Privacy Policy
Your privacy is important to Osigu(1). Therefore, we have developed a Privacy Policy that encompasses how we collect, use, store, and generally handle your personal information. This Privacy Policy (hereinafter referred to as the “Privacy Policy”) covers all data collected and used by Osigu and its main website (https://www.Osigu.com).
Data is the foundation upon which our technology is built, allowing us to adapt to market needs and provide the best user experience. Consequently, Osigu requires certain personal data to be available to deliver its services as efficiently and securely as possible.
Given the nature of Osigu's services, we inform you that generally, Osigu acts as a Data Processor for the provision of its services. In this regard, Osigu ensures that it adheres to the highest standards of security and confidentiality in handling any data processed in your jurisdiction during the delivery of its services.
The data Osigu processes as a Data Processor will depend on the relationships it establishes with each client. However, generally, Osigu will process data related to your name, identification number, sex, health-related information, among others.
Nevertheless, Osigu makes this Privacy Policy available to data subjects so that they understand how Osigu processes personal data when it acts as the Data Controller.
Please review our “Supplementary Privacy Policies” below to check for additional information that may apply to you based on your location.
For the purposes of this Privacy Policy, the following definitions will be considered:
- Authorization: The prior, express, and informed consent granted by the Data Subject for the Controllers to carry out the Processing of their Personal Data.
- Database: An organized set of personal data that is subject to Processing.
- Personal Data: Any information linked to or that may be associated with one or several identified or identifiable natural persons.
- Data Subject: A natural person whose Personal Data is subject to Processing.
- Sensitive Data: Those that affect the privacy of the Data Subject or whose improper use may generate discrimination, such as information revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social organizations, human rights groups, or that promote interests of any political party, as well as data related to health, sexual orientation, gender identity, genetic and biometric data.
- Data Processor: The natural or legal person, public or private, that carries out the Processing of Personal Data on behalf of the Data Controller.
- Privacy Policy: Refers to this document.
- Data Controller: The natural or legal person, public or private, that decides on the Database and/or the Processing of Personal Data.
- Processing: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation, or deletion, as well as its transfer and/or communication nationally and internationally to third parties through communications, inquiries, interconnections, assignments, data messages.
- Transfer: The Transfer of Personal Data happens when the Data Controller and/or Data Processor sends the information of the Personal Data to a third-party recipient, whether inside or outside the country.
- Transmission: Processing of Personal Data that involves communication to a third party within or outside the territory of the relevant Osigu company when such communication aims to perform Processing by the Processor on behalf of the Controller, to fulfill the latter's purposes.
- Transmission: Processing of Personal Data that involves communication to a third party within or outside the territory of the relevant Osigu company when such communication aims to perform Processing by the Processor on behalf of the Controller, to fulfill the latter's purposes.
(1) It should be understood that Osigu consists of Ugiso S.A.S. and Osigu CO S.A.S. in Colombia, Osigu Inc in the United States, Vielcom Capital S.A. in Guatemala, Paycode ESP S.L. in Spain, Krafa S.A.S. in the Dominican Republic, and Osigu BR Tecnologia Ltda. in Brazil. Please check the Supplementary Privacy Policies for information applicable to specific locations (e.g., Colombia and Brazil).
2. What is Personal Data?
Personal data or sensitive data refers to all information that can identify a natural person, such as name, sex, date of birth, identification number, address, insurance details, guardians, email, nationality, medication information, among others.
Osigu may request you to provide personal information whenever you are in commercial or labor contact with Osigu or any of its products. You are not obligated to provide the personal information requested; however, if you choose not to, in many cases, we may not be able to establish a labor or commercial relationship with you.
2. Purposes of Processing
In general terms, Osigu processes your Personal Data to carry out activities and actions related to its economic activity. The following table provides additional information on examples of the purposes for which we process your Personal Data and the types of Personal Data involved in the Processing:
PURPOSE
TYPES OF PERSONAL DATA COLLECTED
Conduct inquiries about acquiring a product or service.
Identity data, contact data, occupation-related information, and financial data.
Manage and respond to your inquiries.
Identity data, contact data, and occupation-related information.
Enter commercial and/or labor contracts.
Identity data, contact data, occupation-related information, financial data, and data about your assets.
Identify new business opportunities, generate business contacts, and develop business relationships.
Identity data, contact data, and occupation-related information.
Manage and analyze claims to protect our legal interests and mitigate risks.
Identity data, contact data, occupation-related information, financial data, and transactional data.
Hiring staff and managing the employment relationship.
Identity data, contact data, occupation related information, health data, social security affiliation, socioeconomic status, financial data, family data and judicial and administrative records.
Carry out daily operations to direct and develop our business (for example, statistical and financial analysis, accounting, report preparation, and market studies).
Identity data, contact data, information related to your occupation, financial data, and transactional data.
Facilitate the sale or purchase of our business or assets, or any merger or financing agreement.
Identity data, contact data, information related to your occupation, financial data, and transactional data.
For health and safety reasons, if you are a close relative of an Osigu employee.
Identity data and contact data.
Send commercial or advertising information that may be of interest to you.
Identity data and contact data.
3. This is How We Use Your
Personal Data
3.1 General Visits to the Osigu Website
We collect information in an anonymous format that does not allow the identification of specific individuals, using tools like Google Analytics. This helps us analyze visitor performance and behavior on our site. For example, we assess the impact of our marketing strategies, the time users spend on the site, and the countries from which we receive visits, allowing us to measure the efficiency of our platform.
3.2 Products, Services, and News
We obtain your personal data when necessary to fulfill a contract applicable between the Data Subject and Osigu. This information allows us to create, develop, operate, and improve our products, services, and content, always for the benefit of the Data Subject. It also enables us to stay in touch with you regarding any relationship you have with us concerning which we collect your personal information.
3.3 Fraud Prevention and Detection, and Legal Obligations
We use your personal information to ensure network security, protecting our services for the benefit of all users. This includes reviewing and analyzing uploaded content for any potential illegality.
Additionally, we may access your personal data to comply with legal obligations, whether required by government entities or in other justifiable circumstances. We will also use your information to detect and prevent fraud by identifying anomalous behavior in online transactions. Osigu reserves the right to verify the legitimacy of the information in the relevant records.
Osigu may disclose your personal information only in cases of obligations provided by law, legal proceedings, litigation, or requests from government authorities, both within and outside your country of residence. Furthermore, we may share information about you if we consider it necessary for security, legal compliance, or public interest matters. The Data Subject understands that Osigu may be required by authorities to disclose personal data.
3.4 Marketing and Data Processing
We may use your personal data for internal purposes such as audits, data analysis, marketing projections, and research, with the aim of improving the advertising of our products as well as our services and communications with the Data Subjects. The results and analyses derived can be shared with third parties, without this implying the commercialization of personal data.
Additionally, we may provide data access to authorized personnel involved in operating the application (administration, sales, marketing, legal department, and systems administration) or to external contractors providing services to Osigu, such as technical service providers, messaging companies, hosting companies, IT companies, and communication agencies.Osigu may offer contact forms to request products or services. These forms are as follows:
- Stay in the Loop: Osigu's form for the data subject to subscribe to receive our newsletters and receive commercial or advertising information.
- Contact Form: Osigu's form for the data subject to communicate with us for any reason and receive assistance from our staff.
Osigu reserves the right to modify these forms at any time.
3.5 Labor Relations
Osigu may process your data in the context of establishing labor relationships with us and to fulfill your employment contract, social benefits, matters related to your safety and our facilities, among others, as applicable according to your jurisdiction.
3.6 Data Provided by Data Subjects
In the context of providing our services, we collect information from different Data Subjects, either provided directly by them or automatically collected through our applications and as part of commercial relationships with our clients. Below are the types of data collected:
Medical Personnel
COLLECTED INFORMATION
Medical license number
✔
✔
Medical specialty
✗
✔
Country of registration
✔
✔
Full name
✔
✔
Clinic address
✔
✗
Phone number
✗
✗
Email address
✔
✗
Greeting
✔
✗
Handwritten signature
✗
✗
Nationality
✗
✔
Identification document
✔
✔
Administrative Personnel
First and last names
✔
✗
Email address
✔
✗
Doctors they assist
✔
✗
Patient
Identification number
✗
✔
Patient's name
✗
✔
Nationality
✔
✔
Email address
✔
✗
Phone number
✗
✗
Associated insurances
✗
✗
Sex
✗
✔
Date of birth
✔
✔
Address
✗
✔
Marital status
✗
✗
Religious affiliation
✗
✗
Occupation
✗
✗
Education level
✗
✗
Country of residence
✗
✗
Biometric data
✗
✗
Vital signs measurement
✗
✔
Medical history
✗
✔
Medical consultations
✗
✔
Prescription requests
✗
✔
Pre-authorization requests
✗
✔
Data Obtained from the Platform
IP address
✔
✗
User agent
✔
✗
Cookies
✔
✗
Date and time of access
✔
✗
Date and time of data modification
✔
✗
Geolocation
✗
✗
It should be reiterated that we will generally process this data as Data Processors. However, we present this information for the knowledge of any Data Subject who wishes to understand in greater detail the scope of our services.
3.7 Cookies
We may collect and store details (e.g., language, postal code, area code, unique device identifier, referring URL, location, and time zone) about how you use our services through cookies, including search queries, to improve the relevance of the results delivered. All results, analyses, and projections of Data Subjects that Osigu conducts may be shared with third parties, without this implying the commercialization of personal data, as long as no specific user is referenced. These results will be used to evaluate user preferences, trends, and tastes.
The use of cookies allows us to: (i) provide you with a better experience when navigating our website; and (ii) improve our services and offer many features that make your browsing experience easier. A cookie is a small text file that a web server places on your device, which we store in your browser or on your computer's hard drive with your consent.
The "Help Menu" in the menu bar of most browsers will indicate how to prevent your browser from accepting new cookies, how to make the browser notify you when it receives a new cookie, and how to completely disable cookies. You can also disable or delete similar data used by browser add-ons, such as Flash Cookies, by changing the settings of the add-on or visiting the developer's website.
You can block cookies by activating the setting on your browser that allows you to refuse the installation of all or some cookies. However, if you use your browser settings to block all cookies (including essential ones), you may not be able to enjoy fully the interactive features of our website.
4. In legal terms, this is what you need to know
4.1 Rights of the Data Subject
We care about your security and recognize that each Data Subject has rights over their personal information:
- Access to information: The right of the Data Subject to access information generated, managed, or held by Osigu.
- Correction of personal information: The right to know what is recorded in Osigu's databases and to correct or rectify the information when deemed necessary.
- Exclusion of certain personal data: The right to request the exclusion of your personal information from Osigu's database at any time, provided you have stopped using Osigu's services.
- Confidentiality of collected information: Personal information or sensitive data is used exclusively by us and is not sold to third parties, ensuring the confidentiality of such information.
Right of the Data Subject
Guaranteed by Osigu
Access to your information
Yes
Correction of personal information
Yes
Exclusion of certain personal data
Yes
Confidentiality of collected information
Yes
4.2 Exercise of rights
Without prejudice to other specific laws in each jurisdiction, only the Data Subjects of personal or sensitive data, or their legal representatives, may request a copy and access to the data that Osigu uses.
Unless otherwise provided by each jurisdiction, this information will be delivered within fifteen (15) business days from the request submission, in an understandable format, or, if not possible, it will be communicated in writing that no data of the Data Subject is processed.
The Data Subjects or their legal representatives may request the update of their data in any information system. To do this, they must submit a request for updating, specifying the desired modifications and providing the documentation that supports their request. Osigu commits to providing a resolution within no more than fifteen (15) business days, either confirming the modifications or explaining the reasons why they cannot proceed.
The Data Subject may request the exclusion and confidentiality of their personal data once they have canceled the use of all products and services of Osigu. In the event of requesting confidentiality and data exclusion, Osigu will evaluate whether there are data that must be disclosed to public authorities for legitimate reasons, if they are subject to legal retention, or if there is still legal grounds to process such data; otherwise, Osigu guarantees that your information will be permanently deleted in accordance with the provisions of each jurisdiction.Any request to exercise the rights of the Data Subject may be directed to Osigu through the contact details provided in this document. These requests will be attended to at no cost within a period not exceeding fifteen (15) business days and will be handled and reviewed by the Personal Data Protection Officer (PDPO), designated by Osigu for these purposes, who may contact the data subject.
4.3 Consent Clause and Disclaimer
The Data Subject expressly acknowledges that the entities Ugiso S.A.S. and Osigu CO S.A.S. in Colombia, Osigu Inc in the United States, Vielcom Capital S.A. in Guatemala, Paycode ESP S.L. in Spain, Krafa S.A.S. in the Dominican Republic, and Osigu BR Tecnologia Ltda. in Brazil, as well as all their current or future direct or indirect subsidiaries and affiliates, may collect usage data and certain personal information in order to operate the web platform, as provided in this Privacy Policy.
5. Who do we share your
personal data with?
Osigu will not share your personal data without your authorization, unless required by law or when one of the exceptions stipulated by the applicable law of each jurisdiction applies. We restrict access to your personal data, allowing only employees, contractors, and agents who need to know such information to operate, develop, or improve our activities to access it. These individuals are subject to confidentiality obligations.
Your personal data may be transferred or transmitted to destinations outside the territory of the relevant Osigu company to carry out our economic activity. They may also be handled by outside personnel working for us, for other entities in our corporate group, or for our service providers. We will take all necessary measures to ensure that your data is handled securely and in accordance with this Policy.
If Osigu is involved in a merger, spin-off, alliance, acquisition, or any form of sale of some or all of its assets that alters its corporate structure, your personal data will not be transferred to third parties unless adequate safeguards regarding the security of your data are provided.
6. Security Measures
Osigu and its subsidiaries process your personal data with the highest security and confidentiality measures. Some of these measures include:
- Security measures applied to database processing.
- Protection of data access through passwords and roles with different authority levels.
- Protection of integrity through the implementation of digital signatures.
- Encryption and bit-salting to ensure password security.
- Ensuring the complexity of user passwords.
- Monitoring activities carried out on the platforms and their data through a detailed log.
- Recovery and redundancy procedures.
- Encrypted storage of backup copies.
- Encryption and password protection of the devices used to process the data.
- Other specific mechanisms.
7. Personal Data Protection Officer
We would like to inform you that, to protect the privacy of your information, Osigu has designated a Personal Data Protection Officer (PDPO). The PDPO will be responsible for ensuring compliance with this Privacy Policy, as well as its complementary annexes and for guaranteeing the exercise of your rights as the data subject.
8. Questions About Your Privacy
If you have any questions regarding Osigu's Privacy Policy, you can contact us via email at privacy@osigu.com or through our Intercom chat to resolve any inquiries. When we receive queries related to privacy or personal information, we have a team of specialists who assess your questions and provide assistance. If your inquiry is of a more complex nature, we may request additional information from you.
9. Modification of the Privacy Policy
Osigu reserves the right to modify this privacy policy at any time. It is recommended to review this page frequently, using the date of the last update indicated at the end as a reference. If the changes affect the processing activities conducted under the consent of the Data Subject, Osigu will obtain, if necessary, the new consent of the Data Subject.
10. Annexes
10.1 ANNEX I - SUPPLEMENTARY PRIVACY POLICY – COLOMBIA
10.2 ANNEX II - SUPPLEMENTARY PRIVACY POLICY – BRAZIL
10.3 ANNEX III - SUPPLEMENTARY PRIVACY POLICY – DOMINICAN REPUBLIC