Data Privacy Notice
Halcyon Health Network, Inc. MANDATE
Halcyon Health Network, Inc. (“HHNI”) is committed to safeguarding the personal and sensitive personal information you provide or we collect, in accordance with Republic Act No. 10173, or the Data Privacy Act of 2012, as amended, and its Implementing Rules and Regulation (IRR). All personal data shall be processed with the highest degree of confidentiality, security, and respect for your privacy.
Data Collection
HHNI collects the following personal and sensitive personal information:
- Full Name
- Date of Birth
- Gender
- Civil Status
- Birthplace
- Home Address
- Email Address
- Mobile/Contact Number
- Nationality
- Religion
- SRN Number
- Passport Number
- SRB Number
- Signature
- Company
- Principal
- Vessel
- Position
Data is collected electronically through Halcyon Health App and iNET System Patient Portal. By using this application and providing your information, you explicitly consent to the collection and processing of your personal and sensitive personal information for the legitimate purposes outlined in this notice.
Purpose of Data Collection
The personal data collected will be used for the following legitimate purposes:
Registration and processing for Pre-Employment Medical Examination (PEME)
Handling other transactions related to PEME
Monitoring user activity to improve app functionality and user experience
Communicating updates, reminders, and medical notifications
Conducting anonymized data analytics and health research
Providing personalized health and wellness insights
Tracking health progress (e.g., mood logs, activity)
Enabling app features (e.g., alerts, reminders, goals)
Ensuring compliance with health regulations and reporting obligations
HHNI only collects data that is necessary and relevant for the stated purposes.
Data Storage & Security
- Personal data is securely stored in cloud servers hosted by Amazon Web Services (AWS)
- Storage locations may include servers in other countries, depending on cloud configurations. Any transfer of data to these servers will be done in compliance with the Data Privacy Act of 2012 and its IRR, ensuring an adequate level of data protection through appropriate safeguards.
- All cloud services are compliant with international data protection standards
- HHNI maintains complete control over configurations, access, and encryption
- No third-party has direct access to data
Data Retention Policy
Personal data collected by HHNI is retained for a period of ten (10) years from the date of collection or the last relevant transaction, whichever is later, unless:
- The user requests earlier deletion, or
- Applicable laws or regulations require a shorter or longer retention period
Rationale for 10-Year Retention:
- Continuity of service and reference for future medical assessments
- Legal, regulatory, and audit requirements
- Fulfillment of user requests for historical data related to health services
Retention is managed in-house using secure infrastructure and AWS tools.
Data Sharing and Disclosure
Your personal data is not disclosed or shared outside HHNI, unless:
- Required by law or legal process
- You provide explicit written consent
Access to your data is strictly limited to authorized personnel of HHNI with legitimate roles.
Data Breach Notification
In the event of a data breach that may compromise your personal data, you will be notified in accordance with the requirements of the Data Privacy Act and the guidelines of the National Privacy Commission.
Data Disposal
When data is no longer needed, HHNI ensures secure and permanent deletion using AWS features:
Data lifecycle rules (object expiration, versioning)
Secure data overwriting
Encryption key revocation, where applicable
All deletion activities are managed by HHNI’s authorized IT and data teams, utilizing secure platform and AWS features to ensure permanent and secure disposal.
Your Rights as a Data Subject
Under the Data Privacy Act of 2012, you have the right to:
- Be Informed
- Access your personal data
- Object to processing
- Correct inaccurate or incomplete data
- Erasure or blocking of personal data
- File a complaint with the National Privacy Commission
Should you want to exercise or know more about these rights, you may communicate with our Data Protection Officers at dpo@halcyonmarine.com.ph
Halcyon Health Network, Inc. values your trust and privacy. All data collection and processing are guided by principles of transparency, legitimate purpose, and proportionality in full compliance with the Data Privacy Act of 2012 and its IRR.