The Global Med Marketing team is aware of the importance of the security of your data and that of your clients. That is why from the first moment we have opted for a cloud platform. You will no longer have to worry about keeping your computer free of viruses, updating your system and applications daily to patch security problems, making backup copies of your data, etc. Instead, our team of experts takes care of these and many other tasks that need to be done every day to ensure the security of your data. Once you start using our solutions, your only worry will be remembering your password.

• Our solutions are developed by security expert programmers, who from the first moment keep in mind the common problems of this type of platforms.
• Unlike other companies, all the staff involved in the development of our solutions are computer engineers with years of experience in software development and security in applications and systems.
• We periodically audit the security of our solutions, and we keep all its components updated at all times, avoiding the presence of known security flaws.
• Our role-based access control system allows you to also manage which of your employees or clients have access to your data and under what conditions.

• Access to our solutions requires user authentication via password. We follow widely accepted procedures for managing and securely storing passwords, managing user sessions, and preventing brute force attacks.
• Our staff never accesses your data unless you request it or it is strictly necessary to guarantee the service.
• Thanks to the use of HTTPS, all the information you upload or consult on the platform travels fully encrypted over the Internet, safe from manipulation or theft. We use the most current algorithms and security practices to protect your communication with our platform.

Procedure for the exercise of privacy rights in Global med marketing

Please note:  If you are a user of any of the products and services we provide on behalf of your institution, please  contact your institution  to exercise your rights. They are in a better position to respond to your request, even if your request concerns information that we process on behalf of your institution.

If you want to exercise any of the rights included in our Privacy Policy with respect to personal data processed in Colombia, as well as to revoke your consent regarding the processing of your personal data that we carry out as Controllers, please follow the following procedure:

1. Make a written request addressed to our Personal Data Protection Department to the following email: support@globalmedmarketing.com
   • You must indicate your full name and email address.
   • Indicate a clear and precise description of the personal data, with respect to which you seek to exercise any of the aforementioned rights, the elements and/or documents that facilitate the location of the personal data.
2. Once your request is received, if it is a query, that is, any query regarding the personal information of the owner that resides in any database, we will respond by email within a period of ten (10) business days from its reception.
   It is important that you keep in mind that if we cannot respond to your request within the aforementioned period, we will inform you of the reasons for the delay and the date on which we will respond to the query, which will not exceed five (5) business days following the expiration of the first installment.
3. If it is a complaint, this is requests for correction, update or deletion or when we become aware of the alleged breach of any of our duties, we will respond by email within fifteen (15) business days of receipt. The foregoing, with the understanding that we may require additional information in the terms provided in the applicable law and regulation, in which case the response period will be counted from the time you provide us with the complete information/documentation.
   It is important that you keep in mind that not in all cases we will be able to respond to your request or conclude the use within the period mentioned above. In those cases, we will inform you of the reasons for the delay and the date on which we will respond to the query, which will not exceed eight (8) business days following the expiration of the first period.

Please note that there are exceptions that allow us to reject all or part of your request. For example, it is possible that due to some legal obligation we require to continue processing your personal data. Also, please note that we may need to confirm your identity, in which case we will request the corresponding documents.

GLOBAL PRIVACY POLICY MED MARKETING SAS

(GLOBAL MED MARKETING Personal Data Processing Policy)

The application developed by Global med marketing is a product that provides technological solutions for professionals and entities in the health sector.

For any notification, the contact information is available:

Name of person responsible: GLOBAL MED MARKETING DIGITAL SAS

Legal representative SERGIO LUIS TINOCO VEGA

Identification document: NIT 900.748.331-9

Physical address: 1810 Collins Ave, Miami Beach, FL 33139, USA.

Telephone: + 1 786 6363680.

Email: global@globalmedmark.com

I. REGULATORY PROVISIONS

Based on what is ordered by the Colombian legal framework on the protection of personal data, specifically by Statutory Law 1581 of 2012 and Regulatory Decrees 1377 of 2013 and 886 of 2014, GLOBAL MED MARKETING DIGITAL SAS makes its Privacy Policies available to interested parties. processing of personal data, taking into account the current regulatory provisions on the matter:

The Political Constitution of Colombia in its article 15 establishes respect for privacy, good name and habeas data as fundamental rights. This higher standard constitutes the constitutional foundation of the general regulation on the protection of personal data and other related regulatory provisions that govern the Colombian legal system.

Law 1581 of 2012 is the regulatory instrument through which the necessary principles and conditions that must be guaranteed to carry out adequate processing of the personal data of the owners were defined, assigning to the figures of the Controller and Processor the duties and obligations that They are called to fulfill due to the functions that each one exercises.

Law 1581 of 2012 was regulated by Decree 1377 of 2013 and 886 of 2014, which specified relevant aspects of the general regulation on personal data, especially those related to the collection of personal data, the content of the privacy policy, the national database registry and the contract for the transmission of personal data.

Based on what was previously stated, GLOBAL MED MARKETING DIGITAL SAS communicates to all its users and holders of personal data its processing policies, in compliance with article 13 of Decree 1377 of 2013:

II.DEFINITIONS

For the implementation of this policy, the following concepts must be taken into account, without prejudice to the definitions stipulated in Law 1581 of 2012 and its regulatory decrees:

a) Authorization: Prior, unequivocal and informed consent of the data owner to carry out the processing of their personal information.

b) Personal data: Any numerical, alphabetical, graphic, photographic, acoustic or any other type of information concerning specific or determinable natural persons.

c) Private personal data: They are related to the private sphere of people: Books of merchants (natural persons), private documents, contact information, among others.

d) Public personal data: This is data that is not semi-private, private or sensitive. Public data is considered, among others, data relating to the marital status of the 3 people, their profession or trade and their status as a merchant or public servant. Due to its nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed judicial rulings that are not subject to confidentiality.

e) Semi-private personal data: Their access is subject to some degree of restriction, they are of interest to a certain sector or group of people: for example, financial or credit data, social network profiles or similar.

f) Sensitive personal data: Sensitive data is understood to be data that affects the privacy of the Owner or whose improper use may generate discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership to unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

g) Health data: These are data of a sensitive nature concerning the past, present or future health, of a physical or psychological nature, of a natural person, relating to their health, illness, diagnosis, treatment, state of pregnancy; and also includes your eating and sexual habits, lifestyle, addictions, and alcohol and drug use. Likewise, information regarding the human body, genetic data, family history, race, physical characteristics and all information relevant to the provision of medical care services are considered health data.

h) Person in charge of processing: The GLOBAL MED MARKETING DIGITAL AS work team automatically carries out the storage, registration, editing, deletion and any other operation on personal data for the account and responsibility of the user, as a consequence of the existence of a relationship. legal between GLOBAL MED MARKETING DIGITAL SAS and the subscribed user, and in the context of the provision of the services and functions developed by the software.

i) Electronic medical history: It is the record made through electronic means where the patient’s health conditions, medical acts and other procedures carried out by the health team involved in their care are recorded in chronological order. The electronic medical record also constitutes a private document, subject to confidentiality, whose knowledge by third parties requires the patient’s authorization.

j) Responsible for the treatment: It is the user of the GLOBAL MED MARKETING DIGITAL AS software, it can be a natural or legal person, public or private, who alone or jointly with others, decides on the information registered on the GLOBAL MED MARKETING DIGITAL SAS platform. and on the administration, use and other operations carried out on the personal data stored through the application. In turn, the GLOBAL MED MARKETING DIGITAL SAS Work Team will act as Data Controller exclusively with respect to the personal information of those interested in subscribing to the application, the users who contract the services of the software and their assistance and/or administrative staff. that uses the application platform, ensuring the protection of the personal data that they provide at the quote, subscription and registration stage.

k) Data owner: Natural person who has ownership and ownership of the personal data being processed.

l) Data processing: Any operation or technical procedure, whether automated or not, that allows the collection, storage, use, circulation and deletion of personal data.

m) User: Natural or legal person holding the credential for using the GLOBAL MED MARKETING DIGITAL AS software, who accesses the application in order to manage the internal operational processes related to the provision of health services.

III. SCOPE OF APPLICATION OF THE POLICY.

This information processing policy arises in response to the need to establish the guidelines and directives that guide the personal information processing activities carried out through the virtual platform of GLOBAL MED MARKETING DIGITAL SAS, with the purpose of safeguarding privacy. , security and confidentiality of the data contained in medical records, medical and health-related data and in general all personal data that is registered by users in the GLOBAL MED MARKETING DIGITAL SAS application. The provisions of this document are defined based on the determination of the actors involved in the processing of personal data. For this reason, it must be clarified that the role corresponding to GLOBAL MED MARKETING DIGITAL SAS in relation to the operation of the software is exclusively that of Data Processor because the operations on the information that are executed through the application are carried out only when the user so requires. authorize through specific commands or orders, with the user being the only person responsible for the treatment. With respect to the personal information that users provide to the GLOBAL MED MARKETING DIGITAL SAS Work Team for the subscription to the software service, GLOBAL MED MARKETING DIGITAL SAS will act as Responsible and in Charge of its treatment, complying with the obligations arising from the Law. 1581 of 2012 and acting in accordance with the provisions of this privacy policy.

IV.PRINCIPLES OF PROTECTION AND RIGHTS OF PEOPLE

In accordance with the constitutional postulates contained in article 15 of the Political Constitution of Colombia and in compliance with the general framework for the protection of personal data, personal data may only be collected and subjected to processing when necessary, relevant and not excessive in relationship with the scope and the specific and legitimate purposes for which they were collected and authorized by their owner. In accordance with this, the personal information provided by the owner will be treated in a legal, adequate and lawful manner, providing sufficient technical, organizational and human measures to guarantee the security and integrity of the data. The personal data subject to processing may not be used or accessed without the prior, express and informed consent of its owner or for purposes contrary to those that justified its collection. Operations carried out on personal data for statistical, historical or scientific purposes will not be considered incompatible with the main purpose of the processing. The personal information communicated by users to GLOBAL MED MARKETING DIGITAL SAS will be presumed to be true, accurate and impartial and must be updated and rectified as modifications to it arise or in the event that said information does not correspond to the present reality of the owner. People who participate in the processing of personal data must ensure the confidentiality of said information, even after the subscription to the GLOBAL MED MARKETING DIGITAL SAS service has ended and/or when the access credentials of personnel separated from the user entity are removed. In accordance with the principle of confidentiality, personal information may only be communicated or provided when it corresponds to the execution of legitimate activities authorized by Law 1581 of 2012 and with the necessary guarantees to ensure the protection of personal data.

V. HOLDERS OF PERSONAL INFORMATION

To carry out the procedures for quotation, service proposal, subscription and user registration, and any other procedure related to the offer and availability of the software service, the Work Team will process personal data that correspond to the following categories: public, semi-private and private on the following owners:

1. Users.
2. Potential customers.
3. Interested or requesting information about the application.
4. Healthcare professionals.
5. Managers of health entities.
6. Administrative or healthcare assistants. `
7. Authorized personnel who use the platform.
8. Suppliers.

In the provision of the services and functions of the GLOBAL MED MARKETING DIGITAL SAS software, the users responsible for the processing of health-related information and the management of electronic medical records carry out operations on data of a public, semi-private, private and sensitive nature that correspond to the following owners:

1. Patients.
2. Relatives of patients.
3. Workers and auxiliaries.
4. Commercial allies.
5. Associates.
6. Affiliates.
7. Healthcare professionals.
8. Employees.
9. Practitioners.

SAW. PROCESSING AND PURPOSE OF PERSONAL DATA

GLOBAL MED MARKETING DIGITAL SAS only processes personal data of its owners for the following purposes:

• Provide support for the GLOBAL MED MARKETING DIGITAL SAS application aimed at users.
• Perform the authentication of users subscribed to the GLOBAL MED MARKETING DIGITAL SAS service and personnel contractually linked to the Client who need to enter the platform.
• Present proposals or offers of personalized services to those interested in acquiring the service.
• Respond to requests, queries, complaints or claims raised by GLOBAL MED MARKETING DIGITAL SAS users.
• Respond to governmental or judicial entities at their express request when they respond to duly substantiated judicial or administrative orders.
• Execute the functions and services of the GLOBAL MED MARKETING DIGITAL SAS software in information management and security.
• Support the operational, technical and administrative processes carried out by users through the application.
• Execute billing processes to users for subscription to the services and functions developed by the software.
• Enter into contracts, grant licenses and grant credentials in the context of the services provided by GLOBAL MED MARKETING DIGITAL SAS and in accordance with the corporate purpose of its Work Team.

Owners are informed that once the need to process their data ceases, they may be deleted from the repositories or servers of GLOBAL MED MARKETING DIGITAL SAS at the request of the owner, in accordance with the provisions of the chapter.

VII. RIGHTS OF THE OWNERS

The owners have rights that must be guaranteed by the Data Controller at all times during the use of the GLOBAL MED MARKETING DIGITAL SAS software. These rights are:

1. Know, update and rectify your personal data. For its exercise, the identification of the owner must be previously established, avoiding indiscriminate access by third parties without authorization.
2. Obtain a copy of the authorization granted by them as data owners.
3. Know the use that the Data Controller has given to the owner’s personal data.
4. Consult your personal data and make claims to safeguard your right to data protection following the procedures ordered by law and in the terms of this policy.
5. Request the deletion of personal data when in the course of a judicial or administrative process it has been determined that the processing of the information was carried out in violation of constitutional or legal regulations.
6. Access your personal data for free. The information requested by the owner may be provided by physical, electronic or any other means that allows the owner to know it effectively.
7. Know and consult the Privacy Policy of GLOBAL MED MARKETING DIGITAL SAS and be informed by the Data Controller about any substantial changes or modifications made to it.

Under no circumstances may the data owner revoke the authorization and request the deletion of the data, when there is a legal or contractual duty that imposes on the Data Controller the obligation to preserve it.

In relation to inactive holders such as workers of the Client and suppliers of the Client or of GLOBAL MED MARKETING DIGITAL SAS, it is noted that the rules of the General Social Security System and the Tax Statute require the conservation of historical and accounting information for strictly limited periods. legal reason why its deletion will not be carried out on all occasions.

Under the terms of the General Regulation on the Protection of Personal Data, no owner may exercise rights on behalf of another without authorization from the latter or by legal order.

VIII. STRUCTURE FOR THE ATTENTION OF THE OWNERS

In order to guarantee timely attention and response to requests, complaints, claims and queries formulated by the owners and users of the software addressed to the GLOBAL MED MARKETING DIGITAL SAS Work Team as Responsible for the treatment, there is an area in charge of carry out the internal processing of these requests, ensuring the effective exercise of the rights enshrined in article 15 of the Political Constitution of USA.

For this purpose, the designated area will receive, process and respond to the requests submitted by users, through the procedures defined in accordance with articles 14 and 15 of law 1581 of 2012.

It should be noted that the GLOBAL MED MARKETING DIGITAL SAS Work Team will only send users’ personal data to the following people:

1. To the owner of the data, his successors or legal representatives.
2. To persons authorized by the owner of the data.
3. To persons authorized by judicial or legal order.

In the latest event, the Constitutional Court has established in Sentence C-748 of 2011 that the request for personal information when presented by a public or administrative entity may be attended favorably as long as it has previously justified the relationship between the need to obtain the required data and the fulfillment of its legal functions.

Owners must submit their queries and claims by the following means:

1. Reception of physical correspondence: 1810 Collins Ave, Miami Beach, FL 33139, USA
2. Virtual reception channel: global@globalmedmark.com
   
   

IX. THE PROCEDURE FOR MAKING INQUIRIES

Queries will be attended to by the area designated for the personal data protection function within a maximum period of fifteen (15) business days from the date of receipt. In cases where it is not possible to respond to the query within said period, this situation will be communicated to the interested party and the reasons for the delay will be explained, indicating the precise date on which a response will be given to their query. The new date set for the attention of the query may not exceed seven (7) business days following the expiration of the first term.

In order to provide a clear and coherent response, the applicant must submit the query in writing, the minimum content of which will follow the following structure:

1. Your name and identification and address.
2. Factual narrative that gives rise to the query.
3. Claim.
   
   

X. PROCEDURE FOR MAKING CLAIMS

Claims will be attended to within a maximum period of fifteen (15) business days from the day following the date of receipt.

In cases where it is not possible to address the claim within said term, the reasons for the delay will be communicated to the interested party and the precise date on which the claim will be responded to will be indicated. The new date defined for the attention of the claim may not exceed seven (7) business days following the expiration of the first term.

The applicant must formulate the claim in writing, ensuring that its minimum content refers to the following aspects:

1. Be directed to GLOBAL MED MARKETING DIGITAL SAS
2. Contain the identification of the Owner.
3. Contain the description of the facts that give rise to the claim.
4. Specify the address of the Owner.
5. Attach the documents that you want to assert in the formulation of the claim.

By submitting queries or complaints, holders of personal data may exercise the rights established in Article 8 of Law 1581 of 2012.

XI. MANAGEMENT AND MANAGEMENT OF CLINICAL HISTORY

The handling and management of medical history is a function that corresponds exclusively to health service providers and must be carried out in strict compliance with the provisions of Resolution 1995 of 1999, Law 23 of 1981 and other regulations that regulate the matter. The professionals, technicians and assistants in the health area and, in general, the health teams that intervene in clinical-care care must maintain the confidentiality and reserve of the information contained in the Clinical History, in accordance with the sensitive nature of the biometric, morphological and health-related data of patients.

GLOBAL MED MARKETING DIGITAL SAS as Data Processor will provide the necessary security measures for the conservation, integrity and inviolability of the medical records that make up the Clinical History, images and that are hosted in the cloud through the GLOBAL MED MARKETING DIGITAL SAS software. Any action or operation for the management and management of clinical history that is carried out through the GLOBAL MED MARKETING DIGITAL SAS platform will be carried out at the expense and responsibility of the users; and under no circumstances will the GLOBAL MED MARKETING DIGITAL SAS Work Team or its representative know, scrutinize, audit or examine the information recorded in the medical records, nor will it be responsible for their content or for the transfer of medical records made by users between health service providers.

Queries and requests for copies of medical records made by patients must be directed to the health professionals, offices and health entities responsible for their handling and management, who will attend to them in accordance with the procedures and guidelines established in Resolution 1995 of 1999, Law 23 of 1981 and other applicable regulations.

XII. SPECIAL PROTECTION OF HEALTH DATA

The GLOBAL MED MARKETING DIGITAL SAS Work Team, as responsible for the processing of personal data regarding those interested in subscribing to the application, the users who contract the software services and its assistance and/or administrative staff who use the application platform, guarantees that the collection of your personal data will be carried out whenever there is free, prior, express and duly informed authorization from the owner.

In relation to the personal data of patients, relatives of patients, workers, business allies, among others, that are stored in the cloud through the GLOBAL MED MARKETING DIGITAL SAS software, health professionals, entities and health service providers. health must guarantee compliance with the duties and obligations attributed by law 1581 of 2012 as those responsible for their treatment. Consequently, they must ensure that they obtain authorization for the processing of personal data when applicable and provide the necessary technical, administrative and human measures to protect the personal information of the owners.

The personal data of patients, especially those recorded in the medical history, as a general rule constitute information of a sensitive nature due to its close connection with the privacy and human dignity of the patients. In accordance with the General Law on General Data Protection, the Resolution for the management of Clinical History and the Law of Medical Ethics, information related to health and any other sensitive data must be subject to special protection and confidentiality, avoiding its use, access and circulation by unauthorized persons. The foregoing without prejudice to the exceptions related to medical emergencies contemplated in current regulations.

XIII. OF KNOWLEDGE OF POLITICS

The GLOBAL MED MARKETING DIGITAL SAS Work Team makes this information processing policy available to all its owners through the link located in the Terms and Conditions of use of the service.

Additionally, all holders of personal data may request a copy of the personal information processing policy through the communication channels indicated in Chapter VI of this document.

XIV. RELATIONSHIP WITH THIRD PARTIES

Third parties that may eventually provide services to GLOBAL MED MARKETING DIGITAL SAS and that have a direct or indirect relationship with the processing of personal data, must commit to comply with the provisions of this personal information processing policy, as well as declare under the severity of the oath that will comply with the guidelines established in Law 1581 of 2012 and other regulatory norms, guaranteeing the rights contemplated in Article 15 of the Political Constitution of Colombia and respect for the human dignity of the holders.

Without prejudice to the provisions herein, the contractual links with each of the third parties will establish the obligations that will govern the provision of the service.

XV. VALIDITY OF THIS POLICY

The validity of this policy begins on February 18, 2022. Any change or substantial modification will be communicated to the owner through the appropriate means of communication. For this purpose, the communication will be sent five (5) days in advance of the date on which the change is made.

And also, if you want to know more about our security policy, or ask us any questions or concerns, just contact us.