I. Information For Registration
After activating your MYPOCKETDOCTOR account, you must provide:
1.Basic Information
✓ First Name and Last Name
✓ Gender
✓ Mobile number
✓ Skype account
✓ Age
✓ Birthday
✓ Company Name
✓ City Location
✓ Height
✓ Weight
b) Blood Profile
c) Emergency Contact
d) Allergies
e) Medication/s
f) Insurance
g) Health Concerns
h) Relative Medical Issues
II. The Purposes of Your Personal Information
We use Personal Information to:
✓ enable you to register with and subscribe to MYPOCKETDOCTOR;
✓ provide medical services and continuing care;
✓ avail of the services of the licensed physicians;
✓ aid in historical, statistical, or scientific purposes for the quality improvement of services of MYPOCKETDOCTOR;
✓ aid in historical, statistical, or scientific purposes for the quality improvement of services of MYPOCKETDOCTOR’s insurance and drugstore partners;
✓ adhere to internal policies and procedures of MYPOCKETDOCTOR;
✓ provide you with your other subscribed products and services, including customer support;
✓ enhance your customer experience and determine tailored content to meet your preferences and needs;
✓ communicate relevant services and/or advisories to you;
✓ comply with any safety, security, public service or legal requirements and processes;
✓ for any other purpose for which you give us authorization; and
✓ process information for statistical, analytical, research and other related purposes.
III. How We Are Safeguarding Your Personal Data
To improve our services, it is necessary that we collect, use, process and analyze your personal information when it is reasonable and necessary. MYPOCKETDOCTOR uses Data Security Software to protect the personal information of the patient. MYPOCKETDOCTOR’s website and APIs use SSL certificates. All of our APIs operate on token-based authentication. Whenever allowed, we aggregate and anonymize these information such that you are not identified as an individual. By aggregating, we present information in segments or categories like age groups. By anonymizing, we remove personally identifiable information from the data, also known as, “Non-Personal Information.” Patient/User password security are integrated into development by availing the key derivation functions for computing irreversible hashes for passwords. The integrity, confidentiality and security of your information are particularly important to us. So, we strictly enforce our privacy policy and we have implemented technological, organizational and physical security measures that are designed to protect your information from unauthorized access, use, alteration and disclosure. MYPOCKETDOCTOR’s Android and IOS mobile applications are using SSL pinning. This validates if the requested APIs really originated from the authorized users of the API.
MYPOCKETDOCTOR likewise utilizes Periodic Penetration Testing. This activity is done every three months. The testing evaluates the security of the IT infrastructure and server hosts by trying to exploit vulnerabilities. This is done quarterly to validate the integrity of the defensive mechanisms of MYPOCKETDOCTOR’s IT infrastructure and server
We also put in effect safeguards such as:
- We let you update your information securely to keep our records accurate;
We will retain your personal data throughout the subscription of our products and services, and for a maximum period of five (5) years afterward;
- We restrict access to your information only to qualified and authorized personnel who hold your information with strict confidentiality;
- We undergo regular audit and rigorous testing of our infrastructure’s security protocols to ensure your data is always protected; and
- We keep and protect your information using a secured server behind a firewall, encryption and security controls;
Only the System Administrators are authorized to have direct shell access to the servers. No shell access to the servers were provided to the developers. The developers are only allowed to push production codes, through git, as part of the implemented continuous integration and deployment. MYPOCKETDOCTOR uses Linode and Amazon Web Services for the cloud hosting facility of the service. MYPOCKETDOCTOR obeys the policies on Customer Agreement (https://www.linode.com/agreement), Terms of Service (https://www.linode.com/tos), Privacy Policy (https://www.linode.com/privacy), Acceptable Use Policy (https://www.linode.com/aup) and AWS Data Privacy (https://aws.amazon.com/compliance/philippines-data-privacy).
All throughout the term of your registration with MYPOCKETDOCTOR, you may, at any time, exercise your right to revise the Personal Information you have given. You may refuse access, processing, or use of your Personal Information or withdraw consent previously given to the access, processing or use of your Personal Information, or object to the same. All system access are using key-based SSH logins thereby rendering any brute force username-password attacks futile. More importantly, only the whitelisted source IP’s are allowed shell access to the server. Patient has the right to delete information in the future. You are aware that by withdrawing your consent, or objecting to the processing of your Personal Information, MYPOCKETDOCTOR will not be able to provide you with the products and services you have subscribed to or may want to avail of.
IV. How We Are Retaining and Disposing Your Personal Data
Through your online account, you can update your personal data by logging in. Otherwise, if you wish to have access to your personal information in our records or wish to delete; or you think that such personal information we have of you is incomplete, not up-to-date, or otherwise inaccurate, you may get in touch with our Data Privacy Officer through the contact details provided below.
Our Contact Details:
Address: 11th Floor Apple One Equicom Tower, Mindanao Avenue corner Biliran Road, Cebu Business Park, Cebu City, Philippines 6000
Email: dpo@mypocket.doctor
Only authorized MPD personnel can update your personal data under our secure online environment.
Upon withdrawal of your consent to share personal data, the MPD will dispose the data within a five-year period. You are afforded certain rights wherein your personal data, based on Data Privacy Act of 2012, shall be disposed or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public, or prejudice the interests of the data subjects.