1. DATA COLLECTION GMC collects personal data through various means, including but not limited to manual or electronic registration forms, emails, e-forms, attachments, and documents submitted by the data subject or affiliated entities. Personal data may be collected at the point of service in the Inpatient, Outpatient, and Emergency Room (ER) departments, or during other interactions with GMC’s services and platforms. 

The types of personal data we collect include: 

• Personal Information: Name, date of birth, gender, civil status, and affiliations; 

• Contact Information: Residential address, email address, mobile and landline numbers; 

• Medical Information: Medical history, physical and mental health records; 

• Employment Information: Government-issued identification numbers (e.g., SSS, TIN), job title, employment details; 

• Applicant Information: Educational background and employment history; 

• Academic Information: School records, grades, academic standing; 

• Supplier and Third-Party Provider Information: Company profile, DTI/SEC registration, business permits, licenses, BIR registration, and other documentation related to business engagement. 

GMC may also collect additional information necessary to comply with legal and regulatory obligations, or as may be relevant to the delivery of our services. 

2. PURPOSE OF DATA PROCESSING GMC processes personal data for the following legitimate purposes: 

• To fulfill its mandate as a healthcare service provider, and deliver effective and quality medical care to patients; 

• To act in the best interest of patients, service recipients, and their authorized representatives and companions; 

• To manage GMC’s administrative, operational, educational, and legal affairs, including regulatory compliance, internal audits, and quality improvement initiatives; 

• To comply with lawful orders and regulatory requirements imposed by government agencies such as the Department of Health (DOH), Philippine Health Insurance Corporation (PhilHealth), Bureau of Internal Revenue (BIR), and Local Government Units (LGUs). 

3. WEBSITE AND COOKIES POLICY GMC’s website may use cookies solely for the following purposes: 

• To enhance and personalize the user’s browsing experience; 

• To support social media functionality; • To troubleshoot website-related technical issues; 

• To analyze and monitor site traffic. 

GMC does not collect personal data through cookies for profiling, marketing, or other unrelated processing activities. 

4. DATA SHARING AND THIRD PARTIES 

GMC may share personal data with authorized affiliates or third-party service providers only in accordance with legally executed Data Sharing Agreements (DSAs) that clearly outline data protection responsibilities and confidentiality obligations. 

All data sharing is governed by the principles of transparency, proportionality, and legitimate purpose. 

5. DATA STORAGE AND SECURITY MEASURES 

GMC maintains personal data in both physical and electronic formats with appropriate organizational, physical, and technical safeguards in place: 

• Physical Records are kept in clearly labeled folders/envelopes and stored in locked cabinets or box files in designated secure areas; 

• Electronic Records are maintained in secure servers with high availability, regular backups, and system redundancies to ensure continuous data protection. 

Access to personal data is strictly limited to authorized personnel only, based on the principle of least privilege. 

6. DATA RETENTION GMC retains personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with applicable laws, rules, and regulations. This includes retention guidelines mandated by: 

• Bureau of Internal Revenue (BIR) 

• Department of Health (DOH) 

• Philippine Health Insurance Corporation (PhilHealth) 

• Local Government Units (LGUs) 

• Other relevant regulatory bodies. 

After the retention period, data is securely destroyed or anonymized in accordance with GMC’s data disposal policies. 

7. RIGHTS OF DATA SUBJECTS Data subjects have the following rights under the Data Privacy Act of 2012: 

• Right to be Informed 

• Right to Access 

• Right to Object 

• Right to Erasure or Blocking 

• Right to Rectification 

• Right to Data Portability 

• Right to Damages 

• Right to File a Complaint with the National Privacy Commission 

8. CHANGES TO OUR DATA PRIVACY STATEMENT 

We may modify or amend this Data Privacy Policy from time to time to keep up with any changes in relevant laws and regulations applicable to us or how we collect, use, protect, store, share, or dispose of your personal information. Any relevant updates will be posted on the GMC facility and website.