PRIVACY NOTICE
WHO ARE WE
Nicatto Health Dynamics (“Nicatto”) is an industrial diagnostic clinic that caters local businesses in different industries for their Pre-employment Medical Examination (PEME), Drug Test and Annual Physical Examinations (APE). It runs on a web-based computer system which makes the medical results accessible to employers on real time. Our system allows the employers to have the medical results of the hired employees on the same day.
OUR COMMITMENT
Nicatto is committed in safeguarding your data privacy rights. In processing your personal data, we are guided by the principles of transparency, legitimate purpose and proportionality. Our priority is your privacy.
Rest assured that we collect and process your personal data in accordance with the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and other applicable laws (“Data Privacy Laws”).
WHAT IS IN THIS DATA PRIVACY NOTICE
This Privacy Notice describes how we collect, use, store, handle and protect your personal data in connection with our processes, programs and systems.
The words “personal data”, “personal information”, “sensitive personal information”, “processing of personal data”, and other related terminologies in this Privacy Notice are used in the same context as they are found in the Data Privacy Laws.
As such, please refer to the following definition:
1. Personal data pertains to both personal and sensitive personal information.
2. Personal information is information or set of information that can be used to identify an individual such as name, mailing address, email address, telephone number, mobile number, a photo or a video image of a person and other personal details.
3. Sensitive Personal Information is any information about individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; individual’s health or education; about any criminal, civil or administrative proceeding of an individual; unique government issued identifiers; and those established by law as classified.
4. Processing of Personal Data refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, use, storage, disclosure or disposal.
OUR BASIS FOR PROCESSING YOUR PERSONAL DATA
Nicatto will process your personal data only under circumstances allowed by the Data Privacy Laws, such as when you give your consent, when required by law or contracts. Specifically, we process your personal data when at least one of the following conditions exist:
1. You have given your consent.
2. The collection and use of your personal data is necessary and is related to the fulfillment our contract or necessary for us to enter into a contract with you.
3. The processing is necessary for us to comply with a legal obligation or is required by existing laws and regulations.
4. The processing is necessary to protect vitally important interests of the data subject, including life and health.
5. The processing is necessary for our legitimate business interest taking in consideration your data subject rights as our priority.
6. The processing is necessary for purposes of medical treatment.
7. The processing is necessary for the protection of our lawful rights and interests in court or for our establishment, exercise or defense of legal claims.
WHAT WE COLLECT
For the purpose of medical endorsement, recommendation or diagnosis of your medical condition on the day of the consultation, your personal and sensitive personal information may be gathered when you engage with our services, fill out forms through Nicatto’s website, or provide us personally with your information by any other available means. We collect the following:
-
Information we collect from you through our COVID-19 Declaration Form for contact tracing purpose:
-
Signs and symptoms
-
Travel information
-
-
Information we collect from our Company Clients who are your employers or future employers, or we collect from your through your registration to avail of our services or book an appointment through our website:
-
Name
-
Gender
-
Birthdate
-
E-mail address
-
Contact number
-
Company
-
Medical History
-
-
Information we collect during the conduct of your physical examination depending on the requirements of your employers or prospective employers:
-
Vital signs (Height, weight, oxygen saturation, temperature, body mass index, blood pressure) at the time of PEME
-
XRAY (chest X ray)
-
Laboratory examinations (CBC, Urinalysis, fecalysis, and other blood related examinations)
-
Drug test (for different drug panel as required by your employer)
-
Physical examination (one on one interview of past and present medical history, and other medical conditions which will be asked by a resident physician )
-
WHAT WE DO WITH YOUR DATA
The personal data collected, recorded, stored, used or processed, if applicable, are exclusively to allow us provide you our services, comply with our legal obligations and contractual obligations. Specifically, we use your personal data for the following purposes:
1. For the provision of our service:
-
To carry-out and provide the necessary services to you as requested by our Company Clients who are your employers or future employers such as conduct of Pre-employment Medical Examination (PEME), Drug Test and Annual Physical Examinations (APE).
-
To verify your identity when register for our service and prior to undergoing the medical examination.
-
To provide and facilitate your use and access of our online registration platform, to respond to your queries, comments or feedback, and to administer your medical records.
-
To process and/or keep a transaction history, generate sales information and reports, and to store, host, and back-up your personal data.
-
To provide customer support and to carry out Nicatto’s obligations arising from any contracts entered into between Nicatto and our Company Clients.
-
For other purposes that would be necessary or beneficial to administer transactions made on the Services.
2. For Analytics and Business, Legal and Technical Use:
-
To conduct research and gain an understanding of our system users, your experiences and preferences.
-
To run system diagnostics to ensure that the Services is functioning properly.
-
To ascertain your identity, and to compare information we receive from you and those we receive about you from third persons.
-
To process any complaints or feedback, to implement preventive measures and to investigate act, omission, or misconduct.
-
To gather the necessary information required by law or existing contracts, for record keeping, or good business practices.
HOW LONG WE KEEP YOUR DATA
Your personal data are retained only for a period necessary for us to fulfill the purposes for which they were collected, such as to facilitate the provision of our services to you and execute the terms and conditions of our contracts with our Company Clients or to fulfill our legitimate business interests.
Thus, we will retain your data for as long as required by our Company Clients in accordance with their retention and disposal requirements under our contracts with them. In some instances, we will retain your personal data as required by applicable laws, rules or regulation.
After expiry of the retention period, when you withdraw your consent (if applicable), or when Company Client ordered, we will securely destroy your personal data through shredding the physical records and deletion of electronic data from our database or any other secure disposal methods allowed by relevant regulations.
HOW WE SECURE YOUR DATA
To fulfill our commitment of upholding your data privacy rights, Nicatto puts in place the necessary organizational, physical and technical securities. These shall ensure that all personal data in our custody are sufficiently protected against any unauthorized access, use, disclosure or unlawful processing of your personal data, accidental loss and destruction.
We will take all the necessary measures, according to reasonable industry standards and practices to keep your personal data safe through the:
a. Use of information security tools and facilities to protect all collected data in whatever form;
b. Formulation and implementation of responsive and relevant data privacy and data security policies within the organization;
c. Ensuring that third parties who are processing personal data for us or to whom we disclose your personal data complies with the requirements of the Data Privacy Laws through proper transfer risk management measures; and
d. Management of Human Resources through the use and implementation of access control policy, confidentiality contractual clauses, capacity building and awareness campaigns.
What are the risks involved
Despite the existence of even the best security features, Nicatto recognizes that data processing always comes with risks. Security threats and incidents are now a question of when rather than an “if”. While we try to keep our systems safe, we cannot control external factors (such as the safety of your computer or mobile phone, the network you are using, the servers you are being routed through, and the like). But rest assured, once we receive your personal data, we will use our implemented safety features and procedures to ensure that your data is kept safe.
Protect Your Personal Data
It is your obligation to ensure that all personal data submitted to us is complete, accurate, true and correct. Any misinformation provided thereto are solely your responsibility.
In addition to this, Nicatto encourages you, the data subjects, to take precaution and be vigilant. Avoid sharing any login credentials to unauthorized persons. Only transact with legitimate entities.
If you believe that there has been a breach of your Personal Data, please contact our Data Protection Officer: dataprivacy@nicattodynamics.com
WHEN DO WE SHARE YOUR DATA
Nicatto as a service provider, is processing your personal data only upon the instruction of our Company Client. It is our obligation under our contract with our Company Client (your employer or future employer) who requested the conduct of your medical examination, to share and disclose your medical examination result directly to them. It is the Company Client’s responsibility to acquire your consent to the disclosure of your personal data to them and if you wish to acquire a copy of your medical examination result, you may file your request with them. During your registration, we will ask for your consent to the disclosure of your personal data to your employer or future employer.
We may also disclose and share your personal data to the following:
a. to our medical consultants and third-party vendors who provide us services or conduct data processing on our behalf and who will only process your personal data upon our instructions;
b. to law enforcement officials, government authorities, or other third parties as may be required by law or if we believe there is a need to protect the rights, property, or safety of Nicatto or others; and
c. to another organization to facilitate corporate reorganizations, mergers and/or consolidations, or other legitimate business transactions where a counter-party requests for Personal Data.
Nicatto will never share your personal data with any other third-party without your consent, unless required by law or contracts or necessary to the services we provide.
In cases when information is disclosed to another entity, Nicatto will make sure that this is on a need-to-know basis only. You will be notified of any transfer, sharing or disclosure, and Nicatto will take all necessary safeguards to ensure data protection and integrity.
WHAT ARE YOUR RIGHTS
Under the DPA, you have the following rights:
-
Right to be informed. You have the right to be informed of how your data is collected, used, stored, shared and disposed and be furnished with such information before you disclose your information to us. You can learn how we process your data through this Privacy Notice.
-
Right to object. You have the right to object from giving consent to the processing of your personal data or withdrawing the same thereafter.
-
Right of access. You have the right to ask us for information regarding the activities conducted on your personal data.
-
Right to rectification. You have the right to ask us to modify or correct your personal data when the same is inaccurate, outdated, false or incomplete.
-
Right to erasure or blocking. You have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data from our filing system, as may be allowed.
-
Right to data portability. You have the right to obtain and electronically move, copy or transfer your personal data in a secured and structured manner for further use.
-
Right to damages. You have the right to claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized uses of personal data. You may escalate your complaints concerning data privacy violations to us and may escalate the same to National Privacy Commission when we fail to address your complaint.
How to exercise your data privacy rights
If you would like to exercise any of the mentioned rights, you may download this DSR and email the same to dataprivacy@nicattodynamics.com .
To help protect your privacy and security we will make reasonable attempts to promptly investigate, comply with, or otherwise respond to your requests as may be required by applicable law. Depending upon the circumstances and the request, we may not be permitted to provide access to personal data or otherwise fully comply with your request; for example, where we are acting as a service provider for our Company Client and is conducting the medical exam and processing your personal data only upon their instructions, in such a case, we will escalate your request to them for their action. We reserve the right to charge an appropriate fee (if any fee may be charged to us by third parties) for complying with your request where allowed by applicable law, and/or to deny your requests where, in our discretion, they may be unfounded, excessive, or otherwise unacceptable under Data Privacy Laws.
If you have privacy concerns, has belief that your personal data has been breached or your rights as a data subject have been violated, you may contact our Data Protection Office through:
GABRIEL AGABON (DPO)
1405 The Jollibee center Building
San Miguel Ave. Ortigas Center
Pasig City, Philippines
MOBILE NO: 0917 517 1991
E-mail address : dataprivacy@nicattodynamics.com
OUR COOKIE POLICY AND USE OF WEB ANALYTICS
Your web browser may automatically send us personal data, which may include IP address and location, or non-personal data which may include pages you visited, the operating system you use, the name and version of your web browser.
Nicatto may use “cookies” to improve our online service to you. Cookies are small data files that are automatically stored on your web browser in your computer that can be retrieved by our digital assets. Cookies help remember you and your preferences which enable us to tailor the relevant digital assets according to your needs. The information collected by the cookies is anonymous based on visitor’s personalized settings information and contains no name or address information or any information that will enable anyone to contact you via telephone, email or any other means. No customer personal data is stored in cookies. You can however disable cookies by changing the settings of your web browser.
Nicatto’s website may include hyperlinks to third party websites. Nicatto has no control over the content, accuracy, opinion expressed, and other links provided at these third-party websites or how these third-party websites deal with your personal data. You should visit these third-party websites for details of their privacy policies in relation to their handling of your personal data.
CHANGES TO THIS PRIVACY NOTICE
This privacy notice is under regular review to make sure it is up to date and accurate.
Nicatto reserves the right to revise or amend this Privacy Notice to reflect new or recently declared legal requirements or company rules on data handling. Any such changes will be posted on this website and shall be effective immediately upon posting.
Privacy Notice Version No.: 1.0
Effectivity Date: 10/01/2023