MAS VISION CENTRO OFTALMOLÓGICO SAS has defined guidelines to guarantee compliance with the applicable regulations for the protection of personal data of patients, employees, contractors, external specialists and suppliers of goods and services; For this, it undertakes to evaluate and implement mechanisms to guarantee the protection, security and confidentiality of personal information, especially the clinical file, required for the operation of the institution.
- Authorization: Prior, express and informed consent of the Owner to carry out the Processing of personal data.
- Database: Organized set of personal data that is subject to Treatment.
- Personal data: Any information linked or that can be associated with one or more specific or determinable natural persons.
- Sensitive data: Those that affect the privacy of people or whose improper use can generate discrimination. (Racial or ethnic origin, political orientation, philosophical or religious convictions, membership in trade unions or social or human rights organizations, health data, sexual life and biometrics).
- Manager: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Data Controller.
- Responsible: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Treatment of the data.
- Owner: Natural person whose personal data is subject to Treatment.
- Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
- Principle of legality: The processing of personal data is a regulated activity that must be subject to the provisions of the law and the other provisions that develop it.
- Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder.
- Principle of freedom: Treatment can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.
- Principle of veracity or quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable. The Processing of partial, incomplete, fragmented or misleading data is prohibited.
- Principle of transparency: In the Treatment, the right of the Owner to obtain from the Treatment Manager or the Treatment Manager, at any time and without restrictions, information about the existence of data that concerns him or her must be guaranteed.
- Principle of restricted access and circulation: Treatment is subject to the limits derived from the nature of personal data, the provisions of the law and the Constitution. In this sense, the Treatment can only be done by persons authorized by the Owner and/or by the persons provided for by law. Personal data, except for public information, may not be available on the Internet or other means of disclosure or mass communication, unless access is technically controllable to provide restricted knowledge only to the Holders or third parties authorized by law.
- Security principle: The information subject to Treatment by the Treatment Manager or Treatment Manager must be handled with the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, use or unauthorized access. authorized or fraudulent.
- Confidentiality principle: All persons involved in the Processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks that the Processing comprises, and may only Carry out supply or communication of personal data when this corresponds to the development of activities authorized by law and in the terms thereof.