top of page

Privacy Policy

I. IDENTIFICATION

From now on, as a user, you will be recognized as "you," "user," "Holder," and their respective derivatives and plurals. Meanwhile, the company will be referred to as "Medvision," "We," "us," and "our." Likewise, this website, products, and services, as well as other branded products or services marked with our symbols, will be referred to as "Service," "Website," "Page," or "Systems."

"Medvision" is a Colombian company dedicated to providing technological integration solutions based on systems integrated into various platforms and equipment. With eleven (11) years of experience in the hospital sector, it is made up of a group of partners, collaborators, and strategic allies, which together have enabled it to remain and grow within its market niche.

Headquartered in the city of Medellín, Colombia, at Calle 45FF Calle 76 – 65, Medvision is the exclusive owner of the products, systems, brands, and developments named Medvision®: “QX©,” “Capturing©,” “Medvision Qx App©,” and others, which aim to be a strategic ally in creating value within its clients’ processes through technology integration.

By using or visiting our website, downloading our applications, and using our licenses, you accept the use of your information as described in this Privacy Notice.

II. LEGAL FRAMEWORK

Under the parameters of the Political Constitution, in its Article 15, Law 1266 of 2008, Law 1581 of 2012, and the Regulatory Decrees 1727 of 2009, 2952 of 2010, and 1377 of 2013, in addition to the rulings of the Constitutional Court C-1011 of 2008 and C-748 of 2011, the current PRIVACY POLICY AND PERSONAL DATA PROTECTION & JOINT PRIVACY NOTICE is established. In accordance with Articles 9 and 12 of Law 1581 of 2012 and Article 5 of Decree 1377 of 2013, explicit authorization is requested for the processing of personal data provided in this registration, informing that such data will be managed in a local database for the uses specified herein. Personal data will be processed confidentially and securely in accordance with the applicable laws and their regulatory decrees.

As the owner or holder of personal data, by continuing to browse our network, you accept the processing of your personal data under the terms of this Privacy Policy.

III. DEFINITIONS

To facilitate a better understanding of this Personal Data Processing Policy, you may refer to the definitions provided in Law 1581 of 2012 or any rules that add to or modify it, whose content can be consulted in Law 1581 of 2012 (Colombian legislation).

Nevertheless, in accordance with the current regulations on personal data protection, we provide the following definitions:

a) AUTHORIZATION: The prior, express, and informed consent of the Data Subject to carry out the Processing of personal data.

b) PRIVACY NOTICE: A verbal or written communication issued by the Data Controller, addressed to the Data Subject for the Processing of their Personal Data, informing them about the existence of the applicable Information Processing Policies, how to access them, and the purposes of the intended Processing of personal data.

c) DATABASE: An organized collection of personal data that is subject to Processing.

d) CLIENT: A natural or legal person to whom Medvision provides professional services under a pre-existing commercial relationship.

e) PERSONAL DATA: Any information linked to or that can be associated with one or more identified or identifiable natural persons.

f) PRIVATE DATA: Data that, due to its intimate or reserved nature, is relevant only to the Data Subject.

g) PUBLIC DATA: Data that is neither semi-private, private, nor sensitive. Public data includes, among others, information related to a person’s marital status, profession or occupation, and status as a merchant or public official. By its nature, public data may be contained in public records, public documents, gazettes, official bulletins, and judicial decisions that have been duly executed and are not subject to confidentiality.

h) SEMI-PRIVATE DATA: Data that is neither intimate nor reserved nor public, and whose knowledge or disclosure may be of interest not only to the Data Subject but also to a certain sector, group of people, or society in general, such as financial, credit, commercial, or service-related data.

i) SENSITIVE DATA: Data that affects the privacy of the Data Subject or whose improper use may result in discrimination. This includes information revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social or human rights organizations, political parties or movements, as well as data related to health, sexual life, and biometric data.

j) EMPLOYEE: A natural person who provides personal services to Medvision under an employment contract.

k) DATA PROCESSOR: A natural or legal person, public or private, who, by itself or in association with others, carries out the Processing of personal data on behalf of the Data Controller. If the Data Controller does not act as the Database Processor, the designated Processor will be explicitly identified.

l) FORMER EMPLOYEE: A natural person who provided personal services to Medvision under an employment contract that ended for any reason.

m) SUPPLIER: A natural or legal person who supplies goods and/or services to Medvision under a pre-existing commercial relationship.

n) DATA CONTROLLER: A natural or legal person, public or private, who, by itself or in association with others, decides on the database and/or the Processing of data. In this specific case, we, Medvision, are the Data Controller.

o) TERMS AND CONDITIONS: The general framework establishing the conditions for participants in promotional or related activities.

p) DATA SUBJECT: A natural person whose personal data is subject to Processing.

q) PROCESSING: Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or deletion.

r) TRANSFER: The transfer of data occurs when the Data Controller and/or Processor, located in Colombia, sends information or personal data to a recipient, who in turn is a Data Controller and may be located inside or outside the country.

s) TRANSMISSION: The Processing of personal data that involves the communication of data within or outside the territory of the Republic of Colombia, when its purpose is to allow the Processor to process data on behalf of the Data Controller.

t) VISITOR: Any natural person who is present at Medvision’s facilities and does not have Employee status. This also includes any natural person browsing Medvision’s website, making them a Guest.

IV. GENERALITIES

This information may be stored on any physical or electronic medium and processed manually or automatically, with the latter two referred to as methods of storage in Databases. Automated databases are understood as those that are stored and managed with the assistance of computer tools, while manual databases or files are those in which information is organized and stored physically.

This information may be obtained, among other means, through any of the following channels or methods:

i) Virtually, through forms or user account registrations.

ii) Commercial or professional relationships with the respective Client, Supplier, or other third parties.

iii) Employment relationships with Employees and Former Employees.

iv) Applications for selection processes.

v) Attendance at training sessions, seminars, or courses; and v) sending emails requesting information.

vi) Among others.

We must point out that by providing, submitting, or sending any type of personal information to "Medvision," you, as the Data Subject, accept that such information will be used in accordance with this Personal Data Processing Policy and authorize us to process it under the terms described herein.

V. DATA

Medvision, acting as the Data Controller, collects, stores, uses, circulates, and deletes Personal Data corresponding to natural persons with whom it has or has had a relationship. This includes, but is not limited to, Clients, Contractors, Suppliers, Employees, Former Employees, Visitors, among others.

Constitutional jurisprudence has established that the characteristics of Personal Data—as opposed to non-personal data—are as follows:

a) It pertains exclusively to and is specific to a natural person.

b) It allows for the identification of the individual, to a greater or lesser extent, depending on how it is combined with other data.

c) Ownership of the data belongs exclusively to the Data Subject, regardless of whether it has been lawfully or unlawfully obtained by a third party.

d) Its Processing is subject to special rules (principles) concerning its collection, management, and disclosure.

This Policy aims to fully develop the constitutional right to Habeas Data, which applies to all individuals whose personal information has been collected, managed, or stored by the company.

1. SENSITIVE DATA

As stated in the definitions, sensitive data refers to information whose improper use may affect the privacy of the Data Subject or lead to discrimination, including but not limited to:

  • Racial or ethnic origin

  • Political orientation

  • Religious or philosophical beliefs

  • Membership in unions, social organizations, human rights organizations, or political parties

  • Health-related information

  • Sexual life

  • Biometric data (such as fingerprints, signatures, and photographs)

For this reason, we suggest not providing sensitive data to Medvision. However, if the Data Subject considers it necessary to provide such data, we request that it be submitted along with the appropriate authorization to allow its Processing for the legitimate business purposes outlined in this Policy.

Medvision will not collect or process data classified as sensitive under regulations, except in the following cases:

  • When the Data Subject provides explicit, prior, or concurrent consent for the collected data—unless otherwise exempted by law.

  • When Processing is necessary to safeguard the Data Subject’s vital interests and the Data Subject is physically or legally unable to provide consent. In such cases, legal representatives must authorize the Processing.

  • When Processing is carried out as part of legitimate activities by a non-profit organization (e.g., foundations, NGOs, associations) with political, philosophical, religious, or union objectives, provided the data relates exclusively to members or persons in regular contact with the organization for its purposes. In such cases, the data may not be disclosed to third parties without the Data Subject’s authorization.

  • When Processing is necessary for the recognition, exercise, or defense of a right in a judicial process.

  • When the data is used for historical, statistical, or scientific purposes, provided that all necessary measures are taken to anonymize the Data Subjects.

No activity may be conditioned upon the Data Subject providing sensitive personal data.

2. MINORS’ DATA

Medvision does not knowingly collect or request any information from users under the age of fourteen (14), nor does it knowingly allow such individuals to register on the Service.

If we discover that we have received information from a child under 14 years of age without parental consent, we will delete that information as soon as possible. If you believe we may have collected information from or about a child under the age of 14, please contact us immediately.

All data covered under this section will be treated with extreme security, except for data classified as public. In such cases, we will ensure that fundamental rights are protected, especially in cases involving minors, prioritizing their best interests over any other rights.

3. SECURITY

Medvision will implement technical, human, and administrative measures necessary to ensure the security of personal data records, preventing alteration, loss, unauthorized access, fraudulent use, or improper disclosure.

Our responsibility is limited to providing appropriate security measures. Medvision does not guarantee total security of the data and is not responsible for any consequences resulting from technical failures or unauthorized access by third parties to the Database or Files where Personal Data is stored.

Medvision will require service providers to adopt and comply with technical, human, and administrative measures for the protection of Personal Data when acting as Data Processors.

However, Medvision reserves the right, in accordance with applicable laws, its bylaws, and internal regulations, to classify certain information in its databases or records as confidential, in line with legal and regulatory provisions.

Medvision declares that it has information security policies and technological infrastructure designed to reasonably protect collected personal information, limiting third-party access to the extent possible.

VI. SCOPE

The purpose of the Processing of your personal data is to understand the characteristics of our stakeholder groups in order to anticipate their information and service needs. To achieve this, we are authorized to collect, store, use, circulate, and delete the personal data you provide, which will be stored in the Entity’s databases.

It is important to note that specially protected data, such as sensitive data, that has been provided is subject to a high level of security. Additionally, any questions regarding this type of sensitive information are not mandatory, ensuring constitutional rights to privacy, intimacy, equality, and non-discrimination.

Important Information

Our Privacy Policy describes how we collect, use, disclose, and protect the information related to our database services, web platforms, mobile services, middleware services, and any software provided or related to Medvision's services.

By using our Service, you acknowledge and agree that we provide platforms where you voluntarily submit information ("User Content"), which will be stored in the Service.

Our Policy applies to all users and other individuals who access the Service ("Users" or "Clients").

It is important to clarify that Medvision will not use the provided data for any activities or purposes other than those established here. If, under any circumstances, this personal information is used for other purposes, such use must be supported by a legal exception or by obtaining the Data Subject's explicit authorization.

As a User, you are responsible for keeping your unique password and account information confidential, as well as for controlling access to the emails you send or receive from Medvision at all times.

DUTIES OF THE DATA CONTROLLER

Medvision acknowledges the ownership rights of Data Subjects over their personal data and their exclusive rights regarding such information. Therefore, Medvision will only use personal data to fulfill the explicitly authorized purposes by the Data Subject or as permitted by current regulations.

In the Processing and protection of personal data, Medvision will adhere to the following duties, in addition to any others established by applicable laws and regulations:

  • Ensure that the Data Subject can fully and effectively exercise their Habeas Data rights at all times.

  • Request and maintain a copy of the authorization granted by the Data Subject for the Processing of their personal data.

  • Properly inform the Data Subject about the purpose of data collection and the rights they are entitled to under the granted authorization.

  • Store information under necessary security conditions to prevent alteration, loss, unauthorized access, or fraudulent use.

  • Ensure that information is truthful, complete, accurate, up-to-date, verifiable, and comprehensible.

  • Update information promptly to reflect any changes regarding the Data Subject's details. Additionally, implement all necessary measures to keep information up-to-date.

  • Correct any inaccurate information and notify the relevant parties.

  • Respect the security and privacy conditions of the Data Subject's information.

  • Handle inquiries and complaints in accordance with the legal framework.

  • Use the Data Subject's personal data only for the authorized purposes, ensuring compliance with all applicable personal data protection laws.

VII. PRINCIPLES

To ensure that what we state in this policy is consistent with our actions and the way we communicate with you regarding your data, we want to outline the principles governing this policy in a clear and precise manner.

LAWFULNESS, FAIRNESS & TRANSPARENCY

The Processing of personal data is a regulated activity that must comply with the applicable legal provisions in force. Therefore, all information related to the Processing of personal data must align with legal guidelines and cannot deviate from them.

Our commitment is to you as the Data Subject, and we will ensure that this Policy remains accessible and easy to understand. The specific purposes for the Processing of personal data will be as explicit as possible. Additionally, at the time of data collection, we will inform you about how and where your data will be stored. This guarantees our commitment to you, ensuring transparency in our methods.

In the Processing of personal data, Medvision guarantees your right to obtain, at any time and without restriction, information about the existence of any type of personal data that may be of interest to you.

PURPOSE LIMITATION & RESTRICTED CIRCULATION

Data will be collected for specific purposes. This means that we will not use the data for any subsequent purposes beyond what was originally intended.

The Processing of personal data is subject to the limits established by the nature of the data, legal provisions, and the Constitution. Consequently, Processing may only be carried out by persons authorized by the Data Subject and/or those authorized by law.

Personal data, except for public information, may not be made available on the internet or through other mass communication or disclosure media, unless access is technically controlled to restrict it to Data Subjects or third parties authorized under the law.

DATA MINIMIZATION, ACCURACY & SECURITY

We only collect the strictly necessary data in relation to the intended purposes. This means we collect the minimum amount of data possible.

For this reason, all collected information must be:

  • Truthful, complete, accurate, up-to-date, verifiable, and comprehensible.

  • The Processing of partial, incomplete, fragmented, or misleading data is strictly prohibited.

Additionally, the limited but accurate information we collect will be subject to technical, human, and administrative security measures to prevent:

  • Tampering, loss, unauthorized access, fraudulent use, or improper disclosure.

STORAGE LIMITATION & CONFIDENTIALITY

Data will be retained only for as long as necessary for the purposes of Processing. As such, we will periodically clean our databases to ensure data is not stored beyond what is required.

By doing so, we guarantee that the data provided will be safeguarded for the duration of its retention period.

All individuals involved in the Processing of personal data—except when dealing with public information—are obligated to maintain the confidentiality of the data, even after their involvement in Processing activities has ended.

Data may only be disclosed or shared when required for the activities authorized by law and under its terms.

INTEGRITY & FREEDOM

Data will be processed in a way that guarantees adequate security for personal data.

The Processing of personal data may only occur with the prior, express, and informed consent of the Data Subject. Personal data cannot be obtained or disclosed without prior authorization or in the absence of a legal, statutory, or judicial mandate that overrides the need for consent.

We guarantee that you will have full understanding of this Policy before deciding to share your information, ensuring that your authorization is provided freely and voluntarily.

PROACTIVE RESPONSIBILITY

As Data Controllers, we are also responsible for complying with the legal framework governing data protection for the data entrusted to us.

Additionally, we are responsible for providing proof of our compliance with the terms of our relationship with you, from the moment you share your information with us.

Therefore, we take on the responsibility of providing you with all relevant information so that you can actively participate in the development of our data network, of which you are a part.

VIII. INFORMATION

As a user, you are the Data Subject of the information governed by this policy. We act as Data Controllers, and as such, we will explain what information we collect, how we use it, and for what purposes. We will also inform you about how we protect your data and how you can intervene in the process to ensure your data is safe.

1. COLLECTION

As a Website, APP, or License (software system), we store and process the personal data you provide to us.

As a visitor, you are not required to provide personal information to use or browse our website, download our applications, or use our licenses. These platforms only collect personal information that is specifically and voluntarily provided by you. This information may include, but is not limited to:

  • Full name

  • Identification

  • Role within the Client company

  • Business name of the Client company

  • General company details

Within the Website, APP, or License (software system), information is collected through different means. Below, we describe the types of information collected.

VOLUNTARY INFORMATION

This is information you knowingly provide while engaging with our services. This includes:

  • Data submitted via forms or registrations (Website, APP, or systems):

    • Username, password, and email address when registering an account on Medvision.

  • Information sent directly by the user:

    • Any communication with Medvision, including emails related to the Service (e.g., account verification, changes or updates to service features, technical or security notices).

    • Note: You cannot opt out of receiving service-related emails.

AUTOMATIC INFORMATION

These are default data collected through technology, which records various activities you perform as a user on our Website, APP, or License (software system). This information is stored for as long as the tool allows. Examples include:

  • Cookies & Other Technologies:

    • When you use or visit our website, download our applications, and use our licenses (software system), we may use cookies and similar technologies, such as pixels, web beacons, and local storage, to collect information about your usage of Medvision’s platforms.

  • Log Files:

    • Your browser provides log file information whenever you request access to or visit the Website, download applications, or use licenses.

    • This can also occur when the website content or application is downloaded onto your browser or device.

    • When using our Service, our servers automatically record certain log file information, including:

      • Web request, IP address, browser type, referring/exit pages, MAC address of the device accessing Medvision’s platforms, and other related information.

  • Device Identifiers:

    • When using a mobile device (tablet or phone) to access the Website, applications, or software licenses, we may access, collect, monitor, and store one or more "device identifiers".

    • Device identifiers are small data files or structures stored locally or remotely on a mobile device, uniquely identifying it.

    • A device identifier may consist of:

      • Stored data linked to hardware, operating system, or other software.

      • Data sent by Medvision to the device.

A device identifier helps us understand how users navigate and interact with the Service, providing customized reports and content. Some Service features may not function properly if device identifiers are disabled.

2. PURPOSE OF USE

The purpose of Processing your personal data is to understand stakeholder characteristics and project their information and service needs. For this, we are authorized to collect, store, use, circulate, and delete the personal data you provide, which is stored in our Entity’s databases.

GENERAL PURPOSES

Sometimes, you may provide personal information via our Website, such as:

  • Accessing specific content.

  • Attending an organized event.

  • Responding to a survey.

  • Requesting communications about particular areas of interest.

In such cases, your submitted information will be used to:

  • Manage your request.

  • Personalize and enhance the Website, applications, and software licenses.

We may also use your personal data for:

  • Marketing purposes.

  • Sending promotional materials or communications regarding Medvision’s services that may interest you.

  • Collecting feedback on Medvision’s services.

  • Conducting research and market analysis.

  • Protecting our rights or property, as well as those of our users, and complying with legal processes.

Below are key objectives for using acquired data:

  • Understanding our users and providing the highest level of personalization.

  • Registering employee and former employee data in Medvision’s databases.

  • Executing contractual relationships with employees, clients, suppliers, distributors, creditors, and debtors.

  • Strengthening relationships with consumers, distributors, suppliers, and clients.

  • Improving, promoting, and developing our products and those of partner companies, branches, or franchises worldwide.

  • Marketing, statistical analysis, research, and other law-compliant commercial purposes.

  • Sharing, transferring, or delivering personal data to allied companies in Colombia or abroad.

  • Recording and using media content (audio, video, photos) from employees, clients, suppliers, and other stakeholders during events, training sessions, or company activities.

  • Contacting individuals with whom Medvision has had a relationship to promote services in a respectful and non-intrusive manner.

We emphasize that data will not be used for activities or purposes other than those stated unless permitted by law.

3. DATA SHARING

By registering for the Service, you consent to the transfer of your data within Colombia or to any country where Medvision, its subsidiaries, or service providers operate.

We take reasonable security measures to protect collected data and use identity verification steps (e.g., requiring unique passwords) before granting account access. However, Medvision cannot guarantee the absolute security of transmitted data or prevent unauthorized access.

Personal information may also be disclosed to:

  • Law enforcement agencies, government regulators, or third parties to comply with legal or regulatory requirements.

  • Third-party organizations for audits, quality reviews, or regulatory compliance.

We do not sell or rent provided information under any circumstances.

As a Data Subject, you have the right to access, update, correct, delete, or revoke your data authorization at any time.

PROTECTION MEASURES

Security measures include:

  • Confidentiality agreements with employees and consultants.

  • Identity verification protocols for accessing data.

  • Ongoing updates to security protocols.

  • Firewall and unauthorized access detection systems.

  • Regular monitoring of suspicious activity.

  • Restricting internal database access to authorized personnel.

REASONS FOR DATA SHARING

  • With Medvision subsidiaries to improve services.

  • Due to ownership changes (e.g., mergers, acquisitions).

  • Legal compliance (court orders, legal investigations).

For data updates or removal requests, visit www.medvision.com.co or contact info@medvision.com.co.

4. STORAGE

All voluntarily or automatically provided data will be stored on our servers for as long as necessary. Data may be processed in Colombia or other locations where Medvision operates cloud servers or databases.

For data stored outside our jurisdiction, we recommend consulting their respective data processing policies.

If you have any questions, please contact us via the details in this policy.

IX RIGHTS OF THE HOLDER

The Data Subjects whose personal data is being collected, stored, used, and circulated by Medvision may exercise their rights at any time to access, update, rectify, and delete their information, as well as revoke their authorization.

These rights may be exercised by:

  • The Data Subject, who must sufficiently prove their identity through the means provided by Medvision.

  • The Data Subject’s heirs, who must verify their legal status.

  • The Data Subject’s legal representative or attorney, who must provide proof of representation or authorization.

  • A third party, in favor of or designated by the Data Subject.

As Data Controllers, it is our responsibility to inform you of your rights and how to exercise them. Below, we outline the rights you have from the moment you visit our site and provide your data:

1. AUTHORIZATION

Except for legal exceptions, we must obtain your authorization as the Data Subject before collecting any personal data. This authorization must be prior, express, and informed, and it may be obtained through any medium that allows for subsequent verification, including:

  • Physical or electronic documents.

  • Data messages, Internet platforms, websites, applications, or licenses (software systems).

  • A technical or technological mechanism, such as clicking or double-clicking to indicate consent.

  • Orally, such as via a phone conversation or video conference.

All these mechanisms must meet the following conditions:

  • It must be unequivocally clear that, without the Data Subject's action, the data would not have been collected and stored.

  • The authorization will be generated by Medvision and made available to the Data Subject before any Processing occurs.

Medvision will not assume the Data Subject’s silence as consent. Regardless of the method used, we will store the authorization for future reference.

If personal data is provided, it will be used solely for the purposes outlined in this policy. Medvision will not sell, license, transfer, or disclose personal data unless:

  • Explicit authorization is given.

  • It is necessary to allow contractors or agents to perform outsourced services.

  • It is required to provide our services and/or products.

  • It must be disclosed to marketing service providers acting on behalf of Medvision or entities with joint market agreements.

  • It relates to a business merger, acquisition, restructuring, or corporate divestiture.

  • It is required or permitted by law.

Medvision may subcontract third parties for data processing functions. In such cases, we require these third parties to:

  • Implement security measures to protect personal data.

  • Prohibit the use of data for personal purposes.

  • Restrict disclosure of personal data to unauthorized entities**.

Informed Authorization

When requesting consent, the Data Subject must be clearly informed about:

  • The personal data being collected.

  • The identity and contact details of the Data Controller and Data Processor.

  • The specific purposes of the Processing (i.e., how and why data is collected, used, and circulated).

  • The Data Subject’s rights.

  • The optional nature of providing sensitive data or children's data.

  • The data retention period or the criteria used to determine it.

  • The existence of automated decision-making, including profiling for segmentation purposes.

EXCEPTIONS

Authorization is not required for Processing in the following cases:

  • When requested by a public or administrative entity in the exercise of its legal functions or by court order.

  • For public data.

  • For medical or health emergencies (as legally defined).

  • When permitted by law for historical, statistical, or scientific purposes.

  • For data related to Civil Registry records.

If the collection of data occurred before June 27, 2013, or if legal exceptions apply, the Data Subject may request Medvision to provide proof of consent.

2. FREE ACCESS & OBJECTION RIGHTS

Data Subjects or their legally authorized heirs may request, free of charge and in writing, access to their personal data stored in Medvision’s databases. Medvision guarantees access to all information linked to the Data Subject.

For data access requests, Medvision will:

  • Enable electronic and other appropriate communication channels.

  • Provide simplified forms and systems, as specified in the privacy notice.

  • Use customer service and claims assistance channels.

Requests will be handled within the legally permitted timeframe, as indicated in Section X of this policy.

Additionally, Data Subjects may request proof of authorization granted to Medvision, unless authorization was not legally required.

Medvision will retain proof of authorization through available mechanisms, ensuring records are stored securely.

3. DATA RECTIFICATION & UPDATES

As a Data Subject, you may request updates or corrections to your data at any time, particularly if it is:

  • Partial, inaccurate, incomplete, fragmented, misleading, or processed unlawfully.

Medvision is obligated to rectify and update incorrect data upon request, following the procedure outlined in Section X of this policy.

Additionally, as per Decree 1377 of 2013, Medvision will take measures to ensure stored personal data is accurate and sufficient.

4. ACCESS, INFORMATION & USAGE

You have the right to know which personal data we are processing. Upon request, we will inform you how your data has been used, following the procedure detailed in Section X of this policy.

To ensure Data Subject access, we will provide detailed data records through all available means, including electronic channels. This access will be:

  • Free of charge.

  • Unlimited.

  • Fully transparent, allowing you to view and update your information online.

5. CANCELLATION, DELETION & REVOCATION OF CONSENT

You may revoke your consent and request data deletion if:

  • The Processing violates constitutional or legal principles, rights, or guarantees.

However, deletion or revocation requests will not be granted when:

  • A legal or contractual obligation requires the data to be stored.

  • The Data Subject’s relationship with Medvision is still active.

  • The deletion would obstruct judicial or administrative proceedings related to:

    • Tax obligations.

    • Crime investigations.

    • Enforcement of administrative sanctions.

  • The data is necessary for legal claims or public interest matters.

Important Notices:

  • You cannot opt out of receiving service-related communications (e.g., account verification, purchase confirmations, billing reminders, security alerts).

  • Medvision may retain data for a reasonable period after termination of service for backup, auditing, and archival purposes.

  • You may request to unsubscribe from non-essential emails and communications at any time.

X. ATTENTION and CONTACT

Medvision is responsible for the development, implementation, training, and enforcement of this Policy.

Additionally, Medvision is in charge of handling requests, inquiries, complaints, and claims, through which the Data Subject may exercise their rights to access, update, rectify, delete data, and even revoke authorization for its Processing.

1. GENERAL PROCEDURE

As previously stated, the Data Subject or their legal heirs, duly accredited under the law, may file a request if they:

  • Identify a possible non-compliance with the law.

  • Have a question or concern regarding this Policy.

  • Wish to access the information that Medvision has about them.

They may submit a request, inquiry, or complaint through the Responsible Department. This communication must include the information required under Article 15 of Law 1581 of 2012 and follow this procedure:

  1. Submit a written request.

  2. Send it to the contact address listed in Section I of this document or at the end of this section. If the request is sent via physical mail, the Data Subject must indicate the address where they want the response to be sent.

  3. Once received, the Responsible Department will have fifteen (15) business days to process the request and respond accordingly.

  4. If it is not possible to process the request within this timeframe, the Data Subject will be informed of the reason for the delay and the new response date, which may not exceed an additional eight (8) business days.

The Responsible Department will send the response to:

  • The email address from which the inquiry or complaint was received.

  • The physical address provided in the communication.

Any communication lacking a physical or electronic address for response will not be processed and will be discarded.

2. SPECIFIC PROCEDURES

Based on the general procedure, please consider the following specific requirements depending on the type of request:

For General Inquiries

The request must include:

  • The Data Subject’s identification.

  • A description of the facts that led to the inquiry.

  • The address where the response should be sent.

Once reviewed, a response will be provided.

For Data Access Requests

The request must include:

  • The address where the requested information should be sent.

  • Identification number.

  • A copy of the national ID card (cédula) or passport.

Medvision guarantees the right to access information stored in its databases, including:

  • Personal data being processed.

  • Proof of the authorization granted to Medvision for processing personal data.

  • How Medvision has used the personal data.

For Data Correction, Update, or Deletion Requests

The request must:

  • Include a declaration that the new data provided to Medvision is true.

  • Attach supporting documents, including a copy of the ID card (cédula) or passport.

Once processed, Medvision will send a confirmation stating:

  • The data has been deleted from the database.

  • The data has been updated based on the provided information.

If the request is for data deletion, the reason must be one of the following:

  • The data is not being processed in accordance with legal principles, duties, or obligations.

  • The data is no longer necessary or relevant for its intended purpose.

  • The retention period has expired.

Data deletion may be partial or complete, depending on the Data Subject’s request.

For Complaints & Claims

  • The process is the same as for inquiries.

  • If the complaint is incomplete, Medvision will notify the requestor within five (5) days to provide the missing information.

  • If the requestor does not respond within two (2) months, the complaint will be considered withdrawn.

  • Once the complaint is complete, a "pending" label will be placed in the database within fifteen (15) business days until the issue is resolved.

  • A formal response will be provided once the complaint is resolved.

For Revocation of Authorization

  • The revocation may be total or partial:

    • Total revocation: Medvision will stop processing all personal data.

    • Partial revocation: Medvision will stop processing personal data for specific purposes (e.g., marketing), but may continue processing data for other authorized purposes.

If the Data Subject believes Medvision has violated this Policy or data protection laws, they may file a complaint with the Superintendence of Industry and Commerce (SIC) at www.sic.gov.co.

3. CONTACT INFORMATION

In compliance with legal regulations, Medvision has designated the Legal Department as the responsible area for handling inquiries, requests, complaints, and claims.

If you have any questions about this Privacy Policy or the Service, please contact us via our help center or email info@medvision.com.co.

XI. THIRD PARTIES

We are not responsible for the practices employed by websites or services that originate from or are linked to our Service, including the information or content they contain.

Please note that if you use our Services, there may or may not be a link that directs you to another website or service. Our Privacy Policy does not apply to those third-party websites or services. If you browse or interact with a third-party website or service, including those linked from our site, you will be subject to that third party’s policies and terms.

Additionally, you accept that we do not assume any responsibility nor do we exercise any control over the third parties you authorize to access your User Content. If you use a third-party website or service and allow them to access your User Content, you do so at your own risk.

That being said, please remember that Medvision may disclose Personal Data to unaffiliated third parties when:

  • It is necessary for contractors to execute agreements related to Medvision’s business activities.

  • There is a transfer of any business line related to the information.

In any case, in data transfer agreements between Medvision and third-party Data Processors, we will require compliance with this Personal Data Protection Policy, and we will include the following obligations for the respective Data Processor:

  • Process Personal Data on behalf of Medvision, in accordance with applicable principles.

  • Ensure the security of databases containing Personal Data.

  • Maintain the confidentiality of Personal Data Processing.

INTERNATIONAL DATA TRANSFER

Personal information may be transmitted internationally by Medvision to any global organization or third party for the purposes outlined above. This includes transfers to countries that do not have data protection regulations similar to those in your country of residence. If you provide information to Medvision in Colombia via its website, you consent to such a transfer.

However, in accordance with Article 26 of Law 1581 of 2012, Medvision commits not to transfer data to countries that do not meet the personal data protection standards required by the Superintendence of Industry and Commerce, except in the following cases:

  • The Data Subject has given explicit and unequivocal authorization for the transfer.

  • Medical data exchange is required for the Data Subject’s treatment due to health or public hygiene reasons.

  • Banking or stock market transfers, as permitted by applicable laws.

  • Transfers established within international treaties to which Colombia is a party, based on the principle of reciprocity.

  • Transfers necessary to execute a contract between the Data Subject and the Data Controller, or pre-contractual measures, provided that authorization is obtained.

  • Transfers required by law to protect the public interest or for the recognition, exercise, or defense of a right in a judicial process.

For international data transfers, Medvision will take all necessary measures to ensure that third parties understand and comply with this Policy. They will be required to use personal information only for matters directly related to Medvision, for the duration of their business relationship, and not for any other purposes.

In all international data transfers, Article 26 of Law 1581 of 2012 will apply.

EXCEPTIONS TO INFORMED CONSENT FOR INTERNATIONAL DATA TRANSFER

Medvision is not required to notify the Data Subject or obtain their consent for international data transfers when:

  • A Data Transmission Agreement exists under Article 25 of Decree 1377 of 2013.

  • Personal information must be shared with governmental or public authorities, including but not limited to:

    • Judicial or administrative authorities.

    • Tax authorities.

    • Law enforcement agencies.

    • Regulatory bodies for civil, administrative, disciplinary, or tax investigations.

    • Third parties involved in legal proceedings and their accountants, auditors, lawyers, and advisors.

These transfers are permitted when necessary to:

  • Comply with applicable laws, including those outside the Data Subject’s country of residence.

  • Fulfill legal processes.

  • Respond to requests from public and governmental authorities, including those outside the Data Subject’s country of residence.

  • Enforce our terms and conditions.

  • Protect our business operations.

  • Defend our rights, privacy, security, or property, as well as those of third parties.

  • Pursue applicable legal remedies or limit potential damages.

XII. ON POLICIES

Medvision may modify this Personal Data Processing Policy whenever deemed necessary.

1. CHANGES/UPDATES

If any changes or modifications are made to this Policy, they will be reflected in the "Last Updated" section at the end of this document, where the most recent update date will appear.

For this reason, Medvision respectfully encourages you to periodically review this Policy to stay informed about the data protection mechanisms implemented by Medvision for safeguarding personal information.

If there is a change in the purpose of data processing, Medvision will request new authorization from the Data Subjects affected by the change.

We may also provide other methods of notification regarding modifications or updates, as deemed appropriate based on the circumstances.

Your continued use of Medvision's platforms or services after any modifications to this Privacy Policy will be considered acceptance of the changes.

2. VALIDITY

This Policy is effective upon your acceptance.

For more information about our Policy, please download it here.

bottom of page