Privacy Policy
OBJECTIVE: To ensure the preservation and confidentiality of the information of patients and users of BOGOTA LASER OCULAR SURGERY CENTER S.A., collected for the provision of health services under Article 15 of the National Constitution, Law 23 of 198, Law 1581 of 201, Decree 1074 of 201, Decree 1377 of 2013, and Decree 1995 of 199, following the guidelines of Law 23 of 1981 and Resolution 2546 of July 2, 1998.
Our information processing policy defines, among other things, the principles that we will adhere to when collecting, storing, and using the personal data of our patients and/or users. This translates into acting responsibly when collecting personal information and protecting their privacy, ensuring the confidentiality of the Medical History as indicated by law.
POLICY SCOPE: The principles and provisions contained in this policy will apply to the personal data of patients and/or users, suppliers, partners, and associates registered with BOGOTA LASER OCULAR SURGERY CENTER S.A. This Policy will apply to all Processing of Personal Data and Sensitive Data by BOGOTA LASER, its employees, and, where applicable, by those third parties with whom BOGOTA LASER agrees to carry out all or part of any activity related to the Processing of Personal Data or its information systems.
MANDATORY COMPLIANCE: These policies are mandatory and strictly enforceable by all employees of BOGOTA LASER OCULAR SURGERY CENTER S.A., as well as contractors and third parties associated with BOGOTA LASER. All employees must observe and respect these policies in the performance of their duties (Following numeral 1 of Article 58 of the Substantive Labor Code, it is a special obligation for the worker to “observe the provisions of the regulations and comply with the orders and instructions given to him or her by the employer or his or her representatives”). In cases with no employment relationship, a contractual clause must be included obligating the contractor to comply with these policies.
DEFINITIONS: The expressions used in this Policy will have the meaning attributed to them here or the meaning given to them by applicable law or jurisprudence.
- “Authorization”: Prior, express, and informed consent of the Data Subject to carry out the Processing of personal data.
- “Privacy Notice”: It is the verbal or written communication generated by the Data Controller, addressed to the Data Subject for the Processing of their Personal Data, through which they are informed about the existence of the information Processing policies that will apply to them, how to access them, and the purposes of the Processing to be given to the Personal Data.
- “Database”: Organized set of Personal Data subject to Processing.
D. “Personal Data”: Any information of any kind, linked or that can be associated with one or more natural or legal persons, whether identified or identifiable.
- “Public Data”: Data that is not semi-private, private, or sensitive. Public data includes, among others, data related to a person’s marital status, profession or occupation, and status as a merchant or public servant. By their nature, public data can be contained, among others, in public records, public documents, gazettes, official bulletins, and duly executed judicial decisions that are not subject to confidentiality.
- “Sensitive Data”: Personal Data that affects the privacy of the Data Subject or whose improper use may lead to their discrimination, such as data revealing trade union affiliations, racial or ethnic origin, political orientation, religious, moral or philosophical beliefs, membership in trade unions, social organizations, human rights organizations, or promoting the interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as data relating to health, sexual life, and biometric data.
- “Processor”: Natural or legal person, public or private, who, on their own or in conjunction with others, carries out the Processing of Personal Data on behalf and the instructions of the Data Controller.
- “Authorized”: The Company and all individuals under the responsibility of the Company who, by the Authorization and this Policy, are authorized to Process the Data Subject’s, Personal Data. The Authorized includes individuals within the scope of the Habilitated.
- “Habilitation” or being “Habilitated”: The explicit and written authorization that the Company grants to third parties, by contract or any equivalent document, in compliance with applicable law, for the Processing of Personal Data, making such third parties Processors of the Data made available or provided.
- “Inquiry”: A request from the data subject or persons authorized by the data subject or by law to know the information held about them in databases or files.
- “Manual”: The Company’s Internal Manual of Policies and Procedures for the Protection of Personal Data, which contains the policies and procedures to ensure compliance with the Law.
- “Data Controller”: Any person subject to this Policy who carries out activities related to the Processing of Personal Data within, on behalf of, or for the Company, including but not limited to any employee, director, representative, contractor, agent, deputy, delegate, ambassador, shareholder, partner, external consultant, supplier, and customer of BOGOTA LASER OCULAR SURGERY CENTER S.A.
- “Data Subject”: The natural or legal person to whom the information contained in a Database refers, and who is the subject of the right to habeas data, as the holder of the corresponding Personal Data.
- “Transfer”: The Processing that involves the communication of Personal Data within or outside the territory of the Republic of Colombia when its purpose is the Processing by the Processor on behalf of the Data Controller.
- “Transmission”: The Processing activity through which Personal Data is communicated, internally or with third parties, within or outside the territory of the Republic of Colombia when such communication aims to carry out any Processing activity by the recipient of the Personal Data.
- “Processing”: Any operation or set of operations, whether automated or not, that allows the collection, storage, organization, storage, modification, correlation, use, circulation, evaluation, blocking, destruction, and, in general, the processing of Personal Data, as well as its transfer to third parties through communications, inquiries, interconnections, assignments, or data messages.
TYPE OF COLLECTED INFORMATION: The general data that BOGOTA LASER OCULAR SURGERY CENTER S.A. obtains from its patients and/or users in the exercise of providing its services, including but not limited to
- Name
- Place and date of birth, and nationality.
- Personal Identification Number (ID card, tax identification number, passport.)
- Gender.
- Address, phone number, email.
- Clinical data of the patient. Includes, but is not limited to medical history, surgical outcomes, consultations, prescriptions, diagnoses, examination results, referrals, etc. Contacts: family members, friends, responsible parties, guardians.
- Personal information, level of education, and profession, are obtained through the user support representative, hospital admission, or social work.
- The responsible entity or health insurance provider.
- Employer. Additionally, information is collected through voluntary transmission by the patient or user during the healthcare processes, billing processes, authorized patient investigations, and other sources of information feeding.
SENSITIVE DATA: BOGOTA LASER OCULAR SURGERY CENTER S.A. prohibits its employees, contractors, physicians, and direct or indirect collaborators from disclosing data considered sensitive under the constitution and the law, such as racial or ethnic origin, political preference, union affiliation, affiliation with governmental or non-governmental social organizations, human rights organizations, religious beliefs, sexual orientation, biometric or health data, etc. These data are subject to confidentiality and reservation, especially when it comes to minors and adolescents. The treatment of sensitive data is prohibited, except in cases explicitly indicated in Article 6 of Law 1581 of 2012, that is, in cases where:
- The Data Subject has given explicit authorization for such processing unless such authorization is not required by law;
- The processing is necessary to safeguard the vital interests of the Data Subject and the Data Subject is physically or legally incapacitated. In such cases, legal representatives must provide their authorization;
- The processing relates to data that is necessary for the recognition, exercise, or defense of a right in a judicial process;
- The processing has statistical or scientific purposes. In this case, measures must be taken to anonymize the data subjects. When processing sensitive data is possible, the following obligations must be met: a. Inform the data subject that, since the data is sensitive, they are not obliged to authorize its processing. b. Explicitly and in advance, inform the data subject, in addition to the general requirements for authorization for the collection of any type of personal data, which data will be processed as sensitive and the purpose of the processing, as well as obtain their express consent. However, at the time of data collection, the patient has the right to respond to questions regarding this type of data.
DATA PROCESSING: BOGOTA LASER OCULAR SURGERY CENTER S.A. uses the information of its patients and users to ensure the provision of healthcare services, bill and collect payment from individuals or legal entities responsible for payment, complete the Individual Health Service Provision Record (RIPS), administrative purposes such as audits, billing, accounting, and with the consent of the data subject, carry out research processes, statistics, prevention and promotion campaigns, and in general, use it for public health policies.
These data may be used to:
- Carry out activities related to the provision of healthcare services within the scope of the Clinic’s corporate, administrative, informational, marketing, request, collection, and billing activities, as well as activities arising from the procedures of the Social Security System in Health and compliance with the regulations that govern it.
- Contact patients and/or users through telephone, physical, personal, and/or electronic means (such as SMS, chat, email, and any other means that may be considered).
- Send notifications of changes or improvements in the provision of services and advertising about them, following applicable legislation, as well as send information about health sector magazines or topics that we consider may be of interest.
- Create and manage databases (including databases related to sensitive data) for the provision of the Clinic’s services, research purposes, development of services and/or products, risk studies, and actuarial calculations. BOGOTA LASER OCULAR SURGERY CENTER S.A. does not share this information with any unauthorized person according to current legislation and jurisprudence; however, information may be shared or provided to judicial or administrative authorities that request it in the exercise of their legal powers or with health authorities.
DATA SUBJECT RIGHTS: The individuals obligated to comply with these policies must respect and guarantee the following rights of the data subjects:
- Know, update, and rectify their data in front of the Data Controllers or Data Processors. This right can be exercised, among others, about partial, inaccurate, incomplete, fragmented data that leads to error, or data whose processing is expressly prohibited or unauthorized.
- Request proof of the authorization granted to the Data Controller, unless expressly exempted as a requirement for processing, by Article 10 of Law 1581 of 2012.
- Be informed by the Data Controller or Data Processor, upon request, regarding the use that has been made of their data.
- File complaints with the Superintendence of Industry and Commerce for infringements of the provisions of this law and other regulations that modify, add to, or complement it.
- Revoke the authorization and/or request the deletion of the data when the processing does not comply with constitutional and legal principles, rights, and guarantees. Revocation and/or deletion shall apply when the Superintendence of Industry and Commerce has determined that the Data Controller or Data Processor has engaged in conduct contrary to the Constitution and the law.
- Access their data that has been subject to processing free of charge. Without prejudice to the exceptions provided for by law, processing requires the prior and informed consent of the data subject, which must be obtained through any means that may be subject to subsequent consultation. However, the data subject’s consent will not be necessary when it concerns: a. Information required by a public or administrative entity in the exercise of its legal functions or by court order; b. Publicly available information; c. Cases of medical or health emergencies; d. Information processing authorized by law for historical, statistical, or scientific purposes; e. Data related to the Civil Registry of Persons.
PROCEDURE FOR EXERCISING RIGHTS BY DATA SUBJECTS: Data subjects must submit their inquiries, requests, or claims to the Customer Service Office located at BOGOTA LASER, Calle 113 No. 7-45, Tower B, Office 1410, Bogotá City.
Inquiries: BOGOTA LASER OCULAR SURGERY CENTER S.A. must respond to inquiries within ten (10) business days from the date of receipt. If it is not possible to comply within this time frame, the interested party must be informed of the reasons for the delay and the date on which the inquiry will be addressed, within a maximum period of five (5) days.
Claims: The data subject or their legal representative who believes that the information contained in a database should be corrected, updated, or deleted, or who observes a presumed breach of any of the duties contained in the law or in this Policy, may file a claim with the Clinic, which will be processed under the following rules:
The claim must be made using a written request addressed to the Data Controller or Data Processor, which will be submitted to Calle 113 No. 7-45, Tower B, Office 1410, including the identification of the data subject, a description of the events giving rise to the claim, the address, and any accompanying documents. If the claim is incomplete, BOGOTA LASER OCULAR SURGERY CENTER S.A. will request the interested party to remedy the deficiencies within five (5) days following the receipt of the claim. If, after two (2) months from the date of the request, the applicant has not provided the required information, it will be deemed that they have withdrawn the claim.
Once the complete claim is received, a note stating “claim in process” and the reason for it will be included in the database within a maximum period of two (2) business days. This note must be maintained until the claim is decided.
The maximum period for addressing the claim will be fifteen (15) business days from the day following the date of receipt. If it is not possible to address the claim within this period, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the initial period.
The data subject or their legal representative may file a complaint with the Superintendence of Industry and Commerce once the consultation or claim process with the Data Controller or Data Processor has been exhausted.
Revocation of authorization and/or deletion of data: Data subjects may at any time request BOGOTA LASER OCULAR SURGERY CENTER S.A. to delete their personal data and/or revoke the authorization granted for their processing by submitting a claim following the provisions of Article 15 of Law 1581 of 2012, Decree 1377 of 2013, and the procedure indicated in this Policy. If BOGOTA LASER OCULAR SURGERY CENTER S.A. does not delete the personal data within the respective legal period, the data subject will have the right to request that the Superintendence of Industry and Commerce order the revocation of the authorization and/or the deletion of the personal data. However, personal data must be retained when required for compliance with a legal or contractual obligation.
TEMPORAL LIMITATIONS ON THE TREATMENT OF PERSONAL DATA
BOGOTA LASER OCULAR SURGERY CENTER S.A. may only process personal data for a reasonable and necessary period, by the purposes that justified the processing, taking into account the applicable provisions and the administrative, accounting, fiscal, legal, and historical aspects of the information. Once the purposes of the processing have been fulfilled, and without prejudice to any legal provisions to the contrary, the personal data in its possession will be deleted. However, personal data must be retained when required to fulfill a legal or contractual obligation.
SECURITY MEASURES ADOPTED REGARDING THE TREATMENT OF PERSONAL DATA: BOGOTA LASER OCULAR SURGERY CENTER S.A. informs its patients and users that it has adopted and implemented the necessary technical, legal, and administrative measures to ensure the security of personal data and prevent its alteration, loss, unauthorized access, or misuse.
COMPLIANCE WITH THE PERSONAL DATA PROTECTION LAW: As a customary practice out of respect for the established legal order, BOGOTA LASER OCULAR SURGERY CENTER S.A. is committed to complying with the Personal Data Protection Law fully and guarantees that data subjects have the opportunity to know, update, and request the deletion of their data, when applicable, through the specified means.
MODIFICATION: BOGOTA LASER OCULAR SURGERY CENTER S.A. reserves the right to modify its policy on the protection and treatment of personal data when circumstances or the law so advise or require it. In such cases, the modification will be announced through the means considered appropriate by the clinic. BOGOTA LASER OCULAR SURGERY CENTER S.A. recommends its patients and/or users regularly review the policy on the protection and treatment of personal data to ensure that they have read the most updated version, with the user is responsible for reading it in any case.
IDENTIFICATION OF THE DATA CONTROLLER:
Company Name: BOGOTA LASER OCULAR SURGERY CENTER S.A.
Tax ID Number: 830.081.128-1
Address: Calle 113 No. 7-45 Torre B Oficina 1410
City: Bogota DC
Email: servicioalcliente@bogotalaser.com
Phone: 6294919
Responsible Area: Customer Service Department
CURRENT POLICY UPDATE VALIDITY. This policy takes effect on August 1st, 2020.
GUSTAVO ENRIQUE TAMAYO FERNANDEZ
ID: 19.310.514
Legal Representative