PRIVACY POLICY FOR DOCTORS



INTRODUCTION

Your privacy is important to us. We are committed to the protection of your privacy in your engagement with us. This Policy describes:

In processing personal data, we seek to adhere to the general privacy principles of transparency, legitimate purpose, and proportionality, and such other relevant principles in the collection, processing, and retention of personal data as required by applicable law.


Article 1 - DEFINITIONS:


APPLICABLE COMPANY: This Privacy Policy is applicable to The Medical City and its departments, institutes, affiliates, and other related entities.

DOCTOR: This Privacy Policy applies to the Personal Data of all doctors who seek to be, are, or were engaged by the Company. Doctors may be of different categories: regular consultants, visiting consultants, retainers, fellows, residents, and interns. These individuals shall be referred to as Doctor or Doctors.

PERSONAL DATA: For the purposes of this Privacy Policy, Personal Data is any information about an identifiable Doctor that seeks to be, is, or was engaged to practice by the Company. It is information that we obtain from you about your potential, current, or past engagement with us that can identify you. It covers both personal and sensitive personal information. Personal Data does not mean any data that is anonymized or that cannot identify you in any way.

PROCESSING: “Processing” refers to any operation or set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system.

DATA PRIVACY ACT: Refers to Republic Act No. 10173, AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND COMMUNICATIONS SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER PURPOSES, or the Data Privacy Act of 2012.


Article 2 - COLLECTION OF PERSONAL DATA


We collect different types of Personal Data in different ways. Some of the Personal Data are gathered through digital technologies and platforms which give us information about you, and some are given to us directly by you.

To ensure that we are meeting our responsibilities and duties, we collect, process, and maintain different types of Personal Data including, but not limited to:


Article 3 - USE OF PERSONAL DATA:


We use the information that we collect about you to effectively run our business and to help us provide a pleasant, safe, and productive environment for you.

We also use Personal Data to:

We only process your Personal Data if we have your consent to do so, where we are permitted by law or required to, where we have a legal obligation to do so, for legitimate business purposes, or to protect your vital interests. We may have to process your Personal Data without your consent or knowledge, but only when required by law. We will not make any decisions on the automated processing of Personal Data without your consent. We also process your Personal Data to prevent fraud and ensure the security of all aspects of our business.


Article 4 - DATA SHARING:


We may share your Personal Data to those individuals and entities who assist in fulfilling our responsibilities within the engagement relationship with you or when required to do so by applicable law (collectively, "Third-Party Service Providers"). These Third-Party Service Providers help facilitate and manage credentialing within the TMC Network of hospitals and clinics, training and education of residents and fellows, promotions and communications with our patients and clients. A list of these providers is attached hereto as “Annex A”.

We use these Third-Party Service Providers to help us operate the Company and the TMC Network, but we will never share your Personal Data other than as described here without your explicit consent. Personal Data will only be disclosed if such Third-Party Service Providers agree to ensure an adequate level of protection of your Personal Data that is consistent with this Privacy Policy and with the Data Privacy Act of 2012. Please note that the Third-Party Service Providers that we utilize will access your Personal Data only on an "if needed" basis as a part of their partnerships with us. If you have any questions as to how these Third-Party Service Providers handle your Personal Data, you may contact them or us.

In certain cases, we may have to disclose your Personal Data to third parties without your consent or prior knowledge. We limit that disclosure to the following circumstances:


Article 5 - DATA TRANSFER:


Your Personal Data may be transferred from our location to the 1TMC Network of hospitals and clinics. It may also be transferred to third parties, as described above. Before beginning your engagement, we ask you to specifically consent to the transfer of your Personal Data. We will continue to process your Personal Data in the manner described herein, and if we change anything about how we handle your Personal Data, including the possibility of international transfer of your Personal Data, we will seek your explicit consent again.


Article 6 - DATA STORAGE AND SECURITY:


We only store your Personal Data as long as it is necessary to provide you with the benefits and protections that engagement with us entails or until you cease your relationship with us and request deletion of your data. We may also store your Personal Data for any applicable legal record-keeping, including after the termination of your engagement or for additional business purposes (e.g., maintaining our accountancy records or otherwise maintaining the safety and security of our Company, for a time permitted by law).

We employ organizational and technical security measures to protect your Personal Data, such as limiting access to your Personal Data, secured networks, and encryption. We ensure that your Personal Data is protected against unauthorized access, disclosure, or destruction by utilizing practices that are consistent with standards in the industry to protect your privacy.

Please note, however, that no system involving the transmission of information via the Internet or the electronic storage of data is completely secure, no matter what reasonable security measures are taken. Although we take the protection and storage of your Personal Data very seriously, and we take all reasonable steps to protect your Personal Data, we cannot be responsible for data breaches that occur outside of our reasonable control. We will, however, follow all applicable laws in the event a data breach occurs, including taking reasonable measures to mitigate any harm as well as notifying you of such breaches as soon as possible.


Article 7 - YOUR RIGHTS:


You have the right to access your Personal Data and to correct, amend, or delete it if it is inaccurate or has been processed in violation of this Privacy Policy, except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to your privacy, or where the rights of other people would be violated. To exercise any of these rights, you can contact us.

If the Personal Data we collect, covered by this Privacy Policy, is to be used for any purpose materially different from the purpose described here or disclosed to a third party not acting as our agent, in a manner other than as disclosed here, we will always give you an opportunity to opt-out of this materially different use or disclosure.

The Data Privacy Act of 2012 provides for rights which data subjects may exercise. Under the DPA, data subjects have the following rights:

Right to object

As a data subject, you have the right to indicate your refusal to the collection and processing of your personal data, including processing for direct marketing, automated processing, or profiling. You also have the right to be informed and to withhold your consent to further processing in case there are any changes or amendment to information given to you. Once you have notified us of the withholding of your consent, further processing of your personal data will no longer be allowed, unless:

  1. The processing is required pursuant to a subpoena, lawful order, or as required by law; or
  2. The collection and processing is undertaken pursuant to any lawful basis or criteria

Right to access

Upon your request, you may be given access to your personal data that we collect and process. You also have the right to request access to the circumstances relating to the processing and collection of your personal data, as far as allowed by law.

Right to rectification

You have the right to dispute any inaccuracy or error in your personal data and may request us to immediately correct it. Upon your request, and after correction has been made, we will inform any recipient of your personal data of its inaccuracy and the subsequent rectification that was made.

Right to erasure or blocking

In the absence of any other legal ground or overriding legitimate interest in the lawful processing of your personal data, or when there is substantial proof that your personal data is incomplete, outdated, false, or has been unlawfully obtained, you may request us to suspend, withdraw, or order the blocking, removal, or destruction of your personal data from our filing system. We may also notify those who have previously received your processed personal data.

Right to damages

You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your rights and freedoms as a data subject, as provided by law.

Right to data portability

In case your personal data was processed through electronic means and in a structured and commonly used format, you have the right to obtain a copy of your personal data in such electronic or structured format for your further use, subject to the guidelines of the National Privacy Commission with regard to the exercise of such right.

Transmissibility of rights of the data subject

We wish to advise you that upon the passing of a data subject, or in case of a data subject’s incapacity or incapability to exercise legal rights, the data subject’s lawful heirs and assigns may invoke the data subject’s rights in place of the data subject.


Article 8 - DATA PRIVACY MANAGEMENT DEPARTMENT:


The Data Privacy Management Department (DTP) is the office principally responsible for ensuring TMC’s compliance with applicable laws and regulations for the protection of data privacy and security. The DTP is responsible for the supervision and enforcement of this Policy. For information, questions, and concerns about this Privacy Policy, the handling and processing of your personal data and your data privacy rights, you may contact the Data Privacy Management Department or our data protection officer at:

Data Protection Officer
Data Privacy Management Department
14/F Nursing Tower Bldg.
The Medical City
Ortigas Avenue, Pasig City
+632 8988 1000 local 6790
DPO@themedicalcity.com

Article 9 - MODIFICATIONS AND REVISIONS:


We reserve the right to modify, revise, or otherwise amend this Privacy Policy at any time and in any manner. If we do so, however, we will notify you and obtain your consent to the change in processing. Unless we specifically obtain your consent, any changes to the Privacy Policy will only impact the information collected on or after the date of the change.

This Policy, and any updates, amendments, or supplements thereto, is available at https://mdcredentialing.themedicalcity.com.