The purpose of this Policy for the Treatment of Personal Data (the “Policy”) is to establish and inform the treatment given by AH MEDTECH S.A.S., a company domiciled in Bogotá, Colombia and identified with NIT 901.173.141 – 0 (“The Company”) to the personal data of those who have provided them as users of TOTAL DEFINER MASTERCLASS as well as to disseminate and protect the rights of the owners of such personal data. This policy defines the minimum requirements to ensure an adequate level of protection within the Company for the collection, use, disclosure, transfer, storage, and other processing of personal data.
During the processing of personal data and Sensitive Personal Data, the Company will comply with the guiding principles of data protection established in the applicable regulations, such as (i) legality; (ii) purpose; (iii) freedom; (iv) truthfulness; (v) transparency; (vi) restricted access and circulation; (vii) security; and (viii) confidentiality.
Categories of personal data:
To comply with the purposes of the treatment indicated in this privacy notice, it is necessary to collect and process the following personal data:
- Identification data.
- Medical License
- Contact information.
- Data and information regarding your interests and preferences concerning our products, services, courses, congresses, and promotions.
- Traffic data and location (IP’s)
- Economic, financial, or banking data
The personal data requested are mandatory so the refusal to provide them will make it impossible to carry out the provision of the contracted services. The data in the forms provided by AH MEDTECH S.A.S. through the Platform appear marked with an asterisk (*) and will be necessary to comply with the established contractual or legal purpose.
Therefore, if the user does not provide them, it will not be possible to register on the TOTAL DEFINER MASTERCLASS.
We and our third-party service providers passively collect and use information in a variety of ways, including:
At through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system version, and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access the site through a mobile device.
You may refuse to accept these cookies by following your browser instructions; however, if you do not accept them, you may experience some inconvenience in your use of the site. You may also not receive advertising or other offers from us that are relevant to your interests and needs. For more information about cookies, please visit www.allaboutcookies.org.
Use of Flash Cookies: Our use of Adobe Flash technology (including Flash Local Stored Objects (Flash LSOs)) allows us to, among other things, serve you with more tailored information, facilitate your continued access to and use of the site, and collect and store information about your use of the site. If you do not want Flash LSOs stored on your computer, you can adjust your Flash player settings to block Flash LSO storage by using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (listed as “information” on the Macromedia site), how to prevent Flash LSOs from being stored on your computer without consulting you, and (for Flash Player 8 and later versions) how to block Flash LSOs that are not being delivered by the operator of the page you are currently on). Please note that configuring Flash Player to restrict or limit acceptance of Flash LSOs may reduce or prevent the functionality of some Flash applications, including, potentially, Flash applications used in connection with the Site or our online content.
Use of pixel tags, web beacons, clear GIFs or other similar technologies: These may be used in connection with some site pages and HTML-formatted e-mail messages to, among other things, track the actions of site users and e-mail recipients, measure the success of our marketing campaigns, and compile statistics about site usage and response rates.
IP Address: Your IP address is a number that is automatically assigned to the computer you are using by your Internet Service Provider (ISP). An IP address is automatically identified and noted in our server log files when a user visits the Site, along with the time of the visit and the page(s) visited. Collecting IP addresses is standard practice on the Internet and is done automatically by many Web sites. We use IP addresses for purposes such as calculating Site usage levels, helping diagnose server problems and administering the Site.
Device Information: We may collect information about your mobile device, such as a unique device identifier.
For the processing of personal data, the Company will request prior, express, informed and clear authorization from the owner of the data. The above, except cases in which the applicable regulations allow the processing of data without requiring authorization.
The processing of personal data will be carried out under the terms of the express consent authorized by the owner and/or his representative and only for the purposes foreseen therein.
The consent shall not be required for the processing of personal data when:
- Information required by a public or administrative entity in the exercise of its legal functions or by court order;
- Data of a public nature;
- Cases of medical or sanitary emergency;
- Processing of information authorized by law for historical, statistical or scientific purposes;
Personal data will only be processed for the time that is reasonable and necessary, according to the purposes that justified it, in accordance with the provisions applicable to the matter in question (e.g. administrative, accounting, fiscal, legal and historical aspects of the information). Once the purpose or purposes of the processing have been fulfilled and without prejudice to legal regulations that provide otherwise, the Company shall proceed to the deletion of the personal data in its possession, without prejudice to the possibility of retaining those that are required for the fulfillment of a legal or contractual obligation.
The processing of personal data will be carried out under high standards of security and confidentiality, using the data exclusively for the purpose described in the corresponding privacy notice, and adapting to the requirements of the applicable regulations.
The Company shall provide the technical, human, and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use, or unauthorized or fraudulent access. The Company’s obligation and responsibility is limited to having the appropriate means for this purpose. The Company does not guarantee the total security of its information nor is it responsible for any consequences derived from technical failures or improper access by third parties to the database or file in which the personal data processed by the Company and its employees are stored. The Company shall require third parties it contracts or with whom it exchanges information, to adopt and comply with the appropriate technical, human and administrative measures for the protection of personal data concerning which such third parties act as data processors.
TREATMENT AND PURPOSE
The Company, acting as the party responsible for the processing of personal data, for the proper performance of the activities contemplated in its corporate purpose, collects, stores, uses, circulates, deletes, processes, compiles, reproduces, exchanges, updates, disposes of, communicates and transmits, as the case may be, personal data of persons with whom it has or has had a relationship.
Among the general purposes for which the Company processes this personal data are the following:
- To carry out activities related to the Company’s corporate purpose.
- To carry out commercial and marketing activities through the processing of Personal Data of customers and suppliers.
- Send important information about your relationship with the Company, as well as about the Company’s products, campaigns, events, Company websites or digital initiatives, and modifications to the Company’s terms, conditions, and policies.
- To follow up on activities, action management, identification of opportunities, quality of services, for administrative, organizational, academic, scientific, research, and reporting obligations established by law or by Codes of Ethics.
- To comply with legal obligations, judicial and contractual processes.
- For business purposes, such as analyzing data, conducting market research, audits, developing new products, improving the website, enhancing the Company’s products and services, identifying site usage trends, and determining the effectiveness of our promotional campaigns.
- Respond to your inquiries and fulfill your requests, as well as send you requested documents or email alerts.
- Follow up and process reports of product quality complaints and adverse events.
- Share it with our third-party service providers who provide services such as website hosting and moderation, mobile application hosting, data analytics, payment processing, order fulfillment, infrastructure provision, IT services, customer service, email and direct mail delivery services, credit card processing, customer and supplier analytics, auditing services and other services, in order to empower them to provide the services.
- Share it with a third party in the event of a reorganization, merger, sale, spin-off, joint venture, assignment, transfer, or other disposition of all or part of our business, assets, or stock (including acts in connection with any bankruptcy or similar proceedings), as well as any change in the Company’s corporate or management structure.
- Respond to requests from public and governmental authorities, including public and governmental authorities in your country of residence and abroad.
- Enforce our terms and conditions.
RIGHTS OF THE OWNERS
The following is a description of your rights as the owner of the personal data processed by the Company:
- To know, update and rectify your personal data with respect to the Company. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorized.
- Request proof of the authorization given to the Company for the processing of Personal Data.
- Be informed by the Company, upon request, regarding the use it has made of your personal data.
- To file complaints before the competent authority for infringements of personal data protection.
- To revoke the authorization and/or request the deletion of the data, notwithstanding the above, the deletion or revocation shall not proceed when the holder has a legal or contractual duty to remain in the database or while the relationship between the holder and the Company that gave rise to the collection of personal data is in force.
- Access free of charge to your personal data that have been subject to Processing.
PROCEDURE TO EXERCISE THE RIGHTS TO KNOW, UPDATE, RECTIFY AND SUPPRESS INFORMATION AND REVOKE AUTHORIZATION OF TREATMENT
The owner, assignees, representatives, or attorneys-in-fact, may consult, update, rectify, and/or delete their personal data processed by the Company, as well as revoke the processing authorization, at any time and at no cost.
For this purpose, you should send a detailed communication of your request to any of the following addresses:
In all communications you send to The Company, please include an e-mail or physical mailing address so that The Company can respond to your request.
Your request will be answered within a maximum term of ten (10) business days from the date of receipt thereof. When it is not possible to attend the consultation or request within such term, you will be informed, stating the reasons for the delay and indicating the date on which your consultation or request will be attended, which in no case may exceed five (5) business days following the expiration of the first term.
The Company may deny access to personal data, or revocation of the authorization, or the request for deletion of data in the following cases:
- When the applicant is not the owner of the personal data, his successor (e.g. heirs, successor) or the legal representative is not duly accredited to do so;
- When the applicant is not a public or administrative entity in the exercise of its legal functions, or there is no court order.
- When the Data Subject has a legal or contractual duty to remain in the database.
For consultations whose frequency is greater than one per calendar month, the Company may only charge the holder for the costs of mailing, reproduction and, if applicable, certification of documents. Reproduction costs shall not exceed the cost of recovery of the corresponding material.
PROCEDURE FOR HANDLING COMPLAINTS AND CLAIMS
If you consider that the information contained in a database should be corrected, updated or deleted, or when you notice the alleged breach of any of the duties contained in this data policy, you may file a complaint with the Company in the mail or address detailed below.
For this purpose, you must send a detailed communication in order to file a complaint or claim.
- Description of the facts giving rise to the claim
- An address for the Company to respond to your complaint.
- Attach any document(s) to be asserted
- To any of the following addresses:
Incomplete Claim: If the claim is incomplete, you will be required within five (5) business days of receipt of the claim to provide the missing information. After two (2) months from the date of the requirement, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.
Complete Claim: Once the complete claim is received, a legend will be included in the database stating “claim in process” and the reason for the claim, within a term no longer than two (2) business days. Such legend shall be maintained until the claim is decided.
The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within such term, the interested party will be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
TRANSFER OF PERSONAL DATA
The Company may transfer your personal data to unrelated third parties that comply with minimum data protection standards, when necessary to comply with contractual, legal or related obligations to the line of business to which the information relates.
Likewise, considering that the Company’s domicile is in Bogota, Colombia and to centralize the information, your personal data will be transferred and stored outside the country where it is located for which we take appropriate legal and security precautions to safeguard the security and integrity of personal data being transferred.