Philippine Pediatric Society
Privacy Policy
Version 1.0 · Effective July 14, 2026 · Data Protection Officer: dpo@pps.org.ph
PPS Privacy Policy
Version 2.1 · Effective 15 July 2026
This Privacy Policy explains how the Philippine Pediatric Society, Inc. (PPS) collects, uses, discloses, protects, and disposes of personal data on the PPS Portal at portal.pps.org.ph. It implements the Data Privacy Act of 2012 (RA 10173), its IRR, and the Circulars of the National Privacy Commission.
For a short summary, read the Privacy Notice instead.
1. Our role
PPS is a non-stock, non-profit medical specialty society. We are the Personal Information Controller for data collected through the Portal.
For patient data entered by physicians into the Rx Pad, Clinical Tools, and Registry, PPS is a Personal Information Processor and the physician is the controller. No PPS staff has operational access to those individual entries.
Our Data Protection Officer — dpo@pps.org.ph, PPS Head Office, Quezon City.
2. Scope
This Policy applies to the PPS Portal, PPS-managed email addresses, and records held at Head Office and by chapters on behalf of PPS. It binds every PPS trustee, officer, employee, consultant, volunteer, and vendor with access to personal data controlled by PPS.
3. Principles
Every processing activity respects Section 11 of the Act: transparency, legitimate purpose, proportionality, accuracy, storage limitation, integrity and confidentiality, and accountability.
4. Data we collect
- Personal information — name, contact details, photo, PPS number.
- Sensitive personal information — PRC License, PTR, S2, specialty, training and CPD records, hospital and clinic affiliations, government IDs in HR records.
- Financial — payment tokens through PayMongo (never full card numbers or CVVs).
- Content — support tickets, event feedback, votes, comments, clinical drafts.
- Automatic — log data, cookies, security telemetry.
5. Purposes and legal basis
| Purpose | Legal basis |
|---|---|
| Membership onboarding, profile, event registration, payments, CPD tracking, Portal services | §12(b) contract |
| Marketing email, optional fields, functional and analytics cookies, Public Doctor Directory listing | §12(a) consent |
| BIR / PRC reporting, breach notification, evidencing consent | §12(c) legal obligation |
| Fraud prevention, security monitoring, audited support impersonation, defense of legal claims | §12(f) legitimate interests |
| Processing SPI for professional-organization purposes | §13(d) |
| SPI processed with explicit consent (application, credentials) | §13(a) |
| SPI required by law (PRC license, government IDs) | §13(b) |
| Patient data in clinical tools | §13(e) — physician is controller, PPS is processor |
6. Consent
Where consent is the basis, PPS follows NPC Circular 2023-04:
- Registration presents unbundled checkboxes. Marketing consent is never a condition of membership.
- Every grant, refusal, or withdrawal is recorded immutably with the policy version, timestamp, IP, and user agent.
- When a policy version advances materially, the Portal shows a blocking re-consent prompt at your next login.
- Withdrawal is self-service at /my-privacy → Consent Preferences and takes effect immediately.
7. Who we share with
- Inside PPS — access is role-based and periodically reviewed. Clinical-tool content is walled off from staff.
- Processors under contract — AWS (cloud), PayMongo (payments), and our transactional email provider, each under a Data Processing Agreement.
- PPS chapters — for chapter-level services, under Data Sharing Agreements.
- Government — BIR, PRC, NPC, courts, when required by law.
- Public Doctor Directory — strictly opt-in, revocable.
PPS does not sell personal data.
8. Cross-border transfer
Portal data is hosted on AWS in the United States. We rely on the AWS Data Processing Addendum with Standard Contractual Clauses, backed by AWS SOC 2, ISO 27001, and PCI DSS certifications, with encryption in transit and at rest. Accountability remains with PPS.
9. Retention and disposal
We retain personal data only as long as needed, or as required by law. Disposal runs nightly with an audit trail. Legal holds suspend disposal for affected records.
| Category | Retention |
|---|---|
| Member profile | Active + 10 years, then anonymized |
| Denied applicants | 3 years, then anonymized |
| Payment records | 10 years (BIR RR 5-2014), reviewed by DPO |
| CPD certificates | 10 years |
| Event attendance | 5 years |
| Support tickets | 3 years after resolution |
| Rx Pad / Registry (as processor) | 3 years, with 90/30/7-day export notices |
| Clinical Tools history | 90 days |
| Audit and PII-access logs | 3–5 years |
| Consent records, breach records | Kept as legal evidence |
10. Security
Under Section 20 of the Act, NPC Circular 16-01, and NPC Circular 2023-06:
- TLS 1.2+ in transit; AWS RDS and S3 encryption at rest.
- Mandatory 2FA for privileged roles; role-based access control; session tied to IP.
- Audit logging of writes to sensitive tables; PII access logging.
- Daily encrypted backups, monthly cross-region backups, quarterly restore testing.
- Annual privacy training; confidentiality clauses in every employment and vendor contract.
- Annual Privacy Impact Assessment refresh.
11. Breach management
We follow NPC Circular 16-03. Staff report suspected incidents to the DPO within one hour of discovery. Notifiable breaches (per IRR §38) are reported to the NPC and affected data subjects within 72 hours. Every processor is contractually required to notify PPS within 24 hours of awareness.
12. Your rights
You have all eight rights granted by the Act — to be informed, to object, to access, to rectify, to erase or block, to damages, to data portability, and to complain. Self-service tools are at /my-privacy.
Service levels: 3-working-day acknowledgement, 15-working-day substantive response (extendable once with notice). First request per year is free.
Erasure is not absolute. Records under BIR, PRC, or legal-hold obligations must be retained. Where full deletion is not possible, we anonymize or block further processing.
13. Cookies
The Portal uses three tiers of cookies: strictly necessary (always active), functional (opt-in), and analytics (currently disabled). See the Cookie Policy.
14. Automated decision-making
PPS does not use automated decision-making that produces legal or similarly significant effects on you. Low-impact automation (event eligibility, Good Standing calculation) is subject to human review on request.
15. Changes
We review this Policy annually and on any material change in law or operations. Material amendments trigger a blocking re-consent prompt on your next login.
16. Contact and complaints
Data Protection Officer — dpo@pps.org.ph · PPS Head Office, Quezon City · Portal: /my-privacy → File a Complaint.
National Privacy Commission — complaints@privacy.gov.ph · https://www.privacy.gov.ph · 5th Floor, Delegation Building, PICC Complex, Pasay City.
You may also seek damages in court for violations of the Act.
Version 2.1 — Effective 15 July 2026. Adopted by the PPS Board of Trustees.
Contact our Data Protection Officer
mail dpo@pps.org.ph
Jamie Francis Dy — ICT Consultant and Data Protection Officer