Personal Data Processing Policy

1. Principles for the Processing of Personal Data

Conexia, in the development of its commercial activities, will collect, use, store, transmit, transfer and carry out various operations with the personal data collected. In all treatment carried out by the person in charge, managers and/or third parties to whom personal data is transferred, they must comply with the principles described in the data protection laws, in order to guarantee the rights and duties of the owners of the data. the personal data collected; with the objective of complying with what is described in the laws.

  • Principle of lawfulness in terms of data processing.
  • Principle of purpose
  • Principle of freedom
  • Principle of veracity or quality
  • Principle of transparency
  • Principle of access and restricted movement
  • Principle of security
  • Principle of confidentiality

2. Política de tratamiento de datos personales Conexia

The Conexia Directorate assumes the following Personal Data Processing Policy, as a guideline to conduct its activities ensuring compliance with current legislation for each country and properly managing the processing of personal data contained in the Conexia Databases, in its role as:
  • Processor when acting as a service provider to its customers.
  • Responsible/Processor when it comes to data of its employees, service providers and customers.
In its role as Manager, Conexia defines the policies, guidelines and controls for the Processing of Personal Data, with the aim of:
  • Ensure compliance with current applicable legislation and voluntary regulations to which Conexia subscribes.
  • Define roles and responsibilities in relation to the Processing of Personal Data.
  • Treat, on behalf of the person in charge, personal data in accordance with the principles that protect them.
  • Safeguard the security of databases containing personal data, with defined security controls.
  • Protect personal data information in relation to the principles of confidentiality, integrity and availability of personal data and access thereto by unauthorized persons.
  • Establish the mechanisms that allow responding to queries or claims made by Data Subjects within the deadlines defined by the laws of each country.
3. Responsible for the processing of personal data Conexia
The person responsible for the processing of personal data is a natural or legal person, public or private, who by itself or in association with others, decides on the databases and / or the processing of the data contained therein. The Manager and/or custodian is the one who processes the personal data on behalf of the person in charge. Conexia is responsible for the personal information obtained and used within the scope of this policy for the following sites, when it comes to data of its employees, service providers and customers.

Table: Contact Channels Responsible for Personal Data Conexia

Detail Colombia Argentina
Business name
Conexia S.A.S
Conexia S.A.
Address:
Carrera 9 N° 77-67 floor 6 of. 601

Bogotá

Av. Roque Saenz Peña 555. CP: 1035

Ciudad Autónoma de Buenos Aires

Phone Number:
+57 1 552 8800
+54 11 7078-0219
E-mail
administracion-col@conexia.com
administracion-arg@conexia.com
4. Treatment to which the data will be subjected and its purpose
The databases generated from the personal data provided by our customers will be used for the following purposes:
  • Authentication and verification of patient rights check.
  • Processing of authorizations of prescriptions / benefits including valuation of these and co-payment.
  • Authentication and verification of the Provider to provide service.
  • Consultation and traceability of performance history.
  • Electronic payment of copayments.
  • Responses to requests for improvement, requests, complaints and claims.
  • Campaigns to comply with current regulations.
  • Information on special campaigns and programmes (Health promotion and disease prevention programmes).
  • Analysis of the general and individual population risk of patients.
  • Analysis of health expenditure.
  • Satisfaction surveys of the services and attentions provided.
  • Updating of data and identification documents.
The databases generated from the personal data provided by our employees, service providers and customers, will be used in the following activities:
  • Sending information about news in products of the company and / or the industry.
  • Inform about advertising, informative or promotional campaigns.
  • Evaluate the quality of our products and the level of satisfaction as customers.
  • Transmit and / or transfer personal data to its parent company, affiliates or subsidiaries or third allies linked through commercial relations with the company nationally or internationally.
  • All those activities that are consistent with the purpose of the company.
  • These activities may be carried out through physical mail, email, text messages via cell phone or any other technological means of communication.
  • The acceptance of this Personal Data Processing Policy by its Holders implies the authorization to carry out the treatment of these, partially or totally, including the collection, storage, recording, use, circulation, processing, deletion, transmission and / or transfer to third countries of the data provided, for the execution of activities related to the business.
 
5. Rights of the owner of personal data

In all cases, the Holders have the following rights:

  • Know, update and rectify your personal data in front of Conexia in its capacity as responsible or Manager.
  • This right may be exercised, among others, for partial, inaccurate, incomplete, fractional, misleading personal data or those whose treatment is expressly prohibited or has not been authorized.
  • Allow you to know if the company has your data, where it was obtained, what is the purpose.
  • Submit requests to the Company or the Manager regarding the use you have given to your personal data, and that they deliver such information.
  • File complaints for violations of the law, complaints to the entities that regulate this regulation, in Colombia before the Superintendence of Industry and Commerce, and in Argentina, before the National Directorate of Protection of Personal Data, following the indications given by these entities.
  • Right to revoke your authorization and / or request the updating and / or deletion of your personal data from the Conexia Databases, except in cases where the owner has a legal or contractual duty to remain in the database of the person in charge or in charge.
  • Request access to your Personal Data that has been subject to Treatment.
  • To validate the identity of the Holders, their rights of Law may be exercised and the procedures established in this Policy may be carried out by presenting their citizenship card or original identification document.
  • Minors may exercise their rights personally or through their parents or adults who hold parental authority, who must prove it through the relevant documentation.
  • Likewise, the rights of the Holder may be exercised by the successors in title who prove said quality, the representative and / or proxy of the holder with the corresponding accreditation and those who have made a stipulation in favor of another or for another.
6. Area responsible for handling queries and/or complaints
The internal responsible in Conexia for the processing of personal data will be the Administration and Finance process, which you can contact by telephone and / or by email Administration Colombia <administracion-col@conexia.com>, or approach and / or send your request to the addresses indicated in the table above “Table: Detail Responsible for Personal Data Conexia”.
7. Procedure for exercising rights by holders

Whoever, being the owner of the rights referred to in the previous paragraph, requires submitting a consultation, claim or decides to revoke, modify, or in general dispose of them under any modality of those previously indicated or in accordance with the law, must observe the following general application procedures before Conexia, so that it can proceed to the pertinent. Contact area for the attention of requests, queries and claims. The area in charge of the attention is the administration and finance process with whom they must contact for the attention of requests, queries and claims of the holders within Conexia, in order to update, modify, rectify, delete or revoke any of their data, according to the contact channels indicated in the table “Table: Detail responsible for personal data conexia”.

  • The procedure can be initiated by the Holder, his successors, his representatives and / or attorneys, those who by stipulation in favor of another or for another are legitimized, or the representatives of minors.

To process the query or claim, the Holder must provide the following information:

    •  Full names and surnames.
    • Identification (C.C., C.E., NIT).
    • Address.
    • City.
    • Landline / Cell Phone. /Email. (Confirm user identity)
    • Special or general powers as the case may be.
  • In the case of claims, the description of the facts giving rise to the claim must be added.
7.1. Consultations

The person responsible for attending the consultation will verify:

  • The identity of the Holder of the Personal Data or his representative. To do this, it will require the citizenship card or original identification document of the Holder, and the special or general powers as the case may be.
  • The person responsible for attending it will collect all the information about the Holder that is contained in the individual record of that person or that is linked to the identification of the Holder within the Company’s Databases.
  • The person responsible for attending the query will respond to the applicant as long as the latter has the right to do so because he is the Holder of the Personal Data, his successor, his representative and / or proxy, those who by stipulation in favor of another or for another are legitimized, or the legal responsible in the case of minors. This response will be sent within ten (10) business days from the date on which the request was received by the Company for Colombia and five (5) business days for Argentina.
7.2. Complaints

The person responsible for dealing with the claim will verify:

  • The identity of the Holder of the Personal Data or his representative. To do this, it will require the citizenship card or original identification document of the Holder, and the special or general powers as the case may be.
  • If the claim is incomplete, the times indicated by law will be taken to make the correction and / or completion of the data provided.
8. Responsibilities of the data processor
  • Guarantee the Holder, at all times, the full and effective exercise of the rights associated with the personal data protection laws of Colombia and Argentina.
  • Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  • Timely update, rectification or deletion of data.
  • Update the information reported by those responsible for the Treatment within the days indicated by law.
  • Process the queries and claims made by the Holders in the terms indicated in the Law.
  • Adopt an internal manual of policies and procedures to ensure adequate compliance with Law 1581 of 2012 for Colombia and Law 25326 for Argentina and, especially, for the attention of queries and claims by the holders.
  • Refrain from circulating information that is being disputed by the Holder and whose blocking has been ordered by the entities that regulate them.
  • Allow access to information only to persons who may have access to it.
  • Inform the corresponding entities, when there are violations of the security codes and there are risks in the administration of the information of the Holders.
9. Validity
The personal data that are stored, used or transmitted will be kept in the Company’s database, for as long as necessary for the purposes mentioned in this Policy or so that Conexia can fulfill its legal duties in the development of its social and operational purpose, in accordance with the security controls established for data protection.
10. Version

Version: v9.10

Date: 02/16/2023

Code: POL250