Schedule your appointment
PERSONAL DATA PROCESSING POLICIES CFC S.A.S.


Address: Barranquilla, Atlántico carrera 53 No 99 148 Local 2 Mall Plaza

E-mail: contacto@carlosfernandezdecastro.com

Telephone: (605)3161061

Mobile Phone: 3156710029.

Web Page: www.carlosfernandezdecastro.com

In accordance with the provisions of the Statutory Law 1581 of 2012 and its Regulatory Decree 1377 of 2013 on the General Regime for the Protection of Personal Data, which develops the fundamental right of all persons to know, update and rectify all types of information collected or that has been the subject of personal data processing (Habeas Data), CFC S.A.S., issues the following provisions for the processing of Personal Data:

1. GENERAL PROVISIONS

In compliance with the provisions of the statutory law 1581 of 2012 and its Regulatory Decree 1377 of 2013, CFC S.A.S., informs the applicable policy for the treatment and protection of personal data.

1.2. APPLICABLE LEGISLATION. This document was prepared in accordance with:
  • Political Constitution of Colombia
  • Article 15, law 1266 of 2008
  • Law 1581 of 2012
  • Regulatory Decree 1727 of 2009 and 2952 of 2010
  • Partial Regulatory Decree 1377 of 2013
  • Decree 1074 of 2015

1.3. SCOPE OF APPLICATION. This policy regulates the way in which the information contained in the following databases, for which CFC S.A.S. is responsible, will be treated, according to the purpose for which the data contained therein have been collected.

1.4. COMPANIES IN CHARGE OF DATA PROCESSING. These are the companies that have been contracted/linked by the responsible party (CFC S.A.S.) as data processors of any of the information contained in the Responsible Party’s Database.

1.5. DATABASES. The policies, procedures and treatment of Personal Data contained in this document apply to the databases of:

    1. PATIENTS DATABASE.
    2. FINANCIAL OBLIGATIONS DATABASE.
    3. ACCOUNTS PAYABLE DATABASE.
    4. DATABASE OF SUPPLIERS.
    5. DATABASE OF PERSONNEL DIRECTLY LINKED.
    6. DATABASE OF PERSONNEL LINKED NOT DIRECTLY.
    7. DATABASE OF PERSONNEL LINKED BY CONTRACT OF SERVICES RENDERED.
    8. PERSONNEL DATABASE. WITHDRAWN FROM THE PARTNERSHIP.
    9. DATABASE OF PARTNERS.
    10. LABOR RECRUITMENT DATABASE.
    11. DATABASE OF PHOTOGRAPHIC REGISTRY.
    12. DATABASE OF UNDERAGE PATIENTS.

These policies and manual of treatment will also apply to personal data USERS OF THE WEB PORTALS OWNED BY CFC S.A.S. or that this company manages; CONSUMERS PARTICIPATING IN DRAWINGS, CONTESTS OR PROMOTIONAL ACTIVITIES SUCH AS WRITTEN OR VISUAL ADVERTISING.

1.6. CHANNELS OF ATTENTION. The Owners of the information or their assignees may access the information about them that is registered in the database of CFC S.A.S., through the following channels of attention:

CITY ADDRESS PHONE WEBSITE EMAIL
Barranquilla
Carrera 53 No 99 – 148, Mall Plaza
6053161061
www.carlosfernandezdecastro.com
contacto@carlosfernandezdecastro.com

1.7. DEFINITIONS.

  1. DATABASE: Organized set of personal data that is the object of processing.
  2. OWNER: Natural person whose personal data is the object of processing.
  3. PERSONAL DATA: Any piece of information linked to one or several determined or determinable persons or that may be associated to a natural person.
  4. PUBLIC DATA: Data that is not semi-private, private or sensitive. Public data includes, among others, data relating to the marital status of individuals, their profession or trade, and their status as merchants or public servants. Due to their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins and duly executed court rulings that are not subject to confidentiality.
  5. SENSITIVE DATA: Sensitive data are understood as those that affect the privacy of the holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life, and biometric data.
  6. PERSON IN CHARGE OF PROCESSING: Natural or legal person, public or private, who by himself or in association with others, performs the Processing of personal data on behalf of the Data Controller.
  7. PERSON RESPONSIBLE FOR THE PROCESSING: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or data processing.
  8. PROCESSING: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
  9. TRANSFER: The transfer of data takes place when the person responsible and/or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is responsible for the processing and is located inside or outside the country.
  10. TRANSMISSION: Processing of personal data that involves the communication of the same within or outside the territory of the Republic of Colombia when the purpose of the processing is carried out by the processor on behalf of the controller.
  11. AUTHORIZATION: Prior, express and informed consent of the holder to carry out the processing of personal data.
  12. PRIVACY NOTICE: Verbal or written communication generated by the responsible party addressed to the holder for the processing of his personal data, by means of which he is informed about the existence of the information processing policies that will be applicable to him, the way to access them and the purposes of the processing that is intended to be given to the personal data.
  13. HABEAS DATA: Right of any person to know, update and rectify the information that has been collected about them in the database and in files of public and private entities
  14. CUSTOMERS: Natural or legal, public or private person with whom the company has a relationship.
  15. CONSUMERS: Person who consumes the goods produced by the company.
  16. CAUSEHABITANT: Person who has succeeded another due to the death of the latter (heir).

1.8. PRINCIPLES.
In the development, interpretation and application of Law 1581 of 2012 by which general provisions are issued for the protection of personal data and the rules that complement, modify or add CFC S.A.S. set out below the principles that are constituted as the general parameters to be respected in the processes of collection, use and processing of personal data:

  1. PRINCIPLE OF LEGALITY: Data processing is a regulated activity that must be subject to the provisions of the law and other provisions that develop it.
  2. PRINCIPLE OF PURPOSE: The processing must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the owner. Regarding the collection of personal data, CFC S.A.S. will limit itself to those data that are relevant and adequate for the purpose for which they were collected or required in accordance with the internal procedure manual for the management of information and databases.
  3. PRINCIPLE OF FREEDOM: The treatment can only be exercised with the prior, express and informed consent of the owner. Personal data may only be obtained or disclosed with prior authorization, or with the existence of a legal or judicial mandate that relieves the consent.
  4. PRINCIPLE OF TRUTH OR QUALITY: The information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.
  5. PRINCIPLE OF TRANSPARENCY: In the processing, the holder’s right to obtain from the data controller or data processor, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed.
  6. PRINCIPLE OF ACCESS AND RESTRICTED CIRCULATION: The treatment is subject to the limits derived from the nature of the personal data, the provisions of the law and the Constitution. In this sense, the processing may only be carried out by persons authorized by the owner and/or by the persons provided for by law. Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the owners or third parties authorized by law.
  7. SECURITY PRINCIPLE: The information subject to treatment by CFC S.A.S., shall be handled with the technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
  8. PRINCIPLE OF CONFIDENTIALITY: CFC S.A.S. is obliged to guarantee the confidentiality of the information, even after the end of its relationship with any of the tasks that comprise the treatment, only being able to provide or communicate personal data when it corresponds to the development of the activities authorized by law.

2. AUTHORIZATIONS AND CONSENT OF THE HOLDER

2.1. AUTHORIZATION. The collection, storage, use, circulation or suppression of personal data by CFC S.A.S. requires the free, prior, express and informed consent of the data owner. CFC S.A.S., in its capacity as responsible for the processing of personal data contained in its databases and the companies in charge, has provided the necessary mechanisms to obtain the authorization of the owners, ensuring in any case that it is possible to verify the granting of such authorization.

2.2. MEANS AND MANIFESTATION TO OBTAIN THE AUTHORIZATION. CFC S.A.S. issues a physical, electronic document, in an audio file or in any other format that contains the authorization and that allows to guarantee its subsequent consultation, and will be made available to the Holder prior to the Processing of his/her personal data, in accordance with the provisions of Law 1581 of 2012.

With the consented authorization procedure, it is guaranteed that the holder of the personal data has been made aware of the fact that his personal information will be collected and used for specific and known purposes, as well as that he has the option to know any alteration to them and the specific use that has been made of them.

The above in order for the Holder to make informed decisions regarding their personal data and have control over the use made of their personal information.

In those cases in which the Data Subject is a minor, there will be place to deliver support of such authorization to one of the parents of the minor or to the person who legally represents him/her.

2.3. PROOF OF AUTHORIZATION. CFC S.A.S. will take all necessary measures to keep records of the obtaining of authorization by the holders of personal data for the processing of the same.

2.4. PRIVACY NOTICE: The Privacy Notice is the physical, electronic or any other format document, which is made available to the Data Subject for the processing of his/her personal data. Through this document, the Holder is informed of the existence of the information processing policies that will be applicable to him/her, the way to access them and the characteristics of the processing that is intended to be given to the personal data.
The Privacy Notice is available, among other means, on the website www.carlosfernandezdecastro.com and provides the general mechanisms for the Holder to know the information processing policy and the substantial changes that occur in it, and informs the Holder how to access or consult the information processing policy.

C.F.C. S.A.S. may have electronic means, QR codes, messages to PCS devices, platform videos displayed at the place of service and other technological resources that allow communicating to the Holder the means made available for the processing of their data.

2.5. CASES IN WHICH THE AUTHORIZATION OF THE OWNER OF THE PERSONAL DATA IS NOT NECESSARY.

The authorization of the owner of the information will not be necessary in the following cases:

  1. Information required by a public or administrative entity in exercise of its legal functions or by court order.
  2. Data of a public nature.
  3. Cases of medical health emergency.
  4. Processing of information authorized by law for historical, statistical or scientific purposes. Data related to the Civil Registry of persons.

3. RIGHTS AND DUTIES

3.1. RIGHTS OF THE OWNER OF THE INFORMATION

In accordance with the rules relating to data protection, the following are the rights of the holders of personal data:

  1. Access free of charge to their personal data that have been subject to Processing. Know, update and rectify their personal data against CFC S.A.S. in its capacity as data controller. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose treatment is expressly prohibited or has not been authorized.
  2. Request proof of the authorization granted to CFC S.A.S. for data processing, by any valid means, except in cases where authorization is not required.
  3. Be informed by CFC S.A.S., upon request, regarding the use given to their personal data.
  4. File before the Superintendence of Industry and Commerce or the entity that takes its place, complaints for violations of the provisions of Law 1581 of 2012 and other rules that modify, add or complement it, after consultation or requirement process before CFC S.A.S.
  5. Revoke the authorization and/or request the deletion of the data when the treatment does not respect the principles, rights and constitutional and legal guarantees.
  6. Access free of charge to your personal data that have been subject to processing, at least once every calendar month, and whenever there are substantial changes to this policy that motivate new consultations.

These rights may be exercised by:

  • The holder of the personal data, who must prove his identity.
  • The assignees of the owner, who must prove their identity.
  • The representative and/or attorney-in-fact of the owner, upon accreditation of the representation or power of attorney.

3.2. DUTIES OF CFC S.A.S. AS THE PARTY RESPONSIBLE FOR THE PROCESSING OF THE PERSONAL DATA OF THE OWNER OF THE INFORMATION.

In the processing and protection of personal data, CFC S.A.S. shall have the following duties, without prejudice to others provided in the provisions that regulate or come to regulate the matter:

  1. Guarantee the holder the full and effective exercise of the right of habeas data.
  2. To request and keep a digital copy of the respective authorization granted by the holder for the processing of personal data.
  3. To duly inform the holder about the purpose of the collection and the rights he/she has by virtue of the authorization granted.
  4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  5. Guarantee that the information is truthful, complete, exact, updated, verifiable and understandable.
  6. Update the information in a timely manner, taking care of all the novelties regarding the holder’s data.
  7. Rectify the information when it is incorrect and communicate the pertinent.
  8. Respect the security and privacy conditions of the holder’s information.
  9. To process the consultations and claims formulated in the terms indicated by the law.
  10. Identify when certain information is under discussion by the owner.
  11. Inform at the request of the owner about the use given to their data.
  12. Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the holder’s information.
  13. Use only data whose treatment is previously authorized in accordance with the provisions of Law 1581 of 2012.
  14. Refrain from circulating information that is being disputed by the owner and whose blocking has been ordered by the Superintendence of Industry and Commerce.
  15. Allow access to information only to persons who may have access to it.

4. ACCESS, CONSULTATION AND COMPLAINT PROCEDURES

Law 1581 of 2012 confers to all natural persons certain rights and guarantees that seek to provide them with tools to protect their personal data and the use given to them. Any right that intends to be effective must have a known and efficient mechanism through which it can be enforced.

Below, CFC S.A.S. presents the rights that you can assert before us, as the owner of the information, and the mechanisms we have at your disposal to do so.

CFC S.A.S. and/or the Companies in charge will inform the Data Subject, at the time of obtaining his/her information, about the type of personal data processed and each and every one of the purposes that justify the Processing.

CFC S.A.S. will guarantee the right of access, upon accreditation of the identity of the Data Subject or personality of his representative, making available to him, free of charge, the details of his personal data through physical or electronic means that allow the direct access of the Data Subject to them, so that the Data Subject can enforce his right to rectify, correct or request the deletion of all or part of his data.

4.1. CONSULTATIONS. In accordance with the provisions of Article 14 of Law 1581 of 2012, the owners or their assignees may consult the personal information of the Holder that is contained in any database.

CFC S.A.S. will guarantee the right of consultation, providing them with all the information contained in the individual record or that is linked to the identification of the Holder.

The holder of the information contained in the database may exercise their rights to know, update, rectify and delete the data and revoke the authorization, for which you can submit your request, query and / or claim with your data, by sending a written communication to CFC SAS located in Barranquilla, Atlántico Carrera 53 No 99 – 148 or by sending an email to contacto@carlosfernandezdecastro.com. It should be clarified that the request for deletion of information will not proceed when the holder has a contractual duty to remain in the database.

Requests for consultation will be answered within a maximum term of ten (10) working days from the date of receipt thereof. When it is not possible to attend the consultation within such term, the interested party will be informed before the expiration of the 10 days, stating the reasons for the delay and indicating the date on which the consultation will be attended.

The maximum term to address the claim requests will be fifteen (15) working days from the day following the date of receipt. When it is not possible to attend it within such term, the interested party will be informed before the expiration of the referred term the reasons for the delay and the date on which the claim will be attended, which in no case may exceed eight (8) working days following the expiration of the first term.

CFC S.A.S. will have enabled its customer service line 6053161061 as well as the email account contacto@carlosfernandezdecastro.com and others that it considers relevant at the time and that will be effectively announced through amendments to its Privacy Notice.

4.2. DELETION OF DATA. The Data Subject has the right, at any time, to request CFC S.A.S. to delete his/her personal data when:

  1. He/she considers that the same are not being treated in accordance with the principles, duties and obligations provided in Law 1581 of 2012.
  2. They are no longer necessary or relevant for the purpose for which they were collected.
  3. The period necessary for the fulfillment of the purposes for which they were collected has been exceeded.

This deletion implies the total or partial elimination of personal information as requested by the Holder in the records, files, databases or treatments carried out by CFC S.A.S.

Notwithstanding the foregoing, this right of the holder is not absolute and consequently CFC S.A.S. may deny the exercise of the same when:

  1. The holder has a legal or contractual duty to remain in the database.
  2. The elimination of data hinders judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.
  3. The data is necessary to protect the legally protected interests of the holder; to carry out an action in the public interest, or to comply with an obligation legally acquired by the holder.

When the request is made by a person other than the Data Subject and it is not accredited that the person is acting on behalf of the Data Subject, in order to protect the personal data, in which case CFC S.A.S. will consider the claim as not submitted.

Any request must be submitted through the means enabled by CFC S.A.S., indicated in the Privacy Notice, and contain, at least, the following information:

  1. The name and address of the Holder, or any other means, such as an email, that allows communicating the response.
  2. The documents proving the identity or personality of its representative.
  3. A clear and precise description of the personal data with respect to which the Data Subject intends to exercise his/her rights.

Whenever CFC S.A.S. makes available a new tool to facilitate the exercise of their rights by the holders of information or modifies the existing ones, it will inform it through its website and in its Privacy Notice.

In view of the above, it will be necessary that the Data Subject, at the time of submitting the request for revocation of consent to CFC S.A.S., indicate whether the revocation he/she intends to make is total or partial. In the second case, the data subject must indicate with which treatment the data subject does not agree.

5. INFORMATION SECURITY

5.1. SECURITY MEASURES.

In development of the security principle established in Law 1581 of 2012, CFC S.A.S. will adopt the technical, human resources and administrative measures necessary to provide security to the data avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access.

CFC S.A.S. shall consider, as a minimum, the following aspects in its security procedure for personal databases.

  1. Detailed specification of the databases to which it applies.
  2. Measures, norms, procedures, rules and standards aimed at ensuring the level of security required by Law 1581 of 2012.
  3. Functions and obligations of the personnel.
  4. Structure of personal databases and description of the information systems that process them.
  5. Procedure for notification, management and response to incidents.
  6. Procedures that guarantee the conservation of the authorizations issued by the holders of the information.
  7. Periodic controls to be carried out to verify compliance with the provisions of the security procedure to be implemented.
  8. Measures to be adopted when a medium or document is to be transported, discarded or reused.
  9. The procedure should be kept up to date at all times and should be reviewed whenever there are relevant changes in the information system or in its organization.
  10. The content of the procedure must at all times comply with the provisions in force regarding the security of personal data.

CFC S.A.S. is not responsible for any consequence derived from technical failures or improper access by third parties to the databases or files containing the personal data processed by CFC S.A.S. and its employees.

6. FINAL PROVISIONS

6.1. CFC S.A.S., as applicable, authorizes the Companies in charge of the processing of its databases, to respond to any right of request regarding the matters to which this Data Processing Policy applies.

6.2. EFFECTIVENESS. This document is effective as of May 31, 2025 and until such time as it is modified or the databases to which it applies are eliminated in their entirety. The validity of such databases shall be indefinite, and the same shall be kept as long as the reasons and purposes for which the information contained in each of them was collected subsist. Any substantial change in the policies provided herein, will be communicated in a timely manner to the holders of personal data in an efficient manner before implementing the new policies.

Last Updated May 31, 2025

Monday to Friday: 8am to 6pm
Saturdays: 8am to 12M
(605) 3161061
servicioalcliente@
carlosfernandezdecastro.com
CC. Mallplaza Buenavista
Cra. 55 #99-55
Barranquilla, Atlántico
Copyright © 2025 - CFC Odontología
Data Processing Policy
Agenda tu cita