Data Privacy Policy

Data Privacy Act of 2012

General Privacy Notice

Divine Grace Medical Center (DGMC) respects the privacy rights of all individuals and all is committed to handling personal data responsibly. This is not a consent form, this is a notification of how DGMC uses personal data in its routine activities, in accordance with Republic Act 10173, known as the Data Privacy Act of 2012.


DGMC processes Personal Data to:

  1. Perform its duties as a provider of healthcare services, exercise its rights, and carry out the related tasks;
  2. Conduct all acts reasonably foreseeable and customarily performed by similar healthcare service providers;
  3. Make decisions and take appropriate action to ensure the overall wellbeing of patients, service receivers, and each of their respective representatives and companions; and
  4. Manage and conduct its internal and external activities in its capacity as a medical institution, as well as in its capacity as a legal person with distinct legal rights and obligations.

The DGMC Website uses cookies to prevent security risks, recognize that the user is logged in, customize the user’s browsing experience, store authorization tokens, permit social media sharing, troubleshoot issues, and monitor anonymized or aggregated statistics. DGMC collects the following Personal Data, as may be applicable and necessary for its specific legitimate purposes:

  • Personal details such as name, birth, gender, civil status and affiliations;
  • Contact information such as address, email, mobile and telephone numbers;
  • Medical information such as physical, psychiatric and psychological information;
  • Employment information such as government-issued numbers, position and functions;
  • Applicant information such as academic background and previous employments; and
  • Supplier and 3rd party provider, information – company profile, DTI/SEC Registration, business records, and licenses, BIR Registration and other business related information.

DGMC collects Personal Data physically through printed forms, attachments, and other documents required by its medical, nursing and ancillary department/section/ unit and finance, support  and administrative offices, or electronically through electronic systems, electronic platforms, e-forms, email, or electronic submission of information directly by the Data Subject. With regards to affliliates, DGMC maintains a data sharing agreement particularizing the obligations of the parties thereto foremost of which is its protection and privacy particulars the obligation.

DGMC collects Personal Data from patients at entry points or upon registration at the Centralized Registration and Admission Unit for Inpatient and Outpatient, Customer Experience Unit, Outpatient Concierge and ER Section.

DGMC generally collects Personal Data from Data Subjects upon entry to the hospital or at the onset of a service, or transaction with DGMC, such as medical care, medical consultation, laboratory service and health-related services.

DGMC collects and processes Personal Data for the following purposes:

  1. Purposes required for the DGMC to carry out its duties, exercise its rights, and carry out its tasks as healthcare facility;
  2. Purposes to perform acts and decisions necessary for DGMC to manage and administer its internal and external affairs as a juridical entity with its own rights, interests and obligations;
  3. Adherence to statutory, regulatory, administrative, or judicial requirements, including but not limited to audit, reporting, and transparency requirements;
  4. Purposes specific to DGMC in accordance with its Data Privacy Policy and related policies, rules or procedures.

Personal data are kept in physical and digital form that are controlled by DGMC departments, sections and units. Physical documents are typically kept in drawers or shelves in folders or envelopes. Electronic records are typically kept on servers owned or managed by DGMC, or in cloud storage that DGMC either controls or makes available.

Personal Data are transmitted and transferred in accordance with Chapter III of the Data Privacy Act of 2012 and Rule V of its Implementing Rules and Regulations.

In compliance with DGMC Policies, DGMC utilizes personal data proportionately as required for its legal objectives. The Data Privacy Act of 2012, directives from the National Privacy Commission, and Department of Health regulations all apply to the use of personal data.

Data is retained by DGMC in accordance with its retention policy while adhering to legal requirements and administrative guidelines. In the absence of an applicable rule of retention, the DGMC shall retain Personal Data in accordance with nationally and globally recognized standards and practices.

  1. DGMC patients, service recipients, and their respective representatives and companions have the following rights with respect to their Personal Data:
  1. Right to be informed, except for internal data;
  2. Right to access and data portability, subject to reasonable requirements;
  3. Right to rectification, erasure, and blocking. However, services may be affected by changes in or lack of data; and
  4. Right to file a complaint. DGMC’s Quality Assurance Department is continually open to resolve concerns.
  1. DGMC patients, service recipients, their respective representatives and companions, and others within the scope of DGMC’s Data Privacy Policy have the following responsibilities:
  1. Keep up to date all Personal Data and other information submitted to or in the possession of DGMC;
  2. Respect the data privacy rights of all Data Subjects;
  3. Report any suspected Security Incident or Personal Data Breach to DGMC through the contact information of DGMC Quality Assurance Department provided herein;
  4. Ensure accuracy of Personal Data and other information;
  5. Obtain the consent of the Data Subject prior to processing of personal information;
  6. Not divulge any non-public, private, sensitive, or personal information acquired or learned in confidence through DGMC to any uninvited party; and
  7. Respect the DGMC’s policies, guidelines, and rules regarding data privacy, information security, record management, research, and ethical behavior. You should also periodically check for modifications to these policies, guidelines, and rules to make sure you’re following them.


For Inquiries and concerns on data privacy may be directed to

DGMC Quality Assurance Department:

Divine Grace Medical Center

Address: Antero Soriano Highway, General Trias, Cavite


Tel. No.: (046) 482-6888 local


“Personal Data” refers to all types of personal information, sensitive personal information and privileged information under the Data Privacy Act of 2012 and its Implementing Rules and Regulations.

“Data Subject” refers to an individual whose personal information is processed.

“Personal Information” refers to any information, whether or not it is recorded in a material form, from which it is obvious or reasonably and directly possible for the entity holding the information to determine the identity of an individual, or which, when combined with other information, would unquestionably and directly identify an individual.