POLÍTICA DE TRATAMIENTO DE DATOS PERSONALES CLEVER MEDICAL SERVICES S.A.

Content

1. INTRODUCTION

2. DEFINITIONS

3. OBJECT

4. IDENTIFICATION OF THE DATA CONTROLLER AND DATA PROCESSOR

5. CLEVER MEDICAL SURGERY S.A.S. DATA PROTECTION POLICY PRINCIPLES

6. TREATMENT OF PERSONAL DATA IN CLEVER MEDICAL SERVICES S.A.S.

  • Purpose
  • Processing of sensitive data
  • Data processing of children and adolescents
  • Authorization
  • Method of data collection

7. RIGHTS OF THE HOLDERS OF PERSONAL DATA

8. RIGHTS OF DATA CONTROLLERS AND DATA PROCESSORS

9. PROCEDURES FOR THE EXERCISE OF THE RIGHTS OF INFORMATION, ACCESS, UPDATING, RECTIFICATION AND CANCELLATION.

  • Inquiries
  • Claims

10. TRANSFERS AND TRANSMISSIONS OF PERSONAL DATA

11. SECURITY MEASURES

12. LEGAL FRAMEWORK

13. CURRENT

1. INTRODUCTION

CEVER MEDICAL SERVICES S.A.S, respectful of the personal data and information provided by its past, current and potential clients, commercial allies, employees and possible interested parties in the services provided by the Company, issues this Policy for the Treatment of Personal Data in accordance with the Statutory Law 1581 of 2012 and the Regulatory Decree 1377 of 2013, establishing the purposes, measures, and procedures applicable to the processing of databases, as well as the mechanisms available to the Holders to know, update, rectify, delete the data provided or revoke the authorization granted with the acceptance of this policy.

2. DEFINITIONS

In accordance with current regulations, the following concepts should be interpreted as follows:

a. Authorization: Prior, express and informed consent of the Data Controller to carry out the Processing of personal data.

b. Privacy Notice: Verbal or written communication generated by the responsible party, addressed to the Data Subject, through which he/she is informed about the existence of the information processing policies that will be applicable to him/her, the way to access them and the purposes of the processing that is intended to be given to the personal data.

c. Data Base: Organized set of personal data that is subject to Processing.

d. Personal Data: Any information linked or that may be associated to one or several determined or determinable natural persons.

e. Public data: Data that is not semi-private, private or sensitive. Public data includes, among others, data related to the marital status of individuals, their profession or trade, and their status as merchants or public servants. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed court rulings that are not subject to confidentiality.

f. Private data: Data which, due to its intimate or reserved nature, is only relevant to the Data Subject.

g. Semi-private data: Semi-private data is data that is not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of persons or to society in general, such as financial and credit data of commercial activity or services referred to in Title IV of Law 1266.

h. Sensitive data: Sensitive data are understood as those that affect the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life and biometric data.

i. Personal data obtained through Video Cameras: Images captured in cameras fall within the concept of personal data as long as they refer to identified or identifiable persons. The above according to concept 17-47373-1 of March 30, 2017 issued by the Superintendence of Industry and Commerce.

j. Personal data obtained through recordings of virtual meetings: The images captured and saved as a result of virtual meetings, are within the concept of personal data because they contain biometric data that allow the unequivocal identification of persons.

k. Data Processor: Natural or legal person, public or private, who by himself or in association with others, performs the Processing of personal data on behalf of the Data Controller.

l. Clinical History: It is a private document, obliged and subject to reserve, in which the patient’s health conditions, medical acts and other procedures performed by the health team involved in his care are chronologically recorded. The Clinical History is a sensitive personal data.

m. Personal data protection policy: Instrument through which the constitutional rights of all holders of personal data processed by CLEVER MEDICAL SERVICES S.A.S. are developed, in order to know, update and rectify the information that has been collected about them in databases or files.

n. National Registry of Databases: It is the public directory of databases subject to Treatment operating in the country, administered by the Superintendence of Industry and Commerce.

o. Responsible for the processing of personal data: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of data (treat, capture, collect, store, use, transmit, deliver, custody of personal information).

p. Data owner: Natural person whose personal data are subject to Processing (Patients, workers, suppliers and contractors).

q. Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

r. Transfer: The transfer of data takes place when the controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is the Data Controller and is located inside or outside the country.

s. Transmission: Processing of personal data that involves the communication of the same within or outside the territory of the Republic of Colombia when the purpose of the Processing is carried out by the Processor on behalf of the Controller.

3. OBJECT

The purpose of this policy is to establish and develop the necessary guidelines to ensure compliance with the Statutory Law 1581 of 2012 » By which general provisions are issued for the protection of personal data», applicable to personal data that are processed by CLEVER MEDICAL SERVICES S.A.S., as responsible and / or processor.

This Policy for the protection of personal data is addressed to employees, suppliers, customers, patients and third parties in any capacity, involved in the development of the corporate purpose of CLEVER MEDICAL SERVICES S.A.S.

4. IDENTIFICATION OF THE DATA CONTROLLER AND DATA PROCESSOR

Name: CLEVER MEDICAL SERVICES S.A.S.
Tax Identification Number: 901647680-4
Address: Medellin – Antioquia
Address: Calle 5 Sur # 25 – 233
Telephone: 3011908108
Web Page: https://clevermedicalservices.com
E-mail: gerencia@clevermedicalservices.com

5. CLEVER MEDICAL SERVICES S.A.S. DATA PROTECTION POLICY PRINCIPLES

The processing of personal data in CLEVER MEDICAL SERVICES S.A.S. shall be governed by the principles set forth in Law 1581 of 2012 and the rules that add, develop and complement it.

6. TREATMENT OF PERSONAL DATA IN CLEVER MEDICAL SERVICES S.A.S.

6.1. Purpose

Information from employees, suppliers, customers, clients, patients and third parties will be used in any capacity, as follows:

a. Purposes of patient and/or client data processing:

  • Provision of contractual services to data subjects.
  • Information to patients and their families about the health care services for which intermediation is provided.
  • Record of information on health conditions and medical acts performed on the data subject by Health Service Provider Institutions.
  • Advertising and information on the intermediation of health services provided by CLEVER MEDICAL SERVICES S.A.S., or other services related to its corporate purpose.
  • Promotional and advertising campaigns about your services.
  • Market studies and analysis of the health services market to improve the quality and supply of these services.
  • Satisfaction surveys
  • Scientific, statistical and historical studies. In these cases, the suppression of the identity of the owners of the data will be guaranteed.
  • Making bank transfers for the payment of assistance services.
  • Information related to commercial offers and proposals.
  • Administration of the contractual relationship between CLEVER MEDICAL SERVICES S.A.S, and the client or third party.
  • Enable the fulfillment of obligations.
  • Expedición de certificados de cualquier índole.
  • Evaluation, audit and follow-up of contractual or commercial status.
  • Statistical, commercial, strategic, financial, social, technical and risk rating analyses.
  • To advance credit and collection actions for loans granted.
  • Implementation of commercial strategies.
  • Conducting training and knowledge exchange.

b. Purposes treatment of collaborators and applicants

  • Information on job openings.
  • Conducting the selection process for a vacancy within CLEVER MEDICAL SERVICES S.A.S.
  • Information on campaigns and benefits for the company’s employees.
  • Validation of employee labor data required by credit and savings institutions.
  • Validation of work experience and educational qualifications.
  • Administration of the contractual relationship between CLEVER MEDICAL SERVICES S.A.S. and the collaborator.
  • Issuance of labor certificates.
  • Labor and historical statistics.
  • Payment of salaries and social benefits.
  • Affiliation to the Social Security System.

c. Purposes of the treatment with respect to suppliers.

  • Allow bank transfers for the payment of services rendered and other financial obligations.
  • Information related to commercial offers and proposals.
  • Validation of commercial certificates and other information provided by the Holder.
  • To allow the socialization of policies and organizational changes.
  • Administration of the contractual relationship between CLEVER MEDICAL SERVICES S.A.S, and the supplier or third party.
  • Enable the fulfillment of obligations.
  • Issuance of certificates of any kind.
  • Statistical, commercial, strategic, financial, social, technical and risk rating analyses.
  • Evaluation, audit and follow-up of contractual or commercial status.
  • Conducting training and knowledge exchange.

d. Purpose of treatment Shareholders.

  • To ensure smooth and efficient communication of relevant information related to the company.
  • To make notations and record entries derived from the quality of shareholder.
  • Fulfill the obligations contracted with the shareholder.
  • To allow the exercise of duties and rights derived from the quality of shareholder.
  • Make profit sharing payments
  • Sending of summons related to Shareholders’ Meetings and other events scheduled by the company.
  • Issuance of certificates required by the data owner.

CLEVER MEDICAL SERVICES S.A.S, will only use, process and circulate the personal data and other information of the Holders for the purposes described and for the treatments authorized in this Privacy Policy or in the laws in force.

CLEVER MEDICAL SERVICES S.A.S. will require from its customers and partners who contract services involving the processing of personal data, the proper capture of the authorization for the processing of personal data, including, but not limited to, the transmission and transfer of the same, in particular, to CLEVER MEDICAL SERVICES S.A.S.

Photographs and images captured in cameras fall within the concept of personal data as long as they refer to identified or identifiable persons, therefore, they will be handled as indicated in this policy. The above according to concept 17-47373-1 of March 30, 2017 issued by the Superintendence of Industry and Commerce.

6.2. Processing of sensitive data

Medical History:
Taking into account that CLEVER MEDICAL SERVICES S.A.S in compliance with its corporate purpose intermediates and advises for the provision of health services, may perform treatment of sensitive data, in accordance with the authorizations granted by the holders in contracts and / or documents for the processing of personal data or within the informed consents used for the particular.

For these cases, taking into account its sensitive nature, the owner must previously and expressly authorize the processing of the data and compliance with this policy with its corresponding security measures will be guaranteed, in order to avoid any misuse that implies the affectation of the fundamental rights of the owner.

CLEVER MEDICAL SERVICES S.A.S. will require from its customers and partners who contract services involving the processing of personal data, the proper collection of authorization for the processing of personal data, including, but not limited to, the transmission and transfer of the same, in particular, to CLEVER MEDICAL SERVICES S.A.S.

Treatment of videos:
Images captured on cameras fit within the concept of personal data provided that they refer to identified or identifiable persons, therefore, they will be given the handling indicated in this policy. The above according to concept 17-47373-1 of March 30, 2017 issued by the Superintendence of Industry and Commerce.

CLEVER MEDICAL SERVICES S.A.S in the event of having video surveillance systems and/or making recordings of the holders, will ensure compliance with the purposes set forth in this policy.

Treatment of data captured through recordings of virtual meetings:
CLEVER MEDICAL SERVICES S.A.S under the philosophy of the proper use and promotion of information technologies, guarantees that it will capture in advance, the authorization of data processing of third parties in case of recording or filming of any type of meeting or event, regardless of the platform or medium used for the purpose.

Biometric Data:
Eventually and related to the fulfillment of its corporate purpose, CLEVER MEDICAL SERVICES S.A.S may perform treatment on biometric data, through technical processes to identify a natural person unequivocally. For these cases, taking into account its sensitive nature, express authorization will be obtained from the owner and will ensure compliance with this policy with its corresponding security measures, in order to avoid any misuse that involves the affectation of the fundamental rights of the owner.

For other events, CLEVER MEDICAL SERVICES S.A.S. will avoid the processing of sensitive data, however, if it is necessary to collect or store them, prior and express authorization will be requested from the respective owners.

Processing of personal data collected through photographs:
CLEVER MEDICAL SERVICES S.A.S will treat the image captured by means of photos, videos and audios, as long as there is express authorization to that effect signed by the holder.
The authorization to use the image will contemplate the following scopes:

  • Capturing personal images through photographs, videos or audios, by physical or electronic means.
  • Disclose and publish personal images by any physical, electronic or virtual means for commercial or informational purposes, including social networks and data messages.
  • Disclosure and publication through third parties.
  • Make unlimited use of the images captured, and anywhere in the national territory and abroad.

6.3. Data processing of children and adolescents

In the processing of personal data by CLEVER MEDICAL SERVICES S.A.S., respect for the prevailing rights of children and adolescents will be ensured, except for those data that are of a public nature, authorized by current legal regulations and in accordance with the constitutional and legal precepts applicable to such treatment.

In order to guarantee the rights of children and adolescents, the legal representative shall grant authorization to CLEVER MEDICAL SERVICES S.A.S., after the minor has exercised his or her right to be heard, an opinion that will be assessed taking into account the maturity, autonomy and ability to understand the matter.

6.4. Authorization

CLEVER MEDICAL SERVICES S.A.S for the processing of personal data, will request prior authorization for the treatment by any suitable means that can be used as evidence, such as contracts, forms or recordings. This request for authorization will indicate the treatment given to personal data, the purpose of the treatment, the rights you have as owner, and the contact details in which you can exercise your rights through queries and complaints.

6.5. Method of data collection

CLEVER MEDICAL SERVICES S.A. S, may expressly request from the Holders or collect from their behavior the data that are necessary to fulfill the purpose of the Database, which are -among others- their name and surname, gender, company name or identification number, date of birth, physical or electronic correspondence address, contact telephone, employer data, credit experience, business background, judicial, business and family relationships, relationship with public entities, place of work, references and work history, medical information such as medical history, tests, diagnoses and others, insurer or provider of health services.

The data may be provided explicitly to CLEVER MEDICAL SERVICES S.A.S., through entry or linking forms, collected personally through its employees, service providers or commercial representatives, or obtained through consultation with third parties that manage databases, or collected implicitly from market analysis operations, acquisition of products or services that are offered or the behavior of the Holders such as complaints, requests for quotations, surveys, proposals, offers, job applications, participation in programs, events, among others.

7. RIGHTS OF THE HOLDERS OF PERSONAL DATA

The Holder of the personal data processed in CLEVER MEDICAL SERVICES S.A.S, shall have the following rights:

  • To know, update and rectify your personal data with respect to the data controllers or data processors.
  • Request proof of the authorization granted to the data controller.
  • To be informed by the data controller or the person in charge of the processing, regarding the use that has been made of their personal data.
  • File complaints before the Superintendence of Industry and Commerce for infringements to the processing of personal data.
  • To revoke the authorization and/or request the deletion of the data when the processing does not respect the constitutional and legal principles, rights and guarantees.
  • Access free of charge to your personal data that have been subject to Processing.
  • Consult the personal information contained in any CLEVER MEDICAL SERVICES S.A.S. database.
  • The owner of the data has the Data Processing Officer, who will be responsible for dealing with requests, queries and complaints, in order for the owner to know, update, rectify, delete the data and revoke the authorization.

The temporality of the personal data that are in treatment in CLEVER MEDICAL SERVICES S.A.S, will be subject to the purpose for which it has been established. Once the purpose of the treatment is fulfilled, the personal data collected will be deleted, retained when required for compliance with a legal or contractual obligation.

8. RIGHTS OF DATA CONTROLLERS AND DATA PROCESSORS

CLEVER MEDICAL SERVICES S.A.S as Data Controller will be obliged to:

  • Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data.
  • Duly inform the Data Subject about the purpose of the collection and the rights he/she has by virtue of the authorization granted.
  • Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  • Ensure that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable.
  • Update the information, communicating in a timely manner to the Data Processor, all developments with respect to the data previously provided and take other necessary measures to ensure that the information provided to this is kept up to date.
  • Rectify the information when it is incorrect and communicate the relevant information to the Data Processor.
  • To provide the Data Processor, as the case may be, only data whose Processing is previously authorized in accordance with the provisions of this law.
  • Require the Data Processor at all times to respect the security and privacy conditions of the Data Subject’s information.
  • To process the queries and claims formulated under the terms set forth in this law.
  • Inform the Data Controller when certain information is under discussion by the Data Subject, once the claim has been filed and the respective process has not been completed.
  • Inform at the request of the Data Subject about the use given to their data.
  • Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the Data Holders.
  • Comply with the instructions and requirements given by the Superintendence of Industry and Commerce.
  • Must accredit or make available the data protection policy when this means is used.
  • Must keep the model of the Privacy Notice used to comply with the duty they have to inform the Holders of the existence of data protection policy and how to access them, while personal data are processed in accordance with it and the obligations arising therefrom endure.
  • You must keep proof of the authorization granted by the holders of personal data for the processing of the same. For these purposes, CLEVER MEDICAL SERVICES S.A.S. will deploy the physical and electronic means necessary for the preservation of the proof of the authorization granted by the holders of personal data for the processing of the same regardless of the means by which such authorization was obtained.

CLEVER MEDICAL SERVICES S.A.S as data processor will be obliged to:

  • Guarantee the Holder, at all times, the full and effective exercise of the right of habeas data.
  • Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  • Timely update, rectify or delete data in accordance with the terms of this law.
  • Update the information reported by the data controllers within ten (10) working days from its receipt.
  • To process the queries and claims made by the Data Controllers under the terms set forth in this law.
  • Register in the database the legend «claim in process» in the form regulated in the present law.
  • Insert in the database the legend «information under judicial discussion» once notified by the competent authority about judicial proceedings related to the quality of the personal data.
  • Refrain from circulating information that is being disputed by the Data Subject and whose blocking has been ordered by the Superintendence of Industry and Commerce.
  • Allow access to the information only to the persons who may have access to it.
  • Inform the Superintendence of Industry and Commerce when there are violations to the security codes and there are risks in the administration of the information of the Holders.
  • Comply with the instructions and requirements given by the Superintendence of Industry and Commerce.
  • To demand from the data controllers, the respective collection of the authorization of personal data, which must include the power to transmit or transfer personal data to CLEVER MEDICAL SERVICES S.A.S. as Data Processor.

CLEVER MEDICAL SERVICES S.A.S as responsible and simultaneous Data Controller and Data Processor shall be obliged to:

  • Establish simple and agile mechanisms that are permanently available to the Data Controllers so that they can access the personal data under their control and exercise their rights over them.

  • Adopt reasonable measures to ensure that the personal data contained in the databases are accurate and sufficient and, when so requested by the Data Subject or when the data controller has been able to notice it, are updated, rectified or deleted, in such a way as to satisfy the purposes of the processing. They must designate a person or area that assumes the function of personal data protection, which will process the requests of the Data Controllers, for the exercise of the rights referred to in Law 1581 of 2012 and Decree 1377 of 2013.

9. PROCEDURES FOR THE EXERCISE OF THE RIGHTS OF INFORMATION, ACCESS, UPDATING, RECTIFICATION AND CANCELLATION.

The area in charge of handling requests, queries and claims from data owners to exercise their rights to know, update, rectify and delete their data and revoke their authorization is the legal representative or Data Processing Officer of CLEVER MEDICAL SERVICES S.A.S.

In order to go to the Superintendence of Industry and Commerce to exercise the legal actions contemplated for data owners or interested parties, the process of consultations and/or claims described herein must be previously exhausted.

9.1. Inquiries

The owner of the data and / or anyone entitled as provided in the rule with the respective accreditation of the condition, may submit a request related to the consultation of personal data held by the Company through written support filed electronically to the email gerencia@clevermedicalservices.com. The request must contain your specific request, and the physical or electronic address for response.

CLEVER MEDICAL SERVICES S.A.S. will have a term of 10 working days to resolve the request.

9.2. Claims

El titular del dato y/o cualquiera legitimado según lo establecido en la norma con la respectiva acreditación de la condición, podrá presentar reclamación con el propósito de corregir, actualizar, suprimir o solicitar el cumplimiento de los deberes del responsable y Encargado del tratamiento de datos personales. El reclamo deberá ser interpuesto mediante soporte de manera electrónica al correo electrónico gerencia@clevermedicalservices.com, indicando los hechos que dan lugar al reclamo, su dirección de notificaciones y los documentos que pretende hacer valer.

CLEVER MEDICAL SERVICES S.A.S. will have a term of 15 working days to resolve the claim.
Todo titular de datos personales, en cualquier momento, podrá revocar la autorización expedida para el tratamiento de los datos personales siempre que no lo prohíba una disposición legal o contractual.
La revocatoria del consentimiento deberá ser presentada a través de reclamación según lo establecido anteriormente.

10.TRANSFERS AND TRANSMISSION OF PERSONAL DATA

For the transmission and transfer of personal data, the following rules shall apply:

  • International transfers of personal data shall observe the provisions of Article 26 of Law 1581 of 2012; and the exceptional cases in which such prohibition does not apply. Exceptionally, CLEVER MEDICAL SERVICES S.A.S, may transfer personal data in the following cases: Information in respect of which the holder has granted express and unequivocal authorization for the transfer. Exchange of medical data, when so required by the treatment of the holder for reasons of health or public hygiene. Banking or stock exchange transfers, in accordance with the applicable legislation. Transfers agreed within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity.
  • International transfers of personal data made between a controller and a processor to allow the processor to carry out the processing on behalf of the controller, shall not require to be informed to the holder or have his consent when there is a contract under the terms of Article 25 of Law 1581 of 2012.
  • Transfers necessary for the execution of a contract between the holder and CLEVER MEDICAL SERVICES S.A.S, or for the execution of pre-contractual measures as long as the holder’s authorization is obtained.
  • Transfers legally required to safeguard the public interest, or for the recognition, exercise or defense of the holder’s rights.

11. SECURITY MEASURES

CLEVER MEDICAL SERVICES S.A.S, through its Information Security Policy and personnel training will ensure compliance with the security principle of Law 1581 of 2012 and other concordant and complementary standards, will adopt physical, technological and administrative security measures, when required and will ensure the processing of personal data with third parties, through the implementation of the contractual obligation in the relationships acquired with suppliers and contractors, who in one way or another provide goods and services aimed at contributing to the provision of services to CLEVER MEDICAL SERVICES S.A.S.

12. LEGAL FRAMEWORK

The Policy for the protection of Personal Data of CLEVER MEDICAL SERVICES S.A.S, are governed by and are the result of the application of the relevant articles of the Political Constitution of Colombia, Law 1581 of 2012, Decree 1377 of 2013, Decree 886 of 2014, Single Regulatory Decree 1074 of 2015, and any other regulations that modify or complement them and with attention to the provisions of Ruling C-748 of 2011 with report of Dr. Jorge Ignacio Pretelt Chaljub.

13. VALIDITY

The validity of this policy for the protection of Personal Data of CLEVER MEDICAL SERVICES S.A.S. is effective as of October 22, 2022, and supersedes any other previous policy or guideline related to this matter.

This policy is available for the knowledge of the community in general, on the website gerencia@clevermedicalservices.com.

Compañia

Síguenos en

+57 (301) 190 71 60

Servicios

Newsletter

Scroll al inicio