made by sending a request to the controller or the processor, for writing that will be filed in the with the identification of the Owner, the description of the facts giving rise to the claim, the address, and enclosing the documents that you want to enforce. If the claim is incomplete, MEDICAL CENTER-SURGICAL BEAUTY S. A. S. shall require the interested party within five (5) days following the receipt of the same to remedy the failures. After two (2) months from the date of the requirement, without which the applicant submits the required information, shall be deemed to have withdrawn the claim. (ii) once we have received your claim in full, will be included in the database is a legend that says "claim pending" and the reason for the same, in a term not exceeding two (2) business days. Such legend shall be kept until the claim is decided. (iii) The maximum term to address the claim shall be fifteen (15) days counted from the day following the date of its receipt. When it is not possible to satisfy the demand within such term, we will inform the data subject of the reasons for the delay and the date on which you will attend to your claim, which may in no case exceed eight (8) business days following the expiration of the first term. (iv) The Holder or the successor in title may bring a complaint before the Superintendence of Industry and Commerce, once you have exhausted the process of query or complaint with the controller or the processor. c. Revocation of the authorization and/or deletion of the data: The Owners may at any time, apply to the MEDICAL CENTER SURGICAL BEAUTY S. A. S. the deletion of your personal data and/or revoke the authorisation granted for the Processing of the same, by the filing of a claim, in accordance with the provisions of article 15 of the Law 1581 of 2012 and decree 1377 of 2013 and the Procedure indicated in this Policy. If the expiry of the term of legal in respective MEDICAL CENTER-SURGICAL BEAUTY S. A. S. it has not eliminated the personal data, the Holder will have the right to request that the Superintendence of Industry and Commerce ordered the revocation of the authorization, and/or the deletion of personal data. Notwithstanding the foregoing, personal data must be kept, as required for compliance with a legal or contractual obligation.
TEMPORARY LIMITATIONS ON THE PROCESSING OF PERSONAL DATA:
MEDICAL CENTER-SURGICAL BEAUTY S. A. S. only be able to perform the Treatment of personal data for as long as is reasonable and necessary, according to the purposes that justified the Treatment, according to the provisions applicable to the subject matter and to the administrative, accounting, fiscal, legal, and historical information. Once the or the purposes of the processing and without prejudice to legal rules provide otherwise, shall carry out the erasure of the personal data in your possession. Notwithstanding the foregoing, personal data must be kept, as required for compliance with a legal or contractual obligation
SECURITY MEASURES TAKEN WITH REGARD TO THE PROCESSING OF PERSONAL DATA: MEDICAL CENTER-SURGICAL BEAUTY S. A. S. informs its users and patients that it has adopted and implemented the measures of technical, legal and administrative measures to ensure the security of personal data and avoid its alteration, loss, misuse, or unauthorized access.
COMPLIANCE WITH THE LAW ON PROTECTION OF PERSONAL DATA: As is customary for the observance of the order established legal, MEDICAL CENTER-SURGICAL BEAUTY S. A. S. is committed to comply in all its extension, the Law of protection of personal data and ensures that its holder has the opportunity of knowing it, update it, and to request the deletion of their data, when this is from, through such means. MODIFICATION: MEDICAL CENTER-SURGICAL BEAUTY S. A. S., reserves the right to modify its policy of protection and processing of personal data, when the circumstances or the law warrant or order; in which case the change will be announced through the media that the Clinic deems suitable to the case. MEDICAL CENTER-SURGICAL BEAUTY S. A. S. recommends to his patients and/or users to review the policy of protection and processing of personal data regularly to ensure that you have read the most current version, being in any case the responsibility of the user to read.
IDENTIFICATION OF THE RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA:
Social reason: MEDICAL CENTER-SURGICAL BEAUTY S. A. S. NIT: 800.116.511-3
Address: Career 40 5B 100 Barrio Tequendama
City: Cali.
E-Mail: [email protected]
Phone: 4866666
Area Responsible For: Attention to the user.