Privacy Policy
1. Introduction
Medicare Plus, Inc., and our affiliates, subsidiaries, and partners (collectively referred to as “Medicare Plus”, “we”, “us”, “our”) set out our commitment to collect and process personal information and sensitive personal information (collectively, “personal data”) in accordance with the applicable laws and regulations on data privacy, including the Philippine Data Privacy Act of 2012 and its implementing rules and regulations.
This Privacy Policy (“policy”) expresses our respect for your privacy in doing our business. It explains how we may collect, use, and disclose information that we obtain through our website and online services and the choices you can make about the handling of the information. It explains how we implement that commitment, and the terms and conditions under which we collect and process personal data. In processing and handling your personal data, we seek to adhere to the general privacy principles of transparency, legitimate purpose, and proportionality, and such other relevant principles in the collection, processing, and retention of personal data as required by applicable law.
This policy, and any updates, amendments or supplements thereto, is available at Medicare Plus’s website at shop.medicareplus.com.ph
2. Definition
“Business Day” means any day that Philippine banks are open for business in Makati City.
“DPA” means the Data Privacy Act of 2012 and its implementing rules and regulations, as well as the circulars issued by the National Privacy Commission from time to time
“person” means any natural or juridical person.
“personal data” means personal information and sensitive personal information.
“personal information” refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an individual;
“policy” means this data privacy policy as may be amended, modified or supplemented from time to time.
“processing” refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating, or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system.
“sensitive personal information” refers to personal information: (1) about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; (2) about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings; (3) issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; or (4) specifically established by an executive order or an act of Congress to be kept classified.
“payment gateway” refers to an ecommerce service that processes credit card payments for online and traditional brick and mortar stores.
3. Confidentiality under Philippine Law
Information that we receive from clients, merchants, and their transaction are generally protected as privileged communications, and covered by our responsibility to keep that information confidential. We diligently observe this professional obligation and we note that local law, regulations, and authorities permit disclosure of such information under certain conditions, as when the information has become public.
4. Exemptions
This Policy does not apply to the following information:
1.Information processed for the purpose of allowing public access to information that fall within matters of public concern, pertaining to:
a. Information about any individual who is or was an officer or employee of government that relates to his or her position or functions
b.Information about an individual who is or was performing a service under contract for a government institution, but only insofar as it relates to such service, including his name and the terms of his contract; and
c.Information relating to a benefit of a financial nature conferred on an individual upon the discretion of the government, such as the granting of a license or permit, including the name of the individual and the exact nature of the benefit: Provided, that they do not include benefits given in the course of an ordinary transaction or as a matter of right.
2.Personal information that will be processed for research purpose, intended for a public benefit, subject to the requirements of applicable laws, regulations, or ethical standards; and
3.Information necessary in order to carry out the functions of public authority, in accordance with a constitutionally or statutorily mandated function pertaining to law enforcement or regulatory function, including the performance of the functions of the independent, central monetary authority, subject to restrictions provided by law.
5. How we collect and process personal data
For our Users, as they inquire and place their information on their website, we obtain the following types of information.
1.Personal information. All our inquiries are required to provide their basic information
2.Use of the service. We collect information as you browse our website and take certain actions. This information includes the links you click on; the type, size and filenames of attachments you upload to the services, content using analytics techniques that hash, filter or otherwise scrub the information. We also collect clickstream data about how you interact and use features of the service.
3.Device information. We collect information about your computer, phone, tablet or other devices you use to access the services including but not limited to browser type, IP address, device identifiers, and crash data. We will also use your IP address and/or country preference to provide you with better services.
6. Other information we collect.
We may receive information, without limitation, from the following:
1.Designated Entities. Our partners may provide us with the names, email address, and other information of their clients.
2.We collect certain information by automated means such as cookies, web beacons and web server logs. The information collected in this manner includes IP address, browser characteristics, device IDs and characteristics, operating system version, language preferences, referring URLs, and information about the usage of our Service. We may link this data to your profile. You may be able to change browser settings to block and delete these services when you access the Service through a web browser. However, if you do that, the Service may not work properly.
3.Our partners may collect your information in order to show you ads that may interest you. Wherever it is required by applicable law, we will request your consent to collection of such information.
7. Purposes of Collection
We collect and process personal data for which you have provided the data or made it otherwise available to us or to the public, and to enable us to fully and efficiently achieve those purposes,as allowed by applicable law, and to:
a. Provide and improve the services offered by Medicare Plus
b. Use as authentication detail fo verification and account-related processes.
c. Verify accounts and activities and to monitor suspicious or fraudulent activities and to identify violations of policy and to prevent potentially illegal or prohibited activities
d. Process your payment transaction in case of online payments thru accredited online payment gateway platforms
e. Comply with and enforce applicable legal requirements, industry standards and policies
f. Communicate Service-related purposes and expand business relationship
g. De-identify or aggregate data collected through the Service and use and disclose for any purpose
h. Comply with and exercise our rights under contracts and agreements, and the law, as may be required by our operations and in pursuit of our legitimate business and commercial objectives
i. Allow audits and diligence for compliance and other review by advisers or third parties.
j. Fulfill other purposes to which you have consented, which would be reasonably expected by you, or which are otherwise authorized or required by law.
We may share your information, as permitted by applicable law, which includes the sharing of your information in the following ways:
k. We may share your information with service providers and vendors who assist us with the delivery of our Service.
l. We may share your information with other financial institutions, trade bodies, anti-fraud organizations and law enforcement agencies for the purposes of identifying and preventing fraud, money laundering, terrorist financing and other financial crimes.
m. We may share personal information with several future affiliates and subsidiaries.
n. If we are required to do so by law or legal process or to comply with the law, or when we believe, in our sole discretion, that the disclosure of personal information is appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity or to investigate violations of our Terms and Conditions.
o. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such transaction.
8. Consent and other lawful criteria for collection and processing
Where you have provided us with your personal data through any of the interactions mentioned in, in providing or making available the personal data, you agree and consent to our collecting, using, disclosing, sharing and otherwise processing the personal data for the Purposes, and in the manner and under the terms and conditions, in this Policy.
Applicable law allows us to process your personal data in accordance with other criteria or where the data is not covered by the DPA
9. Method of Collection and Processing
We utilize standard manual and computerized methods and systems to file, store and process personal data. Collection and processing of personal data will be undertaken in accordance with the principles set out in this Policy and as required by law.
We will store and retain personal data for such period as may be required by applicable law or as may be needed to enable us to fully and efficiently achieve the Purposes.
10. Amendments
We may amend or update this Policy. You agree to be bound by the prevailing terms of this Policy as updated from time to time, upon the amendment or supplement being published on our website or otherwise advised to you.
11. Rights of Data Subjects
Under the DPA, data subjects have the following rights:
1. Right to object
As a data subject, you have the right to indicate your refusal to the collection and processing of your personal data, including processing for direct marketing, automated processing, or profiling. You also have the right to be informed and to withhold your consent to further processing in case there are any changes or amendment to information given to you. Once you have notified us of the withholding of your consent, further processing of your personal data will no longer be allowed, unless:
a. The processing is required pursuant to a subpoena, lawful order, or as required by law; or
b. The collection and processing is undertaken pursuant to any lawful basis or criteria indicated under this Policy.
2. Right to access
Upon your request, you may be given access to your personal data that we collect and process. You also have the right to request access to the circumstances relating to the processing and collection of your personal data, insofar as allowed by law.
3. Right to rectification
You have the right to dispute any inaccuracy or error in your personal data and may request us to immediately correct it. Upon your request, and after correction has been made, we will inform any recipient of your personal data of its inaccuracy and the subsequent rectification that was made.
4. Right to erasure or blocking
In the absence of any other legal ground or overriding legitimate interest for the lawful processing of your personal data, or when there is substantial proof that your personal data is incomplete, outdated, false, or has been unlawfully obtained, you may request us to suspend, withdraw, or order the blocking, removal, or destruction of your personal data from our filing system. We may also notify those who have previously received your processed personal data.
5. Right to damages
You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your rights and freedoms as a data subject, as provided by law.
6. Right to data portability
In case your personal data was processed through electronic means and in a structured and commonly used format, you have the right to obtain a copy of your personal data in such electronic or structured format for your further use, subject to the guidelines of the National Privacy Commission with regard to the exercise of such right.
7. Transmissibility of rights of the data subject
We wish to advise you that upon the passing of a data subject, or in case of a data subject’s incapacity or incapability to exercise legal rights, the data subject’s lawful heirs and assigns may invoke the data subject’s rights in place of the data subject.
8. Limitation on rights; manner of exercising
The rights mentioned under this item are not applicable if personal data are processed only for scientific and statistical research purposes, and without being used as basis for carrying out any activity or taking any decision regarding you as the data subject. Your rights as a data subject are also subject to other limitations provided by law.
The law requires you to exercise your rights as described in this Policy in a reasonable and non-arbitrary manner, and with regard to rights of other parties.
All requests, demands, or notices which you may make under this Policy or applicable law must be made in writing, and will only be considered made and received if sent in accordance to this Policy.
12. Security
We have taken appropriate security measures to protect your personal data against unauthorized access or unauthorized alteration, disclosure, or destruction. These measures include internal reviews of our data collection, storage, and processing practices, as well as physical security measures to protect your information against unauthorized access. As part of our efforts to ensure your information is protected, we restrict access to personal data to personnel who would need that information to perform their functions.
13. Breaches
We will comply with the relevant provisions of rules and circulars on handling personal data security breaches, including notification to you or to the National Privacy Commission, where an unauthorized acquisition of sensitive personal information or information that may be used to enable identity fraud has been acquired by an unauthorized person, and is likely to give rise to a real risk of serious harm to the affected data subject. Please note that under applicable law, not all personal data breaches are notifiable.
14. Data Protection Officer
The Data Protection Officer (DPO) is the individual principally responsible for ensuring compliance with applicable laws and regulations for the protection of data privacy and security. The DPO is responsible for the supervision and enforcement of this Policy, and the relevant contact details are as follows:
Manuel F. Deldio
Counsel for Medicare Plus
Roll of Attorneys No. 65926
PTR. No. 6699377; Makati City; 02/27/2018
IBP No. 033576;
Makati City; 02/20/18
MCLE Compliance No. VI-0006749
E: manuel@deldiolaw.com
15. Inquiries
For any inquiry related to this Policy, please contact our Data Protection Officer through the contact details indicated above.
All requests, demands or notices which a data subject may send or submit to us under this Policy must be in writing, should be addressed to the Data Protection Officer using the contact details above, and will be deemed duly given (i) on the date of delivery if delivered personally, (ii) on the third Business Day following the date of sending if delivered by a nationally recognized next-day courier service and the service has confirmed delivery, or (iii) if given by electronic mail, when such electronic mail is transmitted to the email address specified above and the appropriate confirmation has been received by the sender via email.
To see our Terms and Conditions, click here.