The Makati Health Department (MHD), a department of the City Government of Makati (CGM), is committed to respecting your rights over your personal data. MHD seek to adhere to the general privacy principles of transparency, legitimate purpose, and proportionality whenever we process your data, and we ensure that they will be protected in accordance with the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and other applicable laws (“Data Privacy Laws”).

This Data Privacy Notice (“Privacy Notice”) describes how we collect, use, store, disclose, dispose and protect your personal data in connection with this MAKATI HEALTH - MEDICAL SERVICES.

The words “personal data,” “personal information,” “sensitive personal information,” “processing of personal data,” and other related terminologies in this Privacy Notice are used in the same context as they are found in the Data Privacy Laws. Please refer to the following definition:

• Personal data pertains to all kinds of information – personal, sensitive personal, and even privileged or confidential information.
• Personal information is any information or set of information that can be used to identify an individual or reasonably and directly identify an individual but is not considered sensitive personal information.
• Sensitive Personal Information is any information about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations; individual’s health or education; about any criminal, civil or administrative proceeding of an individual; unique government-issued identifiers; and those established by law as classified, as Section 3(1) of the DPA.
• Processing of Personal Data refers to any operation or operations performed upon personal data including, but not limited to, the collection, use, storage, disclosure, or disposal.

The MHD process your personal data based on various laws and other government regulations, but are not limited to the following:

1. Data Privacy Act of 2012 (R.A. No. 10173);
2. Sanitation Code of the Philippines (P.D. No. 856);
3. Universal Health Care Act (R.A. No. 11223);
4. COVID-19 Vaccination Program Act of 2021 (R.A. No. 11525);
5. VaxCertPH (Joint Administrative Order No. 2021-001);
6. DOH Memorandum, Circulars, and Administrative Orders;
7. Philippine Disaster Risk Reduction and Management Act of 2010 (R.A. No. 10121);
8. Mandatory Reporting of Notifiable Diseases and Health Events of Public Health Concern Act (R.A. No. 11332)
9. Philippine Health Research Ethics Board

Basis for Personal and Sensitive Personal Information

1. your consent, in such case, you may withdraw your consent to the processing of your personal data anytime by sending your request to our Data Protection Officer with contact details provided below;
2. our need to comply with a legal obligation;
3. the existence of a legitimate business interest;
4. the necessity to protect your interests, including his or her life and health;
5. in the exercise of our government duties and functions;
6. the requirement of existing laws and regulations;
7. the necessity to protect life and health;
8. the need for medical treatment; and
9. for protection of lawful rights and interests in court proceedings, establishment, exercise, or defense of legal claims.

MHD may collect the following personal data from you:

1. Personal contact information: Complete name, permanent and present home address/es, personal mobile and home number, personal email address or any other information that would allow the MHD to contact you.
2. Signature
3. Demographic information: Date of birth, age, gender, birth place, citizenship, nationality, marital status, educational background
4. Health information: Height, weight, medical images and claims data, health or life insurance identification or account or policy number, information about physical state (e.g. disability, illness, medical conditions), information about mental state, information about psychological state, drugs, therapies, or medical products or equipment used, genetic test results or information, blood type, allergies, lifestyle, family health or morbidity history, personal, social and sexual history, sexual behavior or sexual preference, obstetric and menstrual history, immunization history, vaccination doses
5. Employment information: Occupation/title, Employee’s health certificate, personal details
6. Business information:Company Name, Company Profile, Business ID, Business Permits, Billing Assessment, Official Receipt, other Government-issued data, Company Credentials, Certification/Licenses
7. Government issued identifiers: SSS, GSIS, Phil-Health, Tax Identification Numbers, Makati Health Plus, Makatizen
8. Family information: Parent/s’ name, spouse's name, date of marriage, spouse's address, number of children, age or/ and gender of children
9. Other sensitive personal information, emergency contact, and waiver as provided by the Data Subjects
10. Patient or Client’s feedback, opinions or comments on our medical services when you reach us via our contact numbers, email addresses, and through social media platforms.

MHD only collects your personal data needed to serve you effectively. We will only use your personal data:

1. Providing Services: To fulfill your requests, process transactions, deliver products or services, ensure protection of the blood donor and benefit to the recipient, avoid hindrances of emergency operations, provide customer support and continuity of care.
2. Communication: For identification and to communicate with you, respond to your inquiries, send important notices, endorsement to each section and teams of MHD, provide updates regarding our products, services, and policies, and establish a systematic process in handling complaints.
3. Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to protect our rights, privacy, safety, or property, as well as those of our users or the public.

MHD may disclose and share your personal information to the following:

1. Data Subject: Upon his/her request and/or his or her authorized representative armed with special power of attorney or authorization letter.
2. Service Providers: We may engage trusted third-party service providers to perform functions and process personal data on our behalf. These providers are bound by contractual obligations to protect your personal information.
3. Service Regulators: In certain cases, we may be required to share your personal data with regulatory authorities or industry-specific regulators to comply with applicable laws, regulations, or licensing requirements.
4. Other Department or its Affiliates and Government Agencies: We may disclose personal data if required by the requestor for their legitimate medical purpose.
5. Legal Compliance and Protection: We may disclose personal data if required by law, legal process, or regulatory authorities, or if we believe such disclosure is necessary to protect our rights, safety, or property, or the rights, safety, or property of others.

MHD will retain your personal data collected through this process for as long as necessary to fulfill the purposes for which they were collected. Further, our retention period and disposal policy shall be governed by various laws and government regulations, such as but not limited to:

1. DOH Department Circular 2021-0226, “Dissemination of the Approved Records Disposition Schedule (RDS).”
2. R.A. No. 9470 or the “National Archives Law of the Philippines” and its IRR.
3. DICT “Vaccination Administration System” (DVAS 3.0/DVAS-M)
4. CGM Data Privacy Manual (Record Retention Schedule and Retention and Disposal Policy)
5. MHD Retention and Disposal Policy

After the expiry of the retention period, we will securely destroy your personal information in accordance with applicable laws, regulations and internal policies or manuals. The disposal of data may include deletion, anonymization, shredding of documents, or other appropriate means to ensure that your personal data cannot be reconstructed or accessed in the future.

MHD implements reasonable and adequate technical, physical, and organizational security measures to protect personal data from unauthorized disclosure, misuse, alteration, loss, or destruction.

We implement the following mechanisms to protect your data:

1. Storage of physical documents in locked rooms or locked filing cabinets, while the digital copies are stored in a designated terminal with authorized personnel having access to it.
2. Password policies for files, limited cloud access, encryption, access controls, firewalls, regular security assessments, and
3. Use of privacy tools and facilities to protect all collected data in whatever form;
4. Formulation and implementation of responsive and relevant data privacy and data security policies within the organization;
5. Ensuring that third parties who are processing personal data for us or to whom we disclose your personal data comply with the requirements of the Data Privacy Laws through proper transfer risk management measures; and
6. Management of Human Resources through access control policy, contractual confidentiality clauses, internal training and awareness campaigns, certification, and memberships in professional organizations.

    Your personal data, which are all under the exclusive access and control of the MHD, are securely and surely stored in the following:

1. computer systems;
2. database;
3. a third-party cloud provider; and
4. physical documents stored and kept within MHD office premises and Health Center Facilities.

Under the DPA, you have the following rights:

• Right to be informed. You have the right to be informed of how your data is collected, stored, shared, and disposed of and be furnished with such information before you disclose your information. You can learn how we process your data through this Data Privacy Notice.
• Right to object. You have the right to object from giving consent to the processing of your personal data or withdrawing the same after that.
• Right of access. You have the right to ask for information on how we use, store, disclose or protect your personal data.
• Right to rectification. You have the right to ask us to modify or correct your personal data when the same is inaccurate, outdated, or false. You also have the right to ask us to complete information you think is incomplete.
• Right to erasure or blocking. You have the right to request us to delete your personal data in some instances or have us stop using your data for specific purpose/s.
• Right to data portability. You have the right to ask that we transfer your personal data to another organization or you in certain circumstances.
• Right to file a complaint and ask for damages. If you think that your rights as a data subject have been violated, or if you sustained damages due to any inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal information, you may escalate your concern to our Data Protection Officer so we can assist you. If we fail to resolve your complaint or are unsatisfied with how we handle the matter, you have the right to file a complaint with the National Privacy Commission (NPC).

This privacy notice is under regular review to ensure it is up-to-date and accurate. This notice and any updates, amendments, or supplements to it are available through copies posted in Barangay Health Centers, MHD offices and clinics, as well through CGM’s social media platforms.

Any changes to this privacy notice shall be disseminated through MHD Offices and Health Centers’ postings, e-mail addresses, and social media platforms.

Data Privacy Notice: MAKATI HEALTH - MEDICAL SERVICES