General Privacy Notice

Definitions

“Personal Data” refers to all types of personal information, sensitive personal information and privileged information under the Data Privacy Act of 2012 and its Implementing Rules and Regulations.

“Data Subject” refers to an individual whose personal information is processed.

“Personal Information” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

General Privacy Notice

This is Healthserv Los Baños Medical Center’s (HLBMC) general statement regarding its data processing activities, aimed at informing Data Subjects about the categories of Personal Data processed, as well as the purpose and scope of such processing. Please note that this is not a consent form, but a notification of how HLBMC handles Personal Data in its established practices and operations. HLBMC may also issue additional privacy notices for specific activities or purposes.

I. Acts of Processing
HLBMC processes Personal Data to:

1. Fulfill its obligations, exercise its rights, and carry out its functions as a healthcare service provider;
2. Perform all actions that are reasonably expected and commonly carried out by similar healthcare service providers;
3. Make decisions and take actions in the best interest of patients, service recipients, and their respective representatives and companions;
4. Manage and oversee its internal and external operations as a medical institution and a legal entity with its own rights and responsibilities.

II. Data Collected
HLBMC collects the following Personal Data, as may be applicable and necessary for its specific legitimate purposes:

• Personal details such as name, birth, gender, civil status and affiliations;
• Contact information such as address, email, mobile and telephone numbers;
• Medical information such as physical, psychiatric and psychological information;
• Employment information such as government-issued numbers, position and functions;
• Applicant information such as academic background and previous employments; and
• Academic information such as grades, course and academic standing.

III. Method and Timing of Collection
HLBMC collects Personal Data both physically, through printed forms, attachments, and other documents required by its medical units and administrative offices, and electronically, via electronic systems, platforms, e-forms, email, or direct electronic submission of information by the Data Subject or HLBMC associates.

HLBMC generally collects Personal Data from Data Subjects upon entry to the hospital or at the onset of a service, or transaction with HLBMC, such as medical care, medical consultation, laboratory service and health-related services.

V. Purpose of Collected Personal Data
HLBMC collects and processes Personal Data for the following purposes:

1. Purposes necessary for HLBLMC to perform its obligations, exercise its rights, and conduct its functions as a medical, research, and training institution;
2. Purposes to perform acts and decisions necessary for HLBMC to manage and administer its internal and external affairs as a juridical entity with its own rights, interests and obligations;
3. Compliance with legal, regulatory, administrative or judicial requirements including but not limited to audit, reporting and transparency requirements;
4. Purposes specific to HLBMC in accordance with its Privacy Policy and related policies, rules or procedures.

VI. Storage, Location, Transmission and Transfer of Personal Data
Personal Data are stored in both physical and electronic data processing systems managed by various groups, offices, and units of HLBMC. Physical records are typically kept in folders or envelopes within drawers or on shelves, while electronic records are stored on servers owned or controlled by HLBMC, or in cloud storage services utilized or managed by HLBMC.

Personal Data are transmitted and transferred in accordance with Chapter III of the Data Privacy Act of 2012 and Rule V of its Implementing Rules and Regulations.

VII. Method of Use
HLBMC utilizes Personal Data only to the extent necessary for its legitimate purposes, in accordance with HLBMC Policies. The use of Personal Data is in compliance with the Data Privacy Act of 2012, as well as the regulations issued by the National Privacy Commission and the Department of Health.

VIII. Retention Period
HLBMC retains data in line with its retention policies, adhering to relevant laws and government regulations. In the absence of a specific retention rule, Personal Data will be kept by the appropriate HLBMC group, office, or unit in accordance with locally and internationally recognized practices and standards.

IX. Participation of patients, service recipients, and their respective representatives and companions

A. HLBMC patients, service recipients, and their respective representatives and companions have the following rights with respect to their Personal Data:

1. Right to be informed, except for internal data;
2. Right to access and data portability, subject to reasonable requirements;
3. Right to rectification, erasure, and blocking. However, services may be affected by changes in or lack of data; and
4. Right to file a complaint. HLBMC’s Data Protection Office and Customer Experience Management team are continually open to resolve concerns.

B. HLBMC patients, service recipients, their respective representatives and companions, and others within the scope of HLBMC’s Privacy Policy have the following responsibilities:

1. Keep all Personal Data and other information submitted to or held by HLBMC up to date;
2. Respect the data privacy rights of all Data Subjects;
3. Report any suspected Security Incident or Personal Data Breach to HLBMC via the contact details of the HLBMC Data Protection Office provided herein;
4. Ensure the accuracy of Personal Data and other information;
5. Obtain the Data Subject’s consent before processing personal information;
6. Refrain from disclosing any non-public confidential, sensitive, or personal information obtained through HLBMC, either directly or indirectly, to unauthorized parties;
7. Follow HLBMC’s policies, guidelines, and rules on data privacy, information security, records management, research ethics, and regularly check for updates to ensure ongoing compliance.

IX. Inquiries and Concerns

Inquiries and concerns on data privacy may be directed to HLBMC Data Protection Office:
Address: 8817 National Highway Batong Malake,Los Baños Laguna, 4030 Philippines
Landline: 536- 4858 (local 608)
Email: dataprivacyofficer@healthserv.com.ph
References: National Privacy Commission, Data Privacy Act of 2012