Skip to content Skip to footer

Data Privacy Notice

Halcyon Health Network, Inc. MANDATE

Halcyon Health Network, Inc. (“HHNI”) is committed to safeguarding the personal and sensitive personal information you provide or we collect, in accordance with Republic Act No. 10173, or the Data Privacy Act of 2012, as amended, and its Implementing Rules and Regulation (IRR). All personal data shall be processed with the highest degree of confidentiality, security, and respect for your privacy.

Data Collection

HHNI collects the following personal and sensitive personal information:

  • Full Name
  • Date of Birth
  • Gender
  • Civil Status
  • Birthplace
  • Home Address
  • Email Address
  • Mobile/Contact Number
  • Nationality
  • Religion
  • SRN Number
  • Passport Number
  • SRB Number
  • Signature
  • Company
  • Principal
  • Vessel
  • Position

     

 

Data is collected electronically through Halcyon Health App and iNET System Patient Portal. By using this application and providing your information, you explicitly consent to the collection and processing of your personal and sensitive personal information for the legitimate purposes outlined in this notice.

Purpose of Data Collection

The personal data collected will be used for the following legitimate purposes:

Registration and processing for Pre-Employment Medical Examination (PEME)

Handling other transactions related to PEME

Monitoring user activity to improve app functionality and user experience

Communicating updates, reminders, and medical notifications

Conducting anonymized data analytics and health research

Providing personalized health and wellness insights

Tracking health progress (e.g., mood logs, activity)

Enabling app features (e.g., alerts, reminders, goals)

Ensuring compliance with health regulations and reporting obligations

 

HHNI only collects data that is necessary and relevant for the stated purposes.

Data Storage & Security

  • Personal data is securely stored in cloud servers hosted by Amazon Web Services (AWS)

     

  • Storage locations may include servers in other countries, depending on cloud configurations. Any transfer of data to these servers will be done in compliance with the Data Privacy Act of 2012 and its IRR, ensuring an adequate level of data protection through appropriate safeguards.

     

  • All cloud services are compliant with international data protection standards

     

  • HHNI maintains complete control over configurations, access, and encryption

     

  • No third-party has direct access to data

     

Data Retention Policy

Personal data collected by HHNI is retained for a period of ten (10) years from the date of collection or the last relevant transaction, whichever is later, unless:

  • The user requests earlier deletion, or

     

  • Applicable laws or regulations require a shorter or longer retention period

     

Rationale for 10-Year Retention:

  • Continuity of service and reference for future medical assessments

     

  • Legal, regulatory, and audit requirements

     

  • Fulfillment of user requests for historical data related to health services

     

Retention is managed in-house using secure infrastructure and AWS tools.

 

Data Sharing and Disclosure

Your personal data is not disclosed or shared outside HHNI, unless:

  • Required by law or legal process

     

  • You provide explicit written consent

     

Access to your data is strictly limited to authorized personnel of HHNI with legitimate roles.

 

Data Breach Notification 

In the event of a data breach that may compromise your personal data, you will be notified in accordance with the requirements of the Data Privacy Act and the guidelines of the National Privacy Commission.

 Data Disposal

When data is no longer needed, HHNI ensures secure and permanent deletion using AWS features:

Data lifecycle rules (object expiration, versioning)

Secure data overwriting

Encryption key revocation, where applicable

 

All deletion activities are managed by HHNI’s authorized IT and data teams, utilizing secure platform and AWS features to ensure permanent and secure disposal.

Your Rights as a Data Subject

Under the Data Privacy Act of 2012, you have the right to:

  1. Be Informed

     

  2. Access your personal data

     

  3. Object to processing

     

  4. Correct inaccurate or incomplete data

     

  5. Erasure or blocking of personal data

     

  6. File a complaint with the National Privacy Commission

     

Should you want to exercise or know more about these rights, you may communicate with our Data Protection Officers at dpo@halcyonmarine.com.ph

Halcyon Health Network, Inc. values your trust and privacy. All data collection and processing are guided by principles of transparency, legitimate purpose, and proportionality in full compliance with the Data Privacy Act of 2012 and its IRR.

Thank you for subscribing