General Privacy Notice
This is St. Luke’s Medical Center’s (SLMC) general statement on its data processing activities to notify Data Subjects of categories of Personal Data processed and the purpose and extent of processing. This is not a consent form but a notification how SLMC processes Personal Data in its established practices and operations. SLMC may further provide specific privacy notices in line with specific activities or objectives.
- Acts of Processing
SLMC processes Personal Data to:
- Perform its obligations, exercise its rights, and conduct its associated functions as a healthcare service provider;
- Conduct all acts reasonably foreseeable and customarily performed by similar healthcare service providers;
- Decide and act for the holistic welfare of patients, service recipients, and their respective representatives and companions; and
- Manage and administer its internal and external affairs as a medical, educational, and research institution, and as a juridical entity with its own rights and obligations.
- Personal Data Collected
SLMC collects the following Personal Data, as may be applicable and necessary for its specific legitimate purposes:
- Personal details such as name, birth, gender, civil status and affiliations;
- Contact information such as address, email, mobile and telephone numbers;
- Medical information such as physical, psychiatric and psychological information;
- Employment information such as government-issued numbers, position and functions;
- Applicant information such as academic background and previous employments; and
- Academic information such as grades, course and academic standing.
- Collection Method
SLMC collects Personal Data physically through printed forms, attachments, and other documents required by its medical units and administrative offices, or electronically through electronic systems, electronic platforms, e-forms, email, or electronic submission of information directly by the Data Subject or by SLMC associates.
- Timing of Collection
SLMC generally collects Personal Data from Data Subjects upon entry to the hospital or at the onset of a service, or transaction with SLMC, such as medical care, medical consultation, laboratory service and health-related services.
- Purpose of Collected Personal Data
SLMC collects and processes Personal Data for the following purposes:
- Purposes necessary for SLMC to perform its obligations, exercise its rights, and conduct its functions as a medical, research, and training institution;
- Purposes to perform acts and decisions necessary for SLMC to manage and administer its internal and external affairs as a juridical entity with its own rights, interests and obligations;
- Compliance with legal, regulatory, administrative or judicial requirements including but not limited to audit, reporting and transparency requirements;
- Storage, Location, Transmission and Transfer of Personal Data
Personal Data are stored in physical and electronic data processing systems managed by groups, offices, and units of SLMC. Physical records are generally stored in folders or envelopes in drawers or shelves. Electronic records are generally stored in servers in the possession or control of SLMC or in cloud storage controlled or availed by SLMC.
Personal Data are transmitted and transferred in accordance with Chapter III of the Data Privacy Act of 2012 and Rule V of its Implementing Rules and Regulations.
- Method of Use
SLMC uses Personal Data proportionately as necessary for its legitimate purposes in accordance with SLMC Policies. Personal Data are used in accordance with the Data Privacy Act of 2012, issuances of the National Privacy Commission and the Department of Health.
- Retention Period
SLMC retains data in accordance with its policies on retention observing laws and government rules and regulations. In the absence of an applicable rule of retention, Personal Data shall be retained by SLMC group, office, or unit in accordance with locally and internationally accepted practices and standards.
IX. Participation of patients, service recipients, and their respective representatives and companions
- SLMC patients, service recipients, and their respective representatives and companions have the following rights with respect to their Personal Data:
- Right to be informed, except for internal data;
- Right to access and data portability, subject to reasonable requirements;
- Right to rectification, erasure, and blocking. However, services may be affected by changes in or lack of data; and
- Right to file a complaint. SLMC’s Data Protection Office and Patient Experience Group are continually open to resolve concerns.
- Keep up to date all Personal Data and other information submitted to or in the possession of SLMC;
- Respect the data privacy rights of all Data Subjects;
- Report any suspected Security Incident or Personal Data Breach to SLMC through the contact information of SLMC Data Protection Office provided herein;
- Ensure accuracy of Personal Data and other information;
- Obtain the consent of the Data Subject prior to processing of personal information;
- Not disclose to any unauthorized party any non-public confidential, sensitive or personal information obtained or learned in confidence directly or indirectly through SLMC; and
- Abide by the policies, guidelines and rules of SLMC on data privacy, information security, records management, research and ethical conduct, and from time-to-time, check for updates on these policies, guidelines and rules and ensure compliance therewith.
Inquiries and concerns on data privacy may be directed to SLMC Data Protection Office:
St. Luke’s Medical Center (Quezon City)
279 E. Rodriguez Sr. Ave., Kalusugan 4, Quezon City
St. Luke’s Medical Center (Global City)
Rizal Drive corner 32nd Street and 5th Avenue, Bonifacio Global City, Taguig
Quezon City: 8-723-0101 local 4996
Global City: 8-789-7700 local 5531
“Personal Data” refers to all types of personal information, sensitive personal information and privileged information under the Data Privacy Act of 2012 and its Implementing Rules and Regulations.
“Data Subject” refers to an individual whose personal information is processed.
“Personal Information” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.