Data Processing Policy

MATIZ SALUD Y BELLEZA, hereinafter MATIZ, in compliance with the provisions of Law 1581 of 2012, and as responsible for the processing of personal data, having as a priority the respect for the right of HABEAS DATA, formulates the following policy for handling personal data, seeking to ensure the owners of these the knowledge, updating, rectification or deletion of information.

1. INFORMATION AND PERSONAL DATA

The data that are provided by the owners to MATIZ, which are considered private and therefore not available to the public are:

  • Full name
  • Type and number of document
  • Account number (bank and type of account)
  • RUT
  • Address (Department, city, neighborhood, zone, stratum)
  • Phone
  • Insurance
  • Type of affiliation
  • Date of birth
  • Sex
  • Marital status
  • Place of birth
  • Occupation
  • Email
  • Activity
  • Details of the responsible person in the case of a minor (ID number, relationship and address)
  • Accompanying person’s data (phone and address)
  • Emergency contact
  • Study accreditations
  • Certificate of health care provider
  • Pension fund certificate

2. MECHANISM FOR OBTAINING THE INFORMATION

The personal data covered by this policy may be obtained through any legal means, always taking into account the knowledge and prior and express authorization of the owners of the confidential information. The purpose for which the information is requested is for the development of the company’s corporate purpose.

3. PURPOSE

MATIZ will use the personal data requested to the owners internally and only for the development of the company’s corporate purpose, which consists mainly of providing health services, surgical procedures, everything related to cosmetic surgery, such as liposculpture, liposuction, mammoplasty, breast implants, etc., permanent makeup, facial cleansing, pedicure, manicure, hairdressing, in short, everything related to medical and aesthetic procedures, in general, marketing of supplies related to health and aesthetics. Likewise, such data will be used in accordance with the regulatory parameters in force, mainly for the development of the company’s corporate purpose, to keep historical records, maintain contact with the holders of personal data and validate the veracity of the data provided by the holders.

4. DUTIES OF THOSE RESPONSIBLE FOR AND IN CHARGE OF THE PROCESSING OF PERSONAL DATA

1. Controllers shall comply with the following duties:

  1. Guarantee to the Data Subject, at all times, the full and effective exercise of the right of habeas data.
  2. Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the Holder.
  3. Duly inform the Data Subject about the purpose of the collection and the rights he/she has by virtue of the authorization granted.
  4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
  5. Ensure that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable.
  6. Update the information, communicating in a timely manner to the Data Processor, all developments regarding the data previously provided and take other necessary measures to ensure that the information provided to it is kept up to date.
  7. Rectify the information when it is incorrect and communicate the pertinent to the Data Processor.
  8. To provide to the Data Processor, as the case may be, only data whose Processing is previously authorized in accordance with the provisions of this law.
  9. To require the Data Processor at all times to respect the security and privacy conditions of the Data Subject’s information;
  10. To process the consultations and claims formulated under the terms set forth in this law.
  11. Adopt an internal manual of policies and procedures to ensure adequate compliance with this law and, in particular, for the handling of inquiries and complaints.
  12. Inform the Data Processor when certain information is under discussion by the Data Subject, once the claim has been filed and the respective process has not been completed.
  13. Inform upon request of the Data Subject about the use given to his/her data.
  14. Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the Data Holders.
  15. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

2) Processors (if any) shall comply with the following duties:

  1. Guarantee to the Data Subject, at all times, the full and effective exercise of the right of habeas data.
  2. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
  3. Timely updating, rectification or deletion of data under the terms of this law.
  4. Update the information reported by the Data Controllers within five (5) business days from its receipt.
  5. To process the queries and claims formulated by the Holders under the terms set forth in this law.
  6. Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the attention of queries and claims by the Holders.
  7. Register in the database the legend “claim in process” in the form regulated in the present law.
  8. Insert in the database the legend “information under judicial discussion” once notified by the competent authority about judicial processes related to the quality of the personal data.
  9. Refrain from circulating information that is being disputed by the Holder and whose blocking has been ordered by the Superintendence of Industry and Commerce.
  10. Allow access to information only to those who can have access to it.
  11. Inform the Superintendence of Industry and Commerce when there are violations to the security codes and there are risks in the administration of the information of the Holders.
  12. Cumplir con las instrucciones y requisitos que expida la Superintendencia de Industria y Comercio.

5. RIGHTS OF THE HOLDERS OF PERSONAL DATA

The holders of personal information provided to MATIZ shall have the right to:

a) Ask MATIZ for proof of the authorization previously given for data processing.
b) To know, update and modify their data with respect to the Data Controller or Data Processor.
c) Go before the Superintendence of Industry and Commerce in order to file complaints when there are violations to the provisions of Law 1581 of 2012 and other regulations that modify, add or complement it.
d) To revoke the authorization and request the deletion of personal data when it considers that the holder’s constitutional and legal principles, rights and guarantees have been violated.
e) Access free of charge to your personal data that have been processed.

To enforce their rights before MATIZ, the holders of personal data may send a request to the e-mail comercial@staging2.matizsaludybelleza.com and/or send a written request to the address Calle 2 sur #46-55 Clínica Las Vegas | Fase 1 | Consultorio 325.

The Data Controller and/or Data Processor will respond to the request within a term not exceeding ten (10) working days. If it is not possible to respond to the request within the stipulated term, the interested party will be informed, stating the reason for the delay and indicating the date on which the request will be answered, which in no case will exceed five (5) working days following the expiration of the first term.

6. COMPLAINTS PROCEDURE

In the event that the owner considers that any correction, deletion or update of the information contained in the database is necessary, or in the event that he/she notices the alleged breach of any of the duties contained in Law 1581 of 2012, he/she may file a complaint with the Data Controller or the Data Processor, which will be processed in accordance with the following steps:

1. A request must be addressed to the Data Controller or the Data Processor, which must include the following: Identification of the holder, description of the facts giving rise to the claim, address and the documents to be asserted. In the event that any requirement is missing, MATIZ will require the interested party within five (5) days of receipt of the claim to include the missing requirements or correct the existing faults. In the event that two (2) months have elapsed from the date the request was filed and the applicant has not submitted the required information, it shall be understood that the claim has been withdrawn.

In the event that the person who receives the claim is not competent to resolve it, he/she will transfer it to the corresponding person within a maximum term of two (2) business days and will inform the interested party of the situation.

2. Within two (2) business days following receipt of the request, a legend will be included in the database stating “claim in process”, and the reason for the claim. This must be maintained until the claim is decided.

3. The claim must be attended within a maximum period of fifteen (15) business days, counted from the day following the date of receipt of the claim. In case it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which it will obtain a response to the claim, which in no case will exceed eight (8) business days following the expiration of the first term.

7. PRIOR AUTHORIZATIONS

The owners of the personal data that are provided to MATIZ, including those that have been obtained on the occasion of labor and commercial relations between the parties, must authorize the processing of the data through any means. This information will be treated in accordance with the provisions of Articles 5, 6 and 10 of Law 1581 of 2012, and 5, 6, and 10 of Decree 1377 of 2013, taking into account that MATIZ has the legal duty to issue the corresponding labor and commercial certifications in each case.

8. PERSON IN CHARGE AND PERSON IN CHARGE OF THE PROCESSING OF PERSONAL DATA

MATIZ in its capacity as responsible for the processing of personal data, through this policy informs its identification data:

COMPANY NAME:: CENTRO DE SALUD Y BELLEZA S.A.S.
NIT. 811027462 -9
ADDRESS: Calle 2 sur #46-55 Clínica Las Vegas | Fase 1 |Consultorio 325.
PHONE: (574)4441197 Ext. 114

The MATIZ company unit responsible for the processing of personal data in application of this policy will be the MARKETING MANAGEMENT, who will handle requests, queries, complaints through the e-mail comercial@staging2.matizsaludybelleza.com.

Sincerely yours,

Ana María Jaramillo Cardona
C.C. 42.972.519
Legal representative

Scroll to Top