Our Parqal clinic is now open!

Data Privacy Notice And Terms

Updated last August 12, 2025

Healthcare Services – Republic of the Philippines

In compliance with Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations

Eluvo Healthcare Group Inc.
Effective Date: August 1, 2025
Last Updated: August 5, 2025

1. Introduction And Scope

This Data Privacy Notice explains how Eluvo Healthcare Group Inc. (“the Facility” or “we”) collects, uses, processes, stores, shares, and protects your personal and sensitive personal information in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and other applicable Philippine laws.

This notice applies to:

  • All patients receiving healthcare services
  • Legal guardians and authorized representatives
  • Emergency contacts and next of kin
  • Visitors and accompanying persons
  • Anyone whose personal information we may collect in connection with our healthcare services

2. Types Of Personal Information Collected

2.1 Personal Information

We collect and process the following personal information:

  • Identification Data: Full name, date of birth, age, gender, civil status, nationality, address, contact numbers, email address
  • Government IDs: PhilHealth number, TIN, SSS/GSIS number, passport number, driver’s license number
  • Emergency Contacts: Names, relationships, and contact information of designated persons
  • Financial Information: Payment details, insurance information, credit card information (when applicable)
  • Employment Information: Occupation, employer details (when relevant to treatment)

2.2 Sensitive Personal Information

We collect and process sensitive personal information including:

  • Medical Information: Medical history, current health conditions, symptoms, diagnoses, treatment plans, medications, allergies, test results, medical images
  • Health Records: Physical and mental health information, disability status, genetic information
  • Biometric Data: Fingerprints, photographs, voice recordings (when used for identification)
  • Lifestyle Information: Smoking, drinking, and other lifestyle factors affecting health

3. Lawful Basis For Processing

We process your personal and sensitive personal information based on the following legal grounds:

3.1 For Personal Information:

  • Consent: You have given explicit consent for processing
  • Contract: Processing is necessary for healthcare service agreements
  • Legal Obligation: Compliance with medical and healthcare laws
  • Vital Interests: Protection of life and health in emergency situations
  • Public Interest: Public health and safety requirements

3.2 For Sensitive Personal Information:

  • Explicit Consent: Written consent for medical treatment and data processing
  • Legal Authorization: As required by healthcare laws and regulations
  • Medical Treatment: Processing necessary for medical diagnosis, treatment, and care
  • Public Health: Disease prevention, health monitoring, and epidemiological purposes
  • Emergency Situations: Life-threatening situations requiring immediate medical intervention

4. Purpose And Use Of Personal Information

We collect and use your personal information for the following purposes:

4.1 Primary Healthcare Purposes:

  • Providing medical consultations, examinations, and treatments
  • Conducting diagnostic tests and laboratory procedures
  • Maintaining comprehensive medical records
  • Coordinating care with other healthcare providers
  • Monitoring treatment progress and outcomes
  • Ensuring continuity of care

4.2 Administrative Purposes:

  • Patient registration and identification
  • Appointment scheduling and management
  • Billing and payment processing
  • Insurance claims processing and verification
  • Quality assurance and improvement programs
  • Healthcare facility management

4.3 Legal and Regulatory Purposes:

  • Compliance with Department of Health regulations
  • Reporting to PhilHealth and insurance providers
  • Mandatory disease reporting to public health authorities
  • Legal proceedings and regulatory investigations
  • Professional licensing and accreditation requirements

4.4 Communication Purposes:

  • Appointment reminders and follow-up care
  • Test results notification
  • Health education and preventive care information
  • Emergency contact in case of medical situations
  • Patient satisfaction surveys and feedback

5. Information Sharing And Disclosure

5.1 Healthcare Team

Your information may be shared with:

  • Attending physicians and consulting specialists
  • Nurses and other healthcare professionals involved in your care
  • Laboratory and diagnostic imaging personnel
  • Pharmacists and medication management staff
  • Healthcare support staff as necessary for treatment

5.2 Third-Party Service Providers

We may share information with:

  • Laboratory Services: For diagnostic testing and analysis
  • Insurance Companies: For claims processing and verification
  • PhilHealth: For benefit claims and reimbursement
  • Medical Equipment Suppliers: For specialized treatments
  • IT Service Providers: For secure data storage and system maintenance
  • Legal and Accounting Services: For compliance and business operation

5.3 Legal and Regulatory Disclosures

Information may be disclosed to:

  • Department of Health: For public health reporting and compliance
  • Professional Regulation Commission: For licensing and regulatory matters
  • Court Orders: When required by valid legal process
  • Emergency Services: In life-threatening situations
  • Public Health Authorities: For communicable disease reporting
  • Law Enforcement: When legally required (with proper authorization)

5.4 No Unauthorized Sharing

We do not sell, rent, or trade your personal information to third parties for marketing purposes without your explicit consent.

6. Data Security Measures

6.1 Physical Security

  • Secure storage of physical medical records
  • Access-controlled areas for sensitive information
  • Surveillance systems and security personnel
  • Secure disposal of documents containing personal information

6.2 Technical Security

  • Encryption of electronic health records and databases
  • Secure networks and firewalls
  • Regular security updates and patches
  • Backup and disaster recovery procedures
  • User authentication and access controls

6.3 Administrative Security

  • Staff training on data privacy and security
  • Confidentiality agreements with all personnel
  • Regular security audits and risk assessments
  • Incident response procedures
  • Data breach notification protocols

7. Data Retention Policies

7.1 Medical Records Retention

  • Active Medical Records: Retained for a minimum of [10] years from last treatment date
  • Minor Patient Records: Retained until patient reaches age of majority plus [10] years
  • Specialized Records: Retained per specific regulatory requirements
  • Emergency Records: Retained for [5] years minimum

7.2 Administrative Records Retention

  • Financial Records: [7] years from date of transaction
  • Insurance Claims: [5] years from claim settlemen
  • Employment Records: [5] years from termination of employment
  • Appointment Records: [3] years from date of appointment

7.3 Secure Destruction

  • Personal information is securely destroyed after retention period expires
  • Electronic data is permanently deleted using secure methods
  • Physical documents are shredded or incinerated
  • Disposal procedures are documented and verified

8. Your Data Privacy Rights

Under the Data Privacy Act, you have the following rights:

8.1 Right to Information

  • Know whether personal information is being processed
  • Understand the purpose and extent of processing
  • Know the identity of data processors and third parties with access

8.2 Right to Access

  • Obtain copies of your personal information
  • Request information about processing activities
  • Receive information in accessible format

8.3 Right to Correction

  • Correct inaccurate or incomplete personal information
  • Update outdated information
  • Request amendments to medical records (subject to medical professional judgment)

8.4 Right to Erasure/Blocking

  • Request deletion of personal information (subject to legal and medical requirements)
  • Block processing for unlawful purposes
  • Suspend processing pending correction of inaccurate data

8.5 Right to File Complaint

  • Claim compensation for damages due to inaccurate, incomplete, or unlawful processing
  • Seek remedies for privacy violations

8.6 Right to Damages

  • Lodge complaints with the National Privacy Commission
  • File complaints with healthcare regulatory bodies
  • Seek judicial remedies through Philippine courts

8.7 Right to Data Portability

  • Obtain personal information in structured, commonly used format
  • Transfer information to another healthcare provider (when technically feasible)

9. Consent And Withdrawal

9.1 Consent Requirements

  • Explicit Consent: Required for sensitive personal information processing
  • Written Consent: Preferred for healthcare data processing
  • Informed Consent: Clear explanation of processing purposes and consequences
  • Freely Given: Without coercion or deception

9.2 Withdrawal of Consent

  • You may withdraw consent at any time by written notice
  • Withdrawal does not affect the lawfulness of processing before withdrawal
  • Some processing may continue based on other legal grounds
  • Medical care may be affected if essential information processing is withdrawn

9.3 Consequences of Withdrawal

  • We will inform you of potential consequences before processing withdrawal
  • Some services may not be available without necessary data processing
  • Legal obligations may require continued processing despite withdrawal

10. Cross-border Data Transfer

10.1 International Transfers

Personal information may be transferred outside the Philippines to:

  • Medical Specialists Abroad: For consultation and second opinions
  • International Insurance Companies: For coverage verification
  • Cloud Service Providers: With adequate data protection measures
  • Medical Research Institutions: For approved research studies

10.2 Safeguards for International Transfers

  • Transfers only to countries with adequate data protection laws
  • Binding corporate rules for multinational service providers
  • Standard contractual clauses ensuring data protection
  • Explicit consent for transfers to countries without adequate protection

11. Automated Decision Making

11.1 Use of Automated Systems

We may use automated systems for:

  • Appointment Scheduling: Online booking systems
  • Insurance Verification: Automated eligibility checking
  • Billing Processes: Automated invoice generation
  • Medical Alerts: System-generated health reminders

11.2 Your Rights Regarding Automated Decisions

  • Right to know about automated decision-making processes
  • Right to request human intervention in automated decisions
  • Right to contest automated decisions affecting you
  • Right to obtain explanation of automated decision logic

12. Special Circumstances

12.1 Emergency Situations

  • In life-threatening emergencies, we may process personal information without prior consent
  • Information may be shared with emergency responders and receiving hospitals
  • Consent will be obtained as soon as reasonably possible after emergency treatment

12.2 Incapacitated Patients

  • Legal guardians or healthcare proxies may provide consent on behalf of incapacitated patients
  • Healthcare professionals may make decisions in the patient’s best interest when no authorized representative is available
  • Consent procedures follow established medical ethics and legal requirements

12.3 Deceased Patients

  • Personal information of deceased patients remains protected
  • Limited disclosure may be made to family members for grief counseling and closure
  • Legal representatives may access records as authorized by law

13. Data Breach Procedures

13.1 Incident Response

  • Immediate containment and assessment of data breaches
  • Investigation to determine scope and cause of breach
  • Documentation of incident details and response actions
  • Coordination with IT security and legal teams

13.2 Notification Requirements

  • National Privacy Commission: Notification within 72 hours of discovering qualifying breaches
  • Affected Individuals: Notification when breach poses high risk to rights and freedoms
  • Regulatory Authorities: Notification to relevant healthcare regulators when required
  • Insurance Companies: Notification per contractual requirements

13.3 Remedial Actions

  • Implementation of measures to prevent similar incidents
  • Offering of support services to affected individual
  • Enhancement of security measures and staff training
  • Regular review and update of incident response procedures

14. Contact Information For Data Privacy Matters

14.1 Internal Contacts

Privacy Concerns Hotline: +63 9209570707
Written Requests: connect@eluvohealth.com

14.2 External Agencies

National Privacy Commission:
Address: 5th Floor, Philippine International Convention Center, Vicente Sotto Avenue, Pasay City 1307
Phone: (+63-2) 8234-2228
Email: info@privacy.gov.ph
Website: www.privacy.gov.ph

Department of Health:
Hotline: 1555 (PLDT), 0917-8876565 (Globe/Smart)
Website: www.doh.gov.ph

15. Updates To This Privacy Notice

15.1 Regular Reviews

  • This privacy notice is reviewed annually or when significant changes occur
  • Updates reflect changes in law, regulation, or business practices
  • Version control maintains record of all changes

15.2 Notification of Changes

  • Significant changes will be communicated through posted notices
  • Patients will be notified of material changes at their next visit
  • Updated notices are available on our website and at reception areas

15.3 Continued Use

  • Continued use of our services after notice updates constitutes acceptance of changes
  • You may request explanation of any changes or new provisions
  • Right to withdraw consent remains available after any updates

16. Patient Acknowledgment And Consent

By clicking the box below, you acknowledge that:

  • [ ] I have received and read this Data Privacy Notice
  • [ ] I understand how my personal and sensitive personal information will be processed
  • [ ] I understand my rights under the Data Privacy Act of 2012
  • [ ] I understand the purposes for which my information will be used
  • [ ] I understand information sharing and disclosure practices
  • [ ] I consent to the processing of my personal information for healthcare purposes
  • [ ] I consent to the processing of my sensitive personal information for medical treatment
  • [ ] I understand my right to withdraw consent and its consequences
  • [ ] I have been informed about data security measures in place
  • [ ] I know how to contact the Data Protection Officer for privacy concerns

This Data Privacy Notice is available in English and Filipino. Translation to other languages is available upon request. If you have difficulty understanding any part of this notice, please ask our staff for assistance.

IMPORTANT REMINDER: Your privacy is important to us. If you have any questions about this notice or concerns about how your personal information is handled, please contact our Data Protection Officer immediately.