top of page

POLICY FORMAT FOR PRIVACY AND PERSONAL DATA HANDLING BY BOXDENTAL S.A.S

INTRODUCTION: BOXDENTAL S.A.S In the development of its principles, it determines the information of its employees, clients, patients, and suppliers as one of the most important assets; therefore, it declares the importance of carrying out appropriate treatment of their information, adhering to the regulatory framework that governs it in Colombia.

SCOPE: This privacy policy is a binding document for BOXDENTAL S.A.S as the data controller, in accordance with current regulations in Colombia.

Data controller: BOXDENTAL S.A.S with its main address at Calle 36 Norte # 6A-65 Pacific Mall Shopping Center 12th Floor Office 1217 - 1218 - Cali, Colombia. Email: info@dradriansarria.com

The information we collect and store from our patients: Depending on the relationship the data subject has with BOXDENTAL S.A.S the collected or stored information may include the following:


•    Public data: non-private or sensitive data. For example: identification number and type of document, information contained in public documents, marital status, occupation or profession, corporate phone, and email.

•    Private data: information that, due to its intimate or reserved nature, is relevant only to the data subject. For example: employment information, social media preferences, consumer habits, as well as contact information such as address, personal phone, and email.

•    Sensitive data: a category of personal data that pertains to the most intimate and sensitive aspects of the data subject, improper handling of which may lead to discrimination and/or serious, irreparable harm. For example: medical history or data related to oral or general health.

GENERAL GUIDELINES: Treatment of personal data: BOXDENTAL S.A.S will use the personal information of its patients for authorized and informed purposes as stated in this policy, provided that the treatment complies with a legitimate purpose and is proportional according to the patient's relationship, particularly necessary for the provision of entrusted services. Authorization for the treatment of sensitive data is optional.

Purposes for which data will be processed: To enhance service for employees, patients, or suppliers, BOXDENTAL S.A.S as the controller, is authorized to process their data, including sensitive health data, possibly utilizing cloud computing, for the following activities:

Purposes inherent to contractual objectives or authorized by regulations: 1. Sharing information with strategic allies for contracting products and services and commercial management. 2. Consulting and obtaining copies of medical history or clinical data, sensitive data, for assessing and managing risks affecting health, well-being, and quality of life. 3. Transmitting and/or transferring personal data to attract, evaluate, retain, capture, and/or study market behaviors and patient care. 4. Providing healthcare services and conducting quality audits. 5. Conducting scientific research, committing to disclose results anonymously.

 

Other purposes: 1. Sharing or receiving information with dental entities or associations or others, for advancing health sector activities and projects. 2. Facilitating comprehensive understanding and developing value proposals based on databases containing both private and sensitive data. 3. Being contacted for commercial offers and advertising information. 4. Analyzing digital behaviors (social networks, websites, applications) for comprehensive product and service consultancy, and profiling interests and consumption habits.

Rights of data subjects: According to Law 1581 of 2012, data subjects have the right to authorize the processing of their personal data, revoke such authorization, know the data being processed, update or rectify it when deemed deficient, and request its deletion unless there is a legal or contractual obligation to continue processing (Article 2.2.2.25.2.8 of Decree 1074 of 2015), for example, regarding purposes inherent to the contracted object and without which execution is impossible.

Exercising rights over personal data: Information subjects may exercise their rights at any time by contacting the hotline +57 300 890 1313, emailing info@dradriansarria.com, or contacting through social media.

General principles for ensuring the protection of personal data: The following general principles are established for data processing, in compliance with those present in Law 1581 of 2012 and Chapter 25 of Decree 1074 of 2015, and other applicable norms:

Legality principle: Personal information of clients or patients will not be processed without adhering to established rules under current regulations.

•    Purpose principle: Data incorporation into physical or digital databases must serve a legitimate purpose, which will be duly communicated to the data subject in the authorization clause for processing and in the privacy policy.

•    Freedom principle: Personal data of clients or patients will be processed only with their authorization or when legally permitted, as per Articles 3(a) and 6(a) of Law 1581 of 2012, and Section II of Chapter 25 of Decree 1074 of 2015.

•    Accuracy and quality principle: Efforts will be made to ensure that client or patient information is accurate and up-to-date, with efficient means for updating and rectifying personal data.

•    Transparency principle: Mechanisms established for exercising rights over personal information will ensure access to information concerning personal data that concerns the data subject and their assignees, as well as authorized third parties.

•    Access and restricted circulation principle: Only authorized personnel will access personal information, and its circulation will be limited to authorized purposes or as mandated by regulation. Contractual means will ensure confidentiality and restricted circulation of information.

•    Security principle: Technical, administrative, and human measures will be implemented to prevent unauthorized access to personal information stored in physical or digital databases.

•    Confidentiality principle: All personnel involved in processing personal data, excluding public information, are obligated to maintain the confidentiality of information, even after their relationship with the tasks involving processing has ended, sharing or communicating personal data only when it corresponds to activities authorized by law and under its terms.

Delivery of personal information to service providers: To fulfill service provisions, client or patient information may be shared with dental service providers or others, for purposes authorized by the data subject or stipulated by law, ensuring that personal information is protected. Confidentiality agreements and responsible-party agreements will be established where necessary for handling and delivering information.

Data processing validity: Information provided by data subjects will remain stored for as long as determined by the data subject or as indicated by law to fulfill the purposes for which it was incorporated.

Changes to privacy and personal data handling policy: We reserve the right to modify confidentiality and data protection regulations to adapt them to new legal, jurisprudential, technical requirements, and, in general, to provide better service.

Acceptance of this privacy policy: By providing their data through our channels, networks, or points of service, and by acquiring or using any of our services, data subjects accept the processing of their personal data in accordance with the terms of this privacy policy.

 

 


Name: _____________________________     
ID: ________________________________

This authorization for data processing is signed as a sign of agreement and acceptance, in one original copy in the city of  _______________, on the  _______ day of  __________________ 
of the year  ________.

bottom of page