Privacy Policy

Amphora Health Unified Privacy Policy

In compliance with the provisions of the Mexican Federal Law on Protection of Personal Data Held by Private Parties (the “Law”) and the Regulations of the Law (the “Regulations”), we make this Privacy Policy available to you (hereinafter, the “Privacy Policy”) in the following terms:

I. IDENTITY AND ADDRESS OF THE ENTITY DATA CONTROLLER FOR THE PROTECTION OF PERSONAL DATA

Ánfora Salud, S.A.P.I. of C.V. hereinafter “Amphora Health” has designated a department in charge of the management, compliance and protection of Personal Data (“Office of Legal Affairs”), which will process your requests and promote the protection of Personal Data within Amphora Health. Contact details and receipt of related information and documentation:

Email: legal@amphora.health

Address: Batallón Independencia 80, Col. Chapultepec Norte, Morelia, Michoacan, Mexico.

Telephone: +52 443 304 6300

Attention: General Counsel of Amphora Health

This privacy policy applies to (1) Suppliers, (2) Collaborators, (3) people who visit Amphora Health physical offices, and (4) users of the following websites (4.1) Amphora Health: www.amphora.health, www.amphorahealth.com, www.anforasalud.com; (4.2) Beluga Science: www.beluga.science, www.belugascience.com, www.beluga.bio; and (4.3) Vaquita EHR: www.vaquita.health, www.vaquitasalud.com.

For the purposes of the provisions of the Law and other applicable legislation, the Owner states: (i) that this Privacy Policy has been made known to him/her by Amphora Health; (ii) to have read, understood and agreed to the terms set forth in this Privacy Policy, for which consent is granted for the processing of its Personal Data. In the event that the Personal Data collected includes assets or financial data, by signing the corresponding agreement, either in printed format or using electronic means and its corresponding processes for the formation of consent, steps will be taken to collect the express consent of the Owner; and (iii) that he/she gives his/her consent for Amphora Health or the Data Managers to make transfers and/or remissions of Personal Data in terms of section V of this Privacy Policy.

It will be the Owner’s sole responsibility to update its Personal Data, as well as its veracity and accuracy. At all times it is assumed in good faith that the information has been provided by its legitimate owner or entitled legal holder for such purpose, in both cases in legal age, so Amphora Health will not be Data Controller for such Persona Data except in the terms established in this Privacy Policy.

III. COLLECTED PERSONAL DATA.

Amphora Health may collect the following personal data (the “Personal Data”), namely: full name, landline or mobile phone and email; address and references; medical, health and/or conditions data; related to our employees, we may collect: social security number, referrals and/or professional backgrounds.

IV. PURPOSE OF PROCESSING OF PERSONAL DATA.

The Data Controller collects Personal Data for the following purposes:

Primary purposes. Amphora Health will process Owner’s Personal Data in order to carry out the activities and efforts focused on the fulfillment of the obligations arising and derived from any legal and/or contractual relationships established by reason of the provision of its services or delivery of products, such as: data processing; databases processing; data intelligence. Also, the fulfillment of the obligations arising and derived from any legal and/or contractual relationships with our employees.

Secondary purposes. Likewise, Amphora Health will process Personal Data for other purposes such as sending offers, notices; conduct surveys; get statistics; generate studies; etc.

The Owner may oppose the processing of his/her Personal Data for secondary purposes through the means made available to him/her in order to exercise access, rectify, cancel and/or oppose rights (“ARCO Rights”). If You do not object within five business days after your Personal Data was collected, it will be understood your implicit consent was provided.

V. TRANSFERS AND/OR REFERRALS OF PERSONAL DATA.

By signing and/or accepting this Privacy Policy, You expressly authorize Amphora Health to transfer electronically and/or physically your Personal Data to third parties related to Amphora Health and provide you with the products or services that you have required or for which you have registered.

Amphora Health will transfer the Personal Data provided or that has been received legitimately, regardless of the source, when required by judicial order or to comply with the obligations derived from legal relationships entered into by Amphora Health for the benefit of the Owner. When providing your Personal Data, You release Amphora Health from any liability that may occur by collecting or transferring your data in compliance with the provision of the service you receive.

Personal Data can be transferred and processed inside and outside the country, by people other than Amphora Health. In this sense, your Personal Data may be shared with our allies, suppliers, contractors, business partners and/or third parties with whom Amphora Health has entered into or concludes various agreements both in Mexico and/or abroad, to send, at Amphora Health’s sole discretion, provide services related to the purposes of the Data Processing; conduct research and in general to improve Amphora Health’s services. Your Personal Data may also be collected, transferred, stored and processed in a country other than where it was provided. If we do, we transfer the information in accordance with the applicable data protection laws and having entered into data transfer and/or remission agreements, establishing the data protection obligations in terms of this Privacy Policy. We take steps to protect Personal Data regardless of the country where it is stored or where it is transferred. We have timely procedures and controls to seek this protection.

VI. MEANS TO LIMIT THE USE OR DISCLOSURE OF YOUR PERSONAL DATA.

Amphora Health will protect Personal Data under strict administrative, technical and physical security measures that have been implemented in terms of the Law and its Regulation, in order to protect and guarantee Personal Data against damage, loss, alteration, destruction or misuse, access or treatment.

However, Amphora Health does not guarantee that unauthorized third parties will not have access to the physical or logical systems of the Owners or the Data Controller or in the electronic documents and files stored in their systems. Therefore, Amphora Health will not be liable in any case for the damages that may arise from such unauthorized access.

The Owner or its duly accredited legal representative may limit the use or disclosure of the Personal Data through the same means and procedures provided for the exercise of ARCO Rights. In the event that such a request is appropriate, the Owner will be registered in the exclusion list generated by Amphora Health to stop receiving information related to Secondary Purposes of Processing.

Likewise, if the Owner considers that Amphora Health has violated the right to the protection of Personal Data, he/she can attend Mexico’s National Institute of Transparency, Information Access and Personal Data Protection (“INAI”).

VII. PROCEDURE TO EXERCISE ARCO RIGHTS.

At all times, the Owner may exercise its ARCO Rights in order to access, rectify, cancel or to oppose the treatment of the Personal Data or revoke the consent previously provided. For this, You must submit a request in free format containing the following information and documentation:

  1. Name of the Owner, address, email or other means to communicate any response
  2. Valid documents that prove identity (copy in printed or electronic format of your voting card, passport) or, where appropriate, the legal representation of the Owner (copy in printed or electronic format of the power of attorney with autograph signature of the Owner, the agent and their corresponding official valid identifications - voting card or passport)
  3. The clear and precise description of the data for which the ARCO Rights are exercised, and
  4. Any other element or document that helps the location of the Owner’s Personal Data.

In the case of requests for rectification of Personal Data, the Owner must also indicate the modifications to be made and provide the documentation that supports your request. To comply with the obligation of access to your Personal Data, it will be done after accreditation of the identity of the Owner or the representative’s personality, making the information available on site at the address of the Data Controller. If the requested information allows it, another means may be agreed between the Owner and the Data Controller.

For the request of the format, reception and response of the requests to exercise the ARCO Rights, the revocation of consent and the other rights provided in the Law, you can contact the Office of Legal Affairs as mentioned in point I of this Privacy Policy.

In the event that the information provided in the request is not accurate or insufficient or the corresponding accreditation documents are not accompanied, Amphora Health may request, within five business days of receipt of the request, that the Owner provide the elements or documents necessary to process it. The Owner will have ten business days to meet the complementary request, counted from the day after it has been received. If no response is given within this period, the corresponding request will be considered as not filed.

Amphora Health will respond to the Owner within a maximum period of twenty business days, counted from the date the request was received, so that, if appropriate, it becomes effective within fifteen business days after the response is communicated. In all cases, the response will be given by the same means through which the request was submitted or, where appropriate, by any other means agreed with the Owner. The aforementioned time periods may be extended in terms of the Law.

VIII. COLLECTION OF DATA WHEN BROWSING ON AMPHORA HEALTH SITES AND WEB PAGES.

Amphora Health may collect Personal Data through its website, or through the use of automatic data capture tools. These tools allows Amphora Health to collect the information that your browser sends to the website, such as the type of browser you use, the language of the user, the access times and the IP address of the websites that you used to access the Data Controller’s sites, or their Data Managers’ sites. These data are collected in order to identify the client and provide a better service during the time they use the website.

Cookies, Web beacons, and links in emails may be among the automatic data capture tools used by Amphora Health on its website.

Use of Cookies. The correct functioning of the Amphora Health sites requires You to enable “cookies” in your Internet browser. Cookies are small data files transferred by the website to your computer’s hard drive when you browse the site. In most browsers, cookies are automatically accepted by default, you can adjust your browser preferences to accept or reject cookies. Disabling cookies may disable various functions of Amphora Health website or it may not be displayed correctly. In case you prefer to delete cookies, you can delete the file at the end of each browser session.

Use of Web beacons. Also known as internet tags, pixel tags, and clear GIFs. Amphora Health may use Web beacons, alone or in combination with cookies, on its website and in its HTML emails to collect information on the use of the website and its interaction with email. The Web beacon is an electronic image, called a single pixel (1x1) or GIF that can recognize information that is processed on your computer, such as cookies, the time and date that the site and its sections are viewed.

Links in Amphora Health emails. The emails may include links that allow Amphora Health to know if you activated this link and visited the destination website, and this information may be included in your profile. They can also include links designed to direct you to the relevant sections of the website.

At all times you can revoke the consent that you have given Amphora Health for the treatment of your Personal Data with the purpose to stop using them. For this, it is necessary that you submit your request as indicated in the section “Limitation of the use or disclosure of personal data” of this Privacy Policy.

The request must indicate:

  1. Name of the Owner and address, email or other means to communicate the response to your request;

  2. Valid documents that prove your identity (copy in printed or electronic format of your voting card or passport) or, where appropriate, the legal representation of the Owner (copy in printed or electronic format of the power of attorney with autograph signature of the Owner, the agent and their corresponding official valid identifications – voting card or passport);

  3. The clear and precise description of the Personal Data seeking to revoke consent and any document that facilitates the location of such Personal Data.

In a term of twenty days we will give You an answer about the origin of the same, by the means that you have indicated in the request itself. The term will run from the date that Amphora Health becomes aware of your request until the date on which the document is delivered to the postal service, the corresponding email is sent, or the means of contact that you have provided.

Likewise, You acknowledge that after the period of one year counted from the date that Amphora Health does not require your information for the fulfillment of its obligations, regarding the relationship that unites it with you, Amphora Health will reserve the right to cancel the information containing your Personal Data from its database and may delete it from its database and, where appropriate, destroy any physical or electronic means that may contain it.

X. DATA PROTECTION LAWS.

The Data Controller complies with and/or refers to Data Protection laws in the relevant jurisdictions (depending on the Owner’s citizenship), including but not limited to Mexico’s Personal Data Protection Federal Law, Europe’s General Data Protection Regulation and United States’ Health Insurance Portability and Accountability Act.

XI. CHANGES OR AMENDMENTS TO THE PRIVACY POLICY.

Amphora Health reserves the right to change, modify or amend this Privacy Policy in the future. In any case, any change, amendment or modification will be communicated to you via email and/or by publishing it on the website amphorahealth.com/privacy.

Amphora Health will not be a Data Controller in the event that the Owner does not receive the aforementioned notification of change in the Privacy Privacy Policy if there is a problem with your email account or data transmission over the internet. However, for your security, the current Privacy Privacy Policy will be available at all times on the website indicated previously.

The Data Controller understands that in case the Owner does not express otherwise, it means that You have read, understood and agreed to the terms set forth therein; in other words, Amphora Health understands that you have expressed your consent to changes, amendments or modifications and/or updates regarding the processing of your Personal Data.