SeriousMD

 

Privacy Policy

 

Welcome! Thank you for your interest in SeriousMD (“SeriousMD”). SeriousMD respects your right to privacy. Consistent with SeriousMD policy to comply with all applicable privacy and data protection laws, this Policy summarizes the personal information which SeriousMD may collect, process, store, use, share and dispose. Accordingly, before proceeding to avail of SeriousMD’s services and/or products, all users are enjoined to read, fully understand, and agree to this Privacy Policy.

 

A.                 INTRODUCTION AND SCOPE

 

This Privacy Policy is being adopted in compliance with Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations and other relevant policies, including, but not limited to, the issuances of the National Privacy Commission (NPC) and the Department of Health (DOH). In general, this Policy applies to all personal data processing activities conducted by SeriousMD, particularly the collection, use, storage, sharing, and disposal of all personal data of SeriousMD users, as well as any personal data of data subjects which may be shared to SeriousMD by its users.

 

This Policy applies to all internet sites and mobile applications operated under SeriousMD by or on behalf of its owner, LeapFrogger, Inc., as well as any of its subsidiaries and/or affiliates. It likewise applies to all personal information which SeriousMD may otherwise collect and process: (a) through its products and services, other than its site and mobile app; (b) when users interact with SeriousMD by other means such as, for example, in person, by telephone or through training; and (c) from SeriousMD’s suppliers, vendors, and other business partners.

 

SeriousMD may have additional products or services other than those made available through its website or mobile application. If additional or different disclosures are required for a specific product or service, SeriousMD will provide those disclosures separately on, or with, the relevant site, app, product or service. Each such specific privacy disclosure, policy or statement supplements and amends this policy.

 

As there may be new issuances which may govern the right to process personal data as well as the expression of consent thereto, SeriousMD maintains the right to amend and/or modify this document to comply with any future developments in data privacy regulations, where applicable, and to reflect any changes in the organization’s policies and/or personal data processing activities.

 

By proceeding with the use of SeriousMD, all its related websites, downloadable software, mobile applications, and/or other services, you acknowledge that you have read and understood this privacy policy concerning the processing of personal data.

 

 

B.                  DEFINITION OF TERMS

 

As used in this Privacy Policy, the following terms are defined as follows –

 

                    Anonymization: refers to the processing of data to render it in such a way that the User or the Data Subject is not or no longer identifiable.

 

                    Consent: refers to any freely given, specific, informed indication of will, whereby the User or Data Subject, as the case may be, agrees to the collection and processing of his/her personal information.

 

                    Data Sharing: refers to the disclosure or transfer to a third party of personal data, which may come under the control or custody of SeriousMD.

 

                    Data Subject: refers to the individuals whose personal data is being processed. This may include the User/s and their patients, as the case may be.

 

                    Personal Information / Personal Data: refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual. It refers to all personal data, reports, addresses, files, records, and other data that a User of SeriousMD stores within the Site.

 

                    Personal Information Controller: refers to any person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf. Within the context of the availment of SeriousMD’s services, the Users are the personal information controllers of the personal information of their patients.

 

                    Personal Information Processor: refers to any qualified natural or juridical person to whom a personal information controller may outsource the processing of personal data pertaining to a data subject. SeriousMD serves as the personal information processor of User/s with respect to the personal information of the User’s patient data.

 

                    Processing: refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.

 

                    Public Area: means the area of the SeriousMD site that can be accessed by both Users and Visitors without needing to use a login ID and password.

 

                    Restricted Area: means the area of the Site that can be accessed only by Users, and where access requires the use of a login ID and a password.

 

                    Sensitive Personal Information: refers to personal information (a) About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; (b) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; (c) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and (d) Specifically established by an executive order or an act of Congress to be kept classified.

 

                    SeriousMD: refers to SeriousMD and/or its website/s or applications. It also refers to LeapFroggr, Inc. or its affiliates.

 

                    Service/ Services: refers to the SeriousMD website, https://www.seriousmd.com, or its related mobile applications and products.

 

                    User: refers to the licensed physician and/or individual who avails of the products and/or services of SeriousMD, either through its website or mobile application. It includes juridical persons, such as hospitals and medical facilities, that hire licensed and registered physicians in providing healthcare service. It also refers to the sub-user, employee, agent or representative of the User, who is authorized to use the restricted areas of the SeriousMD site for purposes of accessing the services of SeriousMD.

 

                    Visitor: means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.

 

 

C.                  THE TYPES OF PERSONAL INFORMATION COLLECTED

 

SeriousMD collects different types of information from or through the Service:

 

                   User-provided Information. When you use the Service, either as a User or as a Visitor, you may provide us, and we may collect your Personal Data. The personal information we may collect includes, among others, your name, email address, mailing address, mobile phone number, birthdate, government issued identifying information, and credit card or other billing information. It also includes other personal information, which will identify you as the User, such as geographic area or preferences. By registering an account with the Service, you will be required to provide us with both Personal Information and Sensitive Personal Information. As the use of SeriousMD is also limited to licensed and registered physicians, authorized to practice medicine in the Philippines pursuant to applicable laws, and to juridical persons, such as hospitals and medical facilities, that hire licensed and registered physicians to provide healthcare services, we will also store, process and/or collect your license and registration number, PRC ID, and other personal information which may establish your authority to practice medicine in the Philippines.

 

                   Information Collected by Users from their patients. A User may store or upload into the Service, personal information or sensitive personal information of their respective clients. In this case, as the Personal Information Processor of the Users, SeriousMD has no direct relationship with the individuals whose Personal Data are being uploaded and/or stored by its Users. Each User is responsible for securing the required consent and providing notice to its customers and third persons concerning the purpose for which User collects their Personal Data and how this Personal Data is processed in or through the Service.

 

                   “Automatically Collected" Information. When a User or Visitor uses the Service, SeriousMD may automatically record certain information from the User’s or Visitor’s device by using various types of technology, including cookies, “clear gifs" or “web beacons.” This “automatically collected" information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content the User or Visitor views or interacts with on the Service, and the dates and times of the visit, access, or use of the Service. SeriousMD may also use these technologies to collect information regarding a Visitor or User’s interaction with email messages, such as whether the Visitor or User opens, clicks on, or forwards a message. This information is gathered from all Users and Visitors of the Service.

 

                   Integrated Services. You, as User of the Service, may be given the option to access or register for the Service through the use of your user name and passwords for certain services provided by third parties (each, an “Integrated Service”), such as through the use of your Google account, or otherwise have the option to authorize an Integrated Service to provide Personal Data or other information to us. By authorizing us to connect with an Integrated Service, you authorize us to access and store your name, email address(es), date of birth, gender, current city, profile picture URL, and other information that the Integrated Service makes available to us, and to use and disclose it in accordance with this Policy. You should check your privacy settings on each Integrated Service to understand what information that Integrated Service makes available to us, and make changes as appropriate. Please review each Integrated Service’s terms of use and privacy policies carefully before using their services and connecting to our Service.

 

                   Information from Other Sources. We may obtain information, including Personal Data, from third parties and sources other than the Service, such as our partners, advertisers, credit rating agencies, and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.

 

 

D.                 USE AND PROCESSING OF INFORMATION COLLECTED

 

SeriousMD collects and processes personal data for the following reasons:

 

                   We collect and process personal data for the fulfilment of contractual services to Users. This is also used to operate, maintain, enhance and provide all features of the Service, including the information that you may request; for debugging; as well as to respond to all queries and provide support for Users of the Service.

 

                   We may use the personal information of our Users for administrative purposes, such as customer service and providing notices; and for promotional activities, relating to products and services offered by us and by third parties we work with. You have the ability to opt-out of receiving any promotional communications by sending us an e-mail at privacy@seriousmd.com.

 

                   We may use your anonymized personal data for statistical, analytical, research, and other related purposes to create anonymous and aggregate reports. We may also use your personal data in connection with Google Analytics, to measure and evaluate access to and traffic on the Public Area of the Service and create user navigation reports for our Site Administrators. In the event we do so, we will take the necessary safeguards required by law for the protection of your personal information.

 

                   We may also use the information provided to us to understand and analyze the usage trends and preferences of our Visitors and Users, to improve the Service, and to develop new products, services, features, and functionality.

 

                   We may use automatically collected information, such as cookies and similar technologies, to identify your device and record your preference. We use this information to enhance your customer experience and determine tailored content to meet your preferences and needs.

 

                   We may also outsource or contract the processing of the personal data of our Users to third parties, such as but not limited to, cloud storage vendors, etc., to fulfill any of the above purposes. They are only authorized to use the personal data for such contracted purposes. They may have access to personal data for a limited time under reasonable contractual and technical safeguards to limit their use of such information. We require them to protect personal data consistent with the SeriousMD’s Privacy Policy.

 

 

E.                  DISCLOSURE OF PERSONAL DATA

 

We do not sell or disclose the personal data we process to third parties without the consent of Users and Data Subjects, unless we are legally required to do so; if it is necessary to fulfill the purposes for which we process personal data as mentioned above; or if such action is necessary to protect, defend and/or enforce our rights, property or the personal safety of our employees and other individuals. We only permit our authorized personnel, Users and their registered representatives to access or process personal data in the possession of SeriousMD. We restrict access to such information to our authorized personnel, contractors, and agents who need to know such information in order to process it for us, who are subject to strict contractual and technical safeguards, and are accountable if they fail to meet these obligations.

 

We work with third party service providers who provide website, application development, hosting, maintenance, and other services for us. These third parties may have access to, or process your personal data in the possession of SeriousMD as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary and sufficient for them to perform their functions. Again, all our contracts with third parties require them to maintain the strictest confidentiality of such information. Thus, whenever personal data is disclosed with the requisite consent to third parties, we ensure that such third parties are contractually obligated to comply with the requirements of the Data Privacy Act and shall process any personal data strictly in accordance with the purposes enumerated above.

 

 

F.                   THE RIGHTS OF USERS

 

1.                  Right to be informed: As User, you have the right to be informed that your personal data shall be, are being, or have been processed. This right also requires us to notify you within a specific period of time if your data has been compromised, i.e. in the case of a personal data breach.

 

2.                  Right to access: You have the right to gain reasonable access to your personal data upon request. You may request access to the following:

 

a)                  Contents of your personal data that were processed;

b)                  Sources from which they were obtained;

c)                  Names and addresses of the recipients of your data;

d)                  Manner by which such data were processed;

e)                  Reasons for disclosure to recipients, if there were any;

f)                   Information on automated processes where the data will or likely to be made as the sole basis for any decision which would significantly affect you;

g)                  Date when your data was last accessed and modified; and,

h)                  Name and address of the personal information controller

 

3.                  Right to object: You have a right to object to the processing of your personal data, including processing for direct marketing, automated processing or profiling. You likewise have the right to be notified and given an opportunity to withhold consent to the processing in case of changes to the information given to you regarding the processing of your information.

 

4.                  Right to erasure or blocking: You have the right to suspend, withdraw, or order the blocking, removal or destruction of your personal data. You can exercise this right upon discovery and substantial proof of any of the following:

 

a)                  Your personal data is incomplete, outdated, false, or unlawfully obtained;

b)                  It is being used for purposes you did not authorize;

c)                  The data is no longer necessary for the purposes for which they were collected;

d)                  You decided to withdraw consent, or you object to its processing, and there is no overriding legal ground for its processing;

e)                  The data concerns personal information prejudicial to you — unless justified by freedom of speech, of expression, or of the press; or otherwise authorized;

f)                   The processing is unlawful; or,

g)                  The personal information controller, or the personal information processor, violated your rights as a data subject

 

5.                  Right to rectification: You have the right to dispute any inaccuracy or error in your personal data and have SeriousMD correct it immediately, unless the request is vexatious or unreasonable.

 

6.                  Right to data portability: Where your personal information is processed by electronic means, you have a right to obtain from SeriousMD a copy of your personal data in an electronic or structured format that is commonly used and allows for further use.

 

 

G.                 DATA PROTECTION OFFICER

 

To oversee our privacy compliance efforts, SeriousMD has appointed a Data Protection Officer (“DPO”) to manage and safeguard the handling of all our personal data processing activities. Should you have any concerns regarding SeriousMD’s privacy practices and policies, you may reach the DPO through the following contact information:

 

Data Protection Officer: Solomon See

Contact Information: privacy@seriousmd.com

 

 

H.                 INFORMATION SECURITY POLICY

 

1.                  We apply reasonable and appropriate security measures to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through the public internet, and we also employ application-layer security features to further anonymize Personal Data.

 

In addition, we implement the following physical, technical, and organizational controls to ensure the security of the personal data:

 

•          SeriousMD implements server redundancy and creates multiple backups in different availability zones within Amazon Web Services to protect personal information against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.

•          SeriousMD maintains a secure computer network to protect against accidental, unlawful or unauthorized usage or interference with or hindering of their functioning or availability;

•          Data is anonymized and transferred securely when processing the information;

•          Processes are in place for identifying and accessing reasonably foreseeable vulnerabilities in its computer networks, and for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach; and

•          Regular monitoring of server activity is done to detect security breaches; and in the event of a breach, procedures are in place to allow SeriousMD to take preventive, corrective and mitigating action and to inform its users about the impact of the breach and inform them about necessary steps to secure themselves from the vulnerability.

•          SeriousMD imposes an obligation upon its employees who have access to information not intended for public disclosure, to keep all the data under strict confidentiality. This obligation shall continue even after they leave the company, transfer to another position, or upon termination of employment or contractual relations.

•          SeriousMD implements data breach protocols that are activated when the personal data of our clients and customers are compromised.

 

Despite the foregoing controls, we emphasize that no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store in our Website or mobile application, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your personal data has been compromised, please contact our data protection officer in the contact details provided in this document. If we learn of a security systems breach, we will inform you of the occurrence of the breach in accordance with applicable law.

 

2.                  We practice the Data Minimization principle in the retention and disposal of your personal data. We only retain the Personal Data collected from you for as long as your account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. We also retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, in accordance with the statute of limitations as provided by law.

 

When disposing of your Personal Information, we take reasonable measures to ensure that it is done properly and is not accessible to the public.

  1. Physical records are shredded within thirty (30) days from our receipt of the client’s opt-out;
  2. Copies of electronic records are removed in the active database and all third-party tools; and,
  3. Historical snapshots of data are only kept for one year, at the most.

 

3.                  Our disclosure of personal data to third-party processors are governed by the following safeguards:

a.      Support secure transmission of data through the use of industry standard encryption and while data is at rest;

b.      Review the processors’ privacy policy and ensure that it adheres to Serious MD Privacy Policy guidelines;

c.       Technical Review of third-party service to ensure it passes security standards and adheres to privacy policies of SeriousMD; and,

d.      Removal and disposal of all client data from third-party platforms upon the opt-out of the user and when data is no longer needed.

 

I.                    CHANGES AND UPDATES TO THIS POLICY

 

Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision, and will comply with applicable law. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.

 

Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at privacy@seriousmd.com.

 

Last update: May 10, 2020.