Cardinal Santos Medical Center (CSMC) understands the importance and sensitivity of your
personal data; hence, we are committed to protect your personal data and sensitive health
protection are compliant with Republic Act No. 10173 or the Data Privacy Act of 2012 (“DPA”) and its
Implementing Rules and Regulations. This Notice embodies how we may collect, use and disclose
your personal data or sensitive health information as well as your rights as owners of this personal
data. The entire CSMC work force and other affiliated health care providers including organizations
controlled, owned and affiliated with CSMC are mandated to follow this Privacy Notice.
What is Personal Data and why do we collect it?
Prior to, and while providing our services, we may ask you to provide us with certain Personal Data
and Sensitive Health Information. These Personal Data may include, but are not limited to, information
which may be used for identification purposes (e.g., names, addresses, email addresses, phone and
facsimile numbers, other personal circumstances, contact information, your educational and medical
background), for diagnosis or treatment of your health condition, for quality improvement and
coordination of care, training, research, billing and receipt of payment for services rendered. We may
also use your Personal Data to contact you for updates, information campaigns, marketing or
promotional materials and other information that may be related to the services we provide.
Any processing, sharing or disclosure of your personal data or health information except those
provided by law requires your consent or written authorization. You may withdraw your consent
(subject to applicable Philippine Privacy Laws) any time by informing us in writing.
When we collect Personal Data, we will, to the extent possible, explain to you why we are collecting
such information and how we plan to use it.
How we collect Personal Data
Your Personal Data may be obtained in various ways such as but not limited to interviews for
application and health assessment, correspondence, by telephone, viber, by email, via our website
(cardinalsantos.com.ph) and from third parties.
However, most of the personal data we obtain are those that you have given to us yourself. You
provide us personal data when you:
• Avail of, or apply for, our services by filling out application forms or other information
forms through any of our available channels (e.g., online, upon admission, or through our
medical personnel and representatives);
• Get in touch with us to ask about something, file a complaint, or request for service;
• Take part in our research and surveys
• When you apply for job with us.
The hospital is also equipped with CCTV cameras to ensure safety and security of patients, as well
When We Disclose Your Personal Data
Your Personal Data may be disclosed in a number of circumstances including the following:
• Consented disclosure to third parties; and
• As may be required or authorized by law.
In such cases, we ensure that your Personal Data or Health Information is disclosed with strict
adherence to the principles of data privacy and confidentiality.
How We Secure and Protect Your Personal Data
CSMC warrants that appropriate technical, organizational and physical security measures are in
place for the protection of your Personal Data or Health Information against unauthorized access,
use, alteration, and disclosure.
Data Retention Policy
When your Personal Data or Health information is no longer needed for the purpose for which it was
obtained, we will take reasonable steps to destroy, permanently de-identify or anonymize it. However,
most of the Personal Data or Health Information will be stored in files which we will keep for a minimum
of fifteen (15) years.
How to Access Your Personal Data
You may access your Personal Data or Health Information to update and/or correct it, subject to
certain exceptions as provided by law. If you wish to do so, please inform us in writing.
We will not charge any fee for your access request, but we may charge a reasonable administrative
fee for providing a copy of your Personal Data.
In order to protect your Personal Data, we may require some form of identification from you before
releasing the requested information.
What You Can Do
Know Your Rights
• You have the right to be informed that your personal data will be, are being, or were,
collected and processed.
• You have a right to access or obtain from an organization a copy of any information
relating to you that they have on their computer database and/or manual filing
system. It should be provided in an easy-to-access format, accompanied with a full
explanation executed in plain language
• You have the right to object to the collection and processing of personal information
that was unlawfully obtained without your consent.
• You have the right to suspend, withdraw or order the blocking, removal or destruction
of your personal data under circumstances provided by law
• You may claim compensation if you suffered damages due to inaccurate, incomplete,
outdated, false, unlawfully obtained or unauthorized use of personal data.
• You have a right to file a complaint with the National Privacy Commission f you feel
that your personal information has been misused, maliciously disclosed, improperly
disposed, or that any of your data privacy rights have been violated.
• You have the right to dispute and have corrected any inaccuracy or error in the data
a personal information controller (PIC) hold about you
• You have the right to data portability which allows you to obtain and electronically
move, copy or transfer your data in a secure manner, for further use
If you wish to access, update your Personal Data / Health Information or if you have queries,
through the following contact details :
Address: Cardinal Santos Medical Center
No. 10 Wilson St. Greenhills West, San Juan City, 1502 Manila
Telephone: 8727-0001 Local 3020
From time to time, we may change or update our privacy statement, policies, and practices to
comply with government and regulatory requirements, to adapt to new technologies and protocols,
to align with industry practices, or for other legitimate purposes.