Privacy Policy

Your Privacy Matters

We prioritize your privacy and are committed to protecting your personal information.

Introduction

Welcome to the official website of Nueva Ecija Medical Center, Inc. (NEMC). Your privacy is of utmost importance to us. This Data Privacy Policy outlines how NEMC collects, uses, stores, shares, and protects your personal information and sensitive personal information in accordance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), and its Implementing Rules and Regulations (IRR), as well as the issuances of the National Privacy Commission (NPC). By accessing or using our website, you agree to the terms of this Data Privacy Policy.

Scope and Application
This policy applies to all personal information and sensitive personal information collected through the NEMC official website, including but not limited to information provided by patients, potential patients, visitors, and job applicants.

Definitions

  • Personal Information (PI): Refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an individual.
  • Sensitive Personal Information (SPI): Refers to personal information:
    • About an individual's race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations;
    • About an individual's health, education, genetic or sexual life, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
    • Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
    • Specifically established by an executive order or an act of Congress to be kept classified.
  • Data Subject: Refers to an individual whose personal information or sensitive personal information is processed.
  • Personal Information Controller (PIC): Refers to a person or organization who controls the collection, holding, processing or use of personal information. For this policy, NEMC is the PIC.
  • Processing: Refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data.

Information We Collect
We may collect the following types of information:

  • Personal Information:
    1. Contact information (e.g., name, address, email address, phone number).
    2. Demographic information (e.g., age, gender, date of birth).
    3. Identification details (e.g., government IDs for verification purposes, where necessary and with consent).
  • Sensitive Personal Information (specifically collected for medical services):
    1. Health information (e.g., medical history, symptoms, diagnoses, treatment plans, prescriptions) provided for appointment bookings, telemedicine consultations, or medical inquiries.
    2. Biometric data (if collected for specific services and with explicit consent, e.g., for patient identification systems within the hospital, though not typically via the website).
  • Non-Personal Information:
    1. Technical information (e.g., IP address, browser type and version, operating system, device type).
    2. Usage data (e.g., pages visited, time spent on pages, referral sources, website navigation paths).
    3. Cookies and similar technologies (as detailed in our Cookie Policy below).

How We Collect Information
We collect information through various means:

  • Directly from You: When you:
    1. Fill out online forms (e.g., appointment requests, contact forms, feedback forms).
    2. Register for an account or portal access.
    3. Participate in surveys or online polls.
    4. Apply for employment through our website.
    5. Communicate with us via email or chat functionalities on the website.
  • Automatically: Through cookies, web beacons, and similar technologies when you browse our website. This helps us understand your browsing behavior and improve your experience.
  • From Third Parties: In limited circumstances, such as when you link to our website from a third-party application (e.g., a healthcare booking platform), provided that appropriate consent and data sharing agreements are in place.

Purpose of Collection and Processing
We collect and process your personal information and sensitive personal information for the following legitimate purposes:

  • Patient Care and Services:
    1. To schedule and manage appointments (online or telemedicine).
    2. To facilitate inquiries related to medical services, hospital admissions, or laboratory results.
    3. To provide information about NEMC's services, specialties, and healthcare programs.
    4. To manage your medical records within the hospital system (information collected via the website may be integrated with your existing patient records with your consent).
    5. To facilitate telemedicine services, if offered and accessed through the website.
  • Communication and Engagement:
    1. To respond to your inquiries, feedback, and requests.
    2. To send you important notices, updates, and service-related communications.
    3. To send promotional materials, newsletters, or health tips, but only with your explicit consent (opt-in).
  • Website Improvement and Analytics:
    1. To understand how users interact with our website, analyze trends, and improve functionality and content.
    2. To enhance user experience and personalize content.
  • Security and Fraud Prevention:
    1. To maintain the security and integrity of our website and systems.
    2. To detect and prevent fraudulent activities or misuse of our services.
  • Legal and Regulatory Compliance:
    1. To comply with the DPA, NPC regulations, and other applicable laws, rules, and regulations (e.g., public health reporting requirements).
    2. To respond to lawful requests from government authorities.
    3. To establish, exercise, or defend legal claims.
  • Employment Purposes:
    • To process job applications submitted through the website.

How We Protect Your Information (Security Measures)
NEMC is committed to protecting your personal information and sensitive personal information. We implement reasonable and appropriate organizational, physical, and technical security measures to safeguard the data we collect against accidental or unlawful destruction, alteration, disclosure, access, misuse, and any other unlawful processing. These measures include:

  • Organizational Security Measures:
    1. Designation of a Data Protection Officer (DPO).
    2. Implementation of a Data Privacy Manual and internal privacy policies.
    3. Regular data privacy awareness and training for our personnel.
    4. Strict access controls to personal information based on the "need-to-know" principle.
  • Physical Security Measures:
    1. Protection of physical records and data storage facilities.
    2. Restricted access to data processing areas.
  • Technical Security Measures:
    1. Use of secure networks and encrypted communication channels (e.g., HTTPS for website access).
    2. Firewall protection and intrusion detection systems.
    3. Regular security audits and vulnerability assessments.
    4. Data encryption for sensitive personal information where appropriate.
    5. Regular backup and recovery procedures.

Data Sharing and Disclosure
We will not share, sell, or disclose your personal information or sensitive personal information to third parties without your explicit consent, except in the following limited circumstances as permitted by the DPA:

  • Affiliates and Service Providers: We may share data with our affiliated entities or trusted third-party service providers who assist us in operating our website, delivering services (e.g., IT support, payment processing, analytics), or conducting business operations. These third parties are contractually bound to protect your data with the same level of care as NEMC and comply with the DPA.
  • Legal Requirements: When required by law, subpoena, court order, or other legal processes, or to comply with a request from a government authority or regulator (e.g., Department of Health).
  • Medical Emergencies: In situations where it is necessary to protect the life and health of a data subject or another person.
  • Research and Statistics (Anonymized): For scientific and health research purposes, provided that the data is anonymized or de-identified such that the data subject is no longer identifiable.
  • Consent: When you have given your explicit consent for such sharing or disclosure.

Retention Policy
Your personal information and sensitive personal information will be retained only for as long as necessary to fulfill the purposes for which it was collected, to provide the requested services, to comply with our legal and regulatory obligations, or to establish, exercise, or defend legal claims. Once the data is no longer needed, it will be disposed of securely to prevent further processing, unauthorized access, or disclosure.


Your Data Privacy Rights (Rights of Data Subjects)
Under the Data Privacy Act of 2012, you, as a data subject, have the following rights:

  • Right to Be Informed: You have the right to be informed whether your personal information will be, are being, or have been processed.
  • Right to Object: You have the right to object to the processing of your personal information, including processing for direct marketing, automated processing, or profiling.
  • Right to Access: You have the right to demand reasonable access to your personal information, including the contents of your processed personal information, the manner of processing, sources from which they were obtained, recipients and reasons for disclosure, if any, and the date when your information was last modified.
  • Right to Rectify: You have the right to dispute the inaccuracy or error in your personal information and demand its immediate correction.
  • Right to Erasure or Blocking: You have the right to suspend, withdraw, or order the blocking, removal, or destruction of your personal information from our filing system upon reasonable grounds.
  • Right to Data Portability: Where your personal information is processed by electronic means and in a structured and commonly used format, you have the right to obtain a copy of such data in an electronic or structured format that is commonly used and allows for further use by you.
  • Right to Damages: You shall be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal information, taking into account any violation of your rights and freedoms as a data subject.
  • Right to File a Complaint: You have the right to file a complaint with the National Privacy Commission if you believe your data privacy rights have been violated.

To exercise any of these rights, please contact our Data Protection Officer using the contact details provided below.

Contact Us / Data Protection Officer (DPO)
If you have any questions, concerns, or requests regarding this Data Privacy Policy, your personal information, or the exercise of your data privacy rights, please contact our Data Protection Officer. 




Data Protection Officer
Nueva Ecija Medical Center, Inc.
[Insert DPO Name Here]
[Insert DPO Title/Department Here]
[Insert Hospital Address Here]
[Insert DPO Email Address Here]
[Insert DPO Phone Number Here]


Changes to this Policy
NEMC reserves the right to update or modify this Data Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any updates will be posted on this page with a revised "Effective Date." We encourage you to review this policy periodically to stay informed about how we are protecting your information.