Privacy Policy

Registration Form

After activating your MYPOCKETDOCTOR (MPD) account, you must provide the following:

  1. Basic Information:
  • First Name and Last Name
  • Gender
  • Mobile number
  • Email
  • Skype account / Active Whatsapp number
  • Date of Birth
  • Company Name
  • City / Location
  • Height
  • Weight
  1. b) Blood Profile
  2. c) Emergency Contact
  3. d) Allergies
  4. e) Medication/s
  5. f) Insurance
  6. g) Health Concerns
  7. h) Relative Medical Issues
  8. The Purposes of Your Personal Information.

Used to:

  • provide medical services and continuing care;
  • enable you to register with and subscribe to MPD;
  • assist the doctor in making a more informed and comprehensive diagnosis;
  • continually improve the quality of services offered;
  • aid in maintaining your electronic journal which contains consultations, prescriptions and medical documentation i.e. lab tests and x-rays;
  • comply with any safety, security, public service or legal requirements and processes;
  • for any other purpose for which you give us authorization.
  1. 3. How We Are Safeguarding Your Personal Data.

To improve our services, it is necessary that we collect, use, process and analyze your personal information when it is reasonable and necessary. MPD uses Data Security Software to protect the personal information of the patient. The Website APIs use SSL certificates. All our APIs operate on token-based authentication. We aggregate and anonymize this information such that you are not identified as an individual. By aggregating, we present information in segments or categories like age groups. In doing this, we remove personally identifiable information from the data, also known as, “Non-Personal Information.” Patient/User password security are integrated into development by availing the key derivation functions for computing irreversible hashes for passwords. The integrity, confidentiality and security of your information is particularly important to us. To that effect, we strictly enforce our privacy policy and have implemented technological and organizational security. These measures are designed to protect your information from unauthorized access, use, alteration and/or disclosure. MPD’s Android and IOS mobile applications are using SSL pinning. This validates whether the requested APIs really originated from the authorized users.

The platform utilizes Periodic Penetration Testing every three months. This evaluates the security of the IT infrastructure and server hosts by trying to exploit vulnerabilities. It is done quarterly to validate the integrity of MPD’s defensive mechanisms, IT infrastructure and server. We keep and protect your information using a secured server behind a firewall, encryption and security controls.

We also put in effect safeguards such as:

  • Letting you update your information as needed;
  • Retaining your personal data for a maximum period of five (5) years;
  • Only authorized personnel can access your information;
  • Only the System Administrators are authorized to have direct shell access to the servers;

The developers are only allowed to push production codes, through Git, as part of the implemented continuous integration and deployment.

MPD uses Linode and Amazon Web Services for the cloud hosting facility of the service.

The platform adheres to the policies on Customer Agreement (https://www.linode.com/agreement), Terms of Service (https://www.linode.com/tos), Privacy Policy (https://www.linode.com/privacy), Acceptable Use Policy (https://www.linode.com/aup) and AWS Data Privacy (https://aws.amazon.com/compliance/philippines-data-privacy).

You may refuse access, processing, or use of your Personal Information or withdraw consent previously given to the access, processing or use of your Personal Information, or object to the same. All system access are using key-based SSH logins thereby rendering any brute force username-password attacks futile. More importantly, only the whitelisted source IP’s are allowed shell access to the server. The patient has the right to delete information in the future. By withdrawing your consent, or objecting to the processing of your Personal Information, MPD will not be able to provide you with the services you have subscribed to or may want to access.

  1. How We Are Retaining and Disposing Your Personal Data.

Through your online account, you can update your personal data when logged in. In the event you would like to access and alter any information listed, you may get in touch with our Data Privacy Officer through the contact details provided below.

Upon withdrawal of your consent to share personal data, the MPD will dispose the data within a five-year period. You are afforded certain rights wherein your personal data, based on Data Privacy Act of 2012, shall be disposed of, or discarded in a secure manner preventing further processing, unauthorized access, or disclosure to any other party.