PRINCIPLES
We take the protection of your personal data seriously and the protection of your personal data is of utmost importance to us. Our platform complies fully with all data protection laws including the Data Privacy Act of 2012 ("DPA") in the Philippines.
The key principles that govern our treatment of your personal data are as follows:
We will ensure the security and confidentiality of any personal data our users share with us
We will permit only authorized personnel, who are knowledgeable in the handling of customer data, to have access to that data
We will not reveal customer data to any third party unless we have previously informed our users in disclosures or agreements and have subsequently secured their consent and authorization to do so
In the sections below, we briefly explain why and how we collect and protect your personal data.
WHY WE COLLECT PERSONAL DATA
In general, our platform collects, uses, and discloses personal data for the following purposes:
To allow our algorithms to properly process submitted responses so that we may present the best-fit recommendation in terms of actions the user may take. This includes calculating a user’s age to use the data point as part of the diagnosis, as well as collating location information to automatically narrow down the displayed recommended health care facilities
To access the results right away, the absence of result password in the PDF is removed since the results are sent to the nominated email address of the patient
To be used in research and analysis both internally and upon forwarding said data to the Department of Health (DOH) and other relevant institutions to provide insight during decision-making, policy-creation, and solutions-generation.
WHAT WE COLLECT FROM YOU
Your personal data is information about you that is used explicitly to determine your identity. It includes information such as your name, birth date, location, contact information, past behavior, and health. Any personal data, anonymous or otherwise, will be collected, used, and stored in accordance with the DPA.
HOW WE MAY SHARE YOUR DATA WITH THIRD PARTIES
As part of our objective of helping the public and promoting the common good, all data we collect will be forwarded to the pertinent government agencies and official institutions such as the DOH.
Further, if the user explicitly provides their authorization, the platform will automatically forward pertinent user data to nearby health care facilities and institutions, in order to notify health care professionals of a possible case that requires management.
All external parties are also subject to the DPA and are integrated into our data protection concept.
HOW WE PROTECT YOUR DATA
We strictly enforce data privacy and information security policies. We implement technological, organizational, and physical security measures to protect your personal data against loss, misuse, modification, unauthorized or accidental access or disclosure, alteration, or destruction. We put safeguards such as the following:
We keep and protect data using a secured server behind a firewall, deploying encryption on computing devices and physical security controls
We restrict access to your personal data only to qualified and authorized personnel who hold your personal data with strict confidentiality
We train our staff to properly handle your data and
We require our third parties to protect personal data aligned with our own security standards.
HOW DO WE STORE AND DISPOSE OF YOUR PERSONAL DATA
Al Molecular Diagnostic Laboratory Inc. stores personal data in a data center (on-premises and cloud) and physical document storage facilities.
It retains personal data only according to operational need and in compliance with legal and regulatory purposes. Our data retention and disposal policy is in accordance with R.A. 9470 (National Archives of the Philippines Act) and BSP regulations. In general, the Bank shall only retain your data for five (5) years after the processing relevant to the purpose has been terminated.
YOUR DATA PRIVACY RIGHTS
Under the Data Privacy Act, you have the following rights:
Right to be informed;
Right to object;
Right to access;
Right to rectify or correct erroneous data;
Right to erase or block;
Right to secure data portability;
Right to be indemnified for damages; and
Right to file a complaint.
DATA BREACHES & SECURITY INCIDENTS
Data Breach Notification
All employees and agents of the Office involved in the processing of personal data are tasked with regularly monitoring for signs of a possible data breach or security incident. In the event that such signs are discovered, the employee or agent shall immediately report the facts and circumstances within twenty-four (24) hours from his or her discovery for verification as to whether or not a breach requiring notification under the Data Privacy Act has occurred as well as for the determination of the relevant circumstances surrounding the reported breach and/or security incident. The employee or agent shall notify the National Privacy Commission and the affected data subjects pursuant to requirements and procedures.
The notification and the affected data subjects shall at least describe the nature of the breach, the personal data possibly involved, and the measures taken by the Office to address the breach. The notification shall also include measures taken to reduce the harm or negative consequences of the breach. The form and procedure for notification shall conform to the regulations and circulars issued by the National Privacy Commission, as may be updated from time to time.
BREACH REPORTS
All security incidents and personal data breaches shall be documented through written reports, including those not covered by the notification requirements. In the case of personal data breaches, a report shall include the facts surrounding an incident, the effects of such incident, and the remedial actions taken by the personal information controller. In other security incidents not involving personal data, a report containing aggregated data shall constitute sufficient documentation. These reports shall be made available when requested by the National Privacy Commission. A general summary of the reports shall be submitted to the National Privacy Commission annually.
LIABILITY
In no event that the company will be held liable for any indirect, incidental or special or consequential damages incurred by any third party, whether in an action in contract or tort, even if such party has been advised of the possibility of such damages.
HOW YOU MAY CONTACT US
If you have any questions or recommendations about data protection, please contact us at (+632) 7 617 0524.