Politics of treatment and protection of personal data
Doral Dental Studio, according to complying with Law 1581 of 2012 and Regulatory Decree 1377 of 2013 and the provisions of article 15 of our Political Constitution, adopts and applies this Policy for the processing of personal data. Doral Dental Studio guarantees privacy, the rights to privacy and the good name of people, during the process of processing personal data, they will have the principles of confidentiality, security, legality, access, freedom.
You must agree not to disclose the information that is written or transferred to our company, in accordance with the rules of Law 527 that regulates Electronic Commerce in Colombia and Law 1581 of 2012 on the use of confidential data. With this Policy for the Treatment and Protection of Personal Data, it is complemented with the null and previously issued agreements and politics.
Doral Dental Studio, to comply with the data protection politics and the obligations of Law 1581 of 2012, its Regulatory Decrees and the other rules that complement, add, enrich or modify it, takes into account the following for the handling of information and personal data:
Personal information is one of the most important assets, therefore, the treatment of this information is carried out with great care and in accordance with the provisions of the law, guaranteeing people the full exercise and respect for their right of Habeas Data.
The information found in the own Database has been obtained in the development of the activity of Doral Dental Studio, its collection has been made and will always be done according to the criteria and legal regulations.
SCOPE OF THE DATA PROTECTION POLITICS:
The Personal Data Protection Policy of Doral Dental Studio will apply to all Databases and / or files containing Personal Data, which for Doral Dental Studio is subject to Treatment as responsible and / or in charge of the processing of Personal Data.
The Processing of Personal Data must be done in the terms, conditions and scope of the authorization of the Owner and / or in application of the special rules when appropriate any legal exception to do so. Any type of request, product of the exercise of the duties and rights enshrined in the policy, may be addressed to the email: firstname.lastname@example.org
PURPOSE OF THE COLLECTION AND PROCESSING OF PERSONAL DATA:
THE PURPOSE OF THE PERSONAL DATA PROTECTION POLICY SEEKS:
- Implementthe procedures for the collection and processing of personal data in ac ac-law.
- Generatean organized scheme to safeguard the private, semi-private, public and sensitive data of its owners.
- Authorization: Prior,express and informed consent of the Owner to carry out the Processing of personal data.
- PrivacyNotice: Verbal or written communication generated by the Responsible addressed to the Holder for the processing of their personal data, through which they are informed about the existence of the information processing policies that will be applicable, the way to access them and the purposes of the Treatment that is intended to give to the personal data.
- Database:Organized set of personal data that is subject to Treatment.
- Personal data:Anyinformation linked or that can be associated with one or more specific or determinable natural persons.
- Privatedata: It is the data that by its intimate or reserved nature is only relevant to the owner.
- Sensitive data: Sensitive dataisunderstood to be those that affect the privacy of the Owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organizations, human rights or that promotes the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data.
- Personin charge of the Treatment: Natural or legal person, public or private, that by itself or in partnership with others, carries out the Processing of personal data on behalf of the Responsible for the Treatment.
- Responsiblefor the Treatment: Natural or legal person, public or private, that by itself or in partnership with others, decides on the database and / or the Treatment of the data.
- Owner: Naturalperson whose personal data are subject to Treatment.
- Treatment:Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion thereof.
- Termsand Conditions: general framework in which the conditions for participants of promotional or related activities are established.
DORAL DENTAL STUDIO DATABASE:
The policies and procedures apply to the Database handled by Doral Dental Studio and will be registered in accordance with the provisions of the law.
The Personal Data Protection Policy must be announced, presented and arranged on the official site of Doral Dental Studio “doraldentalstudio.com”, presenting easy consultation and access by the general public.
RIGHTS OF THE HOLDERS OF PERSONAL DATA:
The holders of the personal data are the natural persons whose personal data are subject to Treatment by Doral Dental Studio .
In accordance with the provisions of the applicable current regulations on data protection, the following are the rights of the holders of personal data, which can be exercised at any time:
- Access,know, Doral Dental Studio andrectify the personal data on which Doral Dental Studio is carrying out the Treatment. Similarly, the owner may request at any time that their data be updated or rectified when they find that their data are partial, incorrect, inaccurate, incomplete, fractionated, misleading, or those whose treatment has not been authorized or is expressly prohibited.
- Beinformedby Doral Dental Studio , regarding the use you have given to your personal data.
- Revokethe authorization and / or request the deletion of the data when the treatment does not respect the principles, rights, and constitutional and legal guarantees.
- Requestproof of the authorization granted to Doral Dental Studio for the processing of data, by any valid means, except in cases where authorization is not necessary.
- Submitto the Superintendence of Industry and Commerce, complaints for violations of the provisions of Law 1581 of 2012 and the other regulations that modify, add or complement it, after consultation or request before Doral Dental Studio .
- Access andconsultyour personal data subject to processing free of charge.
UPDATE, CORRECT, RECTIFY OR DELETE THE DATA OF THE TITUAR:
The owner of the personal data may request Doral Dental Studio by means of the email@example.com mail, that their personal data processed be updated, corrected, rectified or deleted, if they wish or if they consider that there is a breach of any of the duties in the General Regime of Protection of Personal Data or in this Policy.
In order to be able to update, correct, rectify or delete, the Owner must process the request addressed to the person responsible or in charge of the treatment indicating:
- Fullnameand identification of the owner of the data.
- Detaileddescription of the facts giving rise to the request.
- Locationdata of the holder such as address, department, city and contact telephone number.
- Descriptionof the procedure you wish to perform (update, correction, rectification or deletion).
- Andifyou consider it necessary to attach documents that support the request (this point is optional). Received the request of the Holder of the personal data by means of the mail firstname.lastname@example.org, with the points correctly completed to process it in a way to the person responsible or in charge of the treatment, keeping the case open in a term not exceeding five (5) business days from the date of its receipt, time in which the response and
solution to the request must be given. Likewise, there will be two (2) business days to transfer the person in charge of giving it a solution (competent); if the recipient is not entitled to respond to it, he/she will have fifteen (15) business days from the day of receipt of the request to attend to it.
If the Holder does not comply with the points correctly completed to process the request addressed to the person in charge or in charge of the treatment, the Holder (interested) will be asked to correct the requirements within five (5) days to the date of receipt. Fifteen (15) counted from the date, from the date, since the Holder is asked to comply with the established requirements, and not obtaining any response or insisting on the wrong procedure, it will be assimilated as withdrawal of the request.
If on the part of Doral Dental Studio, it has not been possible to respond to the request within the indicated term, the Holder (interested) will be informed, listing and detailing the reasons why it was not possible to meet your request and notifying you of the date on which it will be resolved.
REVOKE THE AUTHORIZATION TO PROCESS PERSONAL DATA:
At any time the owner of the Personal Data may revoke the authorization for the processing of their Personal Data provided to Doral Dental Studio; for this you must manage the request addressed to the person responsible for the treatment or the person in charge of it, detailing the object of your request.
The Owner of the Personal Data to be able to manage the revocation before Doral Dental Studio, must carry out the same steps and requirements enshrined in the procedure for updating, correcting, rectifying or deleting the personal data.
INQUIRIES ABOUT THE PROCESSING OF DATA BY ITS OWNERS:
The Holders will be able to consult their personal information that Doral Dental Studio has, who in turn will be willing to provide all the information that is linked to the identification of the Holder.
With regard to the attention of requests for consultation of Personal Data, Doral Dental Studioguarantees you:
- Enablemeans of electronic communication or others that it deems pertinent. 26. Use the mail email@example.com that is part of the customer service (SAC), through which the service is provided, generate the contactees and process the requests.
- Offerand notify forms, systems and other contact methods.
- Attendin a maximum term of fifteen (15) business days the cases of attention of the requests, which will be counted from the date of request. If it is not possible to attend it within the defined time, the interested party will be informed before its expiration, notifying the reasons for the delay and the new date on which it will be resolved. This new term may not exceed five (5) business days in addition to the initial term.
CATEGORY OF DATA:
Doral Dental Studio in development of the principle of private autonomy, and in accordance with the data processed, and according to current legislation, has prepared the following classification of data:
- Personal Data: Setofinformation that can be related to one or more natural persons.
- Publicdata: Public data is all that contained in public documents, relating to the marital status of people, their profession or trade and their quality as a merchant or public servant. They are public data, for example, those contained in the citizenship card, in public registries, in judicial judgments duly enforceable and not subject to reservation. Therefore, it will also be public data that is not semi-private, private or
- Semi-privatedata: It is one whose knowledge or dissemination interests its owner and a certain group of people or social sector. For example, commercial or professional activity.
- Privatedata: It is one whose knowledge or dissemination, because it has an intimate and reserved nature, interests only its owner.
- Reserveddata: It is one that has a confidential nature or a high commercial value by itself.
- Sensitive data:Itis one that affects the privacy of its owner or that its improper use can generate discrimination. For example, those related to sexual orientation, political orientation, ethnic or racial origin, religious or philosophical convictions, participation in trade union, human rights or social groups, among others.
PROCESSING OF PERSONAL DATA OF A SENSITIVE NATURE:
According to the Law on the Protection of Personal Data, data of a sensitive nature are considered to be those that affect privacy or whose improper use may generate discrimination.
The Processing of Personal Data of a sensitive nature is prohibited by law, unless there is express, prior and informed authorization from the Owner, among other exceptions enshrined in Article 6 of Law 1581 of 2012. Data of a sensitive nature are those related to:
- Racialorethnic origin.
- Membershipof trade unions, social organizations, human rights organizations or political parties.
- Biometricdata (such as fingerprint, signature, and photo).
No activity may be conditioned on the owner providing sensitive personal data.
REGULATORY AND LEGAL FRAMEWORK:
THE Personal Data protection policies of Doral Dental Studio are governed by the following rules internally and externally:
LAW 527 OF 1999:
It defines and regulates access to and use of data messages, electronic commerce and digital signatures, and certification bodies are established and other provisions are issued.
Likewise, it introduces the concept of functional equivalent, electronic signature as mechanisms of authenticity, availability and confidentiality of information.
LAW 1266 OF 2008:
By which the general provisions of habeas Data are dictated and the handling of the information contained in personal databases is regulated, especially the financial, credit, commercial, services and that coming from third countries and other provisions are dictated.
LAW 1273 OF 2009:
Law by means of which the legal good of information and personal data is created and protected. Likewise, criminal conduct is typified as computer damage, violation of personal data, abusive access to computer system, interception of computer data, theft by computer means, among others.
LAW 1581 OF 2012:
By which general provisions are issued for the protection of personal data.
DECREE 1377 OF 2013:
With which Law 1581 of 2012 is regulated, on aspects related to the authorization of the Information Holder for the Processing of their personal data, the Treatment policies of the Responsible and Responsible, the exercise of the rights of the Information Holders, the transfers of personal data and the responsibility demonstrated towards the Processing of personal data.
DECREE 368 OF 2014:
By which operations are regulated through financing systems provided for in article 45 of Law 1480 of 2011.
DECREE 886 OF 2014: By which article 25 of Law 1581 of 2012 is regulated, relating to the National Registry of Personal Databases, which is in charge of the Superintendence of Industry and Commerce, and where those who act as Responsible for the processing of personal data, must register their Databases following the instructions of this decree.
FUNCTIONS OF THE PERSON RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA:
Among the functions of the person responsible for the processing of personal data, is the appointment of a person within the company who fulfills the following functions:
- Guaranteethe elaboration, implementation and promotion of a system that allows to manage the risks of the processing of personal data.
- Communicateand promote a culture of data protection within the organization.
- Integrateand link all areas of Doral Dental Studio to ensure a transversal implementation of the Personal Data Protection Policies.
- Verifyand audit that the Databases of Doral Dental Studioare registered in the National Registry of Databases, and update the report according to the instructions of the Superintendence of Industry and Commerce.
- Schedule andensureconstant training of the company in the protection of personal data.
- Analyzeand diagnose the responsibilities of the positions within Doral Dental Studio, to lead the training program in the protection of personal data.
- Ensurethat within the process of employee performance analysis, training and use on the protection of personal data, is at a high level.
- Carryout the training and transmit the responsibility to the new employees who, due to the conditions of their work, have access to the Databases.
- Organizeand monitor the implementation of internal audit plans, to verify compliance with personal data processing policies.
- Obtainwhen required, the declarations of conformity of the Superintendence of Industry and Commerce.
CONFIDENTIALITY AND SECURITY OF THE DATABASE:
Doral Dental Studio will apply best practices for the security, discretion, protection, storage and confidentiality of the Personal Data of the holders. It will verify, where appropriate, the origin of the legal exceptions to deliver the personal data to the authorities and in the relevant cases.
GUARANTEES OF ACCESS TO THE OWNER TO PERSONAL DATA:
Doral Dental Studio guarantees the right of access to the owner of the data, with prior accreditation of their identity, legitimacy and at no cost, to their personal data through different means, mainly electronic that allow direct access of the owner to them. Such access must be offered without any limit and the holder must be allowed the possibility to know and update them online.
Update the information as the data is obtained, in accordance with the provisions of Law 1581 of 2012.
PROOF OF THE HOLDER’S AUTHORISATION:
Keep proof of the authorization granted by the holders of personal data for their treatment, using digital mechanisms and security rules necessary to keep the record of the form and date. Doral Dental Studio establishes electronic repositories to safeguard information.
REGISTRATION IN THE DATABASE REGISTRY OF THE SUPERINTENDENCE OF INDUSTRY AND COMMERCE:
Doral Dental Studio will comply with the obligations that the regulations impose on it in relation to the registration and reports that must be delivered to the competent authorities. For the purposes of registering the Database, a procedure will be carried out taking into account the following parameters:
- Numberof databases with personal information.
- Numberof holders per database.
- Detailedinformation of the channels or means that are planned to serve the holders.
- Typeof personal data contained in each database, to which treatment is carried out, such as: identification, location, socioeconomic, sensitive or other data.
- Physicallocation of the bases of
- Inthisregard, it will be asked if the database is stored in its own media, for example filing cabinets or servers (depending on whether it is a physical file or an electronic database), internal or external to the physical facilities of the person in charge.
- Whenthe processing of personal data is carried out through a processor(s), the identification and location data of that processor(s) will be requested.
- Securitymeasuresand/or controls implemented in the database to minimize the risks of inappropriate use of the personal data processed.
- Informationon whether you have the authorization of the owners of the data contained in the databases.
- Howto obtain the data (directly from the owner or through third parties).
Social networks such as Facebook, LinkedIn, YouTube and Instagram, are complementary platforms for the dissemination of information (communication), which are of great interconnection of the digital media of the users and are not under the responsibility of Doral Dental Studio for being alien to the company.
All the information that users provide in the social networks in which Doral Dental Studio participates, as a user does not constitute or form part of the Personal Data subject to the protection of this Policy, being the full responsibility of the company providing that platform.
PROCESSING OF COMMERCIAL DATA:
Doral Dental Studio will process the commercial data and financial information that it deems necessary for the fulfillment of its corporate purpose and for any conclusion of contracts with third parties. The data of the same, will be treated with privacy, rights to privacy, the good name of the people, within the process of the processing of personal data, and during all the activities that will have the principles of confidentiality, security, legality, access, freedom and transparency.
For this purpose, the signing of the Confidentiality Agreement for the delivery of Data with all suppliers is regulated.
VALIDITY OF THE POLICY:
This policy applies from the date of its publication and renders null and file any other institutional provisions that are contrary to it. All information not contemplated in this policy will be regulated in accordance with the General Regime for the Protection of Personal Data in force in Altamonte Springs.
The updating of the Personal Data Protection Policies will depend on the instructions and guidelines of the Executive Directorate of the Doral Dental Studio, as well as the regulatory extensions of the surveillance and control entity, the Superintendence of Industry and Commerce. Any additional concerns can be written to us at the firstname.lastname@example.org email, the messages will be attended to as soon as possible.