I. IDENTITY AND ADDRESS OF THE ENTITY DATA CONTROLLER FOR THE PROTECTION OF PERSONAL DATA.
ÁNFORA SALUD, S.A.S. DE C.V. (“Amphora Health” and/or the “Data Controller”) with an address located at 80 Batallón de Independencia, Col. Chapultepec Norte, Postal Code 58260, Morelia, Michoacan, Mexico, will be Data Controller for collecting, storing and protecting the Personal Data (as such term is defined below) from its clients, customers and/or suppliers (individually or collectively, indistinctly, the “Owner” or “You”).
Amphora Health has designated a department in charge of the management, compliance and protection of Personal Data (“Personal Data Office”), which will process your requests and promote the protection of Personal Data within Amphora Health. Contact details and receipt of information and related documentation:
- Email: firstname.lastname@example.org
- Address: the address of Amphora Health.
- Attention: Office of Data Privacy.
II. CONSENT OF THE OWNER.
III. COLLECTED PERSONAL DATA.
Amphora Health may collect the following personal data (the “Personal Data”), namely: full name, landline or mobile phone and email; address and references; medical, health and/or conditions data; related to our employees, we may collect: social security number, referrals and/or professional backgrounds.
IV. PURPOSE OF PROCESSING OF PERSONAL DATA.
The Data Controller collects Personal Data for the following purposes:
Primary purposes. Amphora Health will process Owner’s Personal Data in order to carry out the activities and efforts focused on the fulfillment of the obligations arising and derived from any legal and/or contractual relationships established by reason of the provision of its services or delivery of products, such as: data processing; databases processing; data intelligence. Also, the fulfillment of the obligations arising and derived from any legal and/or contractual relationships with our employees.
Secondary purposes. Likewise, Amphora Health will process Personal Data for other purposes such as sending offers, notices; conduct surveys; get statistics; generate studies; etc.
The Owner may oppose the processing of his/her Personal Data for secondary purposes through the means made available to him/her in order to exercise access, rectify, cancel and/or oppose rights (“ARCO Rights”). If You do not object within five business days after your Personal Data was collected, it will be understood your implicit consent was provided.
V. TRANSFERS AND/OR REFERRALS OF PERSONAL DATA.
Amphora Health will transfer the Personal Data provided or that has been received legitimately, regardless of the source, when required by judicial order or to comply with the obligations derived from legal relationships entered into by Amphora Health for the benefit of the Owner. When providing your Personal Data, You release Amphora Health from any liability that may occur by collecting or transferring your data in compliance with the provision of the service you receive.
VI. MEANS TO LIMIT THE USE OR DISCLOSURE OF YOUR PERSONAL DATA.
Amphora Health will protect Personal Data under strict administrative, technical and physical security measures that have been implemented in terms of the Law and its Regulation, in order to protect and guarantee Personal Data against damage, loss, alteration, destruction or misuse, access or treatment.
However, Amphora Health does not guarantee that unauthorized third parties will not have access to the physical or logical systems of the Owners or the Data Controller or in the electronic documents and files stored in their systems. Therefore, Amphora Health will not be liable in any case for the damages that may arise from such unauthorized access.
The Owner or its duly accredited legal representative may limit the use or disclosure of the Personal Data through the same means and procedures provided for the exercise of ARCO Rights. In the event that such a request is appropriate, the Owner will be registered in the exclusion list generated by Amphora Health to stop receiving information related to Secondary Purposes of Processing.
Likewise, if the Owner considers that Amphora Health has violated the right to the protection of Personal Data, he/she can attend Mexico’s National Institute of Transparency, Information Access and Personal Data Protection (“INAI”).
VII. PROCEDURE TO EXERCISE ARCO RIGHTS.
At all times, the Owner may exercise its ARCO Rights in order to access, rectify, cancel or to oppose the treatment of the Personal Data or revoke the consent previously provided. For this, You must submit a request in free format containing the following information and documentation:
- Name of the Owner, address, email or other means to communicate any response;
- Valid documents that prove identity (copy in printed or electronic format of your voting card, passport) or, where appropriate, the legal representation of the Owner (copy in printed or electronic format of the power of attorney with autograph signature of the Owner, the agent and their corresponding official valid identifications – voting card or passport);
- The clear and precise description of the data for which the ARCO Rights are exercised, and
- Any other element or document that helps the location of the Owner’s Personal Data.
In the case of requests for rectification of Personal Data, the Owner must also indicate the modifications to be made and provide the documentation that supports your request. To comply with the obligation of access to your Personal Data, it will be done after accreditation of the identity of the Owner or the representative’s personality, making the information available on site at the address of the Data Controller. If the requested information allows it, another means may be agreed between the Owner and the Data Controller.
In the event that the information provided in the request is not accurate or insufficient or the corresponding accreditation documents are not accompanied, Amphora Health may request, within five business days of receipt of the request, that the Owner provide the elements or documents necessary to process it. The Owner will have ten business days to meet the complementary request, counted from the day after it has been received. If no response is given within this period, the corresponding request will be considered as not filed.
Amphora Health will respond to the Owner within a maximum period of twenty business days, counted from the date the request was received, so that, if appropriate, it becomes effective within fifteen business days after the response is communicated. In all cases, the response will be given by the same means through which the request was submitted or, where appropriate, by any other means agreed with the Owner. The aforementioned time periods may be extended in terms of the Law.
VIII. COLLECTION OF DATA WHEN BROWSING ON AMPHORA HEALTH SITES AND WEB PAGES.
Amphora Health may collect Personal Data through its website, or through the use of automatic data capture tools. These tools allows Amphora Health to collect the information that your browser sends to the website, such as the type of browser you use, the language of the user, the access times and the IP address of the websites that you used to access the Data Controller’s sites, or their Data Managers’ sites. These data are collected in order to identify the client and provide a better service during the time they use the website.
Cookies, Web beacons, and links in emails may be among the automatic data capture tools used by Amphora Health on its website.
Use of Web beacons. Also known as internet tags, pixel tags, and clear GIFs. Amphora Health may use Web beacons, alone or in combination with cookies, on its website and in its HTML emails to collect information on the use of the website and its interaction with email. The Web beacon is an electronic image, called a single pixel (1×1) or GIF that can recognize information that is processed on your computer, such as cookies, the time and date that the site and its sections are viewed.
Links in Amphora Health emails. The emails may include links that allow Amphora Health to know if you activated this link and visited the destination website, and this information may be included in your profile. They can also include links designed to direct you to the relevant sections of the website.
IX. RIGHT TO REVOKE YOUR CONSENT FOR DATA PROCESSING.
The request must indicate:
- Name of the Owner and address, email or other means to communicate the response to your request;
- Valid documents that prove your identity (copy in printed or electronic format of your voting card or passport) or, where appropriate, the legal representation of the Owner (copy in printed or electronic format of the power of attorney with autograph signature of the Owner, the agent and their corresponding official valid identifications – voting card or passport);
- The clear and precise description of the Personal Data seeking to revoke consent and any document that facilitates the location of such Personal Data.
In a term of twenty days we will give You an answer about the origin of the same, by the means that you have indicated in the request itself. The term will run from the date that Amphora Health becomes aware of your request until the date on which the document is delivered to the postal service, the corresponding email is sent, or the means of contact that you have provided.
Likewise, You acknowledge that after the period of one year counted from the date that Amphora Health does not require your information for the fulfillment of its obligations, regarding the relationship that unites it with you, Amphora Health will reserve the right to cancel the information containing your Personal Data from its database and may delete it from its database and, where appropriate, destroy any physical or electronic means that may contain it.
X. DATA PROTECTION LAWS.
The Data Controller complies with and/or refers to Data Protection laws in the relevant jurisdictions (depending on the Owner’s citizenship), including but not limited to Mexico’s Personal Data Protection Federal Law, Europe’s General Data Protection Regulation and United States’ Health Insurance Portability and Accountability Act.
The Data Controller understands that in case the Owner does not express otherwise, it means that You have read, understood and agreed to the terms set forth therein; in other words, Amphora Health understands that you have expressed your consent to changes, amendments or modifications and/or updates regarding the processing of your Personal Data.
- September 13, 2020 [version 1.0]