Skip to main content
RegisterLogin
Back to Home

Data Privacy Compliance

How MyPocketDoctor protects your personal information under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173).

Effective: March 2026

1. Introduction

MyPocketDoctor, operated by Mediaxes Philippines Inc., is committed to protecting the privacy and security of all personal and sensitive personal information entrusted to us by our patients, employees, and partners.

This document outlines our compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), and relevant issuances of the National Privacy Commission (NPC). It applies to all personal and sensitive personal information processed through the MyPocketDoctor platform.

2. Data Processing Principles

All processing of personal data by MyPocketDoctor adheres to the three fundamental principles of the DPA:

  • Transparency — Users are informed about how their data is collected, processed, and used before and during the processing of their personal information.
  • Legitimate Purpose — Data is processed only for declared, specified, and legitimate purposes. It is not processed in a way incompatible with those purposes.
  • Proportionality — Only personal data that is adequate, relevant, and necessary for the declared purpose is collected and processed.

3. Rights of Data Subjects

Under the DPA, you have the following rights regarding your personal information:

  • Right to be informed — You have the right to know how your personal data is being collected, processed, and used.
  • Right to access — You may request access to your personal data held by MyPocketDoctor.
  • Right to object — You may object to the processing of your personal data, including processing for direct marketing or automated decision-making.
  • Right to erasure or blocking — You may request the removal or blocking of your personal data from our systems.
  • Right to rectification — You may request correction of any inaccurate or incomplete personal data.
  • Right to data portability — You may obtain a copy of your data in a structured, commonly used format.
  • Right to damages — You may claim compensation for damages sustained due to inaccurate, incomplete, outdated, or unauthorized processing of your personal data.

To exercise any of these rights, please contact our Data Protection Officer at the details provided below.

4. Data Collection & Processing

MyPocketDoctor collects and processes two categories of information:

  • Personal information — name, email address, mobile number, date of birth, gender, and other registration details.
  • Sensitive personal information — health records, medical history, prescriptions, blood profile, allergies, and other health-related data provided during consultations.

Processing is based on your explicit consent obtained at registration and, for sensitive personal information, under Section 13(e) of RA 10173, which permits processing when necessary to protect the life and health of the data subject.

For a complete inventory of data fields collected, please refer to our Privacy Policy.

5. Data Security Measures

We implement reasonable and appropriate technical and organizational measures to protect personal data:

Technical Measures

  • SSL/TLS encryption on all web and API communications
  • Token-based API authentication
  • Data anonymization and aggregation techniques
  • Quarterly penetration testing

Organizational Measures

  • Role-based access control — data access restricted to authorized personnel
  • Regular infrastructure security audits
  • Encrypted servers behind firewalls

For full technical and organizational safeguard details, see our Privacy Policy.

6. Data Sharing & Third Parties

Your personal data may be shared with the following parties only to the extent necessary for the declared purposes:

  • Licensed physicians providing teleconsultation services
  • Partner pharmacies for e-prescription fulfillment
  • Insurance providers, when authorized by you
  • Regulatory authorities, when required by law

We do not transfer personal data outside the Philippines without ensuring adequate levels of protection as required by RA 10173 and NPC guidelines.

7. Breach Notification

In the event of a personal data breach, MyPocketDoctor will:

  • Notify the National Privacy Commission within 72 hours of discovery, per NPC Circular 16-03
  • Notify affected data subjects within the same timeframe when the breach is likely to harm them
  • Implement immediate remedial measures to contain and mitigate the breach

Our incident response procedures are regularly reviewed and updated to ensure rapid and effective response.

8. Data Protection Officer

MyPocketDoctor has appointed a Data Protection Officer (DPO) to oversee compliance with the DPA:

  • Email: [email protected]
  • Office: Level 24, Philippine Stock Exchange Tower, One Bonifacio High Street, 5th Ave. Cor. 28th St., BGC, Taguig

9. NPC Registration

MyPocketDoctor is registered with the National Privacy Commission as a personal information controller in accordance with the requirements of the DPA. We are committed to maintaining our registration and complying with all NPC directives and advisories.

10. Contact & Complaints

If you have questions or concerns about how your personal data is handled, or if you wish to exercise your rights as a data subject:

Step 1: Contact our Data Protection Officer at [email protected]

Step 2: If you are not satisfied with our response, you may file a complaint with the National Privacy Commission at www.privacy.gov.ph

This document is subject to periodic review and may be updated to reflect changes in applicable laws, regulations, and our data processing practices.