AUTHORIZATION FOR DATA PROCESSING
El usuario autoriza a CLINICA ISIS S.A.S el uso de la información personal que sea suministrada a través de la página WEB para peticiones, consultas, quejas y reclamos. Los datos personales suministrados serán administrados de forma confidencial y con la finalidad de brindar los servicios y el soporte requerido por el usuario, con las debidas garantías constitucionales, legales y demás normas aplicables a la protección de datos personales. De acuerdo con la legislación vigente en materia de protección de datos, el usuario reconoce y acepta que los datos personales aportados voluntariamente en el momento de su navegación a través de la plataforma, serán transmitidos y/o transferidos a terceros cuando sea necesario por parte de la CLINICA ISIS S.A.S para el cumplimiento de su actividad económica
El usuario autoriza a CLÍNICA ISIS S.A.S. para:
- Receive information about health services campaigns, promotions and surveys based on email messaging systems and / or mobile terminals.
- Offer your products or services through any medium or channel.
- Keep your information updated with information and risk operators or with any other entity that manages or manages databases.
- Carry out analyzes and commercial, statistical, risk, market research, including contacting me for these purposes.
- Establish, maintain and terminate a contractual relationship.
- Suministrar información comercial, legal, de productos, de seguridad, de servicio o de cualquier otra índole, que se considere necesaria y/o apropiada para la prestación de los servicios.
- Offer services based on email messaging systems
- Apoyar y acompañar el posicionamiento en el mercado de las marcas de propiedad de LA CLÍNICA.
- Exchange your information with VIDA SALUD SAS for the offer and promotion of your services.
- En general, realizar el tratamiento de mis datos según las políticas de protección de datos de LA CLÍNICA.
- I authorize my information to be exchanged with VIDA SALUD SAS (strategic marketer of CLÍNICA ISIS SAS) and treated for the same purposes described.
Usted podrá en cualquier momento conocer, actualizar, rectificar, ampliar o suprimir la información personal suministrada, para lo cual, podrá presentar su solicitud por escrito directamente en CLÍNICA ISIS S.A.S, al correo electrónico email@example.com or to the website: www.clinicaisis.com
That the information provided by you, will only be used for the purposes that were delivered and will not be provided to third parties under any modality, nor published, nor disclosed or circulated outside the facilities of our organization, except for the exceptions enshrined in the articles 2 and 10 of Law 1581 of 2012, or when the information is provided to a representative for collection management.
The user authorizes the CLINICA ISIS SAS to use the personal information provided through the website for requests, complaints and claims. The personal data provided will be managed confidentially and in order to provide the services and support required by the user, with due constitutional, legal guarantees and other rules applicable to the protection of personal data. In accordance with current legislation on data protection, the user acknowledges and accepts that personal data voluntarily provided at the time of browsing through the platform, will be transmitted and / or transferred to third parties when necessary by the CLINICA ISIS SAS for the fulfillment of its economic activity.
In compliance with Law 1581 of 2012, the user as holder of personal data may know, update and rectify their personal data through email firstname.lastname@example.org
Law 1266 of 2008 Law 1581 of 2012 Regulatory Decree 1377 of 2013
POLICY AND PERSONAL DATA PROTECTION MANUAL
POLICIES FOR THE PROCESSING OF PERSONAL DATA AND HABEAS DATA CLÍNICA ISIS SAS
CLÍNICA ISIS SAS committed to the values of respect, subject to legality, reservation, confidentiality, availability, integrity and proper handling of information and especially with the conviction in the guarantee of fundamental rights through this preparation and proposal, intends to comply with law 1266 of 2008 and law 1581 of 2012, regulated by decree 1377 of 2013, which highlights the need to adopt a manual of policies and procedures that guarantee compliance with said law, according to the queries and claims that arise from the owner of the personal data.
In literals d) and e) of Article 3 of Law 1581 of 2012, mention is made of the person in charge and responsible for the treatment, complying CLINIC ISIS SAS, with these two qualities simultaneously and in many of the databases that are managed, is responsible for all information on personal data and is obliged to safeguard them in the manner established in this law.
Current technologies must allow Companies and / or Entities to efficiently manage, operate and store personal information that is used for the fulfillment of their corporate and business objectives, only for the purposes in which it is linked and for this reason CLINIC ISIS Simplified Joint Stock Company, dedicated to the provision of gynecology, otolaryngology, body aesthetic facial aesthetics, general dentistry, pediatric dentistry, dental implantology, orthodontics, periodontics, endodontics, plastic and reconstructive surgery, general surgery, maxillofacial surgery, surgery ENT, pharmaceutical service, importation, distribution and can carry out, in Colombia and abroad, any legal, commercial or civil activity in addition to those described and that are of the ordinary course of business; complies with the provisions of the law that deals with HABEAS DATA and PERSONAL DATA
The fundamental right to HABEAS DATA, must guarantee citizens the power of decision and control that assists them on the information, use and destination of their personal data.
The right to protection of the personal data of each owner, extends from knowing who retains such data and what use is being given to them, to define who has the possibility to consult them.
The law attributes the power to each holder to consult, modify, suppress and resume said information, and develops the guarantees and instruments to guarantee the validity of the fundamental right.
The purpose of this Manual is to enshrine the internal policies that will be set in compliance with the law 1581 of 2012 and that due to our status as responsible and responsible for the processing of personal data, we must implement and organize in order to fully comply with the provisions contemplated in the law.
The manual includes the basic aspects of normative nature and independent annexes and procedures schemes that allow authorization.
CLINICA ISIS SAS, respectively; has its domicile in the city of Medellín- Colombia in Carrera 43 A NRO 23 SUR 96, Email: email@example.com; Phone (4) 3342320 Website: www.clinicaisis.com
CLINICA ISIS SAS through this policy formalizes the processing of personal data applicable to activities with users, patients, members, suppliers, providers, employees, distributors, and in general, any natural person holder of the personal data that is registered in our databases and those of our operators, for the fulfillment of the Company's corporate purpose and specifically for:
- Scheduling appointments.
- Medical processes and procedures.
- Delivery of medicines and medical supplies.
- Answers for improvement requests, requests, complaints and claims.
- Generation of certifications in general
- Information about new products and services.
- Information on campaigns and special programs (Health promotion and disease prevention programs).
- Health data for qualification of disease origin.
- Surveys of satisfaction of services and services provided.
- Update of data and identification documents
- To fulfill the obligations contracted by virtue of the contracts and commercial relations concluded;
- Provide information about our products and services;
- To carry out events or promotions of a commercial, social and informative type to our members and / or, suppliers, patients, employees, distributors and other third parties;
- Carry out campaigns, studies, promotions or contests of a commercial, social, marketing, advertising or execution of our corporate purpose; (v) Loyalty programs and updating of data of patients, members, suppliers, employees, distributors and other third parties;
- Inform about changes of our products, prices or services;
- Send portfolio account statements;
- Evaluate the quality of our products and / or services through satisfaction surveys;
- Perform collection, collection, consultation, verification, control and authorization of payment methods.
- CLINICA ISIS SAS may take the fingerprint or use other authorized biometric mechanisms of its patients, members and / or suppliers, employees, distributors and other third parties and administer them in order to validate their identity in the handling of products and / or services that they acquire with society.
- CLINICA ISIS SAS may deliver the personal data of its patients, members, suppliers, employees, distributors and other third parties to entities based in Colombia or abroad, whether public or private, as long as: They are companies or entities with which CLINICA ISIS SAS is related by shares of shareholding, that is its parent, subsidiary or operated; or the delivery of personal data is aimed at structuring, design and implementation of offers of products and / or services, or in general additional value proposals to which CLINICA ISIS SAS is able to offer autonomously, or has as its purpose facilitate the development of the corporate purpose of CLINICA ISIS SAS by outsourcing its processes, such as physical or digital archiving, collection, risk management, software development, member contact, market research, statistical analysis, strategy development commercial and / or social, marketing, social impact studies, participation in social programs for the inclusion of the state, establishment of new service channels, and other related and related purposes.
- verify compliance with the Entity's policies regarding the selection and contracting of suppliers;
- verify proper compliance with obligations;
- satisfy the legitimate interests derived from the relationship established or planned to be established;
- provide or obtain commercial and / or financial references;
- administer and operate the contracted product or service, which includes, among other aspects, the management and accounting record of the operations that take place during the validity of any legal relationship, as well as all those that are carried out for the termination, closing or liquidation Of the same;
- document the existing relationship and verify the execution and fulfillment of the respective contract;
- verify and confirm identity and contact;
- send commercial information about the products and / or services that CLINICA ISIS SAS provides in the development of its corporate purpose;
- adoptar medidas tendientes a la prevención de actividades ilícitas; ymanera autónoma, o tenga como finalidad facilitar el desarrollo del empleado y la administración de la información de CLINICA ISIS S.A.S. mediante la tercerización de sus procesos.EN GENERAL; CLINICA ISIS S.A.S. obtendrá y manejará los datos personales suministrados a el por sus pacientes, afiliados, médicos, especialistas, prestadores, empleados, miembros, directivos, usuarios, pacientes y en general cualquier persona natural del que se tengan datos personales, para las finalidades consecuencia del desarrollo de su objeto social, como Sociedad por Acciones Simplificada, dedicada la prestación del servicio de consulta médica ginecología, consulta de oftalmología y optometría, otorrinolaringología, estética facial estética corporal, odontología general, odontopediatria, implantologia dental, ortodoncia, periodoncia, endodoncia, cirugía plástica y reconstructiva, cirugía general, cirugía maxilofacial, cirugía urología, cirugía de otorrinolaringología, servicio de óptica, servicio farmacéutico, importación, distribución y puede realizar, en Colombia y en el exterior cualquier actividad licita, comercial o civil además de las descrita.
The above activities may be carried out through physical mail, email, landline, website, cell phone or mobile device, via text message, fax, social networks, surveys or through any other widely known means of communication, giving compliance with the provisions of current regulations.
CLINICA ISIS SAS may process the personal data provided by its patients, Providers and other Third Parties for the purposes of:
deliver the personal data of their patients employees, providers, associates, suppliers and Third Parties to entities based in Colombia or abroad, whether public or private, as long as: They are companies or entities with which CLINICA ISIS SAS is related by links of shareholding, that is its parent, subsidiary or operated; or the delivery of personal data is aimed at structuring, design and implementation of offers of products or services, or in general additional value proposals to which CLINICA ISIS SAS is able to offer autonomously, or is intended to facilitate the development of the corporate purpose of CLINICA ISIS SAS by outsourcing its processes, such as physical or digital archiving, collection, risk management, development
- of software, patient contact, provider employees, associates, providers, operated, people with whom it has links to agreements and member contracts, market research, statistical analysis, development of commercial, social, marketing strategies, social impact studies , establishment of new service channels, and other related and related purposes.
Similarly, the personal data of patients, employees, providers, members, suppliers, employees, doctors, specialists, natural persons with whom alliances are established in contracts and / or agreements, operated, distributors, third parties and in general, any natural person The owner of the personal data that is registered in the databases will be used by CLINICA ISIS SAS in order to properly advance all its processes in execution of the provision of health services aimed at the community and comply with this manual in this way and to the law 1266 of 2008, statutory law 1581 of 2012 and its regulatory decrees.
For the purposes of this policy, the definitions established by current regulations are listed below:
- Authorization: Prior, express and informed consent of the Holder to carry out the processing of personal data.
- Database: Organized set of personal data that is subject to processing.
- Personal Data: Any information linked or that may be associated with one or more specific or determinable natural persons.
- Treatment Manager: Natural or legal person, public or private, that by itself or in association with others, performs the processing of personal data on behalf of the controller.
- Treatment Manager: Natural or legal person, public or private, that by itself or in association with others, decides on the basis of data and / or data processing.
- Headline: Natural person whose personal data is subject to processing.
- Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.
- Notice of Privacy: Verbal or written communication generated by CLINICA ISIS SAS addressed to the owner of the personal data, in which he is informed of the existence of the information processing policies that will be applicable, how to access them and the purposes of the treatment which is intended to give personal data.
- Transfer: The data transfer takes place when CLINICA ISIS SAS, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the processing and is inside or outside the country.
- Public data: It is related to the marital status of people, their profession or trade and their status as merchant or public servant; those who by their nature are not subject to protection.
- Sensitive data: Sensitive data is understood to be those that affect the privacy of the owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social organizations, of human rights or that promotes interests of any political party or that guarantees the rights, as well as data related to health, sexual life, and biometric data.
- Transmission Treatment of personal data that involves the communication of them within or outside the territory of the Republic of Colombia when it is intended to carry out a Treatment by the Manager on behalf of CLINICA ISIS SAS
RIGHTS OF CHILDREN, GIRLS AND ADOLESCENTS.
The treatment will ensure respect for the prevailing rights of children and adolescents.
The processing of personal data of children and adolescents is prohibited, except for those data that are of a public nature.
It is the task of the State and Educational Entities of all kinds to provide information and train legal representatives and tutors on the possible risks faced by children and adolescents regarding the improper treatment of their personal data, and provide knowledge about the responsible and safe use by children and adolescents of their personal data, their right to privacy and protection of their personal information and that of others.
In accordance with the law, CLINICA ISIS SAS, will act in all collection, handling and deletion of personal data according to the principles that must be followed in all Processing of Personal Data and protection of the law of HABEAS DATA, they are:
- Legality: For the processing of personal data, CLINICA ISIS SAS will be subject to the provisions of the Law and other provisions.
- Purpose: CLINICA ISIS SAS will inform the owner of the purpose of the treatment given to personal data, which must be legitimate in accordance with the constitution and the law.
- Freedom: The processing of personal data will only be exercised by CLINICA ISIS SAS with the prior, express and informed consent of the owner; or by legal or judicial mandate.
- Veracity or Quality: The information subject to the processing of personal data must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractional or error-inducing data is prohibited.
- Transparency: CLINICA ISIS SAS guarantees the holder the right to obtain, at any time and without restrictions, information about the existence of their data.
- Access and Restricted Circulation: The treatment that CLINICA ISIS SAS will give to personal data will be subject to the provisions established in the law and the Constitution. Personal data may not be available on the Internet or other means of dissemination or mass communication, except those that are of a public nature or those in which their access is technically controllable to provide restricted knowledge to the holder or authorized third parties.
- Security: The information subject to treatment by CLINICA ISIS SAS, will be protected through the use of technical, human and administrative measures that grant security to the records, preventing their adulteration, loss, consultation, use or unauthorized or fraudulent access.
- Confidentiality: The people involved in the processing of personal data that do not have the nature of audiences, are obliged to guarantee the reservation of the information provided. Even after the end of your relationship with any of the tasks involved in the treatment.
For the purposes of this policy, personal data holders, members, related parties, suppliers, distributors, employees, providers, doctors, patients, users and in general, any natural person holding the personal data that are registered in CLINICA ISIS SAS databases
In the case of minors (children and adolescents), their legal representatives will have the power to authorize or not the processing of their personal data. In the processing of this data, respect for the prevailing rights of minors will be ensured, such as the privacy and protection of personal information.
For the processing of personal data by CLINICA ISIS SAS, the prior, informed and express authorization of the Holder is required, which must be obtained by any written, physical or electronic means that may be subject to subsequent consultation; without prejudice to the exceptions provided by law.
CLINICA ISIS SAS at the time of requesting the authorization from the Holder, must inform you clearly and expressly the purpose with which the personal data is collected, the treatment to which your personal data will be submitted, the rights of the holder and means through the which can exercise them.
For the purposes of protecting the Habeas Data law, CLINICA ISIS SAS, will have prior authorization and notification to the holder, in order to be reported to the CIFIN, DATACREDITO and PROCREDITO Entities.
The information of the personal data may be provided by CLINICA ISIS SAS to the holder, its successors, legal representative and / or agent, or third parties authorized by this or by law, as well as public or administrative entities in the exercise of legal functions or by order judicial.
CLINICA ISIS SAS may continue to process the data contained in its databases for the purpose indicated in this policy, without prejudice to the right of the holder to exercise his right at any time and request the elimination of the data.
The holder of the personal data and / or, in what applies to the holder of the credit obligation that he acquires with CLINICA ISIS SAS, will have the right to:
- Know, update and rectify your personal data against CLINICA ISIS SAS This right may be exercised, among others, against partial, inaccurate, incomplete, fractional, error-inducing data, or those whose Treatment is expressly prohibited or has not been authorized.
- Request CLINICA ISIS SAS proof of the authorization granted for the processing of your personal data, except for the exceptions provided by law.
- Be informed by CLINICA ISIS SAS upon request, about the use that is given to your personal data.
- File inquiries with CLINICA ISIS SAS and file complaints with the entity responsible for the protection of personal data.
- Request the revocation and / or deletion of your personal data when CLINICA ISIS SAS engages in conduct contrary to the law and the Constitution. Access free and unlimited personal data that are subject to processing.
The owner of the personal data must keep their information updated and guarantee, at all times to CLINICA ISIS SAS, the veracity of it. CLINICA ISIS SAS will not be liable, in any case, for any type of responsibility derived from the inaccuracy of the information provided by the owner.
RESPONSIBLE AND IN CHARGE OF THE PROCESSING OF PERSONAL DATA
CLINICA ISIS SAS will be responsible for the processing of personal data.
The area of attention to the user will be the area in charge of the processing of personal data, on behalf of CLINICA ISIS SAS, to whom information will be provided for each patient, employee, provider, operated, associated, client, provider and in general Any natural person from whom personal information has been collected and who rests in a database.
The official in charge of said area will keep a report of the database and will be in charge of the following functions:
- Know this policy and apply it accordingly.
- Send a communication via email to each Director, employee or person who manages or has handled some type of personal data of the members of the Company, in the sense that they inform the Department in charge, the name and email of users who have personal data.
- Prepare, direct, commission and / or delegate to others the establishment of the measures to be taken in commercial contracts and formats or forms that deal with credits or personal data
- Prepare, direct, commission and / or delegate to others the establishment of the measures to be taken in labor contracts
- Inform the owner about the purpose of data collection and guarantee the exercise of the rights that assist him by virtue of the authorization granted.
- Keep a copy of the respective authorization granted by the owner of the personal data.
- Ensure that the information object of the treatment is truthful, complete, accurate, updated, verifiable and understandable.
- Rectify the owner's information when it is incorrect.
- Use only personal data that has been obtained by authorization, unless they do not require it.
- Respect the security and privacy conditions of the owner's information.
- Perform the update, rectification or deletion of personal data within five (5) business days from the date of receipt.
- Allow access to information only to authorized persons.
- Comply with the instructions and requirements given by the competent administrative authority.
- Sign confidentiality agreements with those who handle information related to the processing of personal data.
- Timely process the queries and claims made by the holders of personal data.
- The others enshrined in the law.
- The customer service area of CLINICA ISIS SAS must ensure that in each incorporation of a new worker the knowledge of this Policy is required as well as the documents that complement it. CLINICA ISIS SAS, will make all contractual and legal adjustments so that contracts, confidentiality agreements, contractual clauses and other documents incorporate compliance by Employees, members, Managers, Suppliers, Related Contractors and other Third Parties; In addition to seeking to obtain express authorization from each owner for the handling of personal data.
- It is the responsibility of CLINICA ISIS SAS workers to report any incident of information leakage, computer damage, violation of personal data, marketing of data, use of personal data of children or adolescents without the relevant authorization, phishing, or behavior that may violate the privacy of a person, or that has indications that they are being used for criminal and / or unauthorized purposes.
- Keep the National Database Registry updated.
COLLECTION AND MANAGEMENT OF PERSONAL DATA BY CLÍNICA ISIS SAS
This policy will be applicable in cases in which CLINICA ISIS SAS requests the completion of binding requests, surveys or forms by telephone, digital or face-to-face, as well as the event attendance forms, without prejudice to the particular conditions that apply in each case.
From the moment the owner of the personal data authorizes CLINICA ISIS SAS for the collection and processing of their personal data, they may be used in the development of their commercial and labor activities.
CLINICA ISIS SAS may use the personal data of the holder such as email address, physical email address and / or landline or cell phone number to send advertising related to your offer of products and services, and contact you for events and other activities.
In any case, depending on the activity that is carried out, CLINICA ISIS SAS will clearly inform the owner of the personal data the mechanisms made available to know, update, modify and delete their data, as well as to revoke the authorization granted .
PRIVACY, CONFIDENTIALITY AND SECURITY OF PERSONAL DATA
CLINICA ISIS SAS will guarantee the owners of the information, privacy, confidentiality and security of the data delivered, avoiding adulteration, loss, consultation, use or unauthorized or fraudulent access by third parties.
CLINICA ISIS SAS giving application to the principle of autonomy, reserves the right to keep and catalog the information that rests in its databases as confidential.
CLINICA ISIS SAS will adopt the necessary technical, human and administrative measures to grant security to personal data, preventing its adulteration, loss, consultation, use or unauthorized or fraudulent access.
CLINICA ISIS SAS states that some of its portals may contain links to third-party websites, over which it has no management or control, for this reason, it is not responsible for the content, privacy policies, security and / or management of personal data that are established in them, being the obligation of the owner of the personal data to know in the respective portals, the policies related to the protection and processing of your information.
On CLINICA ISIS SAS website, the instructions will be established under absolute security so that each user or holder of personal data interacts with them and submit their requests to CLINICA ISIS SAS, about any type of correction, modification and / or deletion.
AREA OF APPLICATION
The Policies will be applicable to the databases that are under the administration of CLINICA ISIS SAS, or are likely to be known by the latter by virtue of the commercial or developing relations of its corporate purpose that must be applied to the other Entities that they are part of the society to which it belongs, commercial alliances, conventions or advertising events, both of CLINICA ISIS SAS, and its operators. In the first case, CLINICA ISIS SAS will act as Responsible, in other cases it may have the status of Manager or Responsible, depending on whether it receives them from a third party or collects them.
Likewise, it will be applicable when the data processing is carried out in Colombian territory. As well as, when the person in charge or the person in charge of the treatment does not reside in Colombia but under international norms or treaties the Colombian legislation is applicable.
HABEAS DATA RIGHT
Article 15 of the CP establishes the right that all persons have to know, update and rectify the information that has been collected about them in databases or archives of both public and private entities.
Likewise, and in accordance with Judgment C-748 of 2011 of the Constitutional Court, this right includes other powers such as authorizing the treatment, including new data, excluding or deleting them from a database or file.
This right was developed in a jurisprudential manner from 1991 to 2008, in which the Special Habeas Data Law was issued, which regulates what has been referred to as the “habeas financial data,” meaning that it has the right Any individual to know, update and rectify their personal commercial, credit, and financial information contained in public or private information centers, whose function is to collect, process and circulate that data in order to determine the level of financial risk of its Holder . This Special Law considers as the Holder of the information both natural and legal persons.
Subsequently, on October 17, 2012, Law 1581 “General of Protection of Personal Data” was issued, which develops the right of Habeas Data from a broader perspective than the financial and credit mentioned above. Thus, any holder of personal data has the power to control the information that has been collected in any database or file, managed by private or public entities. Under this General Law, the natural person is the owner. Only, in special situations provided by the Constitutional Court in Judgment C-748 of 2011, could the legal entity become.
NATIONAL REGISTRATION OF POLICIES AND / OR DATABASES
It is the public directory of the databases subject to treatment that operate in the country, and will be freely available to citizens.
CLINICA ISIS SAS Will carry out the registration of its policies and / or databases before the competent administrative authority, in the time and place that it establishes.
INFORMATION SUPPLY CHANNELS
CLINICA ISIS SAS, establishes as communication channels with the owners:
E-mail address: firstname.lastname@example.org
RIGHTS OF THE HOLDERS AND IDENTIFICATION OF THE DATABASES RIGHTS OF THE HOLDERS
RIGHTS OF THE HOLDERS a) Go to CLINICA ISIS SAS, through the established channels, which are indicated in the Data Privacy Notice, in order to know, update and rectify your personal data. This right may be exercised, inter alia, against partial, inaccurate, incomplete, fractional data that is misleading, or those whose treatment is expressly prohibited or has not been authorized. b) Request proof of the authorization granted to CLINICA ISIS SAS except when, in accordance with the Law, the treatment being performed does not require it. c) To be informed by CLINICA ISIS SAS regarding the use given to the personal data collected, upon request of the Holder presented through the channels provided for such purposes. d) Submit complaints to the Superintendence of Industry and Commerce for violations of Law 1581 of 2012 and its regulatory decrees. e) To revoke, in those cases that are not framed under Law 1266 of 2008, the authorization and / or request the deletion of the data when in the Treatment the constitutional and legal principles, rights and guarantees are not respected. f) Access, free of charge, through the channels provided by CLÍNICA ISIS SAS, to your personal data that have been processed.
CLÍNICA ISIS SAS, through the Data Privacy Notice will inform about the channels and procedures provided for the holder to exercise their rights effectively.
IDENTIFICATION OF THE DATABASES
CLÍNICA ISIS SAS, has identified the following databases:
• Database with public information: The data contained in the public records comes from the fulfillment of a regulated function, whose forms and procedures fulfill an advertising and enforceability purpose. Therefore, it is understood that these data are of a public nature by legal provision and do not require the prior authorization of the owner for their treatment. Likewise, it will be understood that the records that are subsequently delegated to CLÍNICA ISIS SAS have the same nature of public data
• Databases of users and health patients: These are manual or automated databases, which are structured, and that contain data of a public and private nature of legal or natural persons as users of health services that CLINIC ISIS SAS, lends, which voluntarily and in the exercise of its member rights authorize CLÍNICA ISIS SAS, through clauses in the formats, in the notices in its headquarters and applications, so that the information they provide in order to access to rights and prerogatives granted by the provision of health services, be used and managed for the relevant purposes. These databases may contain sensitive information, so it will be used only for the purposes for which it has been entrusted. CLÍNICA ISIS SAS, will comply with the authorization request notice to continue the management of the databases through email included in the databases formed prior to the validity of Law 1581 of 2012.
• Databases of Employees, Members and providers of CLÍNICA ISIS SAS: These are manual or automated databases that contain data of natural persons that are linked to employment or through the provision of services, alliances or contracts, the treatment of which is as purpose to comply with legal and regulatory provisions. In this database they incorporate both private, public, sensitive and minor information. The processing of the data for the purposes of the obligations arising from the employment relationship or for the provision of services, alliances or contracts, will require prior authorization from the holder or his legal representative as the case may be, which will be contained in the clauses stipulated for such purpose in linking documents, provision or contracts. CLÍNICA ISIS SAS, will give the authorization request notice to continue with the right to treat the data of the natural persons linked as employees or former employees, which are included in databases formed prior to the validity of Law 1581 of 2012 .
• Database of Contractors and Suppliers: These are the manual or automated databases that contain data of the natural persons that maintain a contractual and commercial link, whose treatment is intended to comply with the contractual provisions stipulated by CLÍNICA ISIS SAS, for the Acquisitions of services and goods demanded by the ISIS SAS CLINIC, in the development of the corporate purpose and economic activity of the company. This database contains public, private personal data, which are intended to develop contractual relationships. The processing of this data for purposes other than the maintenance of the contractual relationship or the fulfillment of legal duties requires prior authorization from the owner. CLÍNICA ISIS SAS, in exercise of the provisions of Article 10 of Decree 1377 of 2013, will publish the notice of application, addressed to people who are included in databases formed prior to the validity of Law 1581 of 2012 .
CONSULTATIONS AND CLAIMS
Inquiries and complaints made to CLÍNICA ISIS SAS should be addressed to email email@example.com In case of additional information, the interested party may call (4) 3342320 or go to Carrera 43 A NRO 23 SUR 96 in Envigado.
The queries made by the owner of the personal data or its successors, will be attended by CLINICA ISIS SAS, within a maximum term of ten (10) business days counted from the receipt of the respective request, which may be extended for a term maximum five (5) business days, and CLINICA ISIS SAS must inform the interested party in advance.
The holder or his successors who consider that the information contained in the CLINICA ISIS SAS database must be subject to correction, update or deletion, or when they notice the alleged breach of any of the duties contained in the law or in this policy, They may file a claim with the financial and accounting area, which will be processed under the following rules:
- The claim will be formulated by request addressed to the customer service area, with the identification of the Holder, the description of the facts that give rise to the claim, the address, and the attached documents that are required.
- The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt, which may be extended for a maximum term of eight (8) business days, when it is not possible to attend the claim within said term, the customer service area must inform the interested party the reasons for the delay.
- If the claim is incomplete, the interested party will be required within five (5) business days following receipt of the claim to remedy the failures. If two (2) months have elapsed from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.
- In the event that the person receiving the claim is not competent to resolve it, they will transfer to the financial and accounting area within a maximum period of two (2) business days and inform the interested party of the situation.
- Before going to the entity responsible for monitoring compliance with the rules on protection of personal data, the owner must initially process their claim with CLINICA ISIS SAS through the means and channels provided for that purpose.
LEVEL OF SECURITY MEASURES APPLIED TO TREATMENT
CLINICA ISIS SAS has a "Manual of Information Security Policies", the provisions contained therein ensure compliance with the requirements of information security.
It has been established that in all supporting documents of the company clauses regarding the handling and administration of personal data and it has been established in the contracts concluded with those in charge that clauses that clearly express their duty to guarantee security are included. and privacy of the information of the Holder.
- Political Constitution of Colombia, articles 15 and 20.
- Law 527 of 1999
- Law 1266 of 2008.
- Law 1273 of 2009.
- Statutory Law 1581 of October 17, 2012.
- Regulatory decrees 1727 of 2009,2952 of 2010, 1377 of 2013 and 886 of May 13 of 2014
- Judgment C-748 of 2011 of the Constitutional Court
ENTRY INTO FORCE AND MODIFICATION
This modification to the policy will be effective on July 11, 2019 and will be valid while CLINICA ISIS SAS exercises its corporate purpose in Colombia, or until the law provides otherwise or otherwise.
This policy may be modified at any time and unilaterally by CLINICA ISIS SAS, and must be timely disclosed to the owners of personal data, such modifications.
The policies, as instructed by the Superintendence of Industry and Commerce, will be published according to what is established by said Entity.
DENYS DEL CARMEN ARTEAGA CONTRERAS. CLÍNICA ISIS SAS Manager