1. GENERAL OBJECTIVE
Establish internal regulations and procedures for personal data processing stored in the databases, physical and digital files of RGC Asesores y Consultores en Salud S.A. hereinafter RGC, based on Statutory Law 1581 of 2012, as well as in the other regulations that govern and complement Personal Data Protection processing in Colombia.
This personal data processing policy applies to personal data recorded in any database that make them susceptible to processing, whether they are individuals and/or legal entities that interact with RGC, and in which we act as data processing controller and/or processor.
According to Statutory Law 1581 of 2012, the following definitions are established
Authorization: Prior, express and informed consent of the Holder to carry out personal data processing.
Database: Organized set of personal data subject to Processing.
Personal data: Any information linked to or associated with one or several determined or determinable individuals.
Data Processor: Individual or legal entity, public or private, that by itself or in association with others, performs personal data processing on behalf of the Personal Data Controller.
Data Controller: An individual or legal entity, public or private, that by itself or in association with others, decides over the database and/or the data processing.
Holder: Individual whose personal data are subject to processing.
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion. :
4. HABEAS DATA POLICY
RGC Asesores y Consultores en Salud S.A. complying with Statutory Law 1581 of 2012 and Regulatory Decree 1377 of 2013, performs personal data collection, storage, use, circulation and updating procedures that have been freely, previously, clearly, expressly, voluntarily provided and authorized and informed by information holders, which are on databases and physical files under technical, human and administrative measures guaranteeing confidentiality, accuracy and availability, that prevent adulteration, loss, consultation, use or unauthorized access.
5. PERSONAL DATA PROCESSING CONTROLLER
RGC Asesores y Consultores en Salud S.A., established by Public Deed 2956 of Notary 30 of Bogotá, on August 10, 2004, duly registered in the Bogotá Chamber of Commerce, acting as personal information processing controller, is identified as follows:
Business Name: RGC Asesores y Consultores en Salud S.A.
Tax ID No.: 830.146.184-5
Address: Calle 103b No. 49b-41
PBX: (571) 742-7695
Web Page: www.rgc.com.co
According to Statutory Law 1581 of 2012, the following policy will be governed by the following principles:
Legality: Personal data use, capture, collection and processing will be done in accordance with legal provisions in force.
Purpose: Processing must comply with a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder.
Freedom to release: Processing can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal mandate or court order that relieves consent.
Truthfulness or quality: Information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. Processing of partial, incomplete, fractioned or misleading data is prohibited.
Transparency: In data processing is guaranteed the holder’s right to obtain from the data processing controller or data processor, at any time and without restrictions, information about the existence of data that concerns him/her.
Restricted access and circulation: Processing is subject to the limits derived from the nature of personal data, the provisions of this law and the Constitution. In this sense, processing may only be performed by persons authorized by the Holder and/or by persons established by this law.
Security: Information subject to processing will be handled with the technical, human and administrative measures necessary to grant security to the records preventing their adulteration, loss, consultation, use or unauthorized or fraudulent access.
Confidentiality: All persons involved in personal data processing that are not of public nature are obliged to guarantee the information’s confidentiality, even after the end of their relationship with any of the tasks involved in processing, being able to only provide or communicate personal data when this corresponds to the development of legally authorized activities and in the terms thereof.
7. PERSONAL INFORMATION PROCESSING POLICIES
a. Under the explicit authorization of the internal and external client, personal, private and sensitive data will be recorded in the company’s own databases.
b. This information will be digitally and physically stored.
c. Personal data will be updated every time the holder requests it.
d. A backup copy of databases that contain information subject to processing will be periodically made.
e. In the only cases that authorization for personal information processing will not be requested, are cases established by law, by court order and by a medical emergency.
f. Personal data will be kept for certifying compliance of a legal and/or contractual obligation and will not be used for a purpose other than the one previously authorized and/or established herein.
g. Right of access to the information will be guaranteed.
h. Comply with the instructions and requirements issued by the Industry and Commerce Superintendence.
i. Register in the National Databases Registry, independently, each of the databases that contain personal data subject to processing.
8. PERSONAL DATA HOLDERS RIGHTS
RGC recognizes and guarantees personal data holders the following fundamental rights:
a. Access, know of, update and rectify their personal data with respect to RGC in its capacity of data processing controller.
b. Request proof of the existence of the authorization granted to RGC, except in those cases in which the Law excludes authorization.
c. Receive information from RGC, upon request, regarding the use given to the holder’s personal data.
d. Submit complaints for infringements about what is established in current regulations before the Industry and Commerce Superintendence (SIC).
e. Modify and revoke the authorization and/or request deletion of personal data when the Processing does not respect principles, rights, and constitutional and legal guarantees in effect.
f. Become aware and have access free of charge to personal data that has been subject to processing.
9. PURPOSES OF THE USE OF INFORMATION
Data processing in RGC corresponds to collection, use, storage, circulation or deletion procedures pursuant to the development of our corporate purpose.
RGC makes use of the data provided throughout the company’s track record, and its storage is through physical and digital databases. The purpose of which is to facilitate management, administration, improvement and expansion of the different services provided by the company, as well as monitoring and controlling incidents that arise. Likewise, personal data will be used by the administrative, financial, technical and operating areas for the creation, conservation and use of documents legally required by accounting standards, labor legislation, and management systems, among others.
CAPTURE OF BIOMETRIC DATA
Biometric data capture is carried out in order to validate the identity of the personnel working in the company and its visitors.
RECORDING THROUGH CAMERAS
Video recording is made by surveillance cameras, in order to ensure the safety of the staff working in our offices and of visitors.
TELEPHONE SYSTEM RECORDING
RGC incoming and outgoing calls will be recorded and monitored to guarantee the quality of our services, and thus manage petitions, complaints and requests.
WEB PAGE INFORMATION REGISTRATION
The information captured through the web page is collected, used and stored for management of requests, complaints and selection, evaluation and recruitment of human talent to work in RGC.
10. SENSITIVE DATA
For the purposes of this policy, sensitive data are those that affect the Holder’s privacy or whose misuse may generate discrimination, such as those that disclose racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organizations, human rights or that promote interests of any political party or that ensure rights and guarantees of opposing political parties as well as data related to health, sexual life and biometric data. Whereby, RGC underscores its apolitical nature, and also state that we are an entity without exclusionary religious or ethnic orientations. Therefore, the personal information holder is not obliged to provide sensitive data in accordance with the law.
11. SENSITIVE DATA PROCESSING
According to Statutory Law 1581 of 2012, sensitive data processing will be performed in the following cases, when:
a. The holder has given his/her explicit authorization to such processing, except in cases that by law is not required to grant such authorization.
b. Processing is necessary to safeguard the holder’s vital interest and the holder is physically or legally incapable. In these events, the legal representatives must grant their authorization.
c. Processing is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or of a trade union, provided that they refer exclusively to its members or to persons who maintain regular contacts due to their purpose. In these events, data may not be provided to third parties without the holder’s authorization.
d. Processing refers to data necessary for recognition, exercise or defense of a right in legal proceedings.
e. Processing has a historical, statistical or scientific purpose. In this event RGC will adopt the measures leading to the suppression of the holders’ identity.
12. PERSONAL DATA OF MINORS
Personal data of minors stored in RGC’s physical and digital databases will be used only and exclusively in the registration and collection of statistics. Whereby, RGC ensures their protection pursuant to the political constitution of Colombia and the law.
Therefore, any use of personal data of minors registered in RGC databases must be expressly authorized by the minor’s legal representative. With that in mind, RGC will provide the minors’ legal representatives the possibility to exercise the rights to data access, cancellation, rectification and opposition of those they represent
13. SECURITY MEASURES ADOPTED WITH REGARD TO PERSONAL DATA PROCESSING
RGC informs personal data holders that it has taken the necessary technical, human and administrative measures to guarantee data security and confidentiality, to prevent its alteration, loss, consultation, use or unauthorized access. Personal data that the information holder provides to RGC will be administered confidentially and in accordance with the laws that regulate personal data protection.
The information will be incorporated into RGC databases and accountability of its use, processing, consultation and storage will be in charge of the company.
14. DISSEMINATION OF THE POLICY
This policy will be published and disseminated on the company’s website www.rgc.com.co for its constant consultation; likewise it will be delivered to each collaborator by email and will become part of the employment contracts.
The entry into force of the personal information processing policy and procedure will be in force as of its publication on RGC web page.
Subscribe to our blog
Obtain industry insights that can positively impact your business.