HealthSpace
Submit Your Health Facility

PRIVACY POLICY

Last Updated: March 11, 2025

Introduction

MedProjects Inc. ("MedProjects," "we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy will inform you about how we look after your personal data when you visit our platform HealthSpace (the "Platform") and tell you about your privacy rights and how the law protects you.

This Privacy Policy applies to the personal information we collect when you use our Healthcare Facility Directory and Online Appointment System. Our Platform allows users to search for healthcare facilities, view detailed facility information, create user accounts, and book appointments with healthcare providers.

Compliance with Philippine Data Privacy Act

This Privacy Policy is designed to comply with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and all applicable guidelines issued by the National Privacy Commission (NPC).

Data Controller

MedProjects Inc. is the data controller and responsible for your personal data:

MedProjects Inc.
Malasiqui, Pangasinan
Philippines

Contact Details:
Email: [email protected]

Personal Data We Collect

The personal data we collect depends on how you interact with our Platform:

1. Account Registration Data

  • Full name (First, Middle, Last name)
  • Email address
  • Phone number
  • Password (stored in encrypted form)
  • Date of birth
  • Sex/Gender

2. Profile Data

  • Profile picture (optional)
  • Home address
  • Emergency contact information
  • Family member information (if you add family members to your account)

3. Appointment Data

  • Appointment date and time
  • Healthcare facility and provider details
  • Reason for appointment
  • Notes provided for the appointment
  • Appointment history
  • Appointment status (scheduled, confirmed, canceled, completed)

4. Usage Data

  • IP address
  • Browser type and version
  • Device information
  • Pages visited on our Platform
  • Time and date of your visit
  • Time spent on pages
  • Referring website addresses
  • Other statistics

5. Healthcare Facility Search Data

  • Location searches
  • Facility type filters
  • Services searched
  • Search history

How We Collect Your Personal Data

We use different methods to collect data from and about you including through:

Direct Interactions

You may give us your personal data by filling in forms or by corresponding with us by email, phone, or otherwise. This includes personal data you provide when you:
  • Create an account on our Platform
  • Complete your user profile
  • Book an appointment
  • Submit a review for a healthcare facility
  • Contact our customer support

Automated Technologies or Interactions

As you interact with our Platform, we may automatically collect Usage Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.

Third Parties

We may receive personal data about you from various third parties including:
  • Healthcare facilities when they confirm or reschedule your appointments
  • Technical service providers for the operation of our Platform

How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

1. To Provide Our Services

  • Create and manage your user account
  • Process and manage your appointments with healthcare facilities
  • Provide healthcare facility search functionality
  • Facilitate communication between you and healthcare facilities

2. To Manage Our Relationship With You

  • Notify you about changes to our terms or privacy policy
  • Ask you to provide feedback or take a survey
  • Respond to your inquiries, complaints, or requests

3. To Improve Our Platform

  • Administer and protect our Platform (troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data)
  • Use data analytics to improve our Platform, services, user relationships, and experiences

4. For Marketing and Communication

  • Send relevant information about our services (with your consent where required by law)
  • Measure or understand the effectiveness of the communications we serve to you

Legal Basis for Processing Your Personal Data

Under the Data Privacy Act, we may process your personal data based on one or more of the following legal grounds:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
  • Legal Obligation: The processing is necessary for us to comply with the law.
  • Vital Interests: The processing is necessary to protect someone's life.

Disclosure of Your Personal Data

We may share your personal data with the following categories of recipients:

1. Healthcare Facilities and Providers

  • We share your appointment details and relevant personal information with the healthcare facilities and providers you choose to book appointments with.

2. Service Providers

  • IT and system administration services
  • Professional advisers including lawyers, bankers, auditors, and insurers
  • Analytics providers who help us improve our Platform

3. Regulators and Other Authorities

  • Regulators and other authorities who require reporting of processing activities in certain circumstances

4. Third Parties

  • In the event that we sell, transfer, or merge parts of our business or our assets, your personal data may be transferred to a third party. Similarly, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:


  • The amount, nature, and sensitivity of the personal data

  • The potential risk of harm from unauthorized use or disclosure of your personal data

  • The purposes for which we process your personal data

  • Whether we can achieve those purposes through other means

  • The applicable legal requirements

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your Rights Under the Data Privacy Act

Under certain circumstances, you have the following rights under the Data Privacy Act in relation to your personal data:

1. Right to be Informed

You have the right to be informed about the collection and use of your personal data.

2. Right to Access

You have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

3. Right to Correction

You have the right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.

4. Right to Erasure

You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.

5. Right to Object

You have the right to object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.

6. Right to Data Portability

You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.

7. Right to Damages

You have the right to claim damages if you suffer harm due to an unlawful processing of your personal data.

8. Transmissibility of Rights

The lawful heirs and assigns of the data subject may invoke these rights after the death of the data subject or when the data subject becomes incapacitated or incapable of exercising these rights.

If you wish to exercise any of these rights, please contact us at [email protected].

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one (1) month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Cookies and Similar Technologies

Our Platform uses cookies and similar technologies to distinguish you from other users of our Platform. This helps us to provide you with a good experience when you browse our Platform and also allows us to improve our Platform.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive.

We use the following cookies:

1. Strictly Necessary Cookies

These are cookies that are required for the operation of our Platform. They include, for example, cookies that enable you to log into secure areas of our Platform.

2. Analytical/Performance Cookies

They allow us to recognize and count the number of visitors and to see how visitors move around our Platform when they are using it. This helps us to improve the way our Platform works, for example, by ensuring that users are finding what they are looking for easily.

3. Functionality Cookies

These are used to recognize you when you return to our Platform. This enables us to personalize our content for you and remember your preferences.

4. Targeting Cookies

These cookies record your visit to our Platform, the pages you have visited, and the links you have followed. We will use this information to make our Platform and the information displayed on it more relevant to your interests.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this Platform may become inaccessible or not function properly.

Children's Privacy

Our Platform is not intended for children under 18 years of age, and we do not knowingly collect personal data from children under 18. If we learn we have collected or received personal data from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at [email protected].

Third-Party Links

Our Platform may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Platform, we encourage you to read the privacy policy of every website you visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact our Data Protection Officer:

Data Protection Officer
MedProjects Inc.
Email: [email protected]

If you have a complaint or concern about how we are using your personal data, we hope that you will contact us in the first instance so that we can try to resolve the matter for you. However, you have the right to lodge a complaint with the National Privacy Commission at any time.