Privacy Policy
1. Principles for the processing of personal data
In the course of its business activities, Conexia will collect, use, store, transmit, transfer, and carry out various operations with the personal data collected. In all data processing we comply with the data protection laws of each country. We abide by the following principles:
(i) Legality in data processing
(ii) Purpose
(iii) Freedom
(iv) Truthfulness or quality
(v) Transparency
(vi) Restricted access and circulation
(vii) Security
(viii) Confidentiality
2. Conexia’s personal data processing policy
Conexia’s management assumes compliance with the legislation for each country when managing personal data contained in Conexia’s databases, in its role as:
- Processor when acting as a service provider to its customers.
- Controller/processor when it comes to data from its employees and service providers.
In its role as processor, Conexia’s policies, guidelines, and controls aim for:
- Compliance with applicable current legislation and voluntary regulations subscribed by Conexia.
- Defined roles and responsibilities in relation to personal data processing.
- Security of databases containing personal data, with defined security controls.
- Protecting personal data with confidentiality, integrity, and preventing access to them by unauthorized persons.
- Mechanisms to respond to inquiries or complaints made by data owners, within the deadlines defined by the laws of each country.
3. Conexia’s private data controller
The controller of private data decides on the databases and/or the processing of data contained therein. The processor and/or custodian is the one who processes personal data on behalf of the controller. Conexia is responsible for the private data of its employees, service providers, and customers.
The private data controller can be reached at:
| Detail | Colombia | Argentina |
|---|---|---|
|
Business name |
Conexia S.A.S |
Conexia S.A. |
|
Address:
|
Carrera 9 N° 77-67 floor 6 of. 601 Bogotá |
Av. Roque Saenz Peña 555. CP: 1035 Ciudad Autónoma de Buenos Aires |
|
Phone Number:
|
+57 1 552 8800 |
+54 11 7078-0219
|
|
E-mail |
administracion-col@conexia.com
|
administracion-arg@conexia.com |
4. Data Processing and Purpose
The private data provided by our clients will be used for the following purposes:
- Patient rights verification and authentication.
- Prescription/healthcare authorization processing, including valuation and copayment.
- Provider authentication and verification for service provision.
- Healthcare history consultation and traceability.
- Electronic copayment processing.
- Responding to improvement requests, petitions, complaints, and claims.
- Compliance campaigns in accordance with current regulations.
- Information on special campaigns and programs (health promotion and disease prevention programs).
- General and individual patient population risk analysis.
- Healthcare expenditure analysis.
- Satisfaction surveys for services provided.
- Data and identification document updates.
The private data provided by our employees and service providers, will be used in the following activities:
- Sending information on company and/or industry news.
- Informing about advertising, informative, or promotional campaigns.
- Evaluating the quality of our products and client satisfaction levels.
- All activities in accordance with the company’s objectives.
These activities may be carried out through physical mail, email, text messages, or any other communication technology.
The acceptance of this Privacy Policy by the data owners implies authorization for partial or total processing, including collection, storage, recording, use, circulation, processing, deletion and transmission for the execution of business-related activities.
5. Private Data owner Rights
In all cases, data owners have the following rights:
- Know, update, and rectify their personal data in relation to Conexia as the data handler or processor. This right may be exercised, among others, for partial, inaccurate, incomplete, fragmented data that may be misleading, or for data whose processing is expressly prohibited or has not been authorized.
- Know if the company has their data, where it was obtained, and what its purpose is.
- Submit requests to the Company or the Processor regarding the use of their personal data, and to have such information provided to them.
- File complaints for legal violations, complaints with regulatory authorities, in Colombia with the Superintendencia de Industria y Comercio, and in Argentina with the Dirección Nacional de Protección de Datos Personales, following the guidelines provided by these entities.
- Revoke their authorization and/or request updating and/or deletion of their personal data from Conexia’s databases, except in cases where the data subject has a legal or contractual duty to remain in the database of the responsible party or processor.
- Request access to their personal data that has been subject to processing.
- To validate the identity of the data subjects, they can exercise their legal rights and follow the procedures established in this policy by presenting their citizenship ID or original identification document.
- Minors may exercise their rights personally or through their parents or legal guardians, who must provide the relevant documentation.
- Additionally, the rights of the data subject may be exercised by their successors, the representative and/or attorney-in-fact with the corresponding accreditation, and those who have stipulated on behalf of or for another person.
6. Procedure for the exercise of rights by the data subjects
Anyone who is a data owner who needs to submit an inquiry, claim, or decides to revoke, modify, or generally dispose of them in any of the previously indicated ways or in accordance with the law, must follow the following general request procedures with Conexia, so that they can proceed as appropriate.
Contact area for handling requests, inquiries, and claims indicated in Section 3.
- The procedure can be initiated by the data subject, their successors, their representatives and/or proxies, or the legal representatives of minors.
- To process the inquiry or claim, the data subject must provide the following information:
(i) Full name.
(ii) Identification (C.C., C.E., NIT).
(iii) Address.
(iv) City.
(v) Landline, mobile phone.
(vi) Email address. (confirm user identity).
(vii) Special or general powers, as applicable.
- In the case of claims, a description of the events giving rise to the claim must be added.
6.1. Inquiries
The person handling the claim or complaint will verify:
- The identity of the personal data owner or is representative, requesting the citizenship card and the special or general powers, as applicable.
- The data contained in their individual record within the company’s databases.
- The person handling the inquiry will respond to the applicant as long as they are entitled to do so as the personal data subject, their successor, their representative and/or proxy, or the legal representative in the case of minors. This response will be sent within ten (10) business days from the date the request was received by the company for Colombia and five (5) business days for Argentina.
6.2. Complaints
If the claim is incomplete, the times indicated by law will apply to correct and/or complete the information provided.
7. Responsibilities of the person in charge of data processing
- Ensure the full and effective exercise of the rights associated with the personal data protection laws of Colombia and Argentina.
- Preserve the information under the necessary security conditions to prevent its alteration, loss, consultation, use, or unauthorized or fraudulent access.
- Update, rectify, or delete the data.
- Update the information reported by the data controllers within the days indicated by law.
- Process the inquiries and claims submitted by the data subjects in the terms set forth by Law.
- Adopt an internal manual of policies and procedures to ensure adequate compliance with Law 1581 of 2012 for Colombia and Law 25326 for Argentina and, especially, for the attention of queries and claims by the holders.
- Refrain from circulating data that is being disputed by its owner and whose blocking has been ordered by the entities that regulate them.
- Allow access to data only to persons who may have access to it.
- Inform the corresponding entities, when there are violations of the security codes.
8. Validity
Personal data that is stored, used, or transmitted will be kept in the Company’s database for the time necessary for the purposes mentioned in this Policy or for Conexia to fulfill its legal duties in its normal course of business.
9. Version
Version: v9.0
Date: 3/15/2022
Code: POL250