Terms of Service & Privacy Policy
Terms of Service
1. Acceptance of Terms
By creating an account, registering a clinic, or otherwise accessing or using KlinikaHub's website, applications, and related services (collectively, the "Service"), you agree to be bound by these Terms of Service. If you do not agree, you must not use the Service.
2. Use of the Service
You agree to use the Service only for lawful purposes related to clinic management and healthcare delivery, and to provide accurate, current, and complete information when registering your clinic or account. You are responsible for safeguarding your account credentials and for all activity that occurs under your account.
3. Subscriptions and Billing
Paid plans are billed in accordance with the pricing and terms presented at checkout. Fees are non-refundable except where required by law or expressly stated otherwise. KlinikaHub may change plan pricing or features with reasonable prior notice.
4. Clinical and Patient Data
Clinics using the Service are responsible for the accuracy of clinical data they enter and for obtaining any patient consents required by applicable law. Handling of personal and health information is governed by our Privacy Notice below.
5. Termination
KlinikaHub may suspend or terminate access to the Service for violation of these Terms, non-payment, or conduct that risks harm to other users, patients, or the platform. You may cancel your subscription at any time in accordance with your plan's terms.
6. Limitation of Liability
The Service is provided "as is." To the fullest extent permitted by law, KlinikaHub is not liable for indirect, incidental, or consequential damages arising from use of the Service.
7. Changes to These Terms
We may update these Terms from time to time. Continued use of the Service after changes take effect constitutes acceptance of the revised Terms.
8. Contact
Questions about these Terms may be directed to our support team through the contact details on our website.
Privacy Notice
1. Introduction
KlinikaHub values your privacy and is committed to protecting the personal information entrusted to us. This Privacy Notice explains how we collect, use, store, disclose, retain, and dispose of your information in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and applicable issuances of the National Privacy Commission ("NPC").
By accessing or using www.klinikahub.com (the "Website") and related services, you acknowledge that you have read, understood, and agreed to the practices described herein.
2. Essential Purposes for Processing Personal and Sensitive Personal Information
We process your personal data—and, where applicable, your sensitive personal information (health data)—only to the extent necessary to deliver KlinikaHub's services and fulfill our obligations to you and our partner clinics. These essential purposes include:
Healthcare Service Delivery & Care Coordination
- To schedule appointments; conduct teleconsultations; record clinical encounters, diagnoses, medications, allergies, and treatment plans; issue e-prescriptions and laboratory/imaging requests; facilitate referrals; and coordinate care among authorized healthcare professionals and clinics using the platform.
Medical & Administrative Record-Keeping
- To create and maintain accurate electronic medical records (EMR) and related administrative files (e.g., consent forms, encounter notes, orders, and audit trails) consistent with professional standards and applicable health regulations.
Identity Verification & Account Management
- To register users (patients, caregivers, clinic staff, and healthcare professionals), verify identities and professional credentials where applicable, enable secure sign-in (including multi-factor authentication), manage roles and permissions, and administer your account lifecycle.
Billing, Payments, and Financial Administration
- To generate invoices/receipts, process payments and refunds through accredited payment processors, manage chargebacks or disputes, and keep statutory books and records required for accounting and tax compliance.
Care-Related Communications
- To send confirmations, reminders, follow-ups, instructions, and other essential notifications about appointments, prescriptions, test results (as authorized), and service availability; to respond to inquiries and provide customer support.
Safety, Security, and Continuity of Operations
- To secure the platform and your data (e.g., access controls, activity logs, anomaly detection), ensure system reliability and backups, and support business continuity/disaster recovery so your records remain available to authorized users.
Legal, Regulatory, and Professional Compliance
- To comply with applicable laws and lawful orders (e.g., health reporting where required, record-retention duties, tax rules), resolve disputes, enforce terms, and protect the rights and safety of you, our users, and the public.
Protection of Vital Interests (Emergencies)
- To act where necessary to protect life and health—e.g., contacting you or your designated emergency contact, and sharing relevant information with emergency responders or attending healthcare professionals.
Clinic & Professional Onboarding and Support (B2B Context)
For our clinic customers and healthcare professionals: to provision services, configure clinic settings, train designated users, provide technical support, and manage the service relationship.
Notes on necessity and consent: Some processing under this section is contractually necessary or required by law (e.g., record-keeping, billing, security logs). For processing involving sensitive personal information, we obtain your consent where required by RA 10173, except where another lawful basis applies (e.g., medical treatment, legal obligations, or vital interests). If you decline to provide data that is essential for these purposes, KlinikaHub (or your clinic) may be unable to deliver certain services safely or at all.
3. Secondary Purposes for Processing Personal and Sensitive Personal Information
Beyond what is strictly necessary for the delivery of healthcare and platform services, KlinikaHub may also process your information for additional purposes that help us improve our operations, enhance user experience, and responsibly develop our services. These activities are always subject to your rights under the Data Privacy Act of 2012 (RA 10173) and will be carried out only where legally permitted and, where applicable, with your consent.
Our secondary purposes include the following:
Research, Analytics, and Service Enhancement
- To study user interactions, preferences, and trends in order to improve how the platform functions and how healthcare is delivered through it.
- To identify common technical issues, evaluate new features, and optimize platform performance.
- To conduct surveys, pilot tests, and usability studies to better understand patient and provider needs.
Anonymized or Aggregated Reporting
- To generate de-identified statistics for healthcare planning, policy development, and innovation.
- To support business intelligence, operational management, and evaluation of clinic performance trends without identifying individual patients.
- To share anonymized datasets with research partners or public health authorities, where legally allowed and aligned with ethical standards.
Communications, Updates, and Marketing
- To send newsletters, platform updates, health tips, educational resources, or announcements regarding new services, clinics, or features.
- To provide promotional content or special offers related to KlinikaHub products and services, subject to your express opt-in consent.
- To maintain community engagement through events, campaigns, and feedback opportunities.
User Experience Personalization
- To customize your interaction with the platform (e.g., personalized dashboards, suggested services, or reminders).
- To deliver content and features most relevant to your profile and past interactions.
- To reduce friction in navigation by storing and recalling your preferences.
Enhanced IT Security, Fraud Detection, and Risk Management
- To monitor patterns of usage for early detection of suspicious activities beyond baseline operational requirements.
- To apply advanced analytics for detecting fraud, unauthorized access attempts, or misuse of accounts.
- To implement proactive measures that protect not just essential health services but the broader IT ecosystem supporting KlinikaHub.
Third-Party Engagement for Support and Development
- To collaborate with carefully selected service providers who may handle limited data on our behalf, such as cloud hosting, analytics providers, or marketing platforms.
- To ensure customer support, technical troubleshooting, or quality assurance with the help of trusted partners.
- To integrate with third-party tools or systems that improve the efficiency of clinic operations, such as CRM systems or automated communication platforms.
Safeguards for Secondary Processing:
Wherever possible, we anonymize or pseudonymize data before using it for research, analytics, or reporting.
Marketing and promotional processing is performed only with your explicit consent, which you may withdraw at any time.
Third-party service providers are contractually bound to confidentiality and to comply with the Data Privacy Act and our own security standards.
You may exercise your right to object or right to opt-out of secondary processing activities at any time by contacting our Data Protection Officer.
4. Categories of Personal Data We Collect
In the course of delivering services through KlinikaHub, we may collect and process the following types of information. The scope of what we collect depends on whether you are a patient, healthcare provider, clinic staff, or a visitor to our website.
Personal Information
We collect personal information to identify and authenticate you, create and maintain your account, enable communication, and comply with requirements for patient registration or provider onboarding.
Examples:
- Full name, date of birth, age, sex, marital status
- Home and mailing address
- Contact details (phone number, mobile, email)
- Demographic data (occupation, nationality, language preference)
- Account login credentials (username, password, security questions)
Sensitive Personal Information (SPI) / Health Data
We collect sensitive personal information to provide safe and accurate healthcare services, maintain medical records, comply with legal obligations under the Department of Health (DOH) and other regulatory bodies, and protect the health and vital interests of patients.
Examples:
- Medical history, diagnoses, presenting complaints, allergies
- Treatment records, progress notes, prescriptions, referrals
- Laboratory, imaging, and diagnostic results
- Vaccination history and family medical history (where relevant)
- Mental health information or other conditions considered sensitive under law
- Government-issued IDs containing sensitive identifiers (e.g., PhilHealth ID, SSS number, professional license for doctors)
Technical and Usage Information
We collect technical and usage information to secure the platform, prevent fraud, diagnose technical problems, monitor system usage, personalize the interface, and improve the performance and reliability of our website and applications.
Examples:
- Internet Protocol (IP) address,
- Browser type and version, operating system, device identifiers (e.g., IMEI, MAC address)
- Log data: date and time of access, pages viewed, duration of sessions
- Cookies and similar technologies (session cookies, analytics cookies, preference cookies)
Transactional and Financial Information
We collect transactional and financial information to process payments, issue official receipts, manage refunds and claims, comply with financial record-keeping and tax laws, and provide accurate documentation to you and insurers where applicable.
Examples:
- Billing address and contact details
- Payment method (credit card, debit card, e-wallet, bank transfer)
- Payment history, receipts, refunds, chargeback records
- Insurance membership information, claims data, and authorization letters
- Other supporting documents for financial transactions
Communications and Customer Support Data
We collect communications and customer support data to respond to your questions, resolve issues, document service quality, and improve customer service.
Examples:
- Records of inquiries, complaints, or support tickets submitted via email, chat, or phone
- Feedback, surveys, or forms completed by you
- Audio or video recordings (where applicable and with notice)
Other Information You Voluntarily Provide
We collect other information you voluntarily provide to allow us to provide customized services, improve coordination of care, and maintain accurate emergency information in case of urgent situations.
Examples:
- Emergency contact details, next of kin information
- Uploaded documents such as medical certificates, lab results, or IDs
- Preferences (e.g., preferred language, notification settings)
5. Methods of Collecting Personal Data
KlinikaHub collects personal and sensitive personal information through several lawful and transparent methods. The manner in which your data is obtained depends on how you interact with our Website, platform, and partner healthcare providers.
Direct Collection
We collect data directly from you when you:
Register for an account or sign in through the Website or mobile application.
Fill out patient intake forms, consent forms, or profile information fields.
Book or confirm appointments, request teleconsultations, or use platform features.
Upload documents such as medical certificates, laboratory results, or identification cards.
Communicate with us via phone, email, chat, or other support channels.
Participate in surveys, feedback forms, or patient satisfaction programs.
Automated Collection
When you access or use our Website or applications, we may automatically collect certain information through the use of various technologies. This information helps us improve functionality, security, and user experience. The types of data collected include:
Cookies and Session Identifiers – Used to manage user logins, store preferences, and enhance site functionality.
Analytics Tools – Collect information on page usage, navigation flows, clicks, and response times to help us understand how our services are used and to improve performance.
Log Files – Automatically record details such as IP addresses, device type, operating system, and browser information for security and diagnostic purposes.
Error Reports and Crash Diagnostics – Generated when the platform encounters technical issues, helping us identify and resolve problems efficiently.
Third-Party Sources
We may receive information from trusted third parties, including:
Payment processors (e.g., e-wallets, banks, card issuers) for verification and transaction records.
Partner clinics, laboratories, and diagnostic centers for test results, treatment notes, or referrals.
Telemedicine integrations that allow healthcare professionals to securely access or upload patient data during consultations.
Insurance providers or HMOs for claims processing and coverage verification.
Authorized Disclosures
With your explicit consent or as otherwise permitted by law, we may collect information from:
Healthcare professionals directly involved in your treatment, who may upload clinical notes, prescriptions, or diagnostic data to the platform.
Hospitals or clinics that transfer or share patient records to support continuity of care.
Employers, schools, or institutions (if you are registered through a corporate or institutional account) providing basic enrollment or eligibility data.
Other Lawful Means
We may also collect data through lawful and transparent means such as:
Publicly available sources, but only when relevant and necessary for verification or fraud prevention.
Regulatory or government agencies, if required by law for compliance purposes.
Emergency situations, where data may be obtained from family members, guardians, or emergency responders if you are unable to provide it yourself.
6. Basis for Processing Personal and Sensitive Personal Information
KlinikaHub processes your information only where there is a valid legal ground under the Data Privacy Act of 2012 (RA 10173). Depending on the context and type of data, processing may rely on one or more of the following bases:
Consent
We obtain your free, prior, and informed consent before processing personal or sensitive personal information, especially health data, unless another lawful basis applies. Consent may be given through:
Signing patient intake or consent forms (digital or paper).
Clicking "I Agree" or equivalent checkboxes during registration.
Providing written or verbal authorization for specific disclosures (e.g., referrals, lab results, insurance claims).
Note: You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. However, withdrawing consent may limit our ability to provide certain services.
Contractual Necessity
We process data as necessary to enter into and perform a contract with you or your clinic. Examples include:
Registering and maintaining your user account.
Providing healthcare consultations, prescriptions, and care coordination.
Processing payments, claims, and related transactions.
Delivering clinic management services to healthcare providers who use KlinikaHub.
Legal Obligation
We process data where required by Philippine law, regulations, or professional standards, including:
Department of Health (DOH) requirements for medical records retention.
Bureau of Internal Revenue (BIR) rules for issuing receipts and keeping tax records.
Obligations under PhilHealth, HMO contracts, or other health insurance laws.
Responding to lawful orders, subpoenas, or directives from government agencies or courts.
Protection of Vital Interests
We may process or disclose data where necessary to protect your life, health, or safety, or that of another person, particularly in urgent or emergency situations where consent cannot be obtained in time. For example:
Sharing critical medical information with emergency responders.
Contacting your designated emergency contact in life-threatening circumstances.
Legitimate Interests
We process data to pursue our legitimate interests or those of third parties, provided these do not override your fundamental rights and freedoms. Examples include:
Detecting and preventing fraud, security threats, or system misuse.
Improving platform functionality and user experience through analytics.
Protecting KlinikaHub's rights in case of disputes, claims, or investigations.
Training staff and healthcare providers on anonymized or limited data for service quality improvement.
Public Health and Research (Special Basis for Sensitive Data)
As permitted under RA 10173 and related health regulations, sensitive health data may be processed without consent where necessary for:
Public health functions, such as disease surveillance, reporting notifiable diseases, or responding to pandemics.
Scientific and statistical research, provided adequate safeguards are in place (e.g., anonymization, ethics approval).
7. Manner of Storage of Personal and Sensitive Personal Information
KlinikaHub stores your personal and sensitive personal information in both digital and physical formats. We implement organizational, physical, and technical safeguards to ensure data integrity, confidentiality, and availability in compliance with the Data Privacy Act of 2012 (RA 10173) and the National Privacy Commission's standards.
Digital Storage
Data is hosted on secure servers located within the Philippines or in jurisdictions with comparable data protection standards.
Encryption is applied to sensitive personal information, both at rest (when stored) and in transit (when transmitted through our network).
Access is controlled through role-based authentication, multi-factor login, and strict password policies.
Regular system audits, intrusion detection, and vulnerability testing are conducted to identify and address risks.
Data is regularly backed up and stored in encrypted form to ensure continuity in case of accidental loss or system failure.
Logs of system access and data handling are maintained to monitor authorized use and detect anomalies.
Physical Storage
Where paper records or printed copies exist, these are stored in locked cabinets or filing systems located within secure facilities.
Access to physical records is restricted only to authorized personnel with a legitimate need-to-know basis.
Physical facilities are protected by CCTV, access cards, visitor logs, and staff supervision.
Disposal of outdated paper files is done through secure shredding or supervised destruction to prevent reconstruction.
Segregation of Records
Personal Information and Sensitive Personal Information are stored separately or tagged within the system to apply heightened safeguards.
Different access privileges apply to different categories of data (e.g., administrative staff may view billing details but not medical notes).
Business Continuity and Disaster Recovery
Backup servers and redundant systems ensure data availability during outages or disasters.
Emergency protocols exist to restore access to data in case of cyberattacks, hardware failure, or natural disasters.
Periodic drills and tests are conducted to validate effectiveness of recovery measures.
8. Date Retention and Disposal
KlinikaHub recognizes that personal and sensitive personal information must not be kept longer than is necessary. We implement a data lifecycle management policy to ensure records are properly retained for their intended purposes and securely disposed of once no longer required.
Retention Periods
Medical Records: Retained for at least the minimum period required by the Department of Health (DOH), relevant medical board regulations, or other applicable laws. In most cases, this is five (5) years from the date of the last entry unless a longer period is mandated (e.g., ongoing treatment, pending litigation, or insurance claims).
Financial and Transactional Records: Retained for at least ten (10) years in compliance with Bureau of Internal Revenue (BIR) requirements.
User Accounts and Profile Data: Retained for as long as the account is active and up to a reasonable period after closure (e.g., two years) to allow account reactivation, resolve disputes, or comply with audits.
System Logs and Technical Data: Retained for shorter durations (e.g., six months to one year) for security monitoring and troubleshooting, unless required for investigation.
Research and Analytics Data: Retained only in anonymized or aggregated form where individual identification is no longer possible.
Disposal and Deletion
When data is no longer required, it will be securely disposed of using the following methods:
Digital Data:
Permanent deletion from active systems.
Overwriting or secure wiping of storage media.
Destruction of decommissioned drives or devices through degaussing, shredding, or certified e-waste disposal.
Physical Records:
Shredding, pulping, or incineration of paper files, supervised by authorized personnel.
Secure disposal through accredited waste management providers, with certificates of destruction where applicable.
Accountability and Documentation
Retention and disposal schedules are periodically reviewed by our Data Protection Officer (DPO) in coordination with relevant departments.
Disposal activities are logged and, where applicable, documented with destruction certificates for audit purposes.
Staff authorized to handle data disposal undergo training to prevent accidental disclosures or mishandling.
Exceptions
Certain records may be retained longer if:
Required by law, regulation, or contractual obligation.
Needed for ongoing medical treatment, insurance processing, or legal claims.
Necessary for public health purposes, research (in anonymized form), or compliance with professional standards.
9. Data Transfers and Disclosures of Personal Data
KlinikaHub respects your right to privacy and ensures that disclosures of personal or sensitive personal information are made only when necessary, lawful, and appropriately safeguarded. Disclosures may occur under the following circumstances:
Healthcare Providers and Partner Clinics
- To licensed doctors, nurses, or other healthcare professionals directly involved in your treatment.
- To partner clinics, laboratories, imaging centers, and pharmacies for diagnostic testing, prescriptions, and care coordination.
All healthcare providers are bound by professional confidentiality obligations and KlinikaHub's data sharing agreements.
Third-Party Service Providers
- To trusted vendors who support our operations, such as cloud hosting providers, IT security vendors, analytics tools, billing partners, and payment processors.
These service providers act as data processors and are contractually required to:
Use your data only for the contracted purpose;
Implement adequate organizational, technical, and physical safeguards; and
Return or securely delete data after their services are completed.
Government Agencies, Regulators, and Courts
When required to comply with legal or regulatory obligations, such as reporting to the Department of Health (DOH), PhilHealth, Bureau of Internal Revenue (BIR), or other relevant authorities.
In response to valid court orders, subpoenas, or lawful directives of government agencies.
Research and Public Health Disclosures
In limited circumstances, anonymized or aggregated data may be shared with research institutions, universities, or public health authorities for epidemiological studies, health policy development, or disease surveillance, consistent with RA 10173 and ethical standards.
With Your Prior Consent
- To any other third party or entity only when you provide explicit written or digital consent specifying the scope and purpose of disclosure.
International Transfers
If personal data is stored or processed outside the Philippines, KlinikaHub ensures that the receiving jurisdiction has comparable data protection standards, and data sharing agreements are in place to meet RA 10173 requirements.
10. Risks in Processing Personal Data
While KlinikaHub applies industry-standard safeguards, the processing of personal and sensitive personal information always carries certain residual risks. We believe in transparency and therefore inform you of these possible risks:
Technical and Cybersecurity Risks
Interception risks: Data transmitted over the internet (e.g., during teleconsultations, messaging, or uploads) may be intercepted by malicious actors if security is breached.
Unauthorized access: Hackers or cybercriminals may attempt to gain access to servers or devices.
System vulnerabilities: Despite regular testing, software or hardware flaws may be exploited.
Operational and Human Risks
Human error: Mistakes during data entry, handling, or communication may lead to accidental disclosure.
Misdelivery: Notifications or documents may be sent to incorrect addresses if outdated or inaccurate contact details are provided.
Internal misuse: Although tightly restricted, there remains a risk of unauthorized access by insiders who deliberately or negligently bypass policies.
External and Environmental Risks
Force majeure: Natural disasters, power outages, or other unforeseen events may disrupt systems or cause temporary unavailability of data.
Third-party compromise: Service providers or partners who hold limited data may themselves experience security incidents.
Mitigation Measures
KlinikaHub implements multiple technical and organizational measures to protect personal and health information against unauthorized access, disclosure, alteration, or destruction. These include:
Encryption of Sensitive Data – All data transmitted through our platform is encrypted using secure protocols, and sensitive information is protected while stored.
Role-Based Access Controls – Access to personal information is limited based on user roles and secured through strict authentication measures.
Firewalls and Security Monitoring – The platform is protected by firewalls and undergoes regular security monitoring and vulnerability assessments to detect and mitigate potential threats.
Privacy and Security Awareness – Staff and healthcare providers are guided by privacy and security policies, and awareness initiatives are conducted to reinforce their obligations.
Regular Backups and System Reviews – We maintain regular system reviews, backups, and response plans to support incident handling, business continuity, and disaster recovery.
While these measures significantly reduce risks, no system can be guaranteed 100% secure. KlinikaHub remains committed to prompt detection, response, and notification should an incident occur, in compliance with NPC breach reporting rules.
11. Your Rights as a Data Subject
In accordance with the Data Privacy Act of 2012 (RA 10173), its Implementing Rules and Regulations, and issuances of the National Privacy Commission, you are entitled to the following rights with respect to your personal and sensitive personal information:
Right to Be Informed
You have the right to know whether your personal data is being processed, why it is being collected, how it will be used, and to whom it may be disclosed.
This Privacy Notice, along with any specific consent forms you sign, serve to fulfill this right.
Right to Access
You may request a copy of your personal data that we hold, including medical records, billing records, and other relevant files.
Access requests must be made in writing, subject to reasonable verification of your identity.
Right to Rectification
You may request correction of any inaccurate, outdated, or incomplete information.
KlinikaHub will act promptly to update records, unless prevented by legal or regulatory obligations (e.g., medical record integrity rules).
Right to Erasure or Blocking
You may request that we erase or block personal data if:
It is no longer necessary for the purposes for which it was collected;
You withdraw consent (where consent is the sole basis for processing);
Processing is unlawful; or
It was unlawfully obtained.
Note: Erasure may not apply where retention is required by law (e.g., DOH or BIR retention rules) or necessary to protect public health or establish legal claims.
Right to Object
You may object to processing based on legitimate interests, direct marketing, profiling, or secondary purposes where such processing is not mandatory.
Once you object, KlinikaHub will stop processing your data for those purposes, unless we can demonstrate compelling legitimate grounds or legal requirements.
Right to Data Portability
You may request that your data be provided in a structured, commonly used, and machine-readable format, so it can be transmitted to another healthcare provider or system.
This applies only to data you have provided to KlinikaHub, and where processing is based on consent or contract and carried out by automated means.
Right to Damages
You may claim compensation for any harm suffered due to inaccurate, incomplete, outdated, unlawfully obtained, or unauthorized use of your data, as provided by RA 10173.
Right to Lodge a Complaint
You have the right to file a complaint with the National Privacy Commission if you believe your rights under RA 10173 have been violated.
Before doing so, you are encouraged to first contact KlinikaHub's Data Protection Officer so we may address your concerns directly.
12. Security Measures to Protect Your Information
KlinikaHub takes the protection of your personal and health information very seriously. We use a combination of organizational, physical, and technical safeguards to make sure your data is kept safe, confidential, and available only to the right people.
Organizational Safeguards
Only authorized staff and healthcare professionals are allowed to access your information, and only when it is necessary for their work.
We apply role-based access, meaning people see only the information relevant to their responsibilities.
Our employees and partners receive regular training on privacy, confidentiality, and data protection.
Policies and procedures are in place to handle data securely and to respond quickly to any issues.
Physical Safeguards
Paper files, if any, are kept in locked cabinets and secured offices that can be accessed only by authorized personnel.
Facilities are monitored by security systems such as access cards, visitor logs, and CCTV where appropriate.
Disposal of old paper records is done through shredding or supervised destruction, to ensure they cannot be reconstructed.
C. Technical Safeguards
Data Encryption – Your data stored in our systems is encrypted, meaning it is converted into a secure code both while being stored and during transmission online.
Secure Servers and Firewalls – We use secure servers and protective systems (such as firewalls and monitoring tools) to prevent unauthorized access.
Regular Security Testing – Our systems are regularly tested to check for vulnerabilities and are updated to maintain strong security.
Account Protection – Access to your account is protected through strong password requirements and, in some cases, multi-factor authentication.
D. Continuous Monitoring and Improvement
Activity Logging – We maintain logs of system activity to track access and detect unusual or suspicious behavior.
Regular Audits and Reviews – We carry out periodic audits and reviews to ensure that our safeguards remain effective and up to date.
Proactive Risk Mitigation – When risks or weaknesses are identified, we implement improvements immediately to strengthen the security of your data.
13. Data Breach Notification
KlinikaHub has established procedures to promptly respond to any personal data breach—that is, any incident that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal or sensitive personal information.
Commitment to Transparency
In the event of a breach that is likely to result in harm or risk to your rights and freedoms, KlinikaHub will notify both the National Privacy Commission (NPC) and the affected individuals within the period prescribed by law.
Notification will be made without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach, consistent with NPC rules.
Contents of the Notification
When a breach occurs, the notice to affected individuals will include:
The nature of the breach and a description of what happened.
The types of data involved (e.g., contact details, medical information, billing data).
The possible consequences or risks (e.g., identity theft, unauthorized disclosure).
The steps KlinikaHub has taken or will take to contain the breach and reduce potential harm.
The actions you may take to protect yourself, such as changing passwords or monitoring accounts.
Contact details of our Data Protection Officer (DPO), who can answer your questions and provide assistance.
Containment and Remediation
Immediate Response – Upon discovery of a data breach, KlinikaHub will immediately activate its incident response and breach management protocols. This includes isolating affected systems, preserving relevant evidence, and taking measures to prevent further unauthorized access.
Technical Remediation – Our technical teams will work promptly to identify and fix vulnerabilities, contain the breach, and restore secure operations.
Service Suspension (If Necessary) – To protect users and data, we may temporarily suspend or limit certain services while remediation activities are being carried out.
Record-Keeping
All breaches, whether or not they require notification, are logged and documented for accountability and review.
Lessons learned from each incident are used to strengthen future safeguards.
14. Cookies and Online Tracking
KlinikaHub uses cookies and similar tools to improve site functionality, remember your preferences, and analyze how our website is used. You may adjust your browser settings to block or delete cookies; however, some features of the site may not work as intended if cookies are disabled.
15. Changes to this Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our services or legal requirements. Any updates will be posted on this Website with the date of effect. If changes are significant, we will take reasonable steps to inform you more directly.
16. Contact Information
For concerns, complaints, or to exercise your rights, please contact our Data Protection Officer (DPO):
Data Protection Officer, KlinikaHub
Linden Andrei Macarangcat
Email: [email protected]
Phone: 0939 427 7310
Address: Unit 404, 4/F Strand Tower, F. Cabahug St., Brgy. Kasambagan, Cebu City, Cebu
Last Updated: June 29, 2026