Back to home

Legal

Privacy Statement

Issued in compliance with Republic Act No. 10173 (Data Privacy Act of 2012) — Effective Date: June 14, 2026

MACE Diagnostic Center (“MACE,” “we,” “us,” or “our”), located at Barangay 32, Nistal Building, Yacapin Street, Cagayan de Oro City, is a DOH-compliant diagnostic and laboratory services provider offering hematology, clinical chemistry, clinical microscopy, immunology/serology, ultrasound, x-ray, ECG, medical consultations, and related health screening packages.

We respect your right to privacy and are committed to protecting your personal data in accordance with Republic Act No. 10173, or the “Data Privacy Act of 2012” (DPA), its Implementing Rules and Regulations (IRR), and the relevant issuances, advisories, and circulars of the National Privacy Commission (NPC).

By availing of our services, visiting our clinic, using our website, or otherwise providing us with your personal data, you acknowledge that you have read and understood this Privacy Statement.


1. Information We Collect

1.1 Personal Information

  • Full name, date of birth, sex/gender, civil status, and nationality
  • Contact details, such as mobile/telephone number, e-mail address, and home or mailing address
  • Government-issued identification numbers (e.g., PhilHealth number), when required for billing, HMO processing, or regulatory reporting
  • Emergency contact information
  • Employment or company information, for corporate clients, pre-employment physicals, or HMO-related transactions
  • Payment and billing information, such as official receipts, mode of payment, and HMO/insurance details
  • Appointment details, including preferred schedule, requested services, and notes you provide when booking

1.2 Sensitive Personal Information

As a diagnostic and laboratory services provider, we necessarily collect and process sensitive personal information, which is afforded a higher level of protection under the DPA. This includes:

  • Medical history, symptoms, and physician’s requests or referrals
  • Laboratory, imaging, and diagnostic test results (e.g., hematology, clinical chemistry, clinical microscopy, immunology/serology, ultrasound, x-ray, ECG)
  • Health conditions relevant to test interpretation (e.g., pregnancy status for prenatal packages, fasting status, medications taken)
  • HMO, insurance, or health plan membership details and approval records
  • Any other health-related information you voluntarily disclose to our staff or physicians

1.3 Information Collected Through Our Website

  • Information you submit through our online appointment/booking forms (e.g., name, phone number, e-mail address, preferred date, service requested, and notes)
  • Information submitted through our HMO approval request forms (e.g., patient details, HMO details, and attending doctor’s details)
  • Technical information automatically collected when you visit www.macediagnostics.com, such as IP address, browser type, device information, and pages visited, which may be collected through cookies or similar technologies for site functionality and analytics

2. How We Collect Your Personal Data

  • Directly from you, when you register as a patient, book an appointment, undergo testing, or communicate with our staff in person, by phone, by e-mail, or through our website
  • From referring physicians, hospitals, clinics, or corporate partners who endorse you for testing
  • From your HMO or insurance provider, for purposes of verifying coverage and processing approvals
  • From your employer or an authorized representative, in the case of company-sponsored physical examinations, mobile medical services, or community health drives
  • Automatically, through cookies and similar technologies when you access our website

3. Purposes of Collection, Use, and Processing

  • To register you as a patient and maintain accurate medical and laboratory records
  • To perform the diagnostic tests, imaging procedures, and medical consultations you have requested or that have been requested on your behalf
  • To release laboratory and diagnostic results to you, your attending physician, or your authorized representative
  • To process payments, billing, official receipts, and claims with HMOs, insurance providers, or corporate accounts
  • To verify HMO or insurance eligibility and to process online HMO approval requests
  • To schedule, confirm, reschedule, or follow up on appointments through call, SMS, or e-mail
  • To comply with reporting requirements of the Department of Health (DOH), PhilHealth, and other government agencies, including disease surveillance and reporting where legally mandated
  • To conduct internal quality control, quality assurance, and accreditation activities
  • To respond to inquiries, complaints, and feedback
  • To send administrative notices, such as advisories on clinic schedules, holidays, or service changes
  • To maintain the security of our premises and information systems, including basic website analytics and fraud prevention
  • To comply with our legal, regulatory, and contractual obligations

4. Legal Basis for Processing

  • Consent — you have given your consent prior to the collection and processing of your personal and sensitive personal data
  • Contractual necessity — processing is necessary for us to perform our obligations to you as a patient or client
  • Legal obligation — processing is necessary to comply with applicable laws and regulations, including those of the DOH, PhilHealth, and other government agencies
  • Protection of vital interests — processing is necessary to protect your life and health or that of another person, such as in medical emergencies
  • Legitimate interests — processing is necessary for our legitimate business interests, such as quality assurance and accreditation, provided this does not override your fundamental rights and freedoms

5. Sharing and Disclosure of Personal Data

We do not sell, rent, or trade your personal data. We may share it only to the extent necessary with:

  • Your attending or referring physician, and other healthcare professionals directly involved in your care
  • HMOs, health insurance providers, and corporate clients, for verifying coverage, processing approvals, and billing
  • Government agencies and regulators, such as the DOH and PhilHealth, where required by law or a valid order of a competent authority
  • Accredited laboratories or service providers, for confirmatory testing, equipment calibration, or other support services
  • Service providers that support our operations (e.g., IT support, appointment management, courier services), who are bound to protect your data
  • Successors-in-interest, in the event of a corporate restructuring, merger, or transfer of business operations

We will not disclose your personal or sensitive personal information to any other third party without your consent, except as required or permitted by law.


6. Data Storage, Retention, and Disposal

Storage: Your personal data is stored in physical records kept at our Yacapin Street facility and in electronic records maintained in our laboratory information and administrative systems. Access is restricted to authorized personnel.

Retention: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including periods required under DOH regulations, PhilHealth requirements, the Civil Code, and the National Internal Revenue Code, or until you withdraw your consent where applicable and where retention is not otherwise mandated by law.

Disposal: Once the retention period has lapsed, we securely dispose of personal data by shredding physical documents and permanently deleting electronic records in a manner that prevents further processing, unauthorized access, or disclosure.


7. Security Measures

7.1 Organizational

  • Designation of a Data Protection Officer (DPO) responsible for overseeing DPA compliance
  • Internal policies on data privacy, confidentiality undertakings, and access controls
  • Regular orientation of staff on data privacy and confidentiality obligations
  • Maintenance of records of processing activities, where required

7.2 Physical

  • Restricted access to areas where patient records, samples, and equipment are stored
  • Secure storage of physical records, including locked filing systems
  • Visitor access controls within our laboratory and clinic premises

7.3 Technical

  • Access controls such as user accounts and passwords to limit access to electronic patient records
  • Secure transmission of results to authorized recipients
  • Periodic backup of electronic records to prevent data loss
  • Monitoring for, and prompt response to, security incidents or personal data breaches in accordance with NPC requirements

8. Your Rights as a Data Subject

  • Right to be informed — to be notified before your personal data is collected and processed
  • Right to access — to reasonable access to your personal data that we hold
  • Right to object — to object to the processing of your personal data, including for direct marketing or profiling
  • Right to erasure or blocking — to have your personal data blocked or destroyed if it is incomplete, outdated, false, unlawfully obtained, or no longer necessary
  • Right to rectification — to have inaccuracies in your personal data corrected promptly
  • Right to data portability — where applicable and technically feasible, to obtain a copy of your personal data in an electronic or structured format
  • Right to damages — to be indemnified for damages sustained due to unauthorized use of personal data
  • Right to lodge a complaint — to file a complaint with the National Privacy Commission

To exercise any of these rights, please contact our Data Protection Officer (see Section 11). We may require you to verify your identity before acting on your request.


9. Consent, Minors, and Withdrawal of Consent

Where consent is the basis for processing, you may provide it through our patient registration forms, online booking forms, or other available channels. For patients who are minors or otherwise unable to provide consent, we obtain consent from their parent, legal guardian, or authorized representative.

You may withdraw consent at any time by contacting our DPO, except where processing is necessary for compliance with a legal obligation, the protection of vital interests, or other lawful bases that do not require consent. Withdrawal may affect our ability to provide certain services, such as releasing results to specific third parties or processing HMO claims.


10. Our Website and Cookies

Our website, www.macediagnostics.com, may use cookies and similar technologies to enable basic site functionality, remember your preferences, and gather aggregate, non-identifying statistics on how visitors use our site. You may configure your browser to refuse cookies; however, doing so may affect certain features such as our online appointment booking and HMO approval forms.

Information you submit through our website forms is transmitted to our staff for the purpose of processing your request and is handled in accordance with this Privacy Statement.


11. Contact Us — Data Protection Officer

For questions, concerns, or requests relating to this Privacy Statement or to exercise your rights as a data subject:

  • Data Protection Officer: MACE Diagnostic Center
  • Address: Barangay 32, Nistal Building, Yacapin Street, Cagayan de Oro City, Philippines
  • Telephone: 0917 192 3116 / (088) 323-0770
  • E-mail: privacy@macediagnostics.com

12. Filing a Complaint with the National Privacy Commission

If you believe your rights under the Data Privacy Act of 2012 have been violated and your concern has not been adequately addressed by us, you may file a complaint with the National Privacy Commission:

  • Address: 5th Floor, Delegation Building, PICC Complex, Roxas Boulevard, Pasay City, Metro Manila, Philippines
  • Website: www.privacy.gov.ph

13. Amendments to This Privacy Statement

We may update or revise this Privacy Statement from time to time to reflect changes in our practices, services, or applicable laws, including issuances of the National Privacy Commission. Any material changes will be posted on our website together with the updated effective date.

This Privacy Statement was last updated on June 14, 2026.