2.1. Authorization: It is the prior, express and informed consent of the Owner of the Personal Data to carry out the Processing of Personal Data.
2.2. Privacy Notice: Written communication generated by BMI, addressed to the TDP for the Processing of your Personal Data, through which you are informed about the existence of the Information Privacy Policies that will be applicable to you, the way to access them and the purposes of the Treatment that is intended to be given to the Personal Data.
23. Database: Organized set of Personal Data that is subject to Treatment.
2.4. Clients: Natural or legal person whose Personal Data is subject to Processing and who has a contractual relationship with BMI and/or has submitted a request to BMI to enter into a Policy. Customers will also be understood as those natural persons who are listed as insured or dependent on an individual or corporate Policy.
2.5. Personal Data: Any information linked to or that can be associated with one or more determined or determinable natural persons, includes medical information on diagnosis, treatment or health condition, as well as personal information, including patrimonial and financial information.
2.6. Person in charge of the Treatment: Natural or legal person, public or private, that by itself or in association with others, carries out the Treatment of Personal Data on behalf of BMI.
2.7. Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, processes, safeguards or manages the Database and/or the Treatment of the data for the purposes established in the Policy.
2.8. Terms and Conditions: general framework in which the conditions for participants in commercial or related activities are established.
2.9. Owner of Personal Data (TDP): Natural person insured or dependent on an individual or corporate Policy, whose Personal Data is subject to Treatment, including those persons who have submitted an application for Medical Assistance insurance and who did not complete their contract.
2.10. Treatment: Any operation or set of operations on Personal Data, such as collection, storage, use or verification.
2.11. Transfer: The transfer of data takes place when the Responsible and/or Person in Charge of Treatment sends, transmits or shares the Personal Data to a third party or a Person in Charge of Treatment is located inside or outside of Ecuador.
TREATMENT: BMI collects, stores, uses and verifies Personal Data corresponding to Clients and/or TDP, for the development of its commercial activities and due to the nature of the service it provides, as the Responsible for the Treatment of Personal Data.
PURPOSE: Personal Data is processed by BMI for the following purposes:
4.1. Participation in different types of surveys through registrations or offline/online forms.
4.2. Filling out subscription requests, online services or to facilitate the request for specific information that is required of us.
4.3. Inform you of important news concerning BMI.
4.4. Tell you about our new products or services, updates, technical support issues, events and special offers.
4.5. Promote products and services on our website.
4.6. Prevent and detect fraud or other illegal or prohibited activities.
4.7. Ensure the security and integrity of our Website.
4.8. As part of an ongoing sales process.
4.9. To be part of automated means such as communication protocols.
4.10. To perform analyzes and evaluations about our business; as well as to analyze strategies for customer consolidation.
4.11. For the management and analysis of claim reimbursement.
4.12. To grant the Ambulatory and/or Hospital Credit benefit.
4.13. For the provision of services by BMI.
4.14. To carry out the due diligence procedures, if applicable, among which is the Policy called "Know your client", in order to comply with the Law for the Prevention of Money Laundering and the Financing of Crimes or, any law or international instrument to prevent or prosecute conduct derived from illicit acts.
4.15. To carry out the risk analysis and the calculation of the value of the insurable interest in the Life or Personal Accident Policies, if applicable, or for the analysis of any type of risk within the lines of insurance approved for BMI.
4.16. To analyze if the reinstatement/rehabilitation of the Life and/or Personal Accident Policy proceeds; or reestablishment of validity in the Medical Assistance Policies, if applicable, or in the case of contracts related to BMI's line of business or whatever is relevant.
RIGHTS OF PERSONAL DATA HOLDERS:
The Clients and/or TDP whose Personal Data are subject to Processing by BMI, have the following rights, which they may exercise at any time:
5.1. Access and know your Personal Data on which BMI is processing for free.
5.2. Be informed by BMI, upon request, regarding the use that it has given to your Personal Data.
5.3. Request BMI to delete your Personal Data, except for your medical information, since it is related to your Clinical History and all information that cannot be deleted by law, as is the case of information related to the Law on the Prevention of Money Laundering and Financing of Crimes. However, the request for deletion of the information and the revocation of the authorization will not proceed when the TDP of the information has a legal or contractual duty to remain in the Database and/or Files by virtue of which their data were collected. .
5.4. Request the updating or rectification of your Personal Data, except those data related to health data or information related to the prevention of money laundering and financing of crimes. BMI may request additional information from the TDP that supports the need to update or rectify.
AUTHORIZATION: BMI derived from the contractual relationship it has with each Client or through the acceptance of the conditions established in the Requests for Medical Assistance, Life, Personal Accident Insurance or any other request related to the line of business of BMI is authorized for the Treatment of your Personal Data. Authorization is given through various instruments, such as:
6.1. The Application for Medical Assistance, Life or Personal Accident Insurance.
6.2. The Medical Assistance, Life or Personal Accident Insurance Policy.
6.3. Through unequivocal behaviors that allow concluding that you granted your authorization, for example, through your express acceptance of the Terms and Conditions of an activity and/or use of a Website and/or electronic application within which the Privacy Notice is communicated. and the authorization of the participants is required for the Treatment of their Personal Data, whether given directly through the Client/TDP or a third party that represents it, such as an insurance producer advisor or related to the latter.
SPECIAL PROVISIONS FOR THE PROCESSING OF HEALTH DATA:
Health data is considered to be that which contains information on diagnoses, treatments, medical situation, personal and family medical history, and any information that serves to identify the previous or current health condition of the TDP or the Client. Health data may include data related to racial or ethnic origin and sexual life, which, in general, are not normally requested but may be required because they are health-related services.
In this case, since BMI handles medical information, the Client/TDP acknowledges that the Personal Data will be used and analyzed in the development of the contractual relationship between the parties.
SPECIAL PROVISIONS FOR THE PROCESSING OF PERSONAL DATA RELATED TO THE PREVENTION OF MONEY LAUNDERING AND CRIME FINANCING The Client/TDP acknowledges that BMI will carry out the Processing of Personal Data related to compliance with the Organic Law for the Prevention of Money Laundering and Financing of Crimes or any international law or instrument to prevent or prosecute conduct derived from illicit acts, and that is authorized to send information to the competent body.
PROCEDURE FOR ATTENTION AND RESPONSE TO REQUESTS AND INQUIRIES:
The Holders of the Personal Data that are being collected, stored, used by BMI, may at any time exercise their rights to access, update and rectify their information or that of their representatives. Derived from compliance with the law, the clinical history is unique and cannot be altered or modified, therefore it is prohibited to modify in any way the Personal Data related to medical information because they are related to the TDP's clinical history.
In the case of updating or rectifying Personal Data, BMI reserves the right to request additional documents that corroborate or confirm the inaccuracy of the data that must be updated or corrected.
To exercise the rights established in this clause, the TDP must send a communication to the email firstname.lastname@example.org, developing your request. In the electronic communication, the TDP must identify himself with his name, surname, identification document, Policy number and electronic address to which he can receive the response. BMI will respond to the query within the following 2 business days from receipt of the email. In case of entering a written request, it will be received from Monday to Friday from 8:30 a.m. to 5:30 p.m. at the following addresses:
· De Los Shyris and Sweden Avenue, Renazzo Plaza building, 12th floor, · Av. Jaime Roldós Aguilera, Parq. Business Colon Corporate Building 2, Floor 1 · Cuenca Azogues Highway Cardeca Business Center Building · If you have questions or queries regarding the treatment, conservation and handling of your personal data, contact the address: email@example.com. · In the event that BMI changes its address, this fact will be informed.
ANONYMIZATION: BMI declares that for greater security it may adopt measures to anonymize the personal data of the TDP. Through the anonymization process, the data cannot be linked to a natural person or TDP, the anonymized data is not Personal Data. All anonymized personal data will belong to BMI and may use, market or transfer it as it deems necessary, it will not require any authorization or permission from the TDP.
SECURITY OF PERSONAL DATA: BMI, in strict application of the principle of security in the Processing of Personal Data, will implement the necessary technical and organizational measures to guarantee the confidentiality, integrity and security of health data and records, avoiding their adulteration, loss, consultation, use or unauthorized access. or fraudulent. The obligation and responsibility of BMI is limited to implementing the appropriate security measures according to the state of the art available according to technical and economic limitations. BMI will adopt all appropriate security measures, the Client/TDP accepts and acknowledges that these security measures are not infallible and that technical failures or unauthorized entries may occur. BMI will not be responsible for unauthorized access or alterations to the information as a result of technical failures or unauthorized entry by third parties that have violated the security systems adopted by BMI. BMI will require from service providers adequate measures for the protection of Personal Data in relation to which said providers act as Processors.
TRANSFER, TRANSMISSION AND DISCLOSURE OF PERSONAL DATA:
The TDP accepts and acknowledges that BMI may transfer your personal data to related third parties or suppliers, located within the national territory or in other countries, to process your personal data. The TDP authorizes BMI to transfer data related to the nature of the service associated with medical benefits, financial services, additional benefits, audit processes.
The clinical history and information on the health situation is relevant for the diagnosis and treatment of diseases, to the different health service providers or BMI advisors, who for the purposes of this Policy, will act as Treatment Managers.
The TDP accepts and acknowledges that BMI may transfer your personal data to the corresponding administrative and judicial authorities for the solution of administrative procedures, contractual disputes or disputes related to the provision of health, or due to motivated requests made by state entities. BMI will not be responsible for the security and confidentiality of the data and information delivered to government entities.
The TDP acknowledges that BMI uses computer systems that are in the cloud or "cloud computing", the TDP acknowledges that the servers that provide these services are located in other countries. The TDP accepts that your personal data is hosted on servers located in other countries, for which it expressly accepts the international transfer of data, especially all sensitive data described in this Policy.