Privacy Notice

CLINICA PRIME CEBU, INCORPORATED (“Clinica Prime”) is committed to protect and respect your personal data privacy. We are at the forefront of not only implementing but also complying with Republic Act No. 10173, or the Data Privacy Act of 2012, and its implementing rules and regulations.

This Privacy Notice is not a consent form but describes how Clinica Prime collect and process your personal information through the Clinica Prime website.

Moreover, this Privacy Notice applies to the personal data that we collect and handle for the purposes of maintaining and providing medical service-related information to the visitors of this website. For the purposes of this Privacy Notice, “personal data” means any information relating to an identified or identifiable individual.

SERVICES WE PROVIDE

CPCI provides medical, diagnostic and laboratory services (see full list), such as:

(1) Lifestyle Medication Services (Executive Panel)

(2) Medical Consultation Services (Dental, Primary Care, Family Medicine, Internal Medicine, OB-Gyne, Cardiology, Pulmonology, among others)

(3) Women Care Services (Pre-Natal Profile, Women Care Profile)

(4) Corporate Health Services (Annual Physical Examination, Pre-employment Medical Examination, Remote Drug Testing)

(5) Dental Services (Oral Prophylaxis, Veneers, Ligh cure Fillings, Extraction, Fiber Post Installation, Dowel Installation)

(6) Imaging/Ultrasound Services (Radiology/X-ray, Biophysical Profile, BPP with Cervical Length)

(7) Laboratory Services (Hematology, Clinical Microscopy, Immunology, Serology (Qualitative), Bacteriology/Microbiology, Cytology, Clinical Chemistry, Drug Test, Special Chemistry)

(8) Cardiology (treadmill Stress Test, 24-Hour Holter Monitoring, 24-hour BP Monitoring, 2D Echo, ECG)

(9) Vaccination (Influenza (Influenza (FI), Pneumococcal, Shingles, anti-Tetanus, Tdap, Covid-19, HPV, MMR, Mumps, Poliomyelitis, Pertussis)

(10) Home Service (Phlebotomy, Vaccination)

WHAT PERSONAL DATA WE COLLECT AND HOW WE COLLECT PERSONAL DATA

CPCI collects Personal Data through the following means:

(1) Personal data you give us directly. When you avail of CPCI's services, you may be asked to provide your personal information including but not limited to your name, birthdate, address, e-mail address, age, gender, civil status, residential address, username and password for your Clinica Prime Patient Portal Account, medical and medical-related information.

(2) Personal data we collect automatically. Similar to other websites, this website also uses “cookies” and “web beacons”. When you visit our website, we automatically collect certain information, such as your device's IP address and the pages you access via cookies, similar to other sites. Cookies enable us to identify you and remember your preferences so we can enhance your overall experience when using our website.

(3) Personal data from other sources. Subject to the appropriate Data Sharing Agreements, Clinica Prime also collects Personal Data from employers and other organizations who endorse or refer their employees or members to avail themselves of our healthcare services at our clinics. The Personal Data we collect may include such those collected offline through our patient forms, clinical request forms, marketing campaigns and electronically through Clinica Prime’s social media account and other Clinica Prime online platforms, or when you make an inquiry and are required to provide your Personal Data

WHEN WE COLLECT PERSONAL DATA

(1) You fill out patient forms, appointment requests, or service/clinical request forms;

(2) You sign up or log in to the Clinica Prime Patient Portal;

(3) Your organization—through appropriate Data Sharing Agreements or similar data sharing document—as part of your membership or employment, endorses you for your medical and physical examination; and

(4) You access this website through the IP Address of the device you are using.

PURPOSE OF COLLECTING AND METHOD OF USING YOUR PERSONAL DATA

At Clinica Prime, we ensure that Personal Data is collected for declared, specified, and legitimate purposes. We only collect Personal Data that are necessary and compatible with these purposes.

With this, we collect and process your data for the following purposes only and to such extent necessary to obtain these purposes:

(1) Monitoring and verifying compliance with contractual undertakings (i.e. independent contractor agreements, distributor agreements, service agreements, and other similar agreements);

(2) Providing medical and other healthcare services and to approve, manage, administer, or effect any transactions that may be requested or authorized by you;

(3) Performing any other contract to which you are or will be a party;

(4) Billing and collecting any amounts due and outstanding;

(5) Liaise with your Health Maintenance Organization (“HMO”) and/or the Employers as permitted by contract and law;

(6) Internal operational requirements (service development, operations planning)

(7) Documentation for purposes of account sign-up in any web-based platforms of Clinica Prime.

(8) To provide feedback or to communicate with you, such as notifications on the services and/or facilities of Clinica Prime, responding to your inquiries and similar business communications;

(9) To create and maintain a database for sending promotional mail (direct or electronic), newsletters, marketing offers, and the like to you if you have specifically requested these services or have opted-in for these services;(

10) To advertise to you, which uses your Personal Data as inspiration, subject to your separate consent;

(11) To conduct activities related to marketing and promotions such as customization of user experience through the websites and Social Media accounts.

(12) For market research including determining the target market demographics;

(13) In complying with applicable laws, rules, and regulations or requirements of lawful authorities.

(14) For record keeping purposes.

When we collect and use your Personal Data for the purposes mentioned above or for such other purposes compatible with the declared purposes, we will inform you before or at the time of collection of such purpose(s). And where appropriate and practicable, we will ask for your consent before we process your Personal Data.

If you have given your consent to the processing of your Personal Data, please be aware that you have the right to withdraw this consent at any time.

THIRD PARTY TRANSFERS

As part of the LH Paragon Group, Clinica Prime may share your Personal Data through an appropriate Data Sharing Agreement or a similar document within the LH Paragon Group for the declared purposes enumerated in the preceding section, and with selected third parties, in the following circumstances:

(1) Third-party service providers. To provide you high quality healthcare and customer services, and deliver various features, incentives and materials through our website and online platforms, we may share your Personal Data with third-party service providers that perform functions on our behalf, such as companies that host or operate Clinica Prime’s websites and online platforms.

Although they have access to your Personal Data, which is necessary in the performance of their functions, they may not use it for other purposes beyond or in contradiction to the declared, specified and legitimate purposes. Further, they must handle your Personal Data in accordance with this Privacy Notice and our Privacy Manual, in accordance with the Data Privacy Act (DPA) of 2012 (RA10173), its implementing rules and regulations (IRR) and relevant data privacy issuances.

Additionally, these third-party service providers are required to adhere to a separate Confidentiality Undertaking/ Agreement, ensuring the security and confidentiality of your Personal Data.

(2) Lawful disclosure. We may transfer and/or disclose your Personal Data to third-parties: a) To comply with a legal obligation; b) When we believe in good faith that a law requires disclosure; c) At the request of any government authority conducting an investigation, whether your Personal Data is the primary focus of or only related to such investigation; d) To verify, maintain, protect or enforce our legal rights, whether commercial or non-commercial; e) To detect, prevent, protect against and/or report fraud or other risks and vulnerabilities, whether technical or security-related; f) To promptly respond to or adequately address any and all kinds of emergencies; or promptly act on to an emergency; or otherwise g) to protect the rights, property, safety, or security of our patients, clients, stakeholders, third-parties, contractors, visitors to this Website and other Clinica Prime online platforms, or the general public.

(3) Business transfers and acquisitions. Your Personal Data may be used by us or shared with the LH Paragon Group, for commercial and operational purposes. As Clinica Prime and LH Paragron Group continues to grow as a business, they may sell, transfer, assign, dispose of, or acquire assets, subsidiaries, or business units.

In such transactions, your Personal Data is typically considered one of the assets subject to transfer, assignment or acquisition by or for Clinica Prime or the LH Paragon Group. However, such transfer, assignment or acquisition remains subject to the pre-existing Privacy Notice.

Furthermore, if a bankruptcy, insolvency or reorganization proceeding is initiated involving us, whether at our instance or by other entities, all your Personal Data will be treated as our asset, and may therefore be sold or transferred to third parties.

HOW WE PROTECT YOUR DATA

Clinica Prime takes the security of your Personal Data very seriously. We take every effort to protect your Personal Data from misuse, interference, loss, destruction, unauthorized access, alteration, transfer, sharing and/or disclosure.

We implement security measures in protecting your data which includes Organizational Measures, Physical Measures and Technical Measures.

(1) Organizational Measures. We made sure that a Data Protection Officer is appointed to guarantee compliance with the data protection and privacy laws. Moreover, we implement strict confidentiality and secrecy of Personal Data of our customers through our Privacy Manual and confidentiality agreements/undertaking required for all of Clinica Prime employees, independent contractors and other third-party service providers.

(2) Physical Measures. Clinica Prime likewise implement user access controls as we store your Personal Data on designated Data Storage Areas and secure locations which requires access. Only individuals properly identified or authorized to have access to Personal Data are allowed to enter our Data Storage Areas. Access to your Personal Data is only permitted among our employees and agents on a need-to-know basis and subject to strict contractual confidentiality obligations.

(3) Technical Measures. Clinica Prime uses intrusion detection system to monitor security breaches to our network. Our systems are monitored, and information security events are recorded to detect unauthorized information processing activities.

RETENTION PERIOD

All Personal Data collected shall be stored and retained, either:

(1) for a period NOT longer than fifteen (15) years from termination of the doctor-patient relationship or the termination of contract; OR

(2) for as long as necessary or as required for:

a) the fulfillment of the declared, specified, and legitimate purpose made known you at the time of the collection;

b) the establishment, enforcement, or defense of legal claims of Clinica Prime, its affiliates or assignees; or

c) your continued care or treatment, membership or usage of any product(s) and/or service(s) of KPCI until the same expires, all of which may run for more than 15 years from the date of collection.

After such legitimate purposes have been achieved or the retention period have lapsed, whichever comes later, all physical and electronic copies of your Personal Data shall be disposed and destroyed, through secured means and in accordance with the provisions of the DPA and its IRR. The destruction of your data will be in such a manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public, or that would prejudice your interests.

YOUR RIGHTS AS A DATA SUBJECT

Subject to the limitations provided in the DPA and its IRR, you are entitled to the following rights:

(1) Right to be informed. You have the right to be informed whether Personal Data pertaining to you shall be, are being, or have been processed, including the existence of automated decision-making and profiling, in such a manner clear and understandable to you. Hence, we are providing you with the information in this Privacy Notice.

(2) Right to object. You have the right to object to the processing of your Personal Data, including processing for direct marketing, automated processing or profiling. You shall be notified and given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to you.

When you object or withhold your consent, through an appropriate and timely notification, Clinica Prime will no longer process your Personal Data, unless:

a. The Personal Data is needed pursuant to a subpoena.

b. The collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which you are a party; or

c. The information is being collected and processed as a result of a legal obligation.

(3) Right to Access. You have the right to reasonable access to, upon demand, the following:

a. Contents of your Personal Data that were processed.

b. Sources from which your Personal Data were obtained;

c. Names and addresses of recipients of your Personal Data;

d. Manner by which such data were processed;

e. Reasons for the disclosure of your Personal Data to recipients, if any;

f. Information on automated processes where your data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect you;

g. Date when your Personal Data were last accessed and modified; and

h. the designation, name or identity, and address of Clinica Prime.

(4) Right to Rectification. You have the right to dispute the inaccuracy or error in your Personal Data, as processed, and have Clinica Prime correct it immediately and accordingly, except when the request is vexatious or otherwise unreasonable.

If your Personal Data has been corrected, Clinica prime will ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by you.

(5) Right to Erasure or Blocking. You have the right to suspend, withdraw or order the blocking, removal or destruction of your Personal Data from Clinica Prime’s filing system.

You may exercise this right upon discovery and substantial proof of any of the following:

a. your Personal Data is incomplete, outdated, false, or unlawfully obtained.

b. your Personal Data is being used for purpose you did not authorize;

c. your Personal Data is no longer necessary for the purposes for which they were collected;

d. You withdraw your consent or object to the processing, and there is no other legal ground or overriding legitimate interest for the processing of your Personal Data;

e. your Personal Data concerns private information that is prejudicial to you, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;

f. The processing is unlawful;

g. When Clinica Prime is reasonably found to have violated your rights.

(6) Right to damages. You also have the right to be indemnified for any damages sustained due to inaccuracy, incompleteness, falsity, unlawful obtention, or unauthorized usage of your Personal Data, taking into account any violation of your rights and freedoms as a Data Subject under the DPA and its IRR.

(7) Right to Data Portability. This right of data portability informs you how Clinica Prime obtains your personal and sensitive information also how they are moved within our organization. Under this right you are allowed to obtain and electronically move, copy, or transfer your Personal Data in a secure manner, for your further use.

(8) Right to Complain. You have the right to complain about the misuse, malicious disclosure, or improper disposal, or any violation of your data privacy rights, through our Data Protection Officer.

HOW YOU CAN CONTACT US

Clinica Prime has appointed a Data Protection Officer. If you have inquiries regarding this Privacy Notice or data processing or if you would like to make a complaint about a possible breach of your privacy rights, please do so by sending an email to our Data Protection Officer at their email address: dataprotection@clinicaprime.com.ph

UPDATES OF PRIVACY NOTICE

Clinica Prime will update this Privacy Notice when necessary to reflect customer/client feedback, changes in our services, or when an update is required by our data privacy laws.

When we publish changes to this Notice, we will revise the “last updated” date. We will also keep prior versions of this Privacy Notice in an archive for your review.