Privacy Notice

Version 1.0 · Effective May 2026

Data Privacy Notice

In compliance with Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations, this clinic is committed to protecting your personal and sensitive personal information.

1. Information We Collect

We collect personal information (name, contact details, address) and sensitive personal information (health/dental records, medical history) necessary for providing dental care services.

2. Purpose of Collection

Your information is collected and processed for: patient registration and identification, dental diagnosis and treatment, appointment management, billing and payment processing, and compliance with legal and regulatory requirements.

3. Lawful Basis

We process your data under the following legal bases: performance of a contract (treatment agreement), your consent (where specifically required), compliance with legal obligations, and legitimate interests (clinic operations and quality improvement).

4. Data Sharing

Your information may be shared with: treating dental professionals within this clinic, specialist referrals (with your consent), HMO/insurance providers (with your consent), dental laboratories (with your consent), and regulatory authorities (as required by law).

5. Data Retention

We retain your records for the duration required by Philippine professional regulations and applicable laws. Financial records are retained for a minimum of 10 years as required by the BIR.

6. Your Rights

Under RA 10173, you have the right to: be informed about how your data is processed, access your personal data, correct inaccurate data, object to processing, request erasure or blocking (subject to legal retention requirements), data portability, and lodge a complaint with the National Privacy Commission.

7. Security Measures

We implement organizational, physical, and technical security measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction.

8. Contact

For privacy-related concerns, contact our Data Protection Officer at the clinic reception or through our official communication channels.

This notice is effective as of the date of publication and may be updated from time to time. You will be notified of material changes.

Data Processing Purposes

The following table details how we process your personal information, the lawful basis for each purpose, data categories involved, retention periods, and who may receive your data.

Purpose	Lawful Basis	Data Categories	Retention	Recipients	Consent Required
Patient Registration Collection and storage of personal information for patient identification and clinic records management.	Contract	Name, Date Of Birth, Gender, Contact Info, Address, Emergency Contact	Duration of care	Clinic Staff	No
Dental Treatment Processing of health and dental records for diagnosis, treatment planning, and clinical care delivery.	Contract	Dental History, Medical History, Dental Chart, Treatment Records, Prescriptions, Xrays	Duration of care	Treating Dentist, Clinic Staff	No
Appointment Reminders Sending appointment confirmations, reminders, and follow-up notifications via SMS or email.	Consent	Name, Contact Info, Appointment Schedule	Duration of care	Clinic Staff, Sms Provider	Yes Withdrawal allowed
Billing & Payments Processing of financial transactions, invoice generation, and payment records.	Contract	Name, Contact Info, Treatment Records, Payment Info	10 years	Clinic Staff, Payment Processor	No
HMO / Insurance Claims Sharing of treatment and billing information with HMO providers or insurance companies for claims processing.	Consent	Name, Date Of Birth, Treatment Records, Dental Chart, Billing Info	10 years	Hmo Provider, Insurance Company	Yes Withdrawal allowed
Referrals & Laboratory Sharing of clinical information with specialist referrals or dental laboratories.	Consent	Name, Dental Chart, Treatment Records, Xrays	Duration of care	Specialist Dentist, Dental Laboratory	Yes Withdrawal allowed
Marketing & Promotions Sending promotional materials, newsletters, special offers, and clinic updates.	Consent	Name, Contact Info, Email	Duration of care	Clinic Staff, Marketing Platform	Yes Withdrawal allowed
Analytics & Reporting Anonymized or aggregated data analysis for clinic performance, quality improvement, and operational reporting.	Legitimate Interest	Treatment Records, Appointment Data, Billing Data	Duration of care	Clinic Management	No Withdrawal allowed
Legal & Audit Retention Retention of records as required by Philippine law, professional regulations, and audit requirements.	Legal Obligation	All Patient Records, Consent Records, Billing Records, Audit Logs	10 years	Regulatory Authority, Legal Counsel	No

Your Rights Under RA 10173

As a data subject, you have the following rights:

Right to Be Informed

Know how your data is collected, used, and shared.

Right to Access

Obtain a copy of your personal data we hold.

Right to Correction

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data (subject to legal retention).

Right to Object

Object to processing based on legitimate interest.

Right to Blocking

Suspend or restrict processing of your data.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Damages

Claim compensation for damages from unauthorized processing.

To exercise any of these rights, please contact our Data Protection Officer at the clinic reception or through our official communication channels. We will respond within the timeframes prescribed by law.

Data Storage & International Transfers

Your personal data is stored and processed exclusively within Amazon Web Services (AWS) Asia Pacific — Singapore (ap-southeast-1). This region was selected for its proximity to the Philippines and compliance with applicable data protection standards.

Service	Purpose	Location
Database (Amazon RDS)	Patient records, clinical data, billing	Singapore (ap-southeast-1)
File Storage (Amazon S3)	Patient files, x-rays, avatars	Singapore (ap-southeast-1)
Email (Amazon SES)	Transactional notifications	Singapore (ap-southeast-1)
CDN (CloudFront)	Static assets only (no personal data)	Global edge (no PII cached)

Cloud service provider: Amazon Web Services, Inc. acts as a data processor under the AWS Data Processing Addendum. AWS maintains ISO 27001, ISO 27018, SOC 2, and HIPAA-eligible service certifications.

No cross-border transfer of personal data occurs. All persistent data remains within the approved hosting region. Should this change in the future, we will update this policy and ensure appropriate safeguards (such as Standard Contractual Clauses) are in place.

Contact & Escalation

For privacy-related concerns, data subject requests, or to report a potential data breach, contact our Data Protection Officer (DPO) at the clinic reception or through our official communication channels.

If you believe your data privacy rights have been violated, you may file a complaint with the National Privacy Commission (NPC) of the Philippines:

www.privacy.gov.ph
complaints@privacy.gov.ph

Privacy Notice v1.0 · Published May 2026

Back to home