Privacy Policy

We, SugboDoc Technologies Inc. (“SugboDoc”) are committed to providing you with a delightful experience. We understand the importance of your information and want you to know that you can trust us to protect it. We respect and value your data privacy rights and ensure that all personal data collected from you, our clients, and customers, are processed in adherence to the general principles of transparency, legitimate purpose, and proportionality. This Privacy Policy is hereby adopted in compliance with Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and other relevant policies, including issuances of the National Privacy Commission (NPC).

We may process your information using artificial intelligence (AI) for various purposes, including:

1. Clinical Decision Support: AI is used to assist practitioners in making informed clinical decisions.

2. Machine Learning: Diagnostic images uploaded by patients, care teams, or medical personnel may be processed to improve diagnostic accuracy and develop new medical insights.

3. Natural Language Processing: Your medical records and other clinical documentation may be processed to automate the creation of prescriptions, clinical notes, and other healthcare-related documentation, enhancing efficiency and reducing errors.

This use of AI and machine learning technologies is intended to enhance the quality and efficiency of healthcare services provided to you.


Scope

1. This Privacy Policy enumerates SugboDoc’s policy in relation to the collection, use, storage, sharing and disposal of all personal data processed by the organization in accordance with the Data Privacy Act, its Implementing Rules and Regulations, and all related issuances of the National Privacy Commission.

2. SugboDoc maintains the right to amend and/or modify this document to comply with any future developments in data privacy regulations where applicable and to reflect any changes in the organization’s policies and/or personal data processing activities.

3. This Privacy Policy applies, in general, to all personal data processing activities conducted by SugboDoc including, but not limited to, the collection, use, storage, sharing and disposal of all personal data about our clients and customers.


Definition of Terms

1. Anonymization: Refers to the processing of data to render it in such a way that the data subject is not or no longer identifiable.

2. Consent of the data subject: Refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her. It may be given on behalf of the data subject by an agent specifically authorized by the data subject to do so.

3. Data Subject: Refers to an individual whose personal data is processed. This includes, among others, the clients, users and/or customers of SugboDoc.

4. Data Sharing: Refers to the disclosure or transfer to a third party of personal data under the control or custody of a personal information controller. The term excludes outsourcing, or the disclosure or transfer of personal data by a personal information controller to a personal information processor.

5. Processing: Refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.

6. Personal Information / Personal Data: Refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

7. Personal Information Controller: Refers to any person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.

8. Personal Information Processor: Refers to any qualified natural or juridical person to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.

9. Sensitive Personal Information: Refers to personal information (a) About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; (b) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; (c) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and (d) Specifically established by an executive order or an act of Congress to be kept classified.


The Collection and Use of Personal Data

1. We collect the following personal data from our clients and customers:

a. Basic Personal Information: Name, address, and contact details are collected for identification and communication purposes.

b. Medical Records and Information: We collect medical history, service requests, examination results, diagnostic imaging, laboratory tests, and other pertinent healthcare data uploaded or provided by physicians, healthcare personnel, patients, and their care teams.

c. Telemedicine Consultation Data: Videos, audios, and digital photographs recorded during telemedicine consultations are gathered to facilitate remote healthcare services.

d. Government-Issued Identifying Information: Details from government-issued IDs are collected to verify identities and ensure compliance with regulatory requirements.

e. Financial Information: Credit card, debit card, e-wallet, and other payment-related data are collected for transactional purposes and financial record-keeping.

f. Website and Social Media Usage Information: Information about website visitors and users of our digital platforms and mobile applications, including social media profiles, browsing activities, IP addresses, services procured, and visited links, may be collected to enhance user experience and optimize service delivery.

g. Practitioner Information: We also collect information about our practitioners, including their professional licenses, diplomas, education certificates, specialization certificates, and other relevant credentials. This data ensures the qualification and competence of our healthcare providers.

h. Healthcare Facility Registration Information: Additionally, we collect information about healthcare facility registration to ensure compliance with local regulations and to facilitate seamless coordination between healthcare facilities and our services.

2.We collect the personal data for the following reasons:

a. Service Fulfillment: Personal data is utilized to fulfill contractual obligations to our clients and customers. This includes providing SugboDoc services, verifying identities, facilitating communication, maintaining customer relations, processing payments, and ensuring compliance with legal requirements.

b. Administrative and Promotional Activities: Contact information may be used for administrative purposes, such as customer service and notifications. Additionally, we may utilize this information for promotional activities related to SugboDoc services and offerings. Recipients have the option to opt-out of promotional communications.

c. Enhancing Healthcare Practices: We may employ artificial intelligence and machine learning technologies to enhance diagnostic accuracy, gain novel medical insights, and ultimately improve healthcare outcomes. All AI-assisted processes undergo review by licensed physicians and practitioners to ensure quality and reliability.

d. Streamlining Administrative Processes: Leveraging AI capabilities, we may automate prescription processes and clinical documentation, thereby streamlining operations, enhancing operational efficiency, and minimizing errors.

e. Research and Analysis: SugboDoc actively engages in research, analysis, and statistical reporting to elevate service quality, uncover new insights, and contribute to advancements in healthcare.

f. Supporting Public Health Initiatives: Collaboration with public health agencies supports population health initiatives, such as disease surveillance and healthcare planning. Personal data may be utilized for research, analysis, and reporting aimed at improving public health outcomes.

g. Insurance and Payer Claims Processing: Personal data is processed for insurance and payer claims processing to facilitate reimbursement for healthcare services rendered, ensuring compliance with insurance policies and regulations.

h. Third-Party Processing: We may engage third-party service providers, such as cloud storage vendors and analytics firms, for data processing purposes. These providers are contractually obligated to handle personal data in accordance with SugboDoc’s Privacy Policy and applicable data protection regulations.

2. We collect and process personal data in the following manner:

a. We directly collect personal data from our clients and customers when they register to avail of our services. For personal data that falls under the definition of sensitive personal information, we obtain the data subject’s express and affirmative consent through our Website or mobile application before we collect and process the information.

b. We obtain personal data automatically from clients and customers when they visit our Website, social media profiles, digital platforms, and/or mobile applications.

c. We may obtain personal data indirectly from physicians and other health care and medical workers who invite their patients to use our services.


The Disclosure of Personal Data

We do not sell or disclose the personal data we process to third parties without the consent of data subjects unless we are legally required to do so; if it is necessary to fulfill the purposes for which we process personal data as mentioned above; or if such action is necessary to protect, defend and/or enforce our rights, property or the personal safety of our employees and other individuals. We only permit our authorized personnel and our customer’s physician/s and their registered representatives to access or process your personal data. We restrict access to such information to our authorized personnel, contractors, and agents who need to know such information in order to process it for us, who are subject to strict contractual and technical safeguards, and are accountable if they fail to meet these obligations.

Our authorized contractors who provide outsourced functions include, among others:

a. Cloud storage systems to meet the company’s storage management requirements;

b. Video Call Provider;

c. Product Analytics;

d. Electronic Mail Provider; and,

e. SMS Provider.


The Rights of Data Subjects

1. Right to be informed: As a data subject, you have the right to be informed that your personal data shall be, are being, or have been processed. This right also requires personal information controllers to notify you within a specific period of time if your data has been compromised, i.e. in the case of a personal data breach.

2. Right to access: You have the right to gain reasonable access to your personal data upon request. You may request access to the following:

a. Contents of your personal data that were processed;

b. Sources from which they were obtained;

c. Names and addresses of the recipients of your data;

d. Manner by which such data were processed;

e. Reasons for disclosure to recipients, if there were any;

f. Information on automated processes where the data will or likely to be made as the sole basis for any decision which would significantly affect you;

g. Date when your data was last accessed and modified; and,

h. Name and address of the personal information controller

3. Right to be informed: You have a right to object to the processing of your personal data, including processing for direct marketing, automated processing or profiling. You likewise have the right to be notified and given an opportunity to withhold consent to the processing in case of changes to the information given to you regarding the processing of your information.

4. Right to erasure or blocking: You have the right to suspend, withdraw, or order the blocking, removal or destruction of your personal data. You can exercise this right upon discovery and substantial proof of any of the following:

a. Your personal data is incomplete, outdated, false, or unlawfully obtained;

b. It is being used for purposes you did not authorize;

c. The data is no longer necessary for the purposes for which they were collected;

d. You decided to withdraw consent, or you object to its processing, and there is no overriding legal ground for its processing;

e. The data concerns personal information prejudicial to the data subject — unless justified by freedom of speech, of expression, or of the press; or otherwise authorized;

f. The processing is unlawful; or,

g. The personal information controller, or the personal information processor, violated your rights as a data subject

5. Right to rectification: You have the right to dispute any inaccuracy or error in your personal data and have the personal information controller correct it immediately, unless the request is vexatious or unreasonable.

6. Right to data portability: Where your personal information is processed by electronic means, you have a right to obtain from the personal information controller a copy of your personal data in an electronic or structured format that is commonly used and allows for further use.


The Policy on the Collection and Use of Personal Data

In relation to the rights of Data Subjects, it is SugboDoc’s policy to:

1. Ensure that data subjects affected by the organization’s personal data processing activities are fully and adequately informed of their rights;

2. Ensure that they are fully and adequately informed of all processing activities performed by SugboDoc with respect to their personal data;

3. Ensure that their consent is obtained in accordance with the requirements set forth in the Data Privacy Act, its Implementing Rules and Regulations, and Memorandum Circulars issued by the NPC where applicable. Where the processing does not require consent from our clients and customers in the instances set forth in Sections 12 and 13 of the Data Privacy Act pertaining to the Criteria for the Lawful Processing of Personal Information and the Criteria for the Lawful Processing of Sensitive Personal Information, respectively, such rules and procedures will ensure that our customers and employees are fully and adequately informed of the bases of such processing other than consent;

4. Ensure that they have the facility to reasonably access, review and amend their personal data and to request for copies thereof in a commonly portable format;

5. Ensure that they have the facility to: dispute any inaccuracy or error in their personal data, object to any changes in the manner and purpose by which they are processed, withdraw consent where applicable, and to suspend, withdraw, block, destroy, or remove any unnecessary, falsely collected or unlawfully processed personal data;

6. Ensure that such personal data are proportional, necessary and limited to the declared, specified and legitimate purpose of the processing;

7. Ensure that such personal data are retained for only a limited period or until the lawful purpose of the processing has been achieved;

8. Ensure that such personal data are destroyed or disposed of in a secure manner;

9. Ensure that information collected from clients and customers that are intended to be used for statistical, analytical, research, and other related purposes, shall first be anonymized to render it unidentifiable and untraceable to the data subject;

10. Ensure that they have the facility to lodge complaints to SugboDoc relating to any violations to their rights as data subjects and that such complaints are adequately and timely addressed.


Data Protection Officer

To oversee our privacy compliance efforts, SugboDoc has appointed a Data Protection Officer (“DPO”) to manage and safeguard the handling of our personal data processing activities. Should you have any concerns regarding SugboDoc’s privacy practices and policies, you may reach the DPO through the following contact information:

Data Protection Officer: Alyssa Bless Lubiano
Contact Information: contact@sugbodoc.com


Information Security Policy

We apply reasonable and appropriate security measures to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through the public internet, and we also employ application-layer security features to further anonymize Personal Data during processing of aggregate information.

In addition, we implement the following physical, technical, and organizational controls to ensure the security of the personal data:

1. SugboDoc implements server redundancy and creates multiple backups in different availability zones within Amazon Web Services to protect personal information against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.

2. SugboDoc sets up a secure computer network to protect against accidental, unlawful, or unauthorized usage, or interference with or hindrance of their functionality or availability;

3. Data is anonymized and transferred securely when processing the information;

4. Processes are in place for identifying and accessing reasonably foreseeable vulnerabilities in its computer networks, and for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach; and

5. Regular monitoring of server activity is done to detect security breaches; and in the event of a breach, procedures are in place to allow SugboDoc to take preventive, corrective and mitigating action and to inform its users about the impact of the breach and inform them about necessary steps to secure themselves from the vulnerability.

6. SugboDoc imposes an obligation upon its employees who have access to information not intended for public disclosure, to keep all the data under strict confidentiality. This obligation shall continue even after they leave the company, transfer to another position, or upon termination of employment or contractual relations.

7. SugboDoc implements data breach protocols that are activated when the personal data of our clients and customers are compromised.

Despite the foregoing controls, we emphasize that no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store in our Website or mobile application, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your personal data has been compromised, please contact our data protection officer in the contact details provided in this document. If we learn of a security systems breach, we will inform you of the occurrence of the breach in accordance with applicable law.

We practice the Data Minimization principle in the retention and disposal of your personal data. We only retain the Personal Data collected from you for as long as your account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. We also retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, in accordance with the statute of limitations as provided by law.

When disposing of your Personal Information, we take reasonable measures to ensure that it is done properly and is not accessible to the public.

1. Physical records are shredded within thirty (30) days from our receipt of the client’s opt-out;

2. Copies of electronic records are removed in the active database and all third-party tools; and,

3. Historical snapshots of data are only kept for one year, at the most.

Our disclosure of personal data to third-party processors are governed by the following safeguards:

1. Support secure transmission of data through the use of industry standard encryption and while data is at rest;

2. Review the processors’ privacy policy and ensure that it adheres to SugboDoc Privacy Policy guidelines;

3. Technical Review of third-party service to ensure it passes security standards and adheres to privacy policies of SugboDoc; and,

4. Removal and disposal of all client data from third-party platforms upon the opt-out of the user and when data is no longer needed.


Changes and Updates to this Policy

Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision, and will comply with applicable law. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.

Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at contact@sugbodoc.com.