Privacy and Data Protection Policy
Purpose
This Policy governs the processing of personal data and sensitive data provided by users (hereinafter, the “Users”) to BeFree Mental Health S.A.S. (hereinafter, “BeFree”) in the use of its web platform and mobile application (the “Platform”), in accordance with:
Law 1581 of 2012 and Decree 1377 of 2013 (personal data protection).
Resolution 1995 of 1999 (medical records).
Law 23 of 1981 (medical ethics) and Law 1090 of 2006 (psychology).
Data Controller
The entity responsible for data processing is BeFree Mental Health S.A.S., domiciled in Manizales, Colombia.
Phone: +57 315 018 0937
Email: info@befreehealth.ai
Data Subject to Processing
BeFree and, when applicable, the Professionals (associated psychologists and psychiatrists) may collect and process Users’ personal data, including sensitive data related to their mental health, exclusively for the purposes authorized in this Policy.
Purposes of Data Processing
Personal data will be used for the following purposes:
To enable access, use, and operation of the Platform.
To facilitate the connection between Users and Professionals.
To manage administrative, technical, and support processes.
To comply with legal and regulatory obligations.
To conduct statistical and mental health research studies, always in anonymized form.
To handle crisis cases and, if a life-threatening risk is identified, to share the necessary information with EPS, IPS, emergency hotlines, or competent authorities to protect the life and integrity of the User.
Guiding Principles
The processing of personal data at BeFree is governed by the principles of legality, purpose, freedom, accuracy, transparency, restricted access and circulation, security, and confidentiality.
Rights of Data Subjects
Users, as owners of the information, have the right to:
Know, update, and rectify their data.
Request proof of the authorization granted.
Be informed about the use of their data.
Revoke the authorization and/or request the deletion of their data when there is no legal obligation of retention.
Access their processed data free of charge.
Authorization for Processing Sensitive Data
The processing of sensitive data related to health requires the User’s express, prior, and informed consent, through a digital or physical form, in compliance with applicable regulations.
Clinical Records and Data Derived from Healthcare
The clinical record, as well as the management of data derived from healthcare, will be the sole and exclusive responsibility of the treating psychologists, psychiatrists, and/or allied IPS providing the service.
BeFree acts only as a technological intermediary to facilitate the connection between Users and Professionals, without intervening in the generation, custody, or preservation of medical records.
Professionals and allied IPS must ensure compliance with Resolution 1995 of 1999 and other applicable regulations regarding the custody and preservation of clinical records.
Data Transfer and Transmission
Personal data will not be assigned, sold, or transferred to third parties without the User’s prior authorization, except in cases provided by law (e.g., judicial or administrative obligations, or life-threatening situations).
Any international transmission of data will comply with the provisions of Law 1581 of 2012.
Modifications to the Policy
BeFree may modify this Policy to adapt it to regulatory or operational changes.
Any modification will be published on the Platform and notified to Users.
Information Security
BeFree implements technical, human, and administrative measures to ensure the confidentiality, integrity, and availability of data, including encryption, access control, and contingency protocols.
Applicable Law and Jurisdiction
This Policy is governed by Colombian legislation. For purposes of disputes, the parties submit to the courts and tribunals of the city of Manizales, Colombia.
BeFree Mental Health S.A.S.
NIT 901.816.798-1
Av. Santander 62-39, Oficina 502B, Manizales, Caldas, Colombia
Correo: info@befreehealth.ai
