Top bar

Se encuentra usted aquí

chat bot

Tramites y servicios menu secundario

Business establishments may not abuse the request for personal data

1 Septiembre, 2020

According to the SIC, the establishments that request personal data must:


- COMPLY WITH the regulation of personal data processing. The resolutions of the Ministry of Health and Social Protection do not suspend the fundamental right to data protection.


- When collecting personal data, it should be taken into account that:


  • You can NOT use deceptive or fraudulent means for the collection and processing of personal data.
  • The person must be informed of the specific purpose of the data collection.
  • You can NOT collect any data, except those that are relevant for the purpose for which they are required.
  • DO NOT collect data other than those expressly required by the Ministry of Health and Social Protection to comply with the biosafety protocols.
  • Except in the cases provided by law, personal data may not be collected without prior, express and informed authorization from the owner.


- INFORM citizens of the specific rule that orders the collection of data and keep said information visible and available.


- IMPLEMENT the technical, human and administrative measures that are necessary to grant security to personal data, avoiding its adulteration, loss, consultation or unauthorized or fraudulent access.


- INFORM citizens about the Information Processing Policy (PTI), which must include the mechanisms and procedures for people to exercise their rights to know, update, rectify and / or delete their data.


- LIMIT the temporality of the data collected to comply with the biosafety protocols issued by the Ministry of Health and Social Protection, which may only be stored for the reasonable time necessary to comply with said protocols. Once the purpose has been fulfilled, the Responsible for the Processing of Personal Data must ex officio delete the data collected.


- GUARANTEE the security of sensitive data, the collection, use, circulation and treatment of these must be surrounded by special care and diligence in their collection, use, security and / or any other activity performed with them. It should be noted that NO activity may be conditioned on the owner providing sensitive personal data.


- REGISTER the databases in the Superintendence of Industry and Commerce, in the event that new databases are created to comply with the protocols, these must be registered before the National Registry of Databases (RNBD) two months later of its creation.


The instructions given by the Superintendence of Industry and Commerce are preventive and mandatory and of immediate execution, Non-compliance and non-observance of these instructions can be reported to this Authority, in addition to leading to the initiation of administrative investigations.