Belo Medical Group (BMG) understands the importance and sensitivity of your personal data, hence, we are committed to protect your personal data and sensitive medical information. BMG ensures that all appropriate standards for personal data privacy and protection are compliant with Republic Act No. 10173 or the Data Privacy Act of 2012 (“DPA”) and its Implementing Rules and Regulation. This Privacy Notice embodies how we may collect, use, disclose and dispose your personal data or sensitive information as well as your rights as owners of this personal data. The entire BMG workforce and other affiliated health care providers including organizations controlled, owned and affiliated with BMG are committed to protect your personal data from collection to disposal.
BMG Website Privacy Notice
Scope
This Privacy Notice applies to the Personal Information we collect on the website, social media accounts, e-mails and Belo applications.
Prior to, and while providing our services, we may ask you to provide us with certain Personal Information, Sensitive Personal Information and Financial Details. These Personal Data may include, but are not limited to, information which may be used for the following:
Basic Personal Information, such as, Full Name, Nickname, Home/Shipping addresses, Email Address, employment information, telephone or other personal contact numbersfor identification purposes, billing and receipt of payment for services rendered.
Sensitive personal information, such as, Age, Nationality, marital status, gender, and health or your medical background (for the purposes of diagnosis or treatment of your skin or aesthetic condition, for quality improvement and coordination of care, training, research).
Financial details, such as, Bank Account, credit card, and debit card information you have provided as a result of our transaction. You are responsible for ensuring that all data, whether personal information, sensitive personal information or privileged information, you submit to BMG are accurate, complete and up-to-date.
Manner of Collection
Your Personal Data may be obtained in various ways such as interviews for application and medical assessment, correspondence by telephone, by email, via our website www.belomed.com and from third parties.
However, most of the personal data we obtain are those that you have given to us yourself. You provide us personal data when you:
Avail of, or apply for, our services by filling out application forms or other information forms through any of our available channels (e.g., online, upon admission, or through our medical personnel and representatives);
Get in touch with us to inquire about our products and services, file a complaint, or request for service;
Take part in our research and surveys;
When you apply for job with us.
Purpose of Data Collection
The following are our purpose/s for collecting your personal data:
To process your booking and other incidental request;
To contact you about your booking and other arrangements;
To process your payment and/or refund;
To personalize your Belo experience or provide services tailored to your requirements;
To ensure the safety and security of all the patients, including investigating security and screening issues;
To facilitate your participation in all Belo programs and promotions;
To conduct marketing activities including sending out of email and SMS, for our products and services and to conduct market and other research to improve our products, services and marketing activities;
To process remediation and other applicable legal remedies (internal and external) inclusive of endorsement of your account to external legal counsel; and
To update our records and keep your contact details and billing address up to date to allow us to communicate with you in case of emergencies, sending out advisories and inform you of programs and activities of BMG
To process your job application.
Legal Bases for Processing
Consent – processing for marketing activities/job applications
Contractual Agreement – processing for non-medical/aesthetic treatments/Belo Shop
Medical Treatment – processing is done by medical practitioners for treatment purposes, with proper safeguards in place.
We take appropriate organizational, physical and technical security measures to protect your personal information and data from loss, misuse, unauthorized access, disclosure, alteration, and destruction, considering the risks involved in the processing and the nature of the personal information and data.
Data Sharing
As a general rule, we are not allowed to share your personal data to third party except in limited circumstances as listed below. By giving your consent, you authorize BMG to disclose your personal data to accredited, affiliated third parties or independent/non-affiliated third parties in any of the following circumstances:
As necessary for the proper execution of processes related to the purposes declared in this Privacy Notice.
The use or disclosure is reasonably necessary, required or authorized by and under law (such as for criminal investigation, as requested by the court of law).
This means we might provide your personal data to the following:
Our affiliates, subsidiaries, partner companies, organizations or agencies including their subcontractors or prospective business partners that act as our service providers and contractors;
Law enforcement and government agencies;
All third parties, with which we share this personal data are required to use your personal data in a manner that is consistent with this Privacy Notice.
However, these companies may only use such personal data for the purposes disclosed in this Privacy Notice and may not use it for any other purpose. In such cases, we ensure that your Personal Data or Medical Information are disclosed with strict adherence to the principles of data privacy and confidentiality.
Storage and Retention
We store your personal data in our computers and servers which are kept in a secure environment. We may also store your personal information with cloud-based third-party data storage providers. We shall ensure that proper measures are adopted to protect your information.
Your Personal Data or Medical Information will be stored in files which we will keep for up to Ten (10) years.
Disposal of Personal Data
When your Personal Data or Medical information is no longer needed for the purpose for which it was obtained, hard copies shall be disposed of through shredding, and digital files shall be permanently de-identify or anonymized.
Rights of the Data Subject
You have the right to be informed that your personal data will be, are being, or were, collected and processed.
You have the right to access or obtain confirmation on whether or not your data is being processed by the organization or obtain a copy of any information relating to you that we have on our manual filing system.
You have the right to object to the collection and processing of your personal information for direct marketing, profiling, or in cases of automated processing. You can also object to the processing of your personal data where such processing is based on consent or legitimate interest.
You have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data upon discovery and substantial proof of any of the following: 1) The personal data is: a) incomplete, outdated, false, or unlawfully obtained; b) used for an unauthorized purpose; c) no longer necessary for the purpose/s for which they were collected; or d) concerns private information that is prejudicial to you, unless justified by freedom of speech, of expression, or of the press, or otherwise authorized; 2) You object to the processing, and there are no other applicable lawful criteria for processing; 3) The processing is unlawful; or 4) The PIC or PIP violated your rights as data subject.
You have the right to dispute the inaccuracy or error in your personal data and have it corrected by the personal information controller (PIC) within a reasonable period of time.
You have the right to data portability which allows you to obtain and electronically move, copy or transfer your data in a secure manner, for further use.
You have a right to file a complaint with the National Privacy Commission if you feel that your personal information has been misused, maliciously disclosed, improperly disposed, or that any of your data privacy rights have been violated.
You may claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data.
If you wish to access, update your Personal Data / Medical Information or if you have queries, complaints, suggestions regarding about our Privacy Statement /Privacy Notice, you may reach us through the following contact details:
Address to: Data Protection Officer Mail to Address: Belo Medical Group #49 Connecticut St., Northeast Greenhills, San Juan City 1503 Telephone: 8539-5901 loc 8120 Email: dpo-ibssi@belomed.com
Complaints Procedure
To assist BMG in dealing with a customer complaint, the customer must provide the following information:
Full Name
Contact details
A clear copy of your 2 valid Identification
Name of officer, employee (and his/her division) who processed your personal data
Details of Complaint
Time frame over which the suspected wrong doing occurred
Documentary evidence in support of the complaint
Upon receiving your complaint, BMG’s respective Data Protection Officer and/or Compliance Officer for Privacy shall confirm that the complaint shall be investigated and provide an estimate time of how long you should expect to wait to receive a full response. While BMG endeavors to respond as promptly as possible, response time will vary depending on the nature of the complaint.
The Data Protection Officer and/or the Compliance Officer for Privacy shall liaise with the relevant departments to investigate any complaint and shall notify the complainant of the result of the investigation and/or action/s taken as part of the complaint in writing within reasonable period of time.
Changes to Privacy Notice
From time to time, we may change or update our privacy notice to comply with government regulatory requirements, to adapt to new technologies and protocols, to align with industry practices, or for other legitimate purposes.
