Contact Us
Contact Us

Data Protection Policy

Last Updated: 02/04/2025

Silhoutte jumping

Content

Purpose

The protection of the privacy of personal and health data is a priority for Alternova, so we seek to ensure that the personal and health information we handle is treated in accordance with Law 1581 of 2012 in Colombia, Decree 1377 of 2013, and the Health Insurance Portability and Accountability Act (HIPAA) in the United States. protecting the rights of data subjects and ensuring compliance with applicable regulations. The responsibility declared herein of Alternova extends only to the veracity and completeness of the information that you as a client, user, supplier and collaborator provide us, being at your sole discretion the duty to notify us of any modification or update in the data delivered. Your duties and rights are limited to the authenticity and timeliness of the data.

Definitions

For the purposes of this document, the definitions included in the information security policy and other policies apply, and the following:

  • Personal Data: Any information linked or that can be associated with a natural person, which allows their identification or location.
  • Sensitive Data: Information that affects the privacy of the owner or whose improper use may generate discrimination. This includes data on health, ethnicity, sexual orientation, etc.
  • Protected Health Information (PHI): Individually identifiable health information that is transmitted or maintained in any form or medium (electronic, oral, or paper) by a Covered entity or its Business Associates, excluding certain educational and employment records. PHI includes, but is not limited to, information about the patient’s health status, medical treatments, medical history, billing history, and payment for health services.
  • Health Insurance Portability and Accountability Act (HIPAA): A U.S. law that protects personal health data and prevents its misuse. It gives the person the right to request and inspect his or her medical records and tell health care providers and insurance companies to whom they may disclose this information (including friends, relatives, and caregivers). The law also sets security standards for establishing and maintaining electronic records about the person’s health. It is also called the Health Insurance Portability and Accountability Act and the Kassebaum Kennedy Act.

Scope

This policy applies to all Collaborators, Business Partners, and any other party that, directly or indirectly, has access to or manages personal or health information under the responsibility of Alternova, both in Colombia and in the United States. The policy covers all personal and health data, regardless of its format (physical or digital), and establishes the guidelines for its correct treatment.

Objective

Establish clear guidelines for the protection of personal data, guaranteeing its security, privacy and legal compliance, from the moment there is interaction with Alternova, either by a contractual link, by entering our page or by entering our social networks.

Policy Description

Principles for the Processing of Personal Data

  • Lawfulness: The processing of personal data will be carried out in accordance with the provisions of the law.
  • Purpose: Personal data will only be processed for the specific, explicit and legitimate purposes informed to the owners.
  • Freedom: The processing will only be carried out with the prior, express and informed consent of the owner, except in cases where the law does not require it.
  • Transparency: The right of data subjects to obtain information about their personal data and its processing will be guaranteed. Protected Health Information will be guided by the provisions of the HIPAA Privacy, Use, and Disclosure Policy.
  • Security: Alternova will adopt measures to guarantee the security of personal data and prevent its adulteration, loss, consultation, use or unauthorized access.
  • Confidentiality: All persons involved in the processing of personal data are obliged to guarantee
    the confidentiality of the information, even after their relationship with Alternova has ended. 

Purposes of Processing Personal Data

The personal data collected by Alternova will be processed for the following purposes:

  • Administrative and operational management: Includes payroll administration, labor benefits, performance evaluations, and other processes related to the employment relationship.
  • Selection and hiring processes: Candidates’ data will be handled to assess their suitability for a position within the company.
  • Compliance with legal obligations: The company may use personal data to comply with labor, tax, social security, and contractual regulations.
  • Health Data Protection: In compliance with the Health Insurance Portability and Accountability Act (HIPAA), patients’ Protected Health Information will be handled for the purpose of providing medical services, complying with information security regulations, and ensuring the confidentiality of health data. The provisions of the HIPAA Privacy, Use and Disclosure Policy will be strictly observed.
  • Access Control and Security: Personal data may be used to ensure physical and digital security in Alternova’s facilities and systems.
  • Marketing: Carrying out studies on consumer habits and market behaviours, and Providing commercial, advertising or promotional information to promote commercial or advertising campaigns

Processing of Sensitive Data

  • The processing of sensitive data will be subject to the following conditions:
  • The owner must give their express consent, except in cases where the law allows the processing of sensitive data without such consent.
  • The Company will adopt additional security and confidentiality measures to protect sensitive data, especially in the treatment of protected health information in compliance with the HIPAA Health Insurance Portability and Accountability Act.
  • Sensitive data will only be processed when strictly necessary for the purposes described in this policy.

Methods of Obtaining your Personal Data

We collect and store your personal data:

  • Contractual relations with customers, suppliers and collaborators.
  • By accessing our social networks.
  • By accessing our user service channel (Online Chat).
  • By accessing the filling out of one of our contact forms.
  • By agreement with Protected Entity or Business Partner.

Obtaining Consent

  • Alternova will ensure that it obtains informed consent from the owners of personal data, both in Colombia and in the United States, except in cases excepted by law.
  • Consent shall be:
    • Previous: It will be obtained before any processing of personal data is carried out.
    • Express: Consent must be clear and explicit, expressed verbally, in writing or through unequivocal conduct.
    • Informed: Data subjects must be clearly informed about the purpose of the processing, their rights and the mechanisms to exercise them.

Policy Compliance

  • Any person who provides their data by any means accepts that their personal information is part of Alternova’s databases. and that it makes use of it for contractual and commercial purposes, sends contractual and commercial information to the email, telephone numbers or any other type of contact registered by the user, customer, supplier or collaborator in the interactive channel.

Rights of the Owners

Rights of Owners in Colombia

Data subjects have the following rights, which the company undertakes to respect and facilitate:

    • Access: The right to know the personal data that is under processing.
    • Rectification: The right to request the correction of inaccurate or incomplete data.
    • Erasure: The right to request the deletion of their data whenever they wish, provided that there is no legal duty to keep them. The request for the deletion of the information and the revocation of the authorisation will not proceed when the user, client, supplier or collaborator has a legal or contractual duty to remain in the database.
    • Portability: In Colombia, data subjects may request the delivery of their data in a format that allows its transfer to another data controller.
    • Opposition: Data subjects may object to the processing of their data in specific cases.
  • To exercise these rights, the holder must send a request through https://alternova.com/support/[email protected] or Carrera 35 No. 5 Sur 350 Medellín. The company will respond within a maximum period of 15 working days. If more time is required, the holder will be informed of the reason and the new response date, which may not exceed 8 additional business days.
  • Within the application you must attach a copy of the Identity Document.

Rights under the Health Insurance Portability and Accountability Act (HIPAA)

In compliance with HIPAA, individuals have the right to:

      • Request and obtain a copy of your protected health information.
      • Request corrections or modifications to your protected health information when they believe it is incorrect or incomplete.
      • Obtain a record of disclosures made of your protected health information.
  • To exercise these rights, the individual must submit their request to https://alternova.com/support/. The company will respond within 30 days for access requests, and 60 days for rectification requests.

Filing Complaints

  • Data subjects have the right to lodge complaints if they believe that the company has violated their rights. To file a complaint, you may contact:
    • In Colombia: The Superintendence of Industry and Commerce (SIC) through its service channels.
    • In the United States: The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS).

Alternova has an internal process for receiving complaints that can be sent to [email protected], which will be investigated and corrective action taken within 30 working days.

Security Measures

  • Alternova will implement technical, organisational and legal measures to guarantee the security of personal and health data, ensuring confidentiality, availability and integrity. These measures will include:
    • Encryption of sensitive data and protected health information during transmission and storage.
    • Only authorized personnel will be able to access personal or health data.
    • Regular audits will be conducted to detect and remediate potential security vulnerabilities.
    • Data will be backed up in compliance with the security standards established by law, international and contractual standards.
  • Personal data corresponds only to its owner; therefore, Alternova is responsible for not revealing any kind of information that belongs to its owners, such as (identification number, email, cell phone number, IP address, etc.), except by obtaining the express authorization of the owner of the data or in cases where it is required by court order.
  • Through the data provided, the following fundamental actions are promoted:
    • Establish contractual relationships.
    • Interaction on our social networks and website.
    • Use customer service 24 hours a day, seven days a week.
    • To attend to information requirements.

Procedure in the Event of Security Incidents

  • In the event of a security breach that affects personal or health data, the company will apply the following procedure:
    • Notification to data subjects within a reasonable time.
    • Notification to the competent authorities under the terms established by Law 1581 of 2012
      in Colombia and by HIPAA in the United States (according to the internal HIPAA notification policy previously implemented by the company).
  • Adoption of immediate corrective measures to mitigate the effects of the incident and prevent
    future violations.

Data Transfer and Transmission

  • The company will ensure that the transfer of personal data, both within Colombia and internationally, complies with current regulations. In particular:
    • In Colombia: Any transfer of data to third parties must have the express consent of the owner, and third parties will be required to implement adequate protection measures.
    • In the United States: The processing of protected health information data that is transferred to third parties will be carried out under Business Associate agreements, in accordance with the provisions of the HIPAA Business Associates.

Use of Cookies

  • The use of cookies and your IP address is done only for the purpose of offering you a site according to your local preferences (such as web browser used, operating system, ISP, etc.). Cookies allow us to deliver content tailored to the interests and needs of our users/visitors. Third-party cookies that are present in the Web log, such as advertisers or advertising of the same, may also be used for the sole purpose of providing additional or relevant information to the user’s navigation on the Alternova websites.

The Use of Social Media Plugins

  • Plug-ins from the social networks Facebook and Twitter may be incorporated into our websites. To improve the protection of your data, these plugins are implemented as social buttons. To prevent Facebook or X from being able to associate your visit to our website with your user account, you must log out your user account before visiting our website.

Changes to Our Policy

  • This policy will be reviewed periodically at least once a year, and any changes will be communicated in a timely manner to the data subjects and competent authorities. The company undertakes to keep the policy updated in accordance with new regulations or technological changes that may affect the processing of personal data.

Employee Training

  • Alternova will implement continuous training programs for all Employees, in order to ensure that they understand and comply with their responsibilities in relation to the protection of personal and health data. The training will include topics on the secure handling of sensitive data, risk management, and internal company policies.

Validity

  • This policy is valid and applicable to all information provided in contractual relationships, interaction on websites and social networks owned by Alternova, as well as for protected health information provided to Alternova by Business Associate Agreements
  • The effects of its regulation do not extend to other websites that you may access through links hosted or found on the website.
  • In accordance with the provisions of article 10, numeral 4 of Decree 1377 of 2013, if after 30 business days from the knowledge of this policy, which is understood to have been made concomitantly by providing us with your data, Alternova does not receive express communication for the deletion of your data, we may continue with the processing of personal information for the purposes described above and that justify the collection and processing of your data.
Portfolio
Ace Atom Backpack Caressa Credible Issviva Magpie Mastermind Nexus Sleepio
Blog
EHR
Linkedin-in Youtube