ABOUT US
This document establishes the Personal Data Processing Policies CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES commercial
company domiciled in Pereira, identified with NIT 900696340-0 company dedicated to services of procurement, processing, marketing and storage of stem cells for therapeutic purposes and research with scientific and technological base with headquarters in Calle 14#23-41 in Pereira, phone number +573104116215 and web address www.regencord.com, e-mail [email protected] as responsible and in charge of the treatment and custody of personal data informs that:
The collection of personal data and their processing, which CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES performs, is done in a
responsible and legal manner in compliance with the right to privacy, habeas data and personal data protection, in accordance with the rules, procedures and instructions adopted by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, as well as in accordance with the mandate of the Political Constitution of Colombia, law 1581 of 2012, decree 1377 of 2013 and other regulations in force on the matter.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES for
several years has collected, stored, and used information with personal data and by its nature wishes to continue with such treatment in the future. For this purpose and to carry out the appropriate management required by law, the Institution has defined the following policy, available to the entire internal and external community.
For this purpose, CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES requires obtaining the authorization so that users, customers and any person freely, previously, expressly, voluntarily, and duly informed, allow the institution to collect, collect, store, use, process, compile, treat, update and dispose of the general, particular and/or sensitive data that have been provided and that have been incorporated in different databases or data banks, or in electronic repositories of all kinds that the Institution has. This information is and will be used in the development of the functions of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES, as a manufacturer of pharmaceuticals, medicinal chemicals, and botanical products for pharmaceutical use that the information provided by the health services as well as for administrative, commercial, promotional, and contact purposes with the holders of the same.
In this policy you will find the company name, address, e- mail and telephone of
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, the
treatment to which the data will be subjected and its purpose, the rights that you have as a Holder the area responsible for the attention of requests, queries and claims before which you can exercise your rights to know, update, rectify and delete the data and revoke the validity of the Database.
CHAPTER I REGULATORYPROVISIONS
Article 15 of the Constitution of the Republic of Colombia establishes that any person has the right to know, update and rectify the personal data that exists about him/her in data banks or files of public or private entities and orders those who have personal data of third parties to respect the rights and guarantees provided in the Constitution when collecting, processing, and circulating this kind of information.
Subsequently, Law 1266 of 2008 regulated the right to financial habeas data and in 2009 Law 1273 established the «violation of personal data» as a crime.
Likewise, the Statutory Law 1581 of 2012, Decree 1377 of 2013 and Decree 1074 of 2015, established the minimum conditions for the legitimate and appropriate processing of personal data and obliges those responsible for the processing of such data to adopt internal policies to ensure proper compliance with current regulations in this area.
CHAPTER II OBJECT AND SCOPE
The purpose of these Policies is to develop the constitutional right to Habeas Data held by all persons on whom CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES, in the course of its business activities, has collected, managed or processed their personal data, personal character, whether they are clients, users, affiliates, patients, employees, suppliers or any other natural or legal person.
On the other hand, and since the activities CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES mainly develops include the commercialization of Stem Cells for therapeutic purposes, providing services of obtaining, processing, application and storage of Stem Cells for therapeutic purposes and scientific and technological research, providing preventive medicine services; both companies and their employees have the duty to keep reserve and discretion on the data of their patients or on those related to their own situation, which they may come to know in the course of their activities. It is pertinent to indicate that in the exercise of the legal functions that the State has delegated to guarantee the provision of the mandatory health plan, health data is collected and likewise, there is a legal duty to keep under reserve the Clinical History of the patients in accordance with the provisions of Law 23 of 1981, Resolution 1995 of 1999 and the databases of the general social security system regulated by Resolution 1344 of 2012, Regulatory Decree 3380 of 1981,
Decree 1570 of 1993.
In addition, CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES processes personal data, including sensitive data, data of children and adolescents (minors), and in this sense is committed to respect and guarantee the rights of the owners of the data it collects and processes in its capacity as Data Controller, complying with current regulations by adopting these Policies, which are
mandatory in all activities involving all or part of the collection, storage, use and circulation of such information.
Therefore, both CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES and all third parties acting on behalf of the same as Agents and all subjects involved in the processing of personal data, must observe and respect the rules on protection of personal data, the confidentiality of the data processed and this Policy in the performance of their duties and/or activities even after the legal, commercial, labor or any other kind of relationship with CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES is terminated.
These Policies are published on the website of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES and all the companies that are part of the business group, so that they are known by the data subjects and third parties who have access to personal data managed by the company.
CHAPTER III DEFINITIONS
For the purposes of this personal data processing policy, the following is understood as:
Authorization: Prior, express, and informed consent of the holder to carry out the processing of personal data.
Privacy Notice: Verbal or written communication generated by the Controller, addressed to the Data Subject for the Processing of his personal data, by means of which he is informed about the existence of the information processing policies that will be applicable, how to access them and the purposes of the Processing that is intended to be given to the personal data.
Database: Organized set of personal data that is subject to processing.
Personal data: Any information linked to or that can be associated to one or several determined or determinable natural persons.
General data: Contact information, such as: full name, address, landline, cell phone, e-mail.
Particular data: According to the type of relationship: Income level, financial data, debt capacity, gross assets, dependents, household composition, hobbies or interests, assets owned, employment information, marital status.
Public data: Public data includes, among others, data related to the marital status of individuals, their profession or trade, and their status as merchants or public servants.
Sensitive data: Sensitive data are understood as those that affect the privacy of the holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, biometric data and medical history, which will only be collected, incorporated and/or stored with prior authorization of the owner of the information, and when necessary for the execution of the contractual relationship with the owner, provided that the law allows access to such information. Therefore, the access, circulation and treatment of sensitive data willbe restricted and limited to the authorization of the owner and as stipulated in the current regulations.
Data Processor: Natural or legal person, public or private, who by itself or in association with others, carries out the processing of personal data on behalf of the data controller.
Data Controller: Natural or legal person, public or private, who alone or in association with others, decides on the database and/or the processing of data.
Data subject: Natural person whose personal data is the object of processing.
By the Holder, who must prove his identity sufficiently by the different means made available to him by the responsible party.
By their successors in title, who must prove their status as such.
By the representative and/or attorney-in-fact of the Holder, upon accreditation of the representation or power of attorney.
By stipulation in favor of or for another.
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.
Transfer: The transfer of data takes place when the controller and/or processor of personal data sends the information or personal data to a recipient located inside or outside the country.
Transmission: Processing of personal data that involves the communication of such data within or outside the territory of the Republic of Colombia when its purpose is to carry o u t a treatment.
Consultation: Request from the Data Subject or his/her assignees to consult the information of the Data Subject in the databases managed by REGENCORD CELLULAR THERAPY S.A.S.
Claim: Request from the Data Subject or his/her assignees when they consider that the information contained in a database managed by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES should be corrected, updated, or deleted, or in the event of non-compliance by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES or any of its Agents.
Minors: Refers to minors under eighteen (18) years of age and corresponds to Children and Adolescents.
Shareholders: Any person who has had or has an investment in shares of the companies that are part of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA
– REGENCORD LABORATORIES.
Data Protection Officer: This is the person within CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, whose function is to monitor and control the application of the Personal Data Protection Policy, under the guidance and guidelines of the Information Security Committee. The Information Security Committee shall designate the Data Protection Officer. This definition refers to a role or function to be performed by an official designated by the Security Committee of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES.
CHAPTER IV
PRINCIPLES FOR THEPROCESSING OF PERSONAL DATA
The principles contained in the regulations are as follows the data must be considered in order to carry out the processing of personal data:
Principle of legality in data processing: The Processing referred to in Law 1581 of 2012 is a regulated activity that must be subject to what is established there and in the other provisions that develop it.
Principle of purpose: The processing of personal data must obey a legitimate purpose following the Constitution and the Law, which must be informed to the Data Subject.
Principle of freedom: Processing may only be conducted with t h e prior, express, and informed consent of the Data Subject. Personal data may not be obtained or shown without prior authorization, or in the absence of legal or judicial mandate that relieves consent.
Principle of restricted access and circulation: Processing is subject to the limits derived from the nature of the personal data, the provisions of the law and the Constitution. In this sense, the Processing may only be carried out by persons authorized by the Holder and/or by the persons provided by law.
Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned, or misleading data is prohibited.
Principle of transparency: The right of the Data Subject to obtain from the Data Controller or the Data Processor, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed.
Security principle: The information subject to processing by the Data Controller or Data Processor referred to in the law must be overseen with the technical, human, and administrative measures necessary to ensure the security of the records, avoiding their adulteration, loss, consultation, use or access unauthorized or fraudulent.
Principle of confidentiality: All persons involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing, and may only provide or communicate personal data when it corresponds to the development of the activities authorized by law and under the terms of the same.
Necessity and proportionality. The personal data recorded in a database must be strictly necessary for the fulfillment of the purposes of the Processing, informed to the Data Subject and for such reason, must be adequate, relevant and in accordance with the purposes for which they were collected.
Temporality or end. The period of conservation of personal data will be the period necessary to achieve the purpose for which they have been collected.
Taking into account the above, CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES in the development of the principle of legality will ensure that the data are collected, processed and handled in a lawful manner. This means that in
the development of its activities it will collect the data necessary for the development of its activities.
Likewise, and when CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES acts as Data Controller, i.e. when it is in front of a Data Subject who will acquire the status of beneficiary, volunteer, employee, or supplier or already has it, it shall inform him/her in a clear, sufficient and prior manner about the purpose(s) of the processing that will be given to the personal data to be provided.
In accordance with the principle of reasonableness and proportionality, CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES will collect the
personal data that are strictly necessary to carry out the purposes pursued and will keep them for the time necessary to fulfill such purposes, always observing the special terms established by law for sensitive data.
Likewise, CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES will respect the freedom of the Data Subject to authorize or not the use of his/her personal data. However, it should be noted that, in accordance with the provisions of current regulations, in any case the Data Subject may revoke the authorization and request the deletion of the data, when there is a legal or contractual duty that imposes the duty to remain in the database or file of the Controller or Processor.
CHAPTER V TREATMENT
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES will
freely, previously, expressly and voluntarily obtain the Authorization to transfer, store, use, circulate, delete, share, update and transmit the Personal Data through physical mail, electronic, cellular or mobile device, via text messages, media, (television, newspaper and web page), social networks or any analog and/or digital means of communication, known or to be known in accordance with the present Personal Data Protection Policy.
CHAPTER VI
CONTROLLER AND PROCESSOR OF PERSONAL DATA
Company name Centro de células madre y biotecnología S.A.S.
NIT. 900696340 – 0
Address Pereira – Risaralda – Colombia
Address CALLE 14 NRO. 23-41 SECTOR BARRIO ALAMOS
E-mail [email protected]
Phone (606) 3210051
PERSONAL DATA PROCESSING POLICY
Regen-P03-D02
Version: 1
2024-04-01
Page 8 de 30
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES will
be responsible and in charge of the processing of personal data.
The area of administrative management, in association with the area of communications and systems will be the area responsible for the processing of personal data, on behalf of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, who will be provided with information on each user, manager, member, employee, provider, customer, supplier and in general any person, natural person from whom personal information has been collected and that is stored in a database.
The officer in charge of this area will keep a report of the database and will be responsible for the following functions:
Be familiar with this policy and apply it to the extent applicable
Send a communication via e-mail to each Director, employee or person within the Company who handles or has handled some type of personal data of the members of the Company, in the sense that they inform the Department in charge, the name and e-mail of the users of whom they have personal data.
Elaborate, direct, entrust and/or delegate to others the establishment of the measures to be taken in commercial contracts and forms that deal with credits or personal data.
Elaborate, direct, entrust and/or delegate to others the establishment of the measures to be taken in labor contracts.
To inform the owner about the purpose of the data collection and guarantee the exercise of the rights granted by virtue of the authorization given.
Keep a copy of the respective authorization granted by the owner of the personal data.
Ensure that the information processed is truthful, complete, accurate, updated, verifiable and understandable.
Rectify the holder’s information when it is incorrect.
Use only personal data that have been obtained by authorization unless such data do not require authorization.
Respect the security and privacy conditions of the holder’s information.
To update, rectify or remove personal data within five (5) business days of receipt.
Allow access to information only to authorized persons.
Comply with the instructions and requirements issued by the competent administrative authority.
PERSONAL DATA PROCESSING POLICY
Regen-P03-D02
Version: 1
2024-04-01
Page 9 de 30
Sign confidentiality agreements with those who handle the information related to the processing of personal data.
Process promptly the queries and claims made by the holders of personal data.
All others established by law.
The administrative management area, in association with the communications area and the systems area CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES shall ensure that in each incorporation of a new employee, knowledge of this Policy and the documents that complement it is required CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, will make all contractual and legal adjustments so that, in contracts, confidentiality agreements, contractual clauses and other documents, its compliance by Employees, members, Managers, Suppliers, Contractors and other Third Parties is incorporated; in addition to seeking express authorization from each owner for the Management of personal data and Habeas Data.
It is the responsibility of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES employees to report any incident of information leakage, computer damage, violation of personal data, data commercialization, use of personal data of children or adolescents without proper authorization, identity theft, or conduct thatmay violate the privacy of a person, or that has indications that they are being used for criminal and/or unauthorized purposes.
CHAPTER VII
PURPOSE OF THE PROCESSING OF PERSONAL DATA
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES will treat the
information provided and previously authorized by the users as follows:
IN A GENERAL WAY:
For all users, students, employees, collaborators, health service providers, suppliers, clients. To be used for:
To know in a prospective way the needs of its s t a k e h o l d e r s to innovate in the provision of its services.
Fulfillment of the obligations arising from the relations between the company and existing contractual agreements with its stakeholders.
The safety of patients, visitors, collaborators, and the general community infacilities of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES.
Communicate to registered users in our systems, web portal and
/Or social networks information about new services, drugs, news events, academic calls, publications, news, business innovation, special programs, user education campaigns, commercial events, and advertising, always related to the objectives of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES, according to the statutes.
To constantly inform about the needs of users registered in the web portals, to strengthen relationships and promote business innovation.
That the data provided by collaborators, health professionals and other users may be shared with other companies for commercial or contractual purposes, unless expressly revoked by the owner of the data.
To achieve an efficient communication related to our services and alliances.
To be used in clinical and/or epidemiological research, identification of clinical, scientific, and technological advances.
To report marketing and/or promotion activities of its own services or with whom it has entered health services alliances.
Have your data analyzed in studies related to health issues.
To know the state of satisfaction and services rendered.
Conduct studies technical-actuarial, statistical, market trends.
Control and prevention of fraud and money laundering.
Inform about changes in the data processing policy.
USERS AND CUSTOMERS:
The information will be used for:
To develop the functions of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA –
REGENCORD LABORATORIES.
Supporting medical care.
Send diagnostic test results and/or perform research.
Request, consult and/or change appointments with health professionals.
Verify affiliation status and associated services related to the Social Security System.
The data relating to the health of patients will be strictly protected by all employees, CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES by the sensitive nature of the same, therefore, the following will be considered at the time of processing data of this nature:
The medical personnel and/or students will have access to sensitive data because the owner of the same previously, expressly, and voluntarily discloses this information, in the same way, due to their professional practice, they will have knowledge of the patient’s medical history. Considering the protection required for this type of data, this information will be used for the provision of health services, general purposes and to comply with the corporate purpose of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES employees are informed about the sensitivity of health data, the obligations and penalties involved in the inappropriate use of such data and the procedure to
follow in its treatment, the right of access by persons other than the owner and the way it is classified, communicated, and delivered. In addition, they are aware of the importance of not exposing medical results that may affect the privacy of a person and not using the personal data of users and affiliates outside the established medical or administrative purpose. Therefore, in CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES the protection of information will not only be the responsibility of the medical staff, but of all the people who have access to it in the company during the exercise of their functions.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES has the proper security mechanisms and controls for the protection of sensitive information and its confidentiality, integrity, and availability.
In order to deliver the medical results safely, it is essential that when the holder is unable to come in person to obtain the results, he/she sends written authorization indicating the name of the authorized person, accompanied by a photocopy of the identity card.
The documents will be duly verified, organized, and subsequently archived, and if the holder authorizes their sending by email or certified mail, he/she must sign the form indicating this.
CONTRACTORS AND SUPPLIERS:
They will be used to complement the development of service provision contracts, joint ventures, or civil and/or commercial relationships, monitoring and managing the commercial behavior of the same. In addition, verify the suitability and exchange monthly information to facilitate the knowledge of the services offered by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, and in general, all
aspects involved in the relationship between CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES and the different, SOAT, suppliers, and providers; as well as to make them participants of activities or commercial campaigns that may be of interest.
The information contained in our databases, of past, current or future Healthcare Providers and Professionals, will be used for CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES to have a belief, both objective and subjective, about such providers. The information will be transferred and/or transmitted to other entities only when it is necessary to follow the applicable legal provisions, in case it is required by public, administrative and/or supervisory entities in labor matters in the exercise of their legal functions or by court order.
The personal e-mail addresses of providers, health professionals and/or suppliers will be used to facilitate contact with health professionals, send internal communications of interest and make them participate in institutional activities, as well as to comply with the laws applicable to providers, including, but not limited to, licensing, accreditation, commercial and tax laws.
The Company will process your data for the following purposes:
To follow up the execution of the contract signed by The Company and the Owner of the information.
To comply with the obligations contracted by The Company with the Owner of the Information, in relation to the payment of fees and other retributions set forth in the contract entered or as provided bylaw.
Perform analysis, evaluation and selection of potential suppliers, contractors and/or distributors.
Request the programming and provision of technical service, sales, purchase, monitoring the performance of the product and
/ Or service purchased, verification, consultation, and control, enabling means of payment and any other related to the products and / or current and future services required by the Company.
Analysis of information on quality and service levels received from suppliers.
Legal compliance in tax, customs, and commercial matters with administrative and judicial entities.
Make requests, complaints, and claims.
To conduct the pertinent actions for the development of the Company’s corporate purpose in relation to the fulfillment of the purpose of the contract entered with the Data Subject.
Use of biometric data (Sensitive Data) such as fingerprint, audio, video and/or photograph, (it is understood as «image» the name, pseudonym, voice, signatures, initials, figure, body physiognomy, face), with the purpose of confirming the identity of the person.
Communicating our policies and procedures for supplier engagement.
Business agreements to acquire goods or services.
Monitoring, control, and accounting records of obligations with suppliers, contractors and/or distributors.
Consultations, audits, and reviews arising from the agreements with the suppliers, contractors and/or distributors.
Perform consultations, controls and reports that are required by law or under the internal policies of the Company to control and prevent fraud, money laundering and terrorist financing in any of its forms. Some of these tasks are performed in compliance
with a legal and contractual duty and therefore the Processing of Personal Data is understood to be included in them.
Consultation and reporting to any Risk Center.
To perform commercial tasks.
To provide commercial, advertising, and promotional information about products and/or services, to promote, invite, direct, execute, inform and generally carry out campaigns, events, promotions or contests.
Perform through any means, directly or through third parties, programming and continuous service provision, invoicing, portfolio management, service performance follow-up, collection, business intelligence, marketing, promotion or advertising activities, service improvement, collection follow-up, verification, consultation and control, enabling payment methods, as well as any other related to our current and future services, for the fulfillment of contractual obligations and the Company’s corporate purpose.
To disclose, transfer and/or transmit Personal Data inside and outside the country to third parties because of a contract, law or lawful link that so requires, in relation to the contracted object.
Invitations to events and general corporate information to strengthen relationships
Provide, share, send, transfer, or deliver your Personal Data to branch, related, subordinate or controlling companies of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA
REGENCORD LABORATORIES located in Colombia or in any other country, if such companies require the information for the purposes indicated here.
EMPLOYEES AND/OR HEALTH PROFESSIONALS:
The information contained in our databases of former employees, employees, future candidates for employment, and past, current, or future health professionals, will be used for CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES
to have a perception, both objective and subjective, about the personnel. This information will be transferred and/or transmitted to other entities only when it is necessary to comply with the applicable legal provisions, in case it is required by public, administrative and/or supervisory entities in labor matters in the exercise of their legal functions or by court order.
Corporate e-mails will be used to ease contact between employees, service providers and/or health professionals, to send internal communications of interest, to request them in relation to their functions and to involve them in institutional activities.
In case of collaborators in addition to the above, they will allow access to transmit their data to companies that request to verify labor data, authorization of money credits or commercial credits, studies, for security studies prior verification of source and use of data and according to legal reservations, will also be used to perform internal
promotion processes, verification of titles, request for information from other companies or educational institutions, training, direct contact if required and in general to perform all administrative and financial procedures directly related to the work for which it will be hired.
They will also be used to provide employee wellness programs and plan business activities for the owner and his beneficiaries.
The Company will process this data for the following purposes:
To comply with the obligations contracted by The Company with the Data Subject, in relation to the payment of salary and other remuneration established in the employment contract or as provided by law.
Offering corporate wellness programs and planning activities
The policyholder and his beneficiaries (children, spouse, permanent companion).
Sending information to governmental or judicial entities at their express request.
Support in external/internal audit processes.
Registration of the information of candidates and employees in the Company’s database and make contact through any means to send information.
For security or fraud prevention purposes.
To process data related to medical examinations for admission, prevention, and retirement, as well as medical records if needed.
Use of biometric data (Sensitive Data) such as fingerprint, audio, video and/or photograph, (it is understood as «image» the name, pseudonym, voice, signatures, initials, figure, body physiognomy, face), with the purpose of confirming the identity of the person.
To collect, use, store and circulate your resume.
Transfer of data to third parties to carry out selection processes, affiliation to health, pension, ARL, insurance companies and others that are required for the formalization of the hiring process.
Consultation and reporting to any Risk Center.
To carry out the pertinent actions for the development of the Company’s corporate purpose in relation to the fulfillment of the purpose of the contract entered with the Data Subject.
Carry out consultations, controls and reports that are required by law or by virtue of the Company’s internal policies to control and prevent fraud, money laundering and financing of terrorism in any of its forms.
Providing, sharing, sending, transferring, or delivering your Personal Data to CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES Branch, related, subordinate or controlling companies, located in Colombia or in any other country, if such companies require the information for the purposes indicated herein.
STUDENTS, RESIDENTS, OR INTERNS:
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES develops
its educational mission by promoting research in all fields including the scientific one, trying to achieve an efficient communication with students related to patients, services provided, and other activities related to the functions of medical education, to comply with obligations to our students and to evaluate the quality of service.
It markets undergraduate and graduate educational programs, as well as congresses, trainings, workshops, conferences, academic events, and surveys related to education to those who voluntarily wish to participate.
Comply with the laws applicable to private education in Colombia, including, but not limited to, any requirement of the Ministry of National Education or judicial or administrative authorities.
CORPORATE BODIES:
The information containing data of natural persons who are part of the corporate bodies, such as the shareholders’ meeting and any other management body of the Company, whose treatment is intended to comply with the laws, regulations, and corporate policies. In this Database, public, private and Sensitive Data is incorporated. In addition, it will be considered reserved information, since it is registered in the trade books and is subject to special protection by legal provision.
The Company will process your data for the following purposes:
To carry out the pertinent actions for the development of the corporate purpose of the Company.
Collect, use, andstore your resume.
Send information from The Company, including calls, summons, invitations to meetings, events, newsletters, presentations, annual report, and those communications related to the activities carried out by The Company.
Issue certifications regarding the relationship of the Data Subject with the Company, such as certificates of income, shareholding, among others.
Use of biometric data (Sensitive Data) such as fingerprint, audio, video and/or photograph, (it is understood as «image» the name, pseudonym, voice, signatures, initials, figure, body physiognomy, face), with the purpose of confirming the identity of the person.
Provide, share, send, transfer, or deliver your Personal Data to branch, related, subordinate or controlling companies of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA
REGENCORD LABORATORIES, located in Colombia or in any other country, if such companies require the information for the purposes indicated herein.
Perform consultations, controls and reports that are required by law or by virtue of the Company’s internal policies to control and prevent fraud, money laundering and financing of terrorism in any of its forms (SARGRILAF – SARLAFT).
CHAPTER VIII TREATMENT OF SENSITIVE DATA
In the case of sensitive data CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES will inform the customer and/or user explicitly and in advance that he/she is not obliged to authorize its processing, in addition to the general requirements of authorization for the collection of any type of personal data, which of the data to be processed are sensitive and the purpose of the processing, as well as to obtain his/her express consent. No activity may be conditioned to the holder providing sensitive personal data. They may only be processed when:
The owner of the personal data has given his explicit authorization to such processing, except in cases where the law does not require the granting of such authorization.
The processing is necessary to safeguard the vital interest of the holder of the personal data and the holder is physically or legally incapacitated.
The processing relates to data that are necessary for the recognition, exercise, or defense of a right in a judicial proceeding.
The treatment has a historical, statistical, or scientific purpose. In this event, the measures leading to the suppression of the identity of the owners must be adopted.
The processing of personal data of children and adolescents will be conducted under the parameters set out above in this policy.
CHAPTER IX
PROCESSING OF VIDEO SURVEILLANCE DATA
The processing of personal data has been defined as «Any operation or set of operations on personal data, such as collection, storage, use, circulation or suppression». In the case of images of determined or determinable persons, operations such as capture, recording, transmission, storage, conservation, or reproduction in real time or later, among others, are considered as Processing of personal data, and consequently, are subject to the General Regime of Personal Data Protection.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES captures
your personal data by means of video surveillance for legitimate interest. The general purpose of the video surveillance carried out by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES is to ensure the safety of the goods and people in our premises. The images captured by the video surveillance systems of CENTRO DE
CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, will be subject to
compliance with the provisions of Law 1581 of 2012, especially its guiding principles.
This monitoring and observation task carried out through the SVs, involves the collection of images of people, that is, Personal Data in accordance with the definition contained in paragraph c) of Article 3 of Law 1581 of 2012, «By which general provisions are issued for the protection of Personal Data», understood as «any information linked or that may be associated with one or more specific or determinable natural persons».
CHAPTER X
PURPOSE OF THE VIDEO SURVEILLANCE SYSTEM
Recording through closed-circuit television, hereinafter CCTV, is active at all our sites; such recordings are captured and processed in the legitimate interests of:
The safety of our patients, collaborators, health professionals, suppliers, contractors, clients, and visitors.
The safety and security of our personnel.
The security and protection of our administrative and scientific headquarters.
Protection against, detection and evidence of criminal activities.
Reducing company losses and inventory discrepancies.
As a rule, we will not disclose this information to third parties, unless required to do so by order of the competent authorities.
CHAPTER XI PROCESSINGOF PUBLIC DATA
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES warns that
it will process public data and data contained in public records without prior authorization from the Data Controller. This situation does not imply that the necessary measures are not adopted to ensure compliance with other principles and obligations under Law 1581 of 2012 and other rules governing this matter, as well as in this policy.
CHAPTER XII
PROCESSING OF PERSONAL DATA TO THIRD COUNTRIES
In cases where CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES in the development of any of its functions, such as participating in international programs for economic, cultural, and social development, or any other activity that involves the transfer of personal data to third countries, or in the event
that a branch or foreign headquarters or subsidiary company is established abroad, shall be governed by the following conditions:
The transfer of personal data to third countries will only be carried out when there is corresponding authorization from the holder and prior authorization from the SIC’s Personal Data Delegation.
Any processing that involves the transmission of data outside Colombian territory is considered an international transfer, whether it is a transfer of data or the purpose of providing a service to the data controller outside Colombia.
Likewise, prior authorization must be obtained from the Personal Data Protection Delegate of the Superintendence of Industry and Commerce when international data transfers to countries that do not provide a level of protection are planned. This authorization may only be granted if adequate guarantees are obtained, such as contracts based on the standard clauses approved by the SIC, or the Binding Corporate Rules.
The international transfer of data may be carried out upon request by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, establishing the
purpose, the groups of interested parties or holders of personal information, the data to be transferred and the documentation incorporating the guarantees required to obtain the authorization, including a description of the specific security measures to be adopted, both by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES and by the Data Controller or Data Processor at the place of destination.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, does not
request authorization when the international transfer of data is covered by any of the exceptions provided for in the Law and its Regulatory Decrees.
CHAPTER XIII
DATA PROCESSING OF MINORS
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES in
compliance with law 1098 of 2006, law 1581 of 2012 and Constitutional rights recognizes that minors have the possibility of acquiring the status of users of the products and services of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, as long
as they act through or duly represented by their parents or by those who have parental authority or legal representation of the minor, after the minor has exercised his or her right to be The opinion should be evaluated considering the maturity, autonomy and capacity to deal with the matter.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES assumes
the obligation to respect and provide guarantees so that minors, who have the status of authorized users of our web portal and in general of our products and services can
exercise their right to freedom of expression, free development of personality and information, as enshrined in Law 1098 of 2006.
In compliance with the Colombian regulations about minors and the responsible procedure that CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES is obliged to follow. we assume the following commitments:
That it responds to and respects the best interests of children and adolescents.
To ensure respect for their fundamental rights.
To inform the authorities of any criminal situation of which it has knowledge that endangers the integrity of a minor. To this end, it will provide all the cooperation required by the State security agencies.
Minors who are interested in acquiring our services, using electronic means of payment, must carry out the electronic economic transaction through their parents or representatives, prior registration and contracting with them.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES in the treatment of personal data of children and adolescents, will ensure the proper use of such data.
CHAPTER XIV
INTERNATIONAL TRANSFER AND TRANSMISSION OF PERSONAL DATA
To provide you with a better service, and to execute the purposes described in this privacy policy, your personal data may be transmitted and/or transferred to foreign entities and/or servers hosted in foreign countries, under security conditions that will ensure compliance with the provisions of law 1581 of 2012, regulatory decree 1377 of 2013.
For the transmission and transfer of personal data, t he following rules shall apply:
International transfers of personal data shall observe the provisions of Article 26 of Law 1581 of 2012; that is, the prohibition of transferring personal data to countries that do not provide adequate levels of data protection and the exceptional cases in which such prohibition does not apply.
The international transmissions of personal data that are made between a controller and a processor to allow the processor to carry out the processing on behalf of the controller, shall not require to be informed to the holder or to have his consent when there is a contract under the terms of Article 25 of Law 1581 of 2012.
The transfer of personal data of any kind to countries that do not provide adequate levels of data protection is prohibited. It is understood that a country offers an adequate level of data protection when it complies with the standards set by the Superintendence of Industry and Commerce. Exceptionally, CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES may transfer personal data in the following cases: Information in respect of which the holder has granted express and unequivocal authorization for the transfer. Exchange of medical data, when so required by the treatment of the holder for reasons of health or public hygiene. Banking or stock exchange transfers, in accordance with the applicable legislation. Transfers agreed
within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity.
Transfers and/or transmissions necessary for the execution of a contract between the holder and CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, or for the execution of pre-contractual measures if the holder’s authorization is obtained.
Transfers are legally required to safeguard the public interest, or for the recognition, exercise, or defense of a right in a judicial proceeding.
CHAPTER XV
CASES IN WHICH AUTHORIZATION IS NOT REQUIRED FOR DATA PROCESSING
Following Article 10 of Law 1581 of 2013, the authorization of the holder shall not be needed in the case of:
Information required by a public or administrative entity in the exercise of its legal functions or by court order.
Data of a public nature.
Cases of medical or sanitary emergency.
Processing of information authorized by law for historical, statistical, or scientific purposes.
Data related to the Civil Registry of persons.
Whoever accesses personal data without prior authorization must in any case comply with the provisions contained in the Law.
CHAPTER XVI
LEGITIMACY FOR THE EXERCISE OF THE HOLDER’S RIGHTS.
The rights of the holders established in the law, may be exercised by the following persons (article 20 decree 1377 of 2013):
By the holder, who must prove his identity.
By their successors in title, who must prove their status.
By the holder’s representative and/or attorney-in-fact, upon proof of representation or power of attorney.
By stipulation in favor of or for another.
The rights of children or adolescents shall be exercised by the persons who are empowered to stand for them.
CHAPTER XVII
PERSONS TO WHOM THE INFORMATION MAY BE SUPPLIED
Information that meets the conditions set forth in t h i s policy may be provided by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES to the following
persons:
To the owners, their successors in title or their legal representatives.
To public or administrative entities in the exercise of their legal functions or by court order.
To third parties authorized by the Holder or by law.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES will make sure to establish conditions that bind the supplier to the privacy policies of these in such a way that the personal information of users is protected, likewise, confidentiality agreements will be established for the handling of information and responsible- responsible obligations when the type of delivery warrants it.
CHAPTER XVIII
DUTIES OF CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES as the data
controller, at the time of requesting the authorization to the Data Subject, shall clearly and expressly inform him/her of the following:
The processing to which your personal data will be given and the purpose of such processing.
The optional nature of the response to the questions asked when they deal with sensitive data or with the data of children and adolescents.
The rights you have as Data Subject, The identification, physical or electronic address and telephone number of the Data Controller.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES as Data Controller shall keep proof of compliance with the provisions of this paragraph and, when requested by the Data Subject, shall provide a copy of it.
Guarantee to the Data Subject, always, the full and effective exercise of the right of habeas data.
Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the Holder.
Duly inform the Data Subject about the purpose of the collection and the rights he/she has by virtue of the authorization granted.
Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
Ensure that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable.
Update the information, communicating in a timely manner to the Data Processor, all developments regarding the data previously provided and take other necessary measures to ensure that the information provided to it is kept up to date.
Rectify the information when it is incorrect and communicate the pertinent to the Data Processor.
To provide to the Data Processor only data whose Processing is previously authorized in accordance with the provisions of this law.
To always require the Data Processor to respect the security and privacy conditions of the Data Subject’s information.
To process the consultations and claims formulated under the terms set forth in this law.
Adopt policies and procedures in the applicable areas to ensure adequate compliance with this law and to attend to queries and complaints.
Inform the Data Processor when certain information is under discussion by the Data Subject once the claim has been filed and the respective process has not been completed.
Inform upon request of the Data Subject about the use given to their data.
Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the Data Holders.
Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
Proof of the availability of the privacy notice and the information treatment policies when this means is used.
To keep the model of the Privacy Notice used to comply with the duty they have to inform the Holders of the existence of information processing policies and how to access them, if personal data are processed in accordance with the same and the obligations arising therefrom remain in force.
Retain proof of the authorization granted by the holders of personal data for the processing of the same. For these purposes, CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES will deploy the physical and electronic means necessary for the preservation of the proof of the authorization granted by the holders of personal data for the processing of the same regardless of the means through which such authorization was obtained.
CHAPTER XIX
RIGHTS AS HOLDER OF PERSONAL DATA
The holder of the personal data will have the following rights:
To know, update and rectify their personal data with respect to the institution. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorized;
Request proof of the authorization granted to the institution, except when expressly exempted as a requirement for treatment, in accordance with the provisions of Article 10 of Law 1581/2012.
This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has
not been authorized tacitly or in writing for the use of the information in commercial, health promotion or marketing campaigns for informative purposes, loyalty, or measurement of satisfaction with the services.
The person exercising the habeas data must accurately provide the requested contact information, to process and respond tohis request and deploy the charges for the exercise of his rights.
Be informed by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, upon request, regarding the use of your personal data.
To file before the Superintendence of Industry and Commerce complaints for violations to the provisions of the law and other regulations that modify, add, or complement it.
Access free of charge to personal data that has been processed.
CHAPTER XX
REGISTRATION AS A USER OF THE WEB PORTAL
The need to provide security to individuals when accessing services provided through Web portals requires the identification and personal data of users, data also necessary for fraud prevention and attention to security incidents.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES as
administrator of the web portal www.regencord.com reserves the right to keep in force the registration of a user when he has not provided truthful information, when he treats the information in a way contrary to the honest uses that should be given to it or when he fails to comply with the policies contained herein or any of the obligations, duties and charges that he acquires at the time of registering in the web portal.
The user who registers in this web portal will handle any inaccurate, false, or untruthful data provided, so they must be truthful and reliable, otherwise it may give rise to compensate the damages caused by this behavior to CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES and / or third parties. The person who uses personal data that is not his/her own will oversee the sanctions that Colombian law sets up in relation to the violation of personal data. Thus, CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES assumes in good faith that the information provided by the user who registers is truthful, accurate and reliable and therefore exempts CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES from any liability for such information.
This document is an integral part of the Terms and Conditions of the website CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES
www.regencord.com belonging to CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA –
REGENCORD LABORATORIES
CHAPTER XXI
ATTENTION TO PETITIONS, REQUESTS FOR CONSULTATION, UPDATING, RECTIFICATION AND SUPPRESSION OF PERSONAL DATA
The Risk Management area oversees processing the requests of the holders to enforce their rights.
This policy applies to all databases managed within each one of its dependencies both in its headquarters XXXX in the city of Pereira and in all locations that it has or in the future may be established.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES expresses
to users, patients, service providers, collaborators, and suppliers, as well as to users of
the web portals and/or other tools, that in case of any controversy, it will be resolved amicably, through self-compositive mechanisms, such as negotiation or conciliation, in the city of Pereira.
CHAPTER XXII RIGHT OF CLAIMS
The Holder of private personal data corresponding to a natural person and considers that the information contained or stored in a database that does not correspond to the records of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES,
should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties and principles contained in the regulations on Protection of Personal Data, may file a complaint with the Responsible or Responsible for the treatment of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES.
The claim may be submitted by the holder taking into account the information indicated in Article 15 of Law 1581 of 2012 and may be made through the email [email protected] , If the claim is incomplete, the holder may complete it within five (5) working days following receipt of the claim so that the faults or errors are corrected. After two (2) months from the date of the request, without the applicant sending the required information, it will be understood that the claim has been withdrawn. If the person who receives the claim is not competent to resolve it, it will be transferred to the proper person within one (1) month maximum term of two (2) business days and will inform the interested party of the situation. Once CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES has received the completed claim, a legend will be included in the database stating, «claim in process» and the reason for the claim, within a period not exceeding two (2) business days.
(2) business days. This legend will be maintained until the claim is decided and the maximum term to address it will be fifteen (15) working days from the day following the date of receipt. When it is not possible to address the claim within that period, CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES will inform the interested party the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) working days following the expiration of the first term.
CHAPTER XXIII RIGHT TO HABEAS DATA.
Article 15 of the Political Constitution of Colombia establishes the right of all persons to know, update and rectify the information that has been collected about them in databases or files of both public and private entities.
Likewise, and in accordance with the Constitutional Court’s Decision C-748 of 2011, this right includes other powers such as those of authorizing the processing, including new data, excluding them, or deleting them from a database or file.
This right was developed in a jurisprudential manner from 1991 until 2008, when the Special Law of Habeas Data was issued, which regulates what has been called «financial habeas data», being understood as the right of every individual to know, update and rectify his personal commercial, credit and financial information contained in public or private information centers, whose function is to collect, process and circulate such data in order to determine the level of financial risk of the Holder. This Special Law considers both natural and juridical persons as information holders.
Subsequently, on October 17, 2012, Law 1581 «General Law on Personal Data Protection» was issued, which develops the right of Habeas Data from a broader perspective than the financial and credit mentioned above. In such a way, that any holder
The holder of personal data has the power to control the information that has been collected about him/herself in any database or file, administered by private or public entities. Under this General Law, the holder is the natural person. Only, in special situations provided by the Constitutional Court in Ruling C-748 of 2011, it could become the legal person.
CHAPTER XXIV
PROCEDURE FOR THE EXERCISE OF THE RIGHT TO HABEAS DATA
Consultations: the consultation shall be made by the means enabled by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES and shall be answered within a maximum period of ten (10) working days from the date of receipt thereof. When it is not possible to attend the consultation within such term, the interested party will be informed, stating the reasons for the delay, and indicating the date on which the consultation will be attended, which in no case may exceed five (5) working days following the expiration of the first term.
Claims: the holder or persons authorized by law who consider that the information contained in the databases should be corrected, updated, or deleted, or when they notice the alleged breach of any of the duties contained in the law, may file a claim with the institution, which will be processed under the following rules:
The claim shall be formulated through a request addressed to CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES with the identification of the owner, the description of the facts that give rise to the claim, the address, and going with the documents to be asserted. If the claim is incomplete, the interested party will be required within five
(5) days of receipt of the claim to correct the faults.
After two (2) months from the date of the request, if the applicant does not submit the required information, it will be understood that the claim has been abandoned.
If the person who receives the complaint within the company is not competent to resolve it, he/she will transfer it to the appropriate person within a maximum term of two (2) business days and will inform the interested party of t h e situation.
Once the complete claim has been received, a legend will be included in the database stating «claim in process» and the reason for the claim, within a term no longer than two (2) business days. Said legend shall be maintained until the claim is decided.
The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within such term, the interested party will be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
Contact to resolve their requests: holders may exercise their rights to consult, know, update, rectify and delete their personal data.
personal data by sending y o u r request to [email protected] , or through the link www.regencord.com or in writing CALLE 14 NRO. 23-41 SECTOR ALAMOS de Pereira, who will process the request in accordance with articles 14 and 15 of law 1581 of 2012 and 20 to 23 of decree 1377 of 2013; Such request must contain at least:
Full name and surname.
Contact information (physical and/or electronic address and contact telephone numbers).
Means to receive a response to your request.
Reason(s)/fact(s) giving rise to the claim with a brief description of the right you wish to exercise (know, update, rectify, request proof of authorization granted, revoke, delete, access to information) Signature (if applicable) and identification number.
The signature of the person requesting the information.
Controls: CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES
informs all its users, customers, owners of data that are in the databases of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, of the following The
Company has implemented the necessary technical, human, and administrative measures to provide security to our records avoiding their adulteration, loss,
consultation, use or unauthorized or fraudulent access, due to the nature of the data stored and the risks to which they may be exposed.
CHAPTER XXV
NATIONAL REGISTRY OF POLICIES AND/OR DATABASES
It is the public directory of databases subject to processing that operate in the country and will be freely consulted by citizens.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES will register
its policies and/or databases with the competent administrative authority, at the time and place established by it.
RIGHTS OF THE OWNERS AND IDENTIFICATION OF THE DATA BASE RIGHTSOF THE OWNERS
Contact CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, through the established channels, which are indicated in the Data Privacy Notice, to know, update and rectify your personal data. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorized.
Request proof of the authorization given to CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES.
Be informed by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES regarding the use given to the personal data collected, upon request of the Data Controller submitted through the channels provided for such purposes. d) File complaints before the Superintendence of Industry and Commerce for violations of Law 1581 of 2012 and its regulatory decrees. e) Revoke, in those cases that are not framed under Law 1266 of 2008, the authorization and/or request the deletion of the data when the Processing does not respect the constitutional and legal principles, rights and guarantees. f) Access free of charge, through the channels provided by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, to your
personal data that have been processed. CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA
– REGENCORD LABORATORIES through the Data Privacy Notice shall inform about of the channels and procedures provided for the holder to effectively exercise his rights.
CHAPTER XXVI IDENTIFICATIONOF DATABASES
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES has
identified the following databases:
Database with public information: The data contained in public records come from the fulfillment of a regulated function, whose forms and procedures fulfill a purpose of publicity and opposability. Therefore, it is understood that these data are of a public nature by legal provision and do not require the prior authorization of the owner for their processing. Likewise, it is understood that the records that are subsequently
delegated to CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES have the same nature of public data.
Databases of health users and patients: These are manual or automated databases, which are structured and contain public and private data oflegal or natural persons as users of the services of procurement services, processing, marketing and storage of
stem cells for therapeutic purposes and research with scientific and technological base that CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES
provides, which voluntarily and in exercise of their right as users, managers, employees, distributors, suppliers, authorize CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, by means of clauses in the forms, in the notices in their offices and requests, so that the information they provide in order to access the rights and prerogatives granted by the provision of services for the collection, processing, commercialization and storage of stem cells for therapeutic purposes and scientific and technological research, be used and handled for the relevant purposes. Such databases may contain sensitive information, so it will be used only for the purposes for which it has been entrusted.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES will
comply with the notice of request for authorization to continue the management of the databases by means of e-mail and/or privacy notice which will be published on the web page included in the databases created prior to the enactment of law 1581 of 2012.
Databases of CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES employees, managers, and service providers: These are manual or automated databases containing data of natural persons who are linked to CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES through
employment or through the provision of services, alliances or contracts, whose treatment is intended to comply with legal and regulatory provisions. This database includes private and public information, sensitive data, and data of minors. The processing of data for the purposes of the obligations arising from the employment relationship or by provision of services, alliances, or contracts, will require prior authorization of the holder or his legal representative, which will be contained in the clauses stipulated for that purpose in the documents of engagement, provision or contracts.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES will give
notice of the request for authorization to continue with the right to process the data of natural persons linked as employees or former employees, who are included in databases created prior to the entry into force of Law 1581 of 2012.
Database of Contractors and Suppliers: These are manual or automated databases containing data of natural persons who maintain a contractual and commercial relationship, whose processing is intended to comply with the contractual provisions
stipulated by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD
LABORATORIES, for the procurement of services and goods required by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES in the development
of the corporate purpose and economic activity of t h e company. This database contains public, private, and sensitive personal data, the purpose of which is the development of contractual relations. The processing of this data for purposes other
than the maintenance of the contractual relationship or the fulfillment of legal duties requires prior authorization from the owner.
Databases with general information: These are manual or automated databases containing personal information that is not public, sensitive or of minors. They will be of an occasional nature for the fulfillment of specific purposes CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, the processing of this data will require prior authorization and information of the purposes of its processing, under the formats defined for this purpose by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, in exercise
of the provisions of art 10° of decree 1377 of 2013, will publish the notice of request, addressed to persons who are included in databases formed prior to the entry into force of law 1581 of 2012.
CHAPTER XXVII AUTHORIZED DATABASES
The information of personal and sensitive data will be available for consultation and/or modifications in the authorized databases as follows:
Website: www.regencord.com
The databases have the necessary security mechanisms to protect the data such as: backup copies, centralized system, contingency schemes and access control by profiles.
CHAPTER XXVIII INFORMATION SUPPLY CHANNELS
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES establishes
as channels of communication with the owners: Web page: www.regencord.com
E-mail: [email protected]
CHAPTER XXIX INQUIRIES AND COMPLAINTS
Inquiries and claims made to CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES email [email protected] or the contact us link on the website: www.regencord.com , In case of additional information, the interested party may call (606)3210051 cel +573104116215 or go to Calle 14#23-41, Alamos, Pereira- Risaralda.
CHAPTER XXX
LEVEL OF SECURITY MEASURES APPLIED TO THE PROCESSING.
CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES has an
«Information Security Policy», the provisions held therein ensure compliance with the requirements in terms of information security.
It has been set up that the contracts entered with the persons in charge include clauses that clearly establish their duty to guarantee the security and privacy of the data subject’s information.
CHAPTER XXXI
EFFECTIVE DATE AND MODIFICATION
This policy shall be effective as of March 23, 2023, and shall remain valid as long as CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES carries out its corporate purpose in Colombia, or until the law provides otherwise or otherwise.
This policy may be changed at any time and unilaterally by CENTRO DE CÉLULAS MADRE Y BIOTECNOLOGÍA – REGENCORD LABORATORIES, having to inform in a timely manner to the holders of personal data of such modifications.
The policies, according to the instructions issued by the Superintendence of Industry and Commerce, will be published in accordance with the provisions of said entity.
