Employees & Consultants Privacy Policy

(+632) 8716 - 3901 to 20
46 P. Sanchez Street, Brgy 606, Manila City, Metro Manila 1016

This statement describes why your personal information is collected, how your personal information may be used and disclosed, and how you can get access to this information.

1. Our Service

Our Lady of Lourdes Hospital-EHMC (the"Hospital") is committed to providing quality health and related services to you and this policy outlines our ongoing obligations to you in respect of how we manage your personal information. In order to ensure the safety and confidentiality of your personal data, the Hospital has developed a Privacy Policy that aims to ensure that all appropriate standards for personal information protection in compliance with Republic Act No. 10173 (or the Data Privacy Act of 2012 or "DPA"), its implementing rules and regulations and other applicable and related laws and regulations, including the issuances of the National Privacy Commission (the "NPC") (collectively, the "Privacy Laws") are put in place and implemented efficiently and effectively. This Privacy Notice ("Notice") seeks to notify and inform you of our policies regarding the collection, use and disclosure of personal information we receive from our patients and customers.

2. Your Personal Information under this Notice

Under the DPA, your Personal Information includes any information, whether recorded in a material form or not, from which your identity is apparent or can be reasonably and directly ascertained by the entity holding the information. Your Personal Information also includes sensitive Personal Information, which refers to the following:

a. Your name, address(es), email address(es), phone number, race, marital status, age, and religious affiliations, educational attainment;

b. Your health;

c. Your fingerprint (biometrics);

d. Personal identifiers issued by a government agency such as PhilHealth Number, Social Security Number, PAGIBIG, BIR and insurance details peculiar to you (as mentioned above); and other information established by law to be kept classified.

3. How and when we collect your Personal Information

Your Personal Information may be obtained in many ways, including through medical consultations/interviews, from information forms, correspondences, surveys, by telephone and fax, e-mail, by employment application, employee profile and information update. Most of the Personal Information we have are those that you have given us yourself.

You provide us your Personal Information when you:

a. Avail of, or apply for our services, employment opportunities and update your records by filling-out employee/employment application forms (e.g. employment application form, employee profile, ID application form, employee dependent form) and biometrics enrollment, as well as when you provide your health information (e.g. medical certification) to our human resource representatives;

b. Contribute to research, answer surveys, or participate in various activities sponsored by us or other organizations on our behalf such as symposia, conferences and focus group discussion.

c. Join in any corporate programs and activities as audience or participant.

4. Why we collect your Personal Information

We will only use your personal confidential data with your consent or if there is a legal requirement to do so. For information that may identify you, we would only use them in accordance with the:

a. Data Privacy Act (DPA) of 2012 - the DPA requires us to collect and retain personal information only for specified and legitimate purpose, and when necessary to protect life and health;

b. The Labor Code of the Philippines - Presidential Decree No. 442;

c. The Civil Code of the Philippines - Republic Act No. 386, Art. 428;

d. Other acts that require enrolment of members and beneficiaries for them to avail of benefits, medical assistance, financial arrangements provided by the company:

1. The Social Security Act of 1997- Republic Act No. 8282;

2. The National Health Insurance Act of 2013 - Republic Act No. 10606;

3. National Health Insurance Act of 1995 and PhilHealth Circulars;

4. Home Development Mutual Fund (HDMF) Law of 2009 - Republic Act No. 9679; and

5. National Archives of the Philippines Act of 2007 - Republic Act No. 9470.

We collect your personal information for employment-related purposes and documentary purposes needed for quality improvement, regulatory and accreditation requirements. With respect to your participation to any activities and programs initiated by the company, your personal information is used for event documentation, and promotion.

Likewise, the records that we gather shall be used solely for verification, profiling and employee data management, and for us to perform our legal obligations as Employer. We will also provide information to our third parties that you authorize, such as but not limited to:

a. Banks;

b. Utility Services;

c. Government Agencies e.g SSS, PhilHealth, PAGIBIG; and

d. DOLE, if necessary.

5. Use and Processing of Personal Information

The employment information and records may be processed manually/or electronically. You may withdraw your consent (subject to the applicable Privacy Laws) to the processing of your Personal Information at any time by contacting us verbally or in writing, such withdrawal shall be documented.

We may also use your Personal Information secondarily, in circumstances where you would reasonably expect such use or disclosure of your Personal Information. Below are the general categories of the purposes for which we collect and process your Personal Information:

a. Performance of a Legal Obligation: Under the law, the Hospital is required to share your Personal Information to government authorities for some instances or for legal purposes.

b. Employee/Consultant Database: Under employment, the hospital shall gather, collect and store information to be used in the following legitimate purpose:

1. To record employment and document engagement of an employee with the organization;

2. To analyze workforce composition to be used in corporate studies and program such as but not limited to demographics study, which will be used internally for decision making and/or shared to government agencies that has a legal mandate to collect such information, as well as to the Metro Pacific Hospital Holdings Inc., where Our Lady of Lourdes Hospital is part of.

3. To record information that may be used in benefits processing and other related purposes;

4. To serve as reference for any background checks by any third parties that the employee may have authorized or consented;

5. To use in attendance monitoring and payroll processing; and

6. To promote services and specialization in case of doctors/consultants.

c. Employment Background Check: as part of recruitment process, the Human Resource and Organizational Development Division may conduct back ground check based on the previous employer as declared by applicants in their Application form for validation and employment purposes.

d. Documentation/Promotion: Under your participation in any programs or activities, the company may use the information to document attendance and promote such activities.

Other uses and disclosures of your Personal Information

Outside of the purposes stated above, other uses and disclosures of your Personal Information will be made only with your expressed authorization, unless we are otherwise permitted or required by law. This includes the disclosure of your Personal Information pursuant to an order of a court or tribunal, or when such disclosure is required under existing laws and regulations.

6. Who has access to your Personal Information

For employees, the following may have an access related to your personal information (name, age, sex, and civil status), employment record, and training and performance evaluation:

a. Authorized personnel/staff of HROD; and

b. Your Division Head.

For the record of your participation in any programs/activities, the following may have an access to your proof of attendance (pictures, name):

a. Authorized personnel/staff of HROD;

b. Authorized Event/Program Organizers; and

c. Your Division Head.

7. Retention Period, Storage, Disposal/Deletion

All information gathered from applicants and employees shall be retained on the active file on the following duration:

a. Applicants (failed, discontinued and pooling): Applicant information and record received by HR will be kept in HR Archives for 6 months. After this, they shall be disposed and shredded.

b. Employees:

1. Active: Employee information and record will be kept in HR 201 file and Personnel Information System (PIS).

2. Resigned/ Terminated/ Ended Contract:

a. Employee information and record will be kept in HR Archives and PIS for 15 years.

b. Biometrics record will be deleted within 1 week after the effectivity of resignation or end of contract.

8. Your rights to your personal information

You are afforded certain rights under the Privacy Laws, particularly the DPA. We would like to ensure that we have your consent to continue to collect, use and disclose your personal information for the purposes identified in this Notice. You have the right to be informed of these specific rights, to object to the processing of your Personal Information, to access, update and correct the same and to withdraw your consent and/or edit your consent preferences at any time.

If you wish to have access to your Personal Information in our records, or you think that it is incomplete, not up-to-date or otherwise inaccurate, or have any queries or complaints about our Privacy Policy, you may get in touch with our Data Protection Officer through the contact details provided below.

Your rights to your personal information are provided in Chapter IV of the Data Privacy Act of 2012 which you may access here (https://privacy.gov.ph/data-privacy-act/).

9. Our undertakings regarding your personal information

The Hospital creates and maintains a record of your Personal Information in its offices and this Notice applies to your Personal Information that we collect. Pursuant to the DPA, we undertake to protect your Personal Information.

The Hospital is required to protect your Personal Information, and to process the same only in accordance with the following data privacy principles:

a. Transparency: We are obligated to inform you of the nature, purpose, and extent of our processing of your Personal Information, including the risks and safeguards involved, the identity of the persons involved in the processing of your personal data, your rights as data subject, and how these rights can be exercised.

b. Legitimate purpose: We will only process your Personal Information for a legitimate purpose, compatible with our declared and specified purposes, and not contrary to law, morals, and public policy.

c. Proportionality: The processing of your Personal Information shall be adequate, relevant, suitable, and necessary, and not excessive in relation to the declared and specific purposes.

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification, or disclosure. We strictly enforce our Privacy Policy and put in place technical, organizational, and physical security measures that are designed to protect your Personal Information from unauthorized access, use, alteration, and disclosure.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify or anonymize the same. However, most of the Personal Information are or will be stored in files which will be kept by us for the minimum period provided under existing laws and regulations.

10. How to access your personal information

You may access your Personal Information and update and/or correct it, subject to certain exceptions. If you wish to access the same, please contact us in writing and we will respond within a reasonable time. Please take note that our ability to respond to your request may also depend on the collection of your Personal Information.

We will not charge any fee for your access request, but may charge a reasonable administrative fee (patients) for providing a copy of your Personal Information.

11. Changes to this Privacy Notice and Privacy Policy

From time to time, we may change or update our Privacy Notice, Privacy Policy and practices to comply with government and regulatory requirements, to adapt to new technologies and protocols, to align with industry practices or for other legitimate purposes.

You will be provided notice if these changes are significant and, if we are required by law, we will take steps to obtain your updated consent.

12. Inquiries

If you have any questions about this Notice, you may contact the Hospital's Data Protection Officer:

Data Protection Officer. 46 P. Sanchez St. Sta. Mesa Manila. Phone numbers - (02) 8716-3901 to 20 local 2401. Email address: dpo@ollh.ph

You may also contact the National Privacy Commission with the following contact details:

National Privacy Commission. 5th Floor Delegation Building, PICC Complex, Roxas Blvd, Pasay,
Metro Manila. Phone numbers - 09451534299 (Globe)/ 09399638715 (Smart).
Web address: privacy.gov.ph