MSR HEALTHCARE, INC. is a personal information controller and personal information processor under Republic Act No. 10173 or otherwise known as the “Data Privacy Act of 2012” and its implementing rules and regulations.

A. Personal Data that we collect

The following are the types of Personal Data that we collect and process about individuals:

• Name

• Address

• Birthday

• Age

• Mobile Number/Telephone Number

• Email Address

• Marital Status

• Health Declarations

• Social Security numbers

• Medical Record Numbers

• Health plan beneficiary numbers

• Certificate/License numbers

• Web URLs

• Internet Protocol addresses

• Biometric identities (i., retinal scans, fingerprints)

• Photos

• Any unique identifying number character or code

• (Please add other applicable data)

These Personal Data may have been provided to us by you personally or through your authorized other individuals (with your consent) to our collection and processes of your Personal Data. These individuals could be your family members, employer, employee, colleagues or others that are even strangers to you. If you are giving us the Personal Data about other individuals, you confirm that you are authorized to disclose and equipped with necessary consent, on their behalf, to the processing of such Personal Data for the purposes described in the section “Purposes for which we collect and use Personal Data”, or other purposes for which your consent has been sought and obtained.

B. Purposes for which we collect and use Personal Data

We only collect and use Personal Data for purposes which you have consented to and for which we have been authorized. If we need to use your Personal Data for any purpose which you have not previously consented to, we would seek your consent prior to using your Personal Data for the new purpose.

We collect and use the Personal Data that you provide to us arising from your intention to secure the services of MSR Healthcare, Inc or any of its subsidiaries as our patient and for the following purposes:

• To conduct due diligence/background checks that are mandated by legislation or MSR Healthcare, Inc.’s practices

• To meet your medical and ancillary needs and/or requirements and other programs and services you availed;

• For multi-disciplinary treating team, where necessary;

• For the payment of your bills;

• For research purposes, where necessary;

• To liaise with health professionals and HMO’s;

• For collaboration with other medical health provider, where necessary, and upon your consent;

• For other purposes required by law.

• (You can provide additional purposes)

C. Sharing of your Personal Data

We do not share your Personal Data with third parties, unless:

• You have consented to the sharing thereof

• It is necessary to protect our interests

• When required or permitted by law

• With service providers acting on our behalf who have agreed to protect the confidentiality of the said Personal Data

• With HMOs and/or Companies with whom you are affiliated with, and with who you consented to the sharing thereof.

• Third Party service providers who will conduct due diligence/background checks that are mandated by legislation or MSR Healthcare, Inc.’s practices

• Financial institutions for purposes of payments and transactions related to MSR Healthcare, Inc.’s provision of products and services or related products and services provided to MSR Healthcare, Inc. by our service providers/consultants. ;

• To our service providers (locally or abroad) that have been retained to perform services on our behalf, including:

◇ Service providers who provide IT and outsourcing services such as data storage, electronic mail services, deployment of management operations for information technology and HR outsourcing services;

◇ Professional, financial and legal advisors, tax advisors, auditors, insurers and insurance brokers;

◇ Service providers and consultants that have been engaged to help manage, operate, administer and run MSR Healthcare, Inc.’s operations and business process or provide services to facilitate our provision of our products and services; and

◇ External contractors to provide consultancy and evaluative services to MSR Healthcare, Inc. and for MSR Healthcare, Inc.’s products and services, or organize events for MSR Healthcare, Inc.

We require that the parties to whom we transfer Personal Data and our service providers implement adequate levels of protection in order to protect Personal Data. We also require that these parties only process Personal Data strictly for purposes for which we engage them for and consistent with the purposes that we have described in the section “Purposes for which we collect and use Personal Data” or with other purposes for which consent has been sought and obtained.

In addition, as health services provider, we are permitted by law to make certain uses and disclosures of your personal data without your specific/written authorization. Your personal data shall be used and disclosed for the following, but not limited to;

a. TREATMENT. Personal Data may be shared with doctors, nurses and other healthcare providers who are involved in your treatment.

b. PAYMENT. As compensation for your medical services, we may use your Personal Data to perform accounting, auditing, billing, reconciliation, and collection activities. Payment activities include disclosure and submission of claims to insurance companies (such as PhilHealth) as well as to any of our collecting agents.

c. OPERATION. We may use and disclose your personal data in conducting our medical services. Operational activities include review of accuracy and completeness. In cancellations of transaction, personal data will be used for verification. If ownership of our organization should change, your personal data may be disclosed to the new entity

d. SUPPLIER OR BUSINESS PARTNER. In connection with treatment, payment and operation activities, we are acquiring the services of third parties performing activities for or in our behalf whom we may share and disclose your Personal Data.

e. APPOINTMENTS, REMINDERS, HEALTHCARE SERVICES INFORMATION. We may use your contact details for the purposes of notifying your appointment and/or inform you of our services that may interest you

f. BUSINESS OPERATION. We may use your personal data for business purposes to provide the services you avail, to inform you about our products and services and to manage our sites or clinic branches and other services. We may also use your personal data for analysis, audits, crime/fraud monitoring and prevention, security, developing new products and/or services, testing, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of our promotional campaigns, and operating and expanding our business.

g. PERSONAL REPRESENTATIVE. We may disclose your personal data to your duly authorized personal representative. For example, the parent or legal guardian of a minor is considered as personal representative.

h. PUBLIC HEALTH AND SAFETY. We may disclose your personal data to public health officials to carry out public health advisories, activities, and investigations or to our government agencies for health oversight activities and investigations such as preventing or controlling infections and diseases.

i. LEGAL ACTIONS or LAW ENFORCEMENT. We may disclose your personal data when required by the law and/or government authorities, such as in the course of legal proceedings such as receipt of a subpoena from the court of law. we may also disclose certain personal data as we believe is required, necessary, or appropriate under the following: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal processes and/or respond to requests from competent public and government authorities including public and government authorities outside your country of residence; (c) to enforce our terms and conditions; (d) to protect our operations and those of any of our affiliates; (e) to protect our rights, privacy, security, safety, and physical and intellectual property, and/or rights of our affiliates, you, or others; and (f) to allow us to pursue available remedies or limit the damages that we may sustain.

j. OTHER ACTIVITIES. To perform other activities consistent with this Data Protection Statement.

D. Disclosure, sharing and transfer of Personal Data

We do not sell your personal data to marketing companies outside of our organization, including our web site . We generally process your personal data only for those purposes that we have transmitted or communicated with you. If we use it for other (closely related) purposes, additional data protection measures will be implemented, if required by law.

We employ a range of technological and physical security arrangements and maintain safeguards to protect against the accidental or unauthorized access, collection, use, disclosure, copying, modification, disposal, deletion and other similar risks to Personal Data.

E. Your Rights

We recognize and take seriously our responsibility to protect the personal data you entrust to us from loss, misuse or unauthorized access. The following is a summary of your rights regarding your personal data: a) Right to access your personal data with us; b) Right to request restriction of access; c) Right to limit and prevent disclosure; d) Right to amend or update personal data; e) Right to authorize other uses; f) Right to receive notice of privacy breaches; and g) Right to request destruction of personal data.

F. Manage your Personal Data

If you would like to correct, update, delete, or request access to the personal information that you have provided to us, kindly inform us on the matter. We encourage you to keep your personal settings and personal data complete and current.

G. Storage of Personal Data

We have a Records Retention Policy and abide with other laws that provide higher privacy. The information we collect may be stored and processed in any of our clinics and wherever our service providers have facilities around the globe and in accordance with local laws.

H. Retention of Period

We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Protection Statement unless a longer retention period is required or permitted by law. We retain the personal data we collect only if we need it to support justifiable business requirements or when our lawful purposes for using the information are still relevant. When we no longer require personal data we or our third party suppliers will securely delete and/or archive the information. But generally, we do not retain Personal Data for a period of longer than five (5) years after the original purposes for which the Personal Data was collected have ceased to be applicable, unless otherwise required by law, or other mandatory directions by court or government authorities or for purposes of legal proceedings or other similar proceedings or investigations.

I. Changes to the Privacy Protection Statement

Our products and services are dynamic and the form and nature of the services may change from time to time without prior notice to you. For this reason, we reserve the right to change or add to this privacy notice from time to time. We will post a prominent notice on our privacy notice page to notify you of any significant changes to this privacy notice, and will indicate at the top of the notice when it was most recently updated. We encourage you to check back often to review the latest version. The new privacy notice will be effective upon posting. If you do not agree to the revised notice, you should alter your preferences. By continuing to access or make use of our services after the changes become effective, you agree to be bound by the revised privacy notice.