Personal data policy and privacy notice

SCOPE
This Personal Data Processing and Protection Policy will apply to all Databases and/or Files containing Personal Data that are subject of processing by CUSTOMER OPERATION SUCCESS SAS, considered as responsible and/or in charge of the processing of personal data.

Responsible
The company Customer Operation Success SAS is a legal entity in private law, domiciled mainly at Calle 17 # 40- 29 identified with Nit 900292245-4 Telephone: 4863290 Mail: protecciondedatos@groupcos.com.co

Definitions:

Authorization: Prior, expressed and informed consent of the owner of the personal data to carry out the processing of personal data.
Privacy Notice: verbal or written communication generated by the person responsible, directed to the owner with the purpose of processing of his / her personal data, by means of which he / she is informed about the existence of the information processing policies that will be applicable, the way to access them and the purposes of the processing that is intended to the personal data.

Database: an organized set of personal data which is the subject of the processing.

Client: Natural or legal person, public or private, with whom the company has a business relationship. It includes stores, supermarkets, mini markets, among others.

Consumers: Natural person who consumes the goods produced by the company.

Personal Data: Any information linked or that may be associated with one or several natural persons. Some examples of personal data are: name, citizenship card, address, mail,

phone number, marital status, health data, fingerprints, salary, assets, financial statements, etc.

Sensitive data: Information that affects the Holder’s privacy or whose misuse may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organizations, human rights or that promotes the interests of any political party or that guarantees the rights and opposition political parties as well as data relating to health, sexual life and biometric data, among others, still or moving image, fingerprints, photographs, irises, voice, facial or palm recognition, etc.

Information Handling Officer: Natural or legal person, public or private, that by itself or in association with others, performs the processing of personal data on behalf of the Information Handling Supervisor. In the events in which the Information Handling Supervisor does not act as Manager of the Database, he will be expressly identified.

Information Handling Supervisor: public or private natural or legal person, that by itself or in association with others, decides on the database and / or the Treatment of the data.

Claim: Request from the Data Holder or the persons authorized by it or by Law to correct, update or delete their personal data or to revoke the authorization in the cases established by Law.

Terms and Conditions: general framework in which the conditions for participants in promotional or related activities are established.

Holder: natural person whose personal data is subject to handling.

Transference: the transfer of data takes place when the Information Handling Supervisor and / or the Information Handling officer in charge of the personal data processing, located in Colombia, sends the information or personal data to a receiver, who in turn is responsible for the processing and is inside or outside the country.

Transmission: processing of personal data that implies sharing it within or outside the territory of the Republic of Colombia when the processing by the Information Handling Supervisor is required.

Treatment/Processing: any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

Principles

The policies that are adopted are regulated by the principles of data management, which constitute the general framework that will be respected by the Financial Superintendence of Colombia in the processes of collection, use and treatment of data of Holders. The guiding principles are those indicated in article 4 of Law 1581 of 2012, namely:

Purpose principle

The personal data processing activity carried out by COS or to which it has access, will obey a legitimate purpose in accordance with the Political Constitution of Colombia, which must be informed to the respective personal data Holder.

Legality Principle.

Data processing is a regulated activity, which must be subject to current and applicable legal provisions governing the subject.

Liberty principle.

The processing of personal data can only be carried out with the prior, expressed and informed consent of the Holder. Personal data can not be obtained or disclosed without prior authorization, or in its absence, by legal or judicial mandate that relieves consent.

Truthfulness or quality principle.

The information subject to the processing of personal data must be truthful, complete, exact, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

Transparency principle

In the processing of personal data, COS will guarantee the Holder its right to obtain at any time and without restrictions, information about the existence of any type of information or personal data that is of his interest or ownership.

Access and restricted circulation principle

The processing is subject to the limits that derive from the nature of the personal data, provisions of law and the Constitution. In this sense, the processing can only be done by persons authorized by the owner and / or by the persons provided by law. Personal data, except for public information, may not be available on the Internet or other means of mass dissemination or communication, unless the access is technically controllable to provide a restricted knowledge only to the Holders or authorized third parties.

Security Principle.

The information subject to processing by COS, shall be handled with the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access.

Confidentiality principle.

All those who, in COS, manage, update or have access to information of any kind found in Databases, are obliged to guarantee the confidentiality of the information, for which they undertake to conserve and maintain strictly confidential and not disclose to third parties, all the information that they come to know in the execution and exercise of their functions; Except in the case of activities expressly authorized by the data protection law. This obligation persists and will be maintained even after the end of the relationship with any of the tasks that the Treatment comprises.

Authorization.

Without prejudice to the exceptions provided by Law, in the processing of personal data of the Holder, the prior and informed authorization of the latter is required, which must be obtained by any means that may be subject to subsequent consultation.

The owner’s information authorization will not be required in the following cases: a) When the information is required by a public or administrative entity or by legal mandate b) When data are of public nature. c) Cases of medical or sanitary emergency. d) When the information processing is authorized by law for historical, statistical or scientific purposes.

Processing and purpose

The processing of personal data of employees, candidates, suppliers, former employees, suppliers, contractors, or any person with whom CUSTOMER OPERATION SUCCESS SAS has established or establishes a permanent or occasional relationship, will be carried out within the legal framework that regulates the matter and by virtue of its corporate purpose, the same way Customer Operation Success SAS treats its data and will follow all those necessary efforts to fulfill the mission of the company.

The processing of personal data may be carried out through physical, automated or digital means in accordance with the type and form of collection of personal information.

In any case, personal data may be collected and processed to:

Fulfill all contractual commitments.
Comply with the rules applicable to suppliers and contractors, including, but not limited to, taxes and commercial rules.
Control access to CUSTOMER OPERATION SUCCESS SAS facilities and establish security measures, including the establishment of video-surveillance areas.
Control the procedures that are carried out from the COS telephone lines, in the offices and campaigns.
o Allow companies linked to COS, with which it has entered into contracts that include provisions.
o Generate the appropriate data verification and training processes.
o Respond to queries, requests, complaints and claims that are made by the Holders and control bodies and transmit the Personal Data to other authorities that under the applicable law must receive such Personal Data.
o Any other activity similar in nature to those described above that are necessary to develop the corporate purpose of COS.

Sensitive Data

The Holder has the right not to provide any sensitive information requested by COS related, among others, to data regarding their racial or ethnic origin, membership of trade unions, social or human rights organizations, political, religious, sex life, or health records, unless required for the exercise of their legal functions or when there is an order from an administrative or judicial authority.

Rights of the Holders

In accordance with the provisions of article 8 of Law 1581 of 2012, Holders may:
Know, update and rectify their personal data under CUSTOMER OPERATION SUCCESS SAS or those in charge. This right may be exercised, among others, for partial, inaccurate, incomplete, fractioned, misleading data, or those whose processing is expressly prohibited or has not been authorized.
Request proof of the authorization granted to CUSTOMER OPERATION SUCCESS SAS, except when expressly excepted as a requirement for the Processing, in accordance with the provisions of article 10 of this law.
Be informed by CUSTOMER OPERATION SUCCESS SAS or the processor, upon request, about the personal data usage.
Submit complaints to the Superintendency of Industry and Commerce for infractions of the provisions of this law and other regulations that modify, add or complement it.
Revoke the authorization and/or request removal of the data, when the processing does not respect the principles, rights, constitutional and legal guarantees. Revocation and/or suppression will proceed when the Superintendency of Industry and Commerce has determined that CUSTOMER OPERATION SUCCESS SAS or the person in charge has engaged in conduct contrary to this law and the Constitution.
Access free of charge to personal data that has been Processed.

Obligations of the Company

Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the Holders’ information.
Inform at the request of the Holder about the use made of their data.
o Inform the person in charge when certain information is under discussion by the Holder, once the claim has been presented and the respective procedure has not been completed.
Properly inform the Holder about the purpose of the collection and the rights the Holder is entitled to by virtue of the authorization granted.
Adopt an internal manual of policies and procedures to guarantee proper compliance with the aforementioned law and, in particular, for dealing with queries and claims.
Process queries and claims formulated in the terms indicated in the aforementioned law.
Demand respect to the security and privacy conditions of the Holder’s information.
Ensure that the information provided to the Handling Officer is truthful, complete, accurate, up-to-date, verifiable and understandable.
Keep the information under the necessary security conditions to prevent its adulteration, loss, unauthorized or fraudulent consultation, use or access.
Provide the Handling Supervisor, as the case may be, only data whose Processing is previously authorized in accordance with the provisions of Law 1581 of 2012.
Rectify the information when it is incorrect and communicate it where relevant.
Update the information, communicating in a timely manner to the Handling officer, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it is kept up-to-date.
Request and keep, under the conditions provided in the aforementioned law, a copy of the respective authorization granted by the Holder.
Guarantee the Holder, at all times, the full and effective exercise of the habeas data right.

Rights of children and adolescents

Respect for the prevailing rights of minors will be ensured in the processing of personal data.

The processing of personal data of minors is prohibited, except for those data that are of a public nature, and in this case the processing must comply with the following parameters:

Law 1581 of 2012. Article 10. Cases where authorization is not required. The authorization of the Holder will not be necessary in the case of:
Information required by a public or administrative entity in the exercise of its legal functions or by court order.
b) Data of public nature.
c) Cases of medical or sanitary emergency.
d) Processing of information authorized by law for historical, statistical or scientific purposes.
e) Data related to the Civil Registry of Persons.

Whoever accesses personal data without prior authorization must in any case comply with the provisions contained in this law.
Respond and respect the best interests of minors.
Ensure respect for the fundamental rights of minors.

Internal and external requests and queries

Requests, queries, requests, complaints or claims must be escalated to the protecciondedatos@cos.com, which must contain at least the following information: identification number, clear description in the subject of the mail, summary of the facts, address, annexes as evidence as required.

Internal and external request and query response

The consultation of petitions, complaints, claims, correction, updates or deletion of data must be submitted in writing or by email, according to the information contained in this document. protecciondedatos@groupcos.com.co

The answers will be covered within a period of ten (15) business days counted from the date of receipt of the respective request in the aforementioned mail. When it is not possible to respond to the query within this term, the interested party will be informed, stating the reasons for the delay and indicating the date of the query, which in no case may exceed five (5) business days following the expiration of the first period.

If more information is required within two (2) business days, the sender will be replied.

If the requirement remains incomplete, the interested party will be required to correct the failures within five (5) days after the claim is received.

After two (2) months from the date of the request, without the Holder submitting the required information, it shall be understood that the claim has been abandoned.

Once the complete claim has been received, a tag stating “management in process” and the reason for it will be included in the database, within a term not exceeding two (2) business days. This tag must be maintained until the claim is responded.

COS chat information

Customer Operation Success SAS informs that the personal data that could be provided by the user on his behalf and in the content of the conversations, will be treated solely and exclusively for the management and correct functioning of the chat, through a third party in charge of the development of the chat platform, being able to store the information temporarily. For the exercise of habeas data rights, the Holder or legal representative can write to protecciondedatos@cos.com.
The user is solely responsible for the disclosure of information in the chat.

Web page

By accepting the legal terms and conditions, I state that I know and authorize in a prior, express and informed manner CUSTOMER OPERATION SUCCESS SAS., its subsidiaries and related parties, so that my personal data can be stored and used in order to achieve efficient communication during the present procedure or activity and I authorize in the same terms, that said information may be treated in accordance with the provisions of Law 1581 of 2011 and its Regulatory Decrees, in order to receive information about its products, services, offers, vacancies, promotions, alliances, studies and content. I have also been informed about the policy for the protection of personal data available on this site, which includes the consultation and claim procedures that allow me to make effective my rights to access, know, consult, rectify, update, and delete data, and any request regarding personal data can be communicated through: protecciondedatos@cos.com.

The databases managed by CUSTOMER OPERATION SUCCESS SAS will be maintained indefinitely, as long as it develops its corporate purpose, and as long as it is necessary to ensure compliance with legal obligations, particularly labor and accounting, but the data may be deleted at any time at the request of its Holder, as long as this request does not contravene a legal obligation of CUSTOMER OPERATION SUCCESS SAS or an obligation contained in a contract between CUSTOMER OPERATION SUCCESS SAS and Holder.

PRIVACY NOTICE

This document constitutes the Privacy Notice of Customer Operation Success SAS. Address: Bogotá, Calle 17 # 40- 29. Email protecciondedatos@groupcos.com.co, which is made available to you, hereinafter the “Holder”, prior to the collection and processing of your personal data.

Objective:

This Privacy Notice regulates the form, terms and conditions under which Customer Operation Success SAS, is authorized by the Holder to obtain, process and transfer your personal data.

Excluded Data:

Links to third-party websites can be found on the https://www.ambemedicalsystems.com/ website. If you gain access to such links, you will leave the Customer Operation Success SAS website, for which the organization assumes no responsibility in relation to third-party websites.

If you post, comment on, or share personal information, including photographs, in any public forum, social network, blog, or other such forum, you should be aware that any personal information you post may be read, viewed, collected, or used by other users, and could be used to contact you, send you unsolicited messages, or for purposes that neither you nor Customer Operation Success SAS can control, so the organization is not responsible for the personal information you choose to share in these forums or social networks.

Consent:

The Holder in this act states:

If this Privacy Notice is available through an electronic page (https://www.ambemedicalsystems.com/ ) or some other electronic device, by providing your data through it, it constitutes a manifestation of your consent for Customer Operation Success SAS to process your data, in accordance with this Privacy Notice.
If this Privacy Notice is available through audio, audiovisual or any other technology, the fact of providing your data constitutes a manifestation of your consent for Customer Operation Success SAS to carry out the processing of your data, in accordance with this Privacy Notice.
If this Privacy Notice has your signature, rubric, name or fingerprint or by if your your data is available anywhere on the site, it constitutes a manifestation of your consent for Customer Operation Success SAS to carry out the processing of your data, in accordance with this Privacy Notice.
That all the information you provide is true and complete. The Holder shall be liable at all times for the data provided.

The Holder has the right to access, rectify and cancel their data, as well as to oppose the processing of these or revoke the consent that has been granted for this purpose, through the procedures established in this Privacy Notice.

 

Sensitive Data

The Holder declares that he has not provided, and unless expressly authorized, Customer Operation Success SAS with “Sensitive Personal Data”, that is, those personal data that are intimate or whose proper or improper use may give rise to discrimination or entail a serious risk for it.

In particular, the Holder undertakes not to provide Customer Operation Success SAS with any data relating to racial or ethnic origin, genetic information, religious, philosophical and moral beliefs, trade union membership, political opinions or sexual preference.

Data collection:

The Holder will voluntarily provide their data to Customer Operation Success SAS, either in writing, verbally, electronically, through surveys, direct access to the Customer Operation Success SAS website or by sending electronic files or of any other nature, including but not limited to the direct delivery of information, access to the website https://www.ambemedicalsystems.com/ , telephone or telemarketing calls, requests by email, seminars, conferences or events, among others.

The Holder agrees that Customer Operation Success SAS may also obtain data from the Holder through other means, such as information obtained from other commercially available sources, such as telephone directories, business directories, business cards, public databases, etc.

All information and data that Customer Operation Success SAS collects about the Holder may be combined for the purposes permitted under this Privacy Notice.

USE OF DATA

Customer Operation Success SAS may use the data for any of the following purposes:

Strengthening of Business Processes:

In the case of statistical information, internal processing data, commercial promotions, marketing studies, commercial offers, surveys, advertising matters or the like, we may require general information such as name, address (residential and office), fixed and mobile phone numbers, fax and email address, information on commercial or consumption preferences, income ranges, study ranges, age ranges and/or socioeconomic level ranges.

This data may be used, but is not limited to: (a) Provide you with the goods and/or services that you have requested or with respect to those you have expressed interest; (b) provide an efficient service, as well as to improve your experience in the use of certain products and/or services; (c) send you and present you with goods and/or services that may be relevant or attractive, including your participation in promotions, offers and advertising campaigns; (d) inform about changes or new products or services that are related to those contracted or acquired; (e) comply with obligations contracted; (f) evaluate the quality of the service, or carry out internal studies on consumption habits; (g) provide information for research projects carried out directly by the company or allied entities; (h) Carry out academic promotion and dissemination activities.

 

 

Data Storage, Disclosure and Transfer:

Data may be transferred, stored and processed in a country other than where it was provided, in which case the information will be transferred in accordance with applicable information protection laws.

The Holder understands and agrees that Customer Operation Success SAS is authorized to use, store, disclose, or transfer the data. If the Holder does not express his opposition to the transfer of his data, it will be understood that he has given his consent to do so.

Notwithstanding the foregoing, Customer Operation Success SAS may also provide part of the data to suppliers of goods or services that require knowledge of this information. These providers include, but are not limited to, guarantor entities, email service providers, automated data processors, carriers, insurance companies and health service providers and other companies or individuals that provide services specific to the corporate purpose of Customer Operation Success SAS. These service providers are obliged, by contract, to maintain the confidentiality of the data in accordance with this Privacy Notice.

DATA STORAGE

Once the data is received, it will be processed and stored in a database that can be managed by Customer Operation Success SAS or by a third party with whom it has a contract for such purposes.

Customer Operation Success SAS will incorporate protection mechanisms in order to avoid deviations, adulteration, loss, consultation or unauthorized processing of data, as possible.

Confidentiality:

Customer Operation Success SAS will not disclose the data to unauthorized third parties except when such disclosure is required by law or order of competent judicial authority.

Access to rectification, update or deletion of data:

The Holder will have the right to access his personal information stored in the Customer Operation Success SAS database and rectify, limit or update it when required, for which he must send a request to the offices and points of attention of Customer Operation Success SAS nationally or by email to protecciondedatos@groupcos.com.co

The request for access, rectification, updating or deletion shall contain and accompany the following:
Full name and identification of the Holder,
Address and telephone number or other means of communicating the response to the request.
If the request is made by physical means, it must be duly signed and it must include the Holder’s fingerprint.
If the request is made by email, it must be sent from the same email address previously reported by the Holder and registered in the Customer Operation Success SAS database.
The documents proving the identity, or where appropriate, the legal representation of the Holder.
The clear and precise description of personal data for which it seeks to exercise any of the aforementioned rights.
Any other element or document that facilitates the localization of his or her Personal Information.

 

Deletion or Revocation:

In the case of requests for total or partial deletion of data or revocation of consent, they must be made in accordance with the provisions of the previous section.

When the data have been transmitted prior to the date of rectification or deletion and continue to be processed by third parties, Customer Operation Success SAS must inform of such request for rectification or deletion, without any further obligation on your part.

Customer Operation Success SAS shall not be obliged to delete the data when:
The data must be treated by legal provision.
The elimination of data hinders judicial or administrative actions related to tax obligations: investigation and prosecution of crimes or updating of administrative sanctions.
They are necessary to protect the Holder’s legally protected interests.

AMENDMENTS:

Customer Operation Success SAS reserves the right to make changes to these privacy policies at any time and adapt them to new legal or jurisprudential provisions.

The Holder agrees that any changes to this Privacy Notice or Privacy Policies will be notified by posting them on https://www.ambemedicalsystems.com/

It is the obligation of the owner to periodically visit this site in order to verify the most current version of the Privacy Notice.

For further details, please refer to the Personal Data Processing and Protection Policy.

 

Annexes

Visitor Confidentiality Agreement.
Staff Non-Disclosure Agreement.
Privacy Notice
Physical facilities privacy notice.
Training Statute Annex 1.
Training Statute Annex 2.
Protection and processing of candidate personal data.
Protection of personal data processing for supplier or contractor.
Protection and processing of visitors’ personal data.

Copyright © AMBE Medical Systems. All Rights Reserved. | Avíso legal | Política de cookies