fbpx

Privacy Policy

INTRODUCTION

The Prolicos SAS institution with the commercial name of Carlos Acevedo Odontología is a private entity, dedicated to the provision of specialized dental services, offering a warm, timely and effective service, reflected in results of excellence and confidence in the oral health of its patients.

In compliance with the provisions of Statutory Law 1581 of 2012 and its Regulatory Decree 1377 of 2013, Prollicos SAS adopts this policy for the processing of personal data, which will be informed to all holders of the data collected or that in the future are obtained in the exercise of commercial or labor activities. In this way, Prolíficos SAS declares that it guarantees the rights of privacy, intimacy and good name of patients, employees, customers and providers, in the processing of personal data, and consequently all their actions will be governed by the principles of legality, purpose, freedom, truthfulness, quality, transparency, access and restricted circulation, security and confidentiality. 

All persons who, in the development of different contractual, commercial, labor activities, among others, whether permanent or occasional, will be able to provide Prolicos SAS with any type of information or personal data, may know, update and rectify it.

 

I. IDENTIFICATION OF THE RESPONSIBLE FOR THE TREATMENT 

NAME OF THE INSTITUTION: Prollicos SAS, hereinafter referred to as LA ORGANIZACIÓN, a private company with Tax Identification Number 900086150-

ADDRESS AND ADDRESS: THE ORGANIZATION has its domicile in the city of Barranquilla and its headquarters are located at Calle 106 No. 50-67 Local 405. 

EMAIL: administracion@carlosacevedo.co PHONE: (57-5) 3775809

 

II. LEGAL FRAMEWORK 

Political Constitution, article 15. 

Law 1266 of 2008 Law 1581 of 2012 

Regulatory Decrees 1727 of 2009 and 2952 of 2010

Partial Regulatory Decree 1377 of 201

Judgments C - 1011 of 2008, and C & #8211; 748 of 2011, of the Constitutional Court.

 

III. OBJECT: This document describes the parameters of regulation, treatment and management of personal data of patients, clients, employees and providers; imposing the duties that assist those responsible for the processing of information, adopting policies and procedures to ensure proper compliance with the law, respecting at all times the integrity of the human being.

 

IV. AREA OF APPLICATION 

This regulation will be immediately applicable to each and every one of the personal and sensitive data that THE ORGANIZATION., May know and collect in due course of its corporate purpose.

The policies, procedures and contents in this policy apply to the databases of THE ORGANIZATION, registered in accordance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, without prejudice to the need that assists you as an Institution Provider of the Health Services, in the compilation, treatment, dissemination and transfer of personal data that she was forced to execute to safeguard the physical integrity of the patients.

  1. DEFINITIONS[1]:
  2. Authorization: Authorization previously issued by the owner of the information, expressly allowing THE ORGANIZATION., To carry out the processing of personal data.
  3. Notice of Privacy: Physical document, electronic or in any other format generated by THE ORGANIZATION available to the owner for the processing of their personal data, in order to communicate the existence of the information processing policies that will be applicable, how to access them and the characteristics of the treatment that is intended to give personal data.
  4. Database: Organized set of personal information subject to treatment, custody and care by THE ORGANIZATION.
  5. Personal data: All information and data linked or, which can be associated with one or more specific or determinable natural persons.
  6. Public data: It is the data that is not semi-private, private or sensitive. Public data are considered, among others, data relating to the marital status of people, their profession or trade and their status as merchant or public servant. By its nature,

Public data may be contained, among others, in public records, public documents, gazettes and official gazettes and duly executed judicial sentences that are not subject to reservation.

  1. Sensitive data: Data that affect privacy (personal), whose misuse can lead to discrimination.
  2. Treatment Manager: Natural or legal person, public or private, that by itself or in association with others performs the Processing of personal data on behalf of THE ORGANIZATION as Responsible for the data.
  3. Headline: Natural person whose personal data is subject to processing, be it customer, supplier, employee or any third party who, by reason of a commercial or legal relationship, provides personal data to THE ORGANIZATION.
  4. Transfer: It refers to the sending by THE ORGANIZATION as Responsible for the Treatment or a Data Manager, to a third agent or natural / legal person (receiver), inside or outside the national territory for the effective processing of personal data;
  5. Transmission: refers to the communication of personal data by the Responsible to the Manager, located inside or outside the national territory, so that the Responsible, on behalf of the Responsible, processes personal data; & #8211;
  6. Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion. For the understanding of the terms that are not included in the previous list, you must refer to the current legislation, especially Law 1581 of 2012 and Decree 1377 of 2013, giving the meaning used in said rule to the terms of whose definition exists any doubt.

 

SAW. BEGINNING

In accordance with the provisions of article 4 of Law 1581 of 2012, THE ORGANIZATION., Through the principles indicated below, determines the parameters on which the processes of collection, use and treatment of personal data will be based .2

  1. to) LEGALITY IN THE PROCESSING OF PERSONAL DATA: In compliance with the provisions of the legislator, THE ORGANIZATION., Adopts the personal data protection policies of patients, clients, employees, suppliers and any person related to THE ORGANIZATION

                                                          

2 2 The principles included in this document are taken from the regulations in force in Colombia that regulate the protection of personal data.

  1. PURPOSE: The Treatment of the data must obey and be aimed at a purpose, characterized by legitimacy and, that at all times is adhered to the constitutional postulates and the Law, therefore, the treatment will have to be informed to the Holder, so that it I authorized it.
  2. FREEDOM: The Processing of personal data can only be exercised with the prior consent of the owner, without prejudice to the necessary and pertinent data to consultations or any type of medical care. If authorization is not possible, there must be a legal mandate (power of attorney) or, judicial requirement.
  3. TRUTH OR QUALITY: All the information referred to in this manual will have to be true, complete, accurate, updated, verifiable and understandable. THE ORGANIZATION., Through its various assistance services and administrative area, prohibits the processing of partial, incomplete, fractional or error-inducing data.
  4. TRANSPARENCY: THE ORGANIZATION. guarantee the right of the Holder to obtain from the Data Controller or the Data Controller, at any time and without restrictions, information about the existence of data concerning him, in accordance with the protocols established for this purpose.
  5. RESTRICTED ACCESS AND CIRCULATION: Except for public information, the data covered by this regulation may not be available on the Internet or other means of dissemination or mass communication. The Treatment will be subject to the limits that derive from the nature of the personal data and the assistance services offered by THE ORGANIZATION., Of the provisions of the Law and the Constitution.

In this sense, the Treatment may only be done by persons authorized by the Holder or in accordance with the exceptions and persons empowered by the Law. 

  1. SECURITY: The information subject to treatment or reception by THE ORGANIZATION., Will be protected through the use of all technological means and the necessary technical, human and administrative measures, in order to grant security to the records avoiding their adulteration, loss, consultation , unauthorized or fraudulent use or access.
  2. CONFIDENTIALITY: All natural or legal persons involved in the processing of personal data of patients, users, beneficiaries, contractors, collaborators and any person related to THE ORGANIZATION. They are obliged to guarantee the reservation of the information, even after the end of their relationship with any of the tasks included in the Treatment.

VII. AUTHORIZATION: The collection, storage, use, circulation, transmission or deletion of personal data by THE ORGANIZATION., Will require the prior, free, informed and express consent of the Holder thereof, except in the events expressly established in Article 6, 10 and 26 of Law 1581 of 2013 and article 4 of Decree 1377 of 2013, which include the following exceptions:

  1. Emergency medical attention.
  2. Transmission of scientific data or, for the execution of a contract.
  3. Data processing, statistical, historical or scientific.
  4. The others contemplated by the Law.

THE ORGANIZATION., Has integrated into its processes of patient and user care mechanisms for obtaining authorization from the owners.

 

VII. TYPE OF INFORMATION SUBJECT TO TREATMENT 

THE ORGANIZATION recognizes that its patients, employees, clients and providers, have the right to have a reasonable expectation of their privacy, taking into account in any case their responsibilities, rights and obligations with THE ORGANIZATION. 

Understanding as a patient any natural person that requires the performance of diagnostic or interventional procedures by a Health Services Provider Institution.

From the patients

  1. Personal identification data, surnames and names, identification, date of birth, age, sex, marital status, occupation, address and telephone number of the residence, place of residence, guardian or person in charge, address and telephone number of the person in charge, kinship, insurance and type of bonding;
  2. Medical history, medical history, diagnostic aids, health status, information from medical studies.

The Clinical History is regulated by Law 23 of 1981, by Resolution 1995 of 1999 and by Resolution 00839 of 2017, regarding the diligence, administration, conservation, custody and confidentiality of medical records, according to the parameters of the Ministry of Health and the General Archive of the Nation.

If sensitive information is found within the collected information, THE ORGANIZATION will inform you of the quality of said sensitive data and the purpose of the treatment, and will only be treated with your prior, express and informed consent. Keep in mind that because it is sensitive data you are not required to authorize its treatment.

Use and purpose of the treatment.

Personal data is used to: 

  1. Execution of the contract signed with THE ORGANIZATION.
  2. Billing services.
  3. Sending information to governmental or judicial entities by express request.
  4. Support in external / internal audit processes.
  5. Sending / Receiving messages for commercial, advertising and / or customer service purposes.
  6. Contact with clients to send information related to the contractual, commercial and mandatory relationship that takes place.
  7. Conduct surveys related to LA services or goods

ORGANIZATION 

  1. Data collection for the fulfillment of duties that, such as

Responsible for information and personal data, it is up to the ORGANIZATION. 

  1. To provide effective customer service.
  2. Any other purpose that results in the development of the contract or the relationship between you and THE ORGANIZATION.

 

Understanding as a client any natural or legal person who in exchange for a payment receives services from someone who provides them for that concept.

Of the Clients

  1. Client's name or business name, identification number or NIT with verification digit, place of address, address, telephone, fax, email;
  2. Name of the general manager or legal representative and address, telephone, fax, email;
  3. Name of the person assigned to the portfolio collection, email;
  4. Tributary information;
  5. Bank information that includes the name of the bank account holder, bank account number and bank name or code.

If sensitive information is found within the collected information, THE ORGANIZATION will inform you of the quality of said sensitive data and the purpose of the treatment, and will only be treated with your prior, express and informed consent. Keep in mind that because it is sensitive data you are not required to authorize its treatment.

Use and purpose of the treatment.

Personal data is used to: 

  1. Execution of the contract signed with any of THE ORGANIZATION.
  2. Billing services.
  3. Sending information to governmental or judicial entities by express request.
  4. Support in external / internal audit processes.
  5. Sending / Receiving messages for commercial, advertising and / or customer service purposes.
  6. Contact with clients to send information related to the contractual, commercial and mandatory relationship that takes place.
  7. Conduct surveys related to LA services or goods

ORGANIZATION 

  1. Collection of data for the fulfillment of the duties that, as Responsible for the information and personal data, corresponds to THE ORGANIZATION.
  2. To provide effective customer service.
  3. Any other purpose that results in the development of the contract or the relationship between you and THE ORGANIZATION.

 

Understanding as supplier any natural or legal person that provides any service to THE ORGANIZATION under a contractual / mandatory relationship.

From the Suppliers

  1. Name of the Provider or business name, identification number or NIT with verification digit, place of address, address, telephone, fax, email, name and telephone number of the contact person;
  2. Name of the general manager or legal representative and address, telephone, fax, email;
  3. Tributary information;
  4. Bank information that includes the name of the bank account holder, bank account number and bank name or code.

Use and purpose of the Treatment.

Personal data is used to: 

  1. Execution of the contract signed with THE ORGANIZATION.
  2. Payment of contractual obligations.
  3. Sending information to governmental or judicial entities by express request.
  4. Support in external / internal audit processes.
  5. Sending / Receiving messages for commercial, advertising and / or customer service purposes.
  6. Contact with suppliers to send information related to the contractual, commercial and mandatory relationship that takes place.
  7. Data collection for the fulfillment of duties that, such as

Responsible for information and personal data, it is up to THE ORGANIZATION. 

  1. Comply with the standards applicable to suppliers and contractors, including, but not limited to tax and commercial
  2. Fulfill all your contractual commitments.
  3. For security or fraud prevention purposes.
  4. To provide effective customer service.
  5. Any other purpose that results in the development of the contract or the relationship between you and THE ORGANIZATION.

 

Understanding as employees any natural person who provides a service to THE ORGANIZATION under an employment contract

Of the Employees 

  1. Worker and Family Group: name, identification, address, telephone, name of wife and children, name and identification of children, medical history, social security affiliations, medical policy, age, date of birth, study information, health status ;
  2. Resume, education, experience, links with entities, links with companies;
  3. Salary and other payments;
  4. Balance of debts contracted towards Dragados or libranza;
  5. Affiliations with payroll discount;
  6. Pension contributions;
  7. Constitution and contributions to voluntary pension funds, food bonds, etc .;
  8. Legal proceedings, embargo;
  9. Authorizations of discounts;
  10. Benefits throughout their working life;
  11. Work contract;
  12. Changes in the employment contract;
  13. Linking with previous employers;
  14. Work history of the worker;
  15. Payment of help and benefits;
  16. Beneficiaries of the worker for the purpose of payment of aid and benefits;
  17. EPS affiliation, pension fund, ARL, Compensation fund;

Training received; 

  1. Characterization detail;
  2. Demographic report of the workers;
  3. Occupational medical history of the worker;
  4. Work accidents;
  5. Extra hours;

Use and purpose of the Treatment  

Personal data is used to:

  1. Execution of the contract signed with THE ORGANIZATION.
  2. Payment of contractual obligations.
  3. Sending information to governmental or judicial entities by express request.
  4. Support in external / internal audit processes.
  5. Contact with candidates, customers, employees or suppliers to send information related to the contractual, commercial and mandatory relationship that takes place.
  6. Collection of data for the fulfillment of the duties that, as Responsible for the information and personal data, corresponds to the ORGANIZATION.
  7. For security or fraud prevention purposes.
  8. Any other purpose that results in the development of the contract or the relationship between you and the ORGANIZATION.

 

 

Sensitive data

In the case of sensitive personal data, THE ORGANIZATION may use and process them when: 

  1. The holder has given his explicit authorization, except in cases where the granting of such authorization is not required by law.
  2. The treatment is necessary to safeguard the vital interest of the Holder and he is physically or legally incapacitated. In these events, legal representatives must grant their authorization.
  3. The treatment is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or trade union, provided they refer exclusively to its members or to people who maintain regular contacts because of their purpose. In these events, the data cannot be provided to third parties without the authorization of the owner.
  4. The Treatment refers to data that are necessary for the recognition, exercise or defense of a right in a judicial process.
  5. The Treatment has a historical, statistical or scientific purpose. In this event, the measures leading to the deletion of the identity of the owners must be adopted. Without prejudice to the exceptions provided by law, the processing of sensitive data requires the prior, express and informed authorization of the owner, which must be obtained by any means that may be subject to subsequent consultation and verification.

If you provide us with Personal Data, this information will be used only for the purposes indicated herein, and we will not proceed to sell, license, transmit or disclose it outside THE ORGANIZATION unless (i) you expressly authorize us to do so, (ii) is necessary to allow our contractors or agents to provide the services that we have entrusted to them, (iii) in order to provide our products or services, (iv) be disclosed to the entities that provide marketing services on our behalf or to other entities with which we have joint marketing agreements, (v) is related to a merger, consolidation, acquisition, divestment or other restructuring process, or (vi) as required or permitted by law. In order to implement the purposes described above, your personal data may be disclosed for the purposes set forth above to human resources personnel, managers, consultants, consultants and other persons and offices as appropriate. 

THE ORGANIZATION may subcontract to third parties for the processing of certain functions or information. When we effectively outsource the processing of your personal information with third parties or provide your personal information to third-party service providers, we warn those third parties of the need to protect such personal information with appropriate security measures, we prohibit the use of your personal information for purposes own and prevent them from disclosing your personal information to others. Likewise, THE ORGANIZATION may transfer or transmit (as appropriate) your personal data to other organizations abroad for reasons of security, administrative efficiency and better service, in accordance with the authorizations of each of these persons. THE ORGANIZATION has adopted the measures of the case for these organizations to implement in their jurisdiction and in accordance with the applicable laws, security standards and protection of personal data even similar to those provided in this document and in general in LA policy ORGANIZATION on the subject. In the case of transmission of personal data, the transmission contract will be subscribed to that takes place under the terms of Decree 1377/13.

Additionally, we inform you that once the need for the processing of your data ceases, they may be removed from the databases of THE ORGANIZATION or

filed in safe terms so that they are only disclosed when there is a place according to the law. Said data will not be deleted in spite of the request of the holder, when the conservation of the same is necessary for the fulfillment of an obligation or contract.

VIII. RIGHTS OF INFORMATION HOLDERS

In application of what is ordered in article 8 of Law 1581 of 2012 the Holder of personal data has the following rights:

  • Know, update and rectify your personal data against those responsible for the Treatment or Treatment Managers.

This right may also be exercised by the Holder, with respect to partial, inaccurate, incomplete, fractional, error-inducing data, or those whose Treatment is expressly prohibited or has not been authorized.

  • Request proof of the authorization granted to THE ORGANIZATION or, the person in charge of the treatment as responsible. Without prejudice to the legally established exceptions. [2] 3) Be informed by the Treatment Manager or the Treatment Manager, upon request, regarding the use that has been given to their personal data.
  • File complaints with the Superintendence of Industry and Commerce for violations of the provisions of this Law 1581 of 2012 and the other regulations that modify, add or complement it.
  • Revoke the authorization and / or request the deletion of the data when the Constitutional and legal principles, rights and guarantees are not respected in the Treatment.

In any case, the revocation and / or deletion will proceed only when, the Superintendence of Industry and Commerce has determined that in the Treatment the Responsible or Responsible have incurred in conduct contrary to this law and the Constitution.

  • Access free of charge to your personal data that have been subject to Treatment at least once every calendar month, and whenever there are substantial changes to this policy that motivate further consultations.

These rights may be exercised by: 

  • The holder, who must prove his identity sufficiently by the different means available to him THE ORGANIZATION
  • The owners of the holder, who must prove such quality.
  • The representative and / or proxy of the holder, prior accreditation of the representation or empowerment.
  • Another in favor or for which the holder has stipulated.

Without prejudice to the inherent protocols and current regulations regarding the management of medical records.

IX. DUTIES OF THE ORGANIZATION IN THE PROCESSING OF PERSONAL DATA

THE ORGANIZATION recognizes the ownership that personal data hold people and consequently they can exclusively decide on them. Therefore, THE ORGANIZATION will use the personal data for the fulfillment of the purposes expressly authorized by the owner or by current regulations. In the treatment and protection of personal data, THE ORGANIZATION will have the following duties, without prejudice to others provided in the provisions that regulate or get to regulate this matter: 

  • Guarantee the Holder, at all times, the full and effective exercise of the right of habeas data.
  • Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  • Use the personal data of the owner only for those purposes for which it is duly authorized and in any case respecting the current regulations on protection of personal data.
  • To duly inform the owner about the purpose of the collection and the rights that assist him by virtue of the authorization granted.
  • Request and keep a copy of the respective authorization granted by the owner for the processing of personal data.
  • Use only data whose treatment is previously authorized in accordance with the provisions of Law 1581 of 2012.
  • Timely update, rectify or delete the data.
  • Process the queries and claims made by the Holders.
  • Refrain from circulating information that is being controversial by the holder and whose blockade has been ordered by the Superintendence of Industry and Commerce.
  • Allow access to information only to people who may have access to it, as established by current and applicable regulations.
  • Inform the Superintendence of Industry and Commerce when there are violations of security codes and there are risks in the administration of the information of the Holders.
  • Comply with the instructions given by the Superintendence of Industry and Commerce on the particular subject.
  • Inform at the request of the owner about the use given to their data.

 

X. AUTHORIZATION AND CONSENT OF THE HOLDER 

THE ORGANIZATION requires the free, prior, express and informed consent of the owner of the personal data for the treatment thereof, except in cases expressly authorized by law, namely: 

  1. Information required by a public or administrative entity in the exercise of its legal functions or by court order.
  2. Data of a public nature.
  3. Cases of medical or sanitary urgency.
  4. Treatment of information authorized by law for historical, statistical or scientific purposes.
  5. Data related to the Civil Registry of Persons

Demonstration of the authorization

The authorization to THE ORGANIZATION for the processing of personal data will be granted by:

  • The holder, who must prove his identity sufficiently by the different means available to him THE ORGANIZATION
  • The owners of the holder, who must prove such quality.
  • The representative and / or proxy of the holder, prior accreditation of the representation or empowerment.
  • Another in favor or for which the holder has stipulated.

 

Means to grant authorization 

THE ORGANIZATION will obtain the authorization through different means, including the physical, electronic document, data message, Internet, Websites, or in any other format that allows to guarantee its subsequent consultation, even, it can be documented in the patient admission questionnaire, in case of consultation or, through an appropriate technical or technological mechanism; with which it can be concluded with all certainty, the manifestation of the reception of the information by the Holder, that in any case allows the obtaining of the consent through unequivocal behaviors through which it is concluded that of not having supplied it by part of the owner or the person entitled to do so, the data would not have been stored or captured in the database. The authorization will be requested by THE ORGANIZATION prior to the processing of personal data. 

In the event that the information and personal data, could be used by THE ORGANIZATION., For a different treatment to the ordinary turn of its corporate purpose, it will have to obtain a special authorization from the holder that states:

  1. Object of the authorization.
  2. Purpose of the Processing of Personal Data.
  3. Personal data of children and adolescents.
  4. Responsible and responsible for the information.

 

Proof of authorization 

THE ORGANIZATION will keep the proof of the authorization granted by the owners of the personal data for its treatment, for which it will use the mechanisms available at its disposal at the same time as it will adopt the necessary actions to keep the record of the form and date and in which he obtained this one. Consequently, THE ORGANIZATION may establish physical files or electronic repositories made directly or through third parties contracted for that purpose. THE ORGANIZATION., Will implement this manual and will adopt, through the Operational Coordination with the support of the administrative area, the necessary measures to maintain records or technical mechanisms suitable for when and how they obtained the authorization of the Data Processing Holder.

Revocation of the authorization. 

The owners of the personal data may at any time revoke the authorization granted to THE ORGANIZATION for the processing of their personal data or request the deletion of the same, as long as it is not prevented by a legal or contractual provision. THE ORGANIZATION will establish simple and free mechanisms that allow the holder to revoke his authorization or request the deletion of his personal data, at least by the same means by which he granted it. For the above, it should be taken into account that the revocation of consent can be expressed, on the one hand, in a total manner in relation to the authorized purposes, and therefore THE ORGANIZATION must cease any activity of data processing; and on the other, partially in relation to certain types of treatment, in which case these will be the ones that will cease treatment activities, such as for advertising purposes, among others. In the latter case, THE ORGANIZATION may continue to process personal data for those purposes in relation to which the holder had not revoked his consent.

 

XI NOTICE OF PRIVACY

The Privacy Notice is the physical document, electronic or in any other format, made available to the owner to inform him about the processing of his personal data. Through this document, the owner is informed of the information related to the existence of the information processing policies of THE ORGANIZATION and that will be applicable, how to access them and the characteristics of the treatment that is intended to give the data personal The privacy notice must contain at least the following information:

  1. The identity, address and contact information of the person responsible for the treatment.
  2. The type of treatment to which the data will be submitted and its purpose.
  3. The rights of the owner.
  4. The general mechanisms provided by the person in charge so that the holder knows the information processing policy and the substantial changes that occur in it. In all cases, you must inform the owner how to access or consult the information processing policy.
  5. The optional nature of the answer regarding questions about sensitive data

THE ORGANIZATION. It will keep the model of the privacy notice even while the Processing of personal data is carried out and the obligations arising from it will last.

 

XII. GUARANTEES OF THE RIGHT OF ACCESS

To guarantee the right of access of the owner of the data, THE ORGANIZATION will make available to the latter, prior accreditation of its identity, legitimacy, or personality of its representative, at no cost or expense, in detail and detail, the respective personal data through all types of media, including electronic media that allow the holder direct access to them. Such access should be offered without any limit and should allow the holder the possibility to meet them and update them online.

 

XIII PROCEDURE FOR THE ATTENTION OF CONSULTATIONS, CLAIMS, REQUESTS FOR RECTIFICATION, UPDATE AND DATA DELETE 

  1. Consultations: THE ORGANIZATION., In order to guarantee the owner of the data, is obliged to allow access to the information subject to processing, provided that the holder complies with the protocols adopted for this purpose prior to entry into validity of Law 1581 of 2013.

Therefore, the owner may submit to THE ORGANIZATION., Written request requiring precise and timely access to your information, which must be made to the mail Coordinadora@carlosacevedo.co

For the attention of requests for consultation, they will be attended within a maximum period of ten (10) business days from the date of receipt. If it is not possible to attend the consultation within the term established above, the interested party will be informed before the expiration of the 10 days, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed five (5) 

  1. Claims: The Holder or his assignees who consider that the information contained in a database must be subject to correction, update or deletion, or when they notice the alleged breach of any of the duties contained in the law, may file a claim with the LA ORGANIZATION, which will be processed under the following rules:

 

  1. The claim of the Holder will be made by request addressed to THE ORGANIZATION by email Coordinadora@carlosacevedo.co or by written communication addressed to Operational Coordination, with the identification of the holder, the description of the facts that give rise to the claim, the address to respond, and accompanying the documents that are required to enforce the claim. If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the failures. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that he has given up the claim. In the event that the person receiving the claim is not competent to resolve it, they will transfer it to the corresponding party within a maximum period of two (2) business days and inform the interested party of the situation.
  2. Once the complete claim is received, it will be cataloged with the label & #8220; claim in process & #8221; and the reason for it, in a term not exceeding two (2) business days. This label will be maintained until the claim is decided.
  3. The maximum term to handle the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.
  4. In case of presenting the claim on behalf of another person, you must attach the mandate that empowers the claimant. In case of not being accredited in what quality you are submitting the application, THE ORGANIZATION., Will consider the application not submitted.
  5. THE ORGANIZATION., May implement the application formats if deemed necessary, without the presentation of the claim being conditioned to said model.
  1. Request for update and / or rectification: THE ORGANIZATION will rectify and update, at the request of the owner, the information of the latter that is found to be incomplete or inaccurate, in accordance with the procedure and terms indicated above, for which it will be taken into account:
  2. The owner must submit the request to the email

Coordinadora@carlosacevedo.co or in physical medium directed to the Institutional Marketing department indicating the update and / or rectification to be carried out and will provide the documentation that supports your request.

  1. THE ORGANIZATION may enable mechanisms that facilitate the exercise of this right to the holder, provided that they benefit. Consequently, electronic or other means may be enabled that they deem pertinent, which will be informed in the privacy notice and will be made available to those interested in the website.
  2. Request for deletion of data The owner of personal data has the right to request THE ORGANIZATION to delete (delete) any of the following events:
  3. When you consider that they are not being treated in accordance with the principles, duties and obligations set forth in current regulations.
  4. When they are no longer necessary or relevant for the purpose for which they were collected.
  5. The period necessary for the fulfillment of the purposes for which they were collected has been exceeded This deletion implies the total or partial elimination of personal information as requested by the owner in the records, files, databases or treatments carried out by THE ORGANIZATION. However, this right of the owner is not absolute and consequently THE ORGANIZATION may deny the exercise of the same when:
    1. The holder has a legal or contractual duty to remain in the database.
    2. The elimination of data hinders judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes or the update of administrative sanctions.
    3. The data is necessary to protect the legally protected interests of the holder; to perform an action based on the public interest, or to fulfill an obligation legally acquired by the holder.

In any case the total or partial elimination will be subject to what is regulated by current regulations and applicable to what the medical records refer to. This being a cause of impediment to access what was requested by the owner, since the total or partial elimination of personal information could be an integral part of the documents that are part of the medical act, without prejudice to the other persons to whom this document is addressed. manual.

Likewise, THE ORGANIZATION. It may deny the request for deletion when the data is necessary, in response to the legal or contractual duty that it assists or, if the request for removal hinders judicial or administrative proceedings or when the data is necessary to protect the legally protected interests of the Holder.

THE ORGANIZATION., Will carry out the deletion of the data (s) in such a way that the elimination does not allow the recovery of the information.

  • REVOCATORY OF THE AUTHORIZATION: The Holders of personal data may revoke the consent to the processing of their personal data at any time, provided that a legal or contractual provision does not prevent it, through the procedure established in this Manual.
  1. SECURITY MEASURES: THE ORGANIZATION., Will continue implementing the mandatory security protocols for personnel with access to personal data and information systems. Procedures that will have at least the following requirements:
    1. Scope of the procedure with detailed specification of the protected data.
    2. Measures, norms, procedures, rules and standards aimed at guaranteeing the level of security required by Law 1581 of 2012.
    3. Functions and obligations of staff.
    4. Procedures for backing up and recovering (back up) data.
    5. Periodic checks that must be carried out to verify compliance with the provisions of the security procedure.
  • AREA IN CHARGE OF DATA PROTECTION: THE ORGANIZATION., designates as responsible for the protection of personal data the Operational Coordination of the same.

XVII INFORMATION SECURITY AND SECURITY MEASURES 

In compliance with the security principle established in the current regulations, THE ORGANIZATION shall adopt the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, 

XVIII. VALIDITY

PROLIFICOS SAS reserves the right to modify this Personal Data Processing Policy at any time. Any changes will be informed and published in due course on the website www.carlosacevedo.co.

The Personal Data Processing Policy is effective January 25, 2017.

 

[1] The definitions included in this document are taken from the regulations in force in Colombia that regulate the protection of personal data.

[2] Law 1581 of 2012. Article 10. Cases in which authorization is not necessary. The authorization of the Holder will not be necessary in the case of: a) Information required by a public or administrative entity in the exercise of its legal functions or by court order; b) Data of a public nature; c) Medical or health emergency cases; d) Treatment of information authorized by law for historical, statistical or scientific purposes; e) Data related to the Civil Registry of Persons. Anyone who accesses personal data without prior authorization must always comply with the provisions contained in this law.  

en_USEnglish
es_COEspañol de Colombia en_USEnglish