POLICY OF TREATMENT AND PERSONAL DATA PROTECTION
IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S
NOVEMBER 22°, 2018
UPDATING MARCH, 2020
POLICY OF PERSONAL DATA PROTECTION
In compliance with the provisions of Statutory Law 1581 of 2012 and its Regulatory Decrees, the company establishes the General and Special Policy applicable for the Treatment and Protection of Personal Data in the organization.
- IDENTIFICATION OF THE RESPONSIBLE
IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S.: commercial company identified with TIN. No. 900.537.021- 5 is established as a Colombian company, whose corporate purpose is commerce and wholesale rental of other types of machinery and n.p.c. equipment
- PHYSICAL ADDRESS: Calle 92 # 11-51 Oficina 202
- CONTACT EMAIL: [email protected]
- PHONE NUMBER: 031-3164890
- OBJECTIVE
This Policy establishes the general guidelines for the protection and processing of personal data at the inside of the Company, and in this manner allowing the strengthening of the trust level between the Responsible (IMEXHS S.A.S) and the Holders in relation to the processing of their information; Inform the Holders on the purposes and transfers to which their personal data are subjected, the mechanisms and forms for the exercise of their rights.
- SCOPE
- This Personal Data Treatment and Protection Policy will be applied to all databases and / or files including personal data that are subject to treatment by IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. as responsible for the processing of personal data.
- DEFINITIONS
- Habeas Data: Right that everyone has to know, update and rectify the information that has been collected about them in files and databases of a public or private nature.
- Personal data: Any information linked or that may be associated with one or more specific or determinable natural persons.
- Database: Organized set of personal data that is subject to treatment.
- Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.
- Authorization: Prior, express and informed consent of the Holder to carry out the processing of personal data.
- Privacy notice: It is the physical, electronic document or in any other known or unknown format, which is made available to the Holder in order to inform about the processing of her personal data.
- Holder: Individual whose personal data is under treatment
- Successor: Person who by succession or transfer acquires the rights of another person.
- Responsible for the Treatment: Individual or legal person, public or private, that by him/herself or in association with others, decides on the database and / or the data treatment.
- Responsible for the Treatment: Individual or legal person, public or private, that by him/herself or in association with others, carries out the processing of personal data on behalf of the Responsible for the treatment.
- APPLICABLE GUIDING PRINCIPLES IN MATTER OF PERSONAL DATA
Regarding the protection of personal data, the following guiding principles will apply:
- a) Principle of legality regarding data processing: The processing referred to in the Habeas Data Law is a regulated activity that must be under to what is established therein and in other provisions that developing this.
- b) Principle of purpose: The treatment must obey a legitimate purpose in accordance with the Constitution and the law, which must be informed to the Holder.
- c) Principle of freedom: The treatment can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate disclosing consent.
- d) Principle of truthfulness or quality: The information under treatment must be truthful, complete, exact, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is forbidden.
- e) Principle of transparency: In the treatment, the right of the Holder to obtain from the person in charge of the treatment or the person in charge of the treatment, at any time and without restrictions, information on the existence of data that concerning him/her, must be ensured.
- f) Principle of access and restricted circulation: The treatment is subject to the limits derived from the nature of the personal data, the provisions on the law and on the Constitution. In this sense, the treatment can only be carried out by persons authorized by the Holder and / or by the persons provided by the law.
Personal data, except for public information, these may not be available on the Internet or other disclosing means or mass communication, unless that access is technically controlling enough to provide restricted knowledge just to the Holders or authorized third parties in accordance with the law.
- g) Principle of security: The information under treatment by the person in charge of the treatment or in charge of the treatment referred to in the Habeas Data Law, must be managed with the technical, human and administrative measures that are necessary to grant security to the records avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access.
- h) Principle of confidentiality: All persons intervening in the processing of personal data that are not public in nature are obliged to guarantee the reservation of the information, even after The end of their relationship with any of the tasks included in the treatment, being able just to supply or communicate personal data when this corresponds to the development of the activities authorized by law and in the terms thereof.
- RIGHTS OF THE HOLDERS
Holders of personal data will enjoy the following rights, and those granted by law:
- Know, update and rectify their personal data before the person in charge of the treatment or those in charge of the treatment. This right may be exercised, among other, before partial, inaccurate, incomplete, fractioned, misleading data, or those whose treatment is expressly forbidden or has not been authorized;
- Request evidence of the authorization granted to the person in charge of the treatment except when expressly excepted as a requirement for the treatment, in accordance with the provisions of article 10 of the law;
- Be informed by the person in charge of the treatment or by the person in charge of the treatment, upon request, regarding the use that has been given to their personal data;
- Present before the Superintendence of Industry and Commerce complaints for infractions to the provisions on the law and other regulations modifying this, adding or complementing this;
- Revoke the authorization and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the treatment. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the treatment the Responsible or Person in Charge has incurred in conduct contrary to the law and the Constitution;
- Free access to their personal data that have been processed.
- AUTHORIZATION OF THE PERSONAL DATA HOLDER
Without prejudice to the exceptions provided in Statutory Law 1581 of 2012, as a general rule in the processing of personal data IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. will collect the prior and informed authorization of the Holder, which may be obtained by any means that may be subject to subsequent consultation.
7.1 Events in which authorization is not required
The authorization of the Holder will not be necessary in the case of:
- a) Information required by a public or administrative entity in the exercise of its legal functions or by court order;
- b) Data of a public nature;
- c) Cases of medical or health emergency;
- d) Treatment of information authorized by law for historical, statistical or scientific purposes;
- e) Data related to the Civil Registry of Persons.
- DUTIES OF IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. AS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. As the person responsible for the processing of personal data, will fulfill the following duties:
- a) Ensure the Holder, at all times, with the full and effective exercise of the right to habeas data.
- b) Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Holder.
- c) Properly inform the Holder on the purpose of the collection and the rights assisting him/her by virtue of the authorization granted to him/her.
- d) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
- e) Guarantee that the information provided to the person in charge of the treatment is truthful, complete, exact, updated, verifiable and understandable.
- f) Update the information, communicating in a timely manner to the person in charge of the treatment, all the novelties regarding the data previously provided to him/her and adopt the other necessary measures so that the information provided to it him/her is kept up-to-date.
- g) Rectify the information when this is incorrect and communicate the pertinent to the person in charge of the treatment.
- h) Provide the person in charge of the treatment, as the case may be, only data whose treatment is previously authorized in accordance with the provisions in this law.
- i) Require the person in charge of the treatment, at all times, to respect the conditions of security and privacy of the Holder´s information.
- j) Process the queries and claims formulated in the terms set forth in Statutory Law 1581 of 2012.
- k) Adopt an internal manual of policies and procedures to guarantee adequate compliance with the law and especially for the attention of queries and complaints.
- l) Inform the person in charge of the treatment when certain information is under discussion by the Holder, once the claim has been submitted and the respective process has not been completed.
- m) By request of the Holder, inform about the use given to his/her data.
- n) Inform the data protection authority when there exist violations to the security codes and there exist risks in the administration of the holders´ information.
- o) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
- SPECIFIC POLICIES FOR THE PROCESSING OF PERSONAL DATA.
9.1 Processing of Employees´ personal data
IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. collects the personal data of its Workers which are classified by the company as reserve, and will only be disclosed by the company with the express authorization of the owner or when a Competent Authority requests this.
The purposes for which the personal data of the company’s employees are used will be:
- a) Comply with the obligations imposed by Colombian labor law on employers, or with the orders released by the competent Colombian authorities;
- b) Issue certifications regarding the relationship of the data holder with the company.
- c) Comply with the obligations imposed on the company as an employer, in relation to Occupational Health and Safety regulations, and the so-called Occupational Health and Safety Management System (OH-SMS).
- d) Manage the functions performed by the workers.
- e) Consult memos or calls for attention.
- f) Control delivery of supplies and tools.
- g) Develop and apply the disciplinary process.
- h) Management and control of payroll.
- i) Contact family members in emergencies.
- j) Management and control of requests, complaints and claims.
IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. stores the personal data of its employees, including those obtained during the selection process, and keeps them in a separate filing cabinet in vertical A-Z folders separated by tabs identified with the name of each one of them.
You will only have access to this folder and it will be processed by the Human Resources Area, in order to administer the contractual relationship between IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. and the employee.
IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. treats sensitive data of its employees for the purposes of this treatment, the respective authorization is collected, which in any case will be express and optional, clearly indicating the sensitive data under treatment and the purpose thereof.
In same manner, this will have high security systems for the handling of sensitive data and its reservation, with the understanding that such sensitive data will only be used by IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. for the aforementioned purposes.
After the employment relationship, IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. will proceed to store all the personal data obtained from the selection process and the documentation generated in the development of the employment relationship, in a central file with restricted access, subjecting the information to adequate security measures and levels at all times, since employment information may contain data of a sensitive nature.
In any case, the information will not be processed for a period exceeding twenty (20) years from the termination of the employment relationship, or in accordance with the legal or contractual circumstances that make the necessary information handling.
9.1 Treatment of personal data of Clients
IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. collects the personal data of its Clients and stores them in a database which is classified by the company as reserve, and will only be disclosed with the express authorization of the owner or when a Competent Authority requests this.
The purposes for which the personal data of the Clients of IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. are used. will be:
- Carrying out procedures for the pre-contractual, contractual and post-contractual stages.
- Sending invitations to events scheduled by the company.
- Corroborate any requirement that may arise in the development of the signed contract.
- Comply with the contract object, including merchandise shipping activities, fulfillment and processing of guarantees, among other.
- Verify cases in which there is a breach by any of the parties.
- General bonding of every client.
- Carry out customer loyalty activities and marketing operations.
- Turnover management and control.
- Management of the different collections and payments
- Handling of products as software based on data tables collecting customer and product information.
- Maintenance and support through remote access to the Software containing user information of our clients.
- Management and control of the different judicial processes.
- Management and control of requests, complaints and claims.
In any case, the information will not be processed for a period exceeding the duration of the client’s relationship with the company, and the additional time that is required according to the legal or contractual circumstances that make the handling of the information necessary.
9.3 Processing of personal data of Suppliers and contractors
IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. collects the personal data of its suppliers and contractors, stored by this in a database which, although this consists mostly of public data, is classified by the company as reserve, and that, in the case of private data, only they will be disclosed by the company with the express authorization by the owner or when a Competent Authority requests this.
The purposes for which personal data of IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S.´ suppliers and contractors are used will be:
- Sending invitations to hire and carrying out procedures for the pre-contractual, contractual and post-contractual stages.
- Sending invitations to events programmed by the Company or its affiliates.
- c) Other specifically established in the authorizations granted by the suppliers themselves.
IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. will only collect from its suppliers and contractors the data that is necessary, pertinent and not excessive for the purpose of selection, assesment and execution of the contract that may apply.
Collection of personal data of employees of suppliers and contractors by IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. In any case, this will have the purpose of verifying suitability and competence of the employees; that is, once this requirement has been verified, IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. will return such information to the Supplier, except when its conservation is expressly authorized.
In any case, the information will not be processed for a period exceeding the term of the Supplier’s relationship with the company, and the additional time required according to the legal or contractual circumstances that make the information handling as necessary.
- INTERNATIONAL TRANSFER AND TRANSMISSION OF PERSONAL DATA
The company currently carries out International Transfer of personal data of the company´ accounting and financial information, to the parent company IMAGING EXPERTS AND HEALTHCARE SERVICES PTY LTDA identified with: ACN 624.772.756 domiciled in: 122 O’Riordan Street Mascot NSW 2020 in Australia, complying with the requirements of safeguarding semi-private personal data, in the same manner, the information will be administered confidentially, previously requesting authorizations from the owners in the case this considers as pertinent, however, data transmit is not carried out. In the event that the company decides to carry out the International Transmission of personal data, in addition to having the express and unequivocal authorization of the Holder, IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. will ensure that the action provides adequate levels of data protection and meets the requirements established in Colombia by the Statutory Law and its regulatory decrees. Safeguarding the security of the information, confidentiality and the conditions regulating the scope of the data processing, in accordance with article 10 of Law 1581, 2012.
- DATA OF CHILDREN, GIRLS AND ADOLESCENTS
IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. does not directly process the personal data of minors. However, in a particular manner, the company collects and processes the personal data of the minor children of its collaborators, with the sole purpose of complying with the obligations imposed by law on employers in relation to affiliations to the social security system. and parafiscal, and in particular to allow the enjoyment of the fundamental rights of children to health and recreation.
In any case, IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. will collect when appropriate the respective authorization for its treatment, always keeping in mind the best interests of the minor and respect for the prevailing rights of children and adolescents.
- PROCEDURE FOR THE ATTENTION OF CONSULTATIONS, CLAIMS AND PETITIONS, AND MECHANISMS TO EXERCISE THE RIGHTS OF THE HOLDERS
The Holder, his/her successors in title, his/her representative and / or proxy holder, or whoever is determined by stipulation in favor of another; may exercise his/her rights by contacting us through written communication addressed to the area in charge of the protection of personal data in the ADMINISTRATIVE company. The communication may be sent to the following email: [email protected] or through written communication filed at the address: Calle 92 # 11- 51 OF 202 in the city of Bogotá.
12.1 Queries
It will be possible to consult the personal information of the Holder that resting in the databases of IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. and the company will be in charge of supplying all the information contained in the individual registry or that is linked to the identification of the applicant.
Once the query has been received by the company, this will be answered within a maximum term of ten (10) business days from the reception date.
When not possible to attend the query within such term, the interested party will be informed, stating the reasons for the delay and indicating the new date on which such consultation will be attended, which in no case may exceed the following five (5) business days at the expiration of the first term.
12.2 Claims
When it is considered that the information contained in an IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S.´ database, this must go under correction, updating or deletion, or when the alleged breach of any of the duties contained in the Habeas Law is noticed, a claim may be filed before IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. which will be processed under the following rules:
- The claim will be made by written communication addressed to IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. with the identification of the Holder, the description of the facts giving rise to the claim, the address, and accompanying the documents desired to enforce.
Whether the claim is incomplete, the interested party will be required within five (5) days after receiving the claim to correct the faults. After two (2) months from the requesting, and if the applicant fails to submit the required information, it will be understood that he/she has withdrawn the claim.
In the event that IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. receives a Claim for which it is not competent to resolve it, the company will transfer this to whoever actually corresponds within a maximum term of two (2) business days and will inform the Holder.
- Once the complete claim has been received, the company will include in the respective database a legend reading “claim in process” and the ground thereof, within a term not exceeding two (2) business days. The company will keep such legend in the data under discussion until the claim is decided.
- The maximum term to attend the claim will be fifteen (15) business days from the day following the reception date. When it is not possible to attend the claim within such term, the company will inform the Holder on the grounds for the delay and the new date on which their claim will be attended, which in no case may exceed eight (8) business days following expiration of the first term.
MINIMUM CONTENT OF THE REQUEST
The requests presented by the owner in order to carry out a query or claim on the use and handling of his/her personal data must contain minimum specifications, in order to provide the holder with a clear and consistent response to the requested. The application requirements are:
- Be addressed to IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S.
- Contain the Holder´s ID (Name and ID).
- Contain the description on the facts motivating the query or claim.
- The request object.
- Indicate the notification address of the Holder, physical and / or electronic (e-mail).
- Attach the documents desired to enforce. (Especially for claims)
In the event that the query or claim is presented in person, the Holder must state his/her request or claim in writing without any formality other than the requirements demanded in the previous point.
12.3 Procedure requirement
The Holder, his successors in title, the representative and/or proxy holder, or whoever is determined by stipulation in favor of another one; will only file a complaint with the Superintendence of Industry and Commerce by the exercise of his/her rights once the Consultation or Claim process directly before the company has been exhausted.
12.4 Request for update and / or rectification
IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. will rectify and update, by request of the holder, the information that is inaccurate or incomplete, attending to the procedure and the terms set forth above, for which the Holder must submit the request according to the channels provided by the company, indicating the update and rectification of the data and in turn must provide the documentation supporting such request.
12.5 Revocation of the authorization and / or Data deletion
The Holder may revoke at any time the consent or authorization given for the processing of his/her personal data, as long as there is no impediment enshrined in a legal or contractual provision.
Likewise, the Owner has the right to request IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. the suppression or elimination of his/her personal data when:
- a) Consider that they are not being treated according to the principles, duties and obligations set forth in current regulations.
- b) They are no longer necessary or relevant for the purpose for which they were obtained.
- c) The time necessary for the fulfillment of the purposes for which they were obtained has been completed.
Such deletion implies the total or partial elimination of personal information, according to what is requested by the owner in the records, files, databases or treatments carried out by the company.
The right of cancellation is not absolute and therefore IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. may deny revocation of authorization or personal data deletion in the following cases:
- The owner has a legal or contractual duty to remain in the database.
- c) The elimination of data hinders judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.
- d) The data is necessary to protect the legally protected interests of the owner; to carry out an action based on the public interest, or to comply with an obligation legally acquired by the holder.
13 POLICY MODIFICATION
IMAGING EXPERTS AND HEALTHCARE SERVICES S.A.S. reserves the right to modify the Personal Data Treatment and Protection Policy at any time. However, any modification will be communicated in a timely manner to the holders of personal data through the usual means of contact within ten (10) business days prior to its entry into force.
In the event that a holder does not agree with the new General or special Policy and with valid reasons constituting in a fair cause for not continuing with the authorization for the processing of personal data, the Holder may request the company to withdraw of his/her information by means the channels set forth in Chapter 12. However, Holders may not request withdrawal of their personal data when the company has a legal or contractual duty to process the data.
14 VALIDITY
This Policy is effective as of November 22nd, 2018.