Philippine Pediatric Society
Privacy Notice
Version 1.0 · Effective July 14, 2026 · Data Protection Officer: dpo@pps.org.ph
PPS Privacy Notice
Version 2.1 · Effective 15 July 2026
The Philippine Pediatric Society, Inc. (PPS) issues this Notice under Section 16(a) of the Data Privacy Act of 2012 (RA 10173) to explain, in plain terms, how we handle your personal data on the PPS Portal at portal.pps.org.ph.
1. Who we are
PPS is a non-stock, non-profit medical specialty society founded in 1947 and registered with the SEC. We are the Personal Information Controller for the data collected through the Portal.
Our Data Protection Officer is reachable at dpo@pps.org.ph (PPS Head Office, Quezon City).
2. What we collect
- Identity and contact — name, date of birth, sex, email, mobile, address, photo.
- Professional (sensitive) — PRC License, PTR, S2, specialty, training records, CPD activities, hospital and clinic affiliations, chapter membership.
- Financial — payment tokens through PayMongo. We never receive full card numbers, CVVs, or PINs.
- Content you submit — support tickets, event feedback, votes, comments, prescription pad and clinical tool drafts.
- Automatic — IP address, browser info, timestamps, cookies (see Cookie Policy), security telemetry.
3. Why we collect it
- Manage your membership and provide the services you request (events, CPD, elections, Good Standing, directory, clinical tools).
- Process payments and issue Official Receipts.
- Comply with law (BIR, PRC, NPC).
- Secure the Portal and prevent abuse.
- Send you the marketing messages you have opted in to.
4. Legal basis
We rely on Section 12(a) consent for marketing and optional features; Section 12(b) contract for membership services; Section 12(c) for legal obligations; Section 12(f) legitimate interests for security. For sensitive personal information we rely on your explicit consent under Section 13(a) and the professional-organization purpose under Section 13(d). Clinical-tool patient data is processed under Section 13(e), where the physician is the controller and PPS is the processor.
5. Who receives your data
- PPS staff and officers, need-to-know, access-controlled.
- Processors under contract — Amazon Web Services (cloud hosting), PayMongo (payments), our transactional email provider. Each is bound by a Data Processing Agreement.
- PPS chapters you belong to, for chapter-level services.
- Government bodies (BIR, PRC, NPC, courts) when required by law.
- The public, only if you opt in to the Public Doctor Directory.
PPS does not sell personal data.
6. Cross-border transfer
Portal data is hosted on AWS servers in the United States. We rely on the AWS Data Processing Addendum with Standard Contractual Clauses as our contractual safeguard under Section 21(c). PPS remains accountable.
7. How long we keep it
Only as long as needed for the purpose, or as required by law. Key periods:
| Data | Retention |
|---|---|
| Member profile | Active + 10 years, then anonymized |
| Payment records | 10 years (BIR RR 5-2014) |
| CPD certificates | 10 years |
| Event attendance | 5 years |
| Support tickets | 3 years after resolution |
| Rx Pad / Registry (as processor) | 3 years; 90/30/7-day export notices before purge |
| Consent records | Kept as legal evidence |
8. Your rights
You may exercise all eight rights granted by the Act — to be informed, to object, to access, to rectify, to erase or block, to damages, to data portability, and to complain. Self-service tools are available at /my-privacy.
We acknowledge every request within 3 working days and respond within 15 working days (extendable once with notice). The first request per year is free.
Erasure requests receive DPO review. Some records must be kept despite an erasure request (BIR, legal hold, professional-organization law) — where full deletion is not possible, we anonymize or block further processing.
9. Contact and complaints
Data Protection Officer — dpo@pps.org.ph · PPS Head Office, Quezon City
If you are unsatisfied with our response, you may complain to the National Privacy Commission at complaints@privacy.gov.ph or https://www.privacy.gov.ph.
10. Changes to this Notice
Material changes require your renewed consent through the Portal's re-consent prompt at your next login. Every consent record we keep is tagged with the version you agreed to.
Version 2.1 — Effective 15 July 2026.
Contact our Data Protection Officer
mail dpo@pps.org.ph
Jamie Francis Dy — ICT Consultant and Data Protection Officer