Privacy Statement

Among the most important assets MediCard Philippines, Inc. (“MediCard”), as a subsidiary of AIA Philippines Group, is the trust and confidence placed to properly handle information.  Customers, potential customers, members, patients, employees, and accredited individuals expect us to maintain their information accurately, protected against manipulation and errors, secure from theft and free from unwarranted disclosure. We protect the data security of our customers and potential customers by complying with the Data Privacy Act of 2012 (“DPA”), and all relevant local laws, and ensure compliance by our staff with strict standards of security and confidentiality.

This statement provides you with notice as to why your personal data is collected, how it is intended to be used, to whom your personal data may be transferred to, how to access, review and amend your personal data, and our policies on direct marketing and the use of cookies. Personal data includes, but not limited to name, address, birthday, contact information, etc., as defined under the DPA. By using this website, you are accepting the practices and policies in this privacy statement. If you object to any practices and policies in this statement, please do not use this website to submit your personal information to MediCard.

This website is for general information purpose only. While we use reasonable efforts to ensure the accuracy of the information on this website, does not warrant its absolute accuracy or accept any liability for any loss or damage resulting from any inaccuracy or omission. Without prior permission from MediCard, no information contained on this website may be copied, except for personal use.

MediCard recognizes its responsibilities in relation to the collection, holding, processing or use of personal data. The provision of your personal data is voluntary. You may choose not to provide us with the requested data, but failure to do so may limit our ability to do business with or provide services to you. MediCard will not collect any information that identifies you personally through this website. Unless and until you buy our products or services or respond to our marketing programs and/or campaigns, register as a member, or submit personal information for job or agent’s application purposes or for any other legitimate purposes, we will not collect your personal information.

This website, and our social media platforms are not intended for persons in jurisdictions that restrict the distribution of information by us or use of such social media platforms. If this is applicable to you, we would advise you to inform yourself about and observe the relevant restrictions, and MediCard does not accept liability in this respect.

HOW WE COLLECT DATA?

We will collect and store any information you enter on our website, or provide to us through any other channels. We may also obtain lawfully collected personal or non-personal information about you from affiliated entities, business partners and other independent third parties sources. We may also collect some information about your computer or other devices used when you visit this website.

The personal data we collect includes all personal information that you directly share or through your representatives or produced by us in relation to your purchase of healthcare plan/s (which includes sensitive personal data as defined under relevant applicable laws and regulations). This includes, among others, the following:

identity information – name, marital status, gender, birth date, address, personal contact details (including email address and telephone numbers), employment information;

financial information – bank account details, latest income documentation;

medical information necessary in the assessment of your health coverage, your treatment, and/or the administration of your claims.

Other personal data you provided to us in the Out-Patient Consultation form, Laboratory/Diagnostic Examination Request form, Emergency Case Slip form, Derma Consultation form, Dentist Claim form, and other clinical forms executed to avail MediCard’s services.

If you make use of any social media features or platforms, either on our website, or on an application we provide, or otherwise through a social media provider, we may access and collect information about you via that social media provider in accordance with their policies. When using a social media feature, we may access and collect personal data you have chosen to make available and to include in your social media profile or account. Our access to this personal data may be limited or blocked based on your privacy settings with the relevant social media provider.

WHY WE COLLECT YOUR PERSONAL DATA AND HOW IT MAY BE USED?

Personal data is collected for the following purposes:

• to process, administer, implement and effect the requests or transactions contemplated by the forms available on our website or any other documents you may submit to us from time to time;
• to provide appropriate updates and advisories in a legitimate format;
• to process membership application including underwriting;
• to bill and collect fees;
• to process claims and reimbursement;
• to generate utilization data/reports;
• to process accreditation, employment;
• to assess a principal member’s coverage;
• to provide treatment to the principal members and/or his/her dependents;
• to process applications that may involve automatic decision making and profiling, mainly designed for efficiency purposes;
• to design new or enhance existing products and services provided by us;
• to communicate with you including to send you administrative communications about any account you may have with us or about future changes to this privacy statement
• for statistical or actuarial research undertaken by MediCard, the Health Maintenance Organizations Industry or our respective regulators;
• for data matching, internal business and administrative purposes;
• to assist in law enforcement purposes, investigations by police or other government or regulatory authorities and to meet requirements imposed by applicable laws and regulations or other obligations committed to government or regulatory authorities or their duly designated third party service providers;
• to personalize the appearance of our websites, provide recommendations of relevant products and provide targeted advertising on our website or through other channels;
• other purposes as notified at the time of collection; and
• other legitimate purposes directly or indirectly relating to any of the above.

MediCard reserves the right to collect, use or disclose your personal data if the collection, use, or disclosure is required or authorized under any written law.

For our policy on use of your personal data for promotional or marketing purposes, please see the section entitled “Use of Personal Data for Direct Marketing Purposes”.

HOW WE PROTECT YOUR PERSONAL DATA?

We use appropriate technical, organizational and physical safeguards to protect Personal Data and Shared Personal Data from misuse or unauthorized access, disclosure or use, including:

• Access rights to any personal data is granted on a need-to-know basis. Access rights granted are reviewed annually.
• Unmasked personal data should be encrypted according to the Cryptography Standard when transmitted over unsecured network.
• Outsourcing arrangement on data storage, processing or hosting should be approved by Group Information Security via the Third-Party Security Assessment (TPSA) process before a contract is awarded.
• Data encryption at rest is required to protect the data according to the data classification.
• Personal data should be removed from computers, laptops, mobile devices when they are no longer required.
• Data storage media to be disposed or remove from MediCard should be sanitized.

For data security and disaster recovery protection, personal data that we have collected and processed will be stored in our data center located within the Philippines, Hong Kong, Singapore, and/or on Microsoft Cloud. To know more about your personal data storage and how your personal data is being protected under Microsoft Cloud, you may click on the following link https://www.microsoft.com/en-us/trust-center/privacy/data-location.

MediCard applies reasonable security measures to prevent unauthorized or accidental access, processing, erasure, loss or use including limiting physical access to data within MediCard’s systems and encryption of sensitive data when transferring such data.

MediCard maintains technology products, conducts regular vulnerability assessments, and securely destroys personal data when no longer needed. We continually adapt our security measures in line with technological progress and developments.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will retain your Personal Data as long it is necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required under the applicable laws or regulations.

We will properly dispose your data in case MediCard no longer needs it for any of the purposes above relevant to your transaction with MediCard.

Should you have inquiries regarding the specific retention period of your data, you may contact our Privacy team with the contact details provided at the end of this Privacy Statement.

WHO MAY BE PROVIDED WITH YOUR PERSONAL DATA?

Personal data will be kept confidential but may, where permitted by law and where such disclosure is necessary to satisfy the purpose or a directly related purpose for which the personal data was collected, provide such personal data to the following parties (for our policy on sharing of your personal data for promotional and marketing purposes, please see the section entitled “Use of Personal Data for Direct Marketing Purposes”):

• any person authorized to act as an agent of MediCard in relation to the distribution of products and services offered by MediCard;
• any agent, contractor or third-party service provider (within or outside MediCard) who provides administration, data processing, telecommunications, computer, payment, debt collection or securities clearing, technology outsourcing, call center services, mailing and printing services in connection with the operation of MediCard’s business and MediCard’s provision of services to you, such as AIA Philippines Group (and/or its subsidiaries) and Claims Pro Philippines, Inc.;
• MediCard’s parent corporation, AIA Philippines Group (and/or its subsidiaries), subsidiaries and affiliates of MediCard in relation to the provision or marketing of healthcare services;
• any agent, contractor or third-party service provider (within or outside MediCard) including companies that help deliver our services, such as our affiliated hospitals, clinics, medical professionals, sales agent, brokers, and consultants;
• other companies that help gather your information or communicate with you, such as research companies, in order to enhance the services we provide to you; and
• government or regulatory bodies or any person to whom MediCard must disclose data: (a) under a legal and/or regulatory obligation in that jurisdiction applicable to MediCard; or (b) pursuant to an agreement between MediCard and the relevant government, regulatory body or other person.

From time to time, we may purchase a business or sell one or more of our businesses (or portions thereof) and where permitted by law, your personal data may be transferred or disclosed as part of the purchase or sale or proposed purchase or sale. In the event that we purchase a business, the personal data received with that business would be treated in accordance with this privacy statement, if it is practicable and permissible to do so.

Your information may be transferred to, stored, and processed in Philippines or any other jurisdictions where any MediCard company is located, or jurisdictions where a third-party contractor is located or from which the third-party contractor provides us services.

Data sharing to a third-party individual or organization, public or private, who shall function as a Personal Information Controller, is done only after establishing a Data Sharing Agreement between MediCard and the said PIC, where all data subjects whose personal data are included in the data sharing have signed individual consent before proceeding with the actual data sharing.

Disclosure to a third-party individual or organization, public or private, who shall function as a Personal Information Processor, is covered by a Non-Disclosure Agreement between MediCard and the said PIP, where all data subjects whose personal data are included in the disclosure are notified first or have signed individual consent before proceeding with the disclosure.

We will only share and transfer your data outside MediCard in the following cases (subject to exceptions set out in applicable laws):

• Upon securing your consent; or
• In compliance with the applicable laws, regulations or an order issued by a government body.

ACCESS RIGHTS TO PERSONAL DATA

You have the right to:

• verify whether MediCard holds any personal data about you and to access any such data;
• require MediCard to correct any personal data relating to you which is inaccurate;
• enquire about MediCard’s policies and practices in relation to personal data;
• access, correction or other queries relating to your personal data;
• suspend, withdraw, or order the blocking, removal or destruction of your personal data from MediCard’s filing system as may be allowed by provisions of the Data Privacy Act and its Implementing Rules and Regulations;
• object to the processing of your personal data as allowed by the provisions of the Data Privacy Act and its Implementing Rules and Regulations; and
• all other rights granted to you as data subject under prevailing Data Privacy laws and regulations.

MediCard has the right to charge administrative costs which are directly related to and necessary for the processing of any personal data access request where data subjects request copies of their personal data and other information.

USE OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES

In addition to the purposes set out above, where permitted by law, MediCard may use your name and contact details for promotional or marketing purposes including sending you promotional materials and conducting direct marketing in relation to the following products, services, advice and subjects: medical/health treatment; insurance; annuities; AIA Vitality; investment; banking; financial services; credit cards; educational; recruitment; training; reward/loyalty/privilege programmes; charitable/non-profitable causes; (“Classes of Marketing Subjects”). However, in relation to any personal data collected by MediCard, such personal data would only be used for promoting or marketing any products or services.

For the purposes of direct marketing, we may, where permitted by law, provide the personal information (with the exception of any personal data collected by MediCard whilst providing any services) to providers (whether within or outside of MediCard) of any of the Classes of Marketing Subjects described above and to call center, marketing or research service providers so that they can send you promotional materials and conduct direct marketing in relation to the products and services they offer (these materials may be sent to you by postal mail, email, SMS (text messages) or other means).

Before using or providing your personal data for the purposes and to the transferees set out in this section, we may be required by law to obtain your written consent, and in such cases, only after having obtained such written consent, may we use and provide your personal data for any promotional or marketing purpose.

The types of personal data MediCard would use and provide for direct marketing purposes as described above are your name and relevant contact details, although we may possess additional personal data.

If your consent is required, and you provide such consent, you may thereafter withdraw your consent to the use and provision to a third party by MediCard of your personal data for direct marketing purposes and thereafter MediCard shall cease to use or provide such data for direct marketing purposes.

If you have provided consent and wish to withdraw it, please inform us by writing to the address in the section on “Access Rights to Personal Data” or sending us an email to privacy@medicardphils.com. Any such request should clearly state details of the personal data in respect of which the request is being made.

USE OF COOKIES

Please refer to MediCard’s Cookie Policy.

EXTERNAL LINKS

If any part of this website contains links to other websites, those sites may not operate under this privacy statement. You are advised to check the privacy statements on those websites to understand their policies on the collection, usage, transferal, and disclosure of personal data.

AMENDMENTS TO THIS PRIVACY STATEMENT

MediCard reserves the right, at any time and without notice, to add to, change, update or modify this privacy statement, simply by notifying you of such change, update or modification. If we decide to change our personal data policy, those changes will be notified on our website so that you are always aware of what information we collect, how we use the information and under what circumstances the information is disclosed. Any such change, update or modification will be effective immediately upon posting.

CONTACT US

Should you have any questions on any part of this privacy statement or would like additional information regarding MediCard’s Data Privacy practices please do not hesitate to contact us through: