1. You (The client) own your own data, so PHIX is only to use it and hold it as long PHIX (and its’ third parties) has your permission (Consent) to do so, and
2. PHIX complies with the privacy law of the Philippines (Republic Act 10173 – Privacy Act of 2012).
1. COLLECTION OF PERSONAL INFORMATION
1.1 Subject to your consent, PHIX collects identifiable information about you as is required to provide the Services to you. This “Personal Information” includes: (i) information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, address, user ID and password, and payment information (collectively, the “Registration Information”); (ii) information that we or our contractors generate from your samples and other test results, whether through processing of your saliva, blood, urine and fecal matter or any other means of analyzing your samples, in the course of providing the Services to you (collectively, the “Biomarker Information”); and (iii) additional information about yourself, like age and gender, and what you reported concerning your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information, and any other information about yourself (other than the foregoing information) that you supply to us in one form or another (collectively, the “Self-Reported Information”).
1.2 Personal Information does not include de-identified versions of the Personal Information, including versions of the Biomarker Information and Biomarker Profile with your identity removed, versions of any other data generated from samples with your identity removed, and versions of any information that PHIX is provided about you (other than identifying information such as your name and contact information, and the Registration Information) with your identity removed; for avoidance of any doubt, information about you is de-identified (your identity is removed) when personal identifiers about you are removed from the applicable information, excluding the Biomarker Information and Self-Reported Information, which will remain as part of the de-identified information.
1.3 If you are under the age of 18, your parent or legal guardian needs to consent and agree to your use of PHIX’s Services, and your submission of all your Registration, Bio-Marker and Self-Reported Information, the use of your information for our Services and the eventual use of your De-Identified Information (see 2.2).
1.4 You can access and update your Personal Information in your account profile through the PHIX websites anytime. If need be, you may request that corrections be made to your Personal Information on file with PHIX. Any requests to view your Personal Information on file with PHIX or to make corrections to your Personal Information on file with PHIX can be directed to PHIX’s privacy officer at 110 Legazpi Street, Makati, Metro Manilla (the “Privacy Officer”).
2. USE OF PERSONAL INFORMATION
2.1 Personal Information submitted to us, may be used by us in connection with your use of the Services. PHIX may use your Personal Information to: (i) carry out the Services; (ii) administer and operate and maintain the PHIX Site and applications and the provision of the Services; (iii) test and analyze samples that you provide; (iv) generate and maintain Biomarker Profiles and other Biomarker Information; (v) personalize the Services and aspects of the PHIX Site and applications; (vi) to keep you informed about software updates; (vii) process transactions related to your use of the Services; (viii) handle inquiries, complaints, submissions and feedback relating to the Services and/or the PHIX Site and applications; (ix) contact you with your consent, including to promote, update, and announce new, improved or expanded Services or products, special offers, or other useful information pertaining to your needs; (x) store your Personal Information for providing the Services; (xi) maintain copies or backups of your Personal Information for security and archival purposes where we consider it appropriate; (xii) verify compliance with agreements between you and us; (xiii) improve the Services and the PHIX Site and applications; (xiv) generate De-Identified Information for ongoing research and development and commercial use by PHIX and its affiliates to enhance and expand upon our Services, systems, software, databases and offerings; (xv) conduct surveys or research about your opinion of current Services or of potential new Services that may be offered in the future; (xvi) track and monitor your activity through the web site and applications and the Services; (xvii) comply with legal and regulatory requirements; and (xviii) achieve other purposes as may, from time to time, be permitted by law.
2.2 PHIX may also use de-identified versions of your Biomarker Information and any other data generated from your samples and any information that PHIX is provided about you (collectively, the “De-Identified Information”) to: (i) conduct scientific and commercial research and development with the purpose of advancing personal care in human performance and health and improving and furthering the products and services we provide; (ii) conduct surveys and/or research relating to the opinion of customers and potential customers with respect to the Services or of potential new Services that may be offered in the future; (iii) publish or have published observations, analyses, data and/or results in scientific journals or other publications; (iv) advance and implement our commercial business and engage in commercial activity to further our business, including through enhancement and expansion of our Services, systems, software, databases, products and offerings; (v) engage in research and development that result in the development of commercial products or services; (vi) the same extent as provided for Personal Information in the paragraph immediately above; and (vii) conduct data analysis in connection with any of the foregoing activities. Any Personal Information used for scientific or commercial purposes, including with third parties, will be de-identified (i.e. it will be De-Identified Information), meaning your personal identifiers about you such as your name, contact information, and your physician’s identity will be removed, which will remain as part of the de-identified information).
3. DISCLOSURE OF PERSONAL INFORMATION
4.1 Your express, written consent is obtained, through the Consent Form, to collect, use or disclose Personal Information when you sign up with PHIX, for the purposes of availing PHIX’s Services. Implied consent is obtained in circumstances where a customer relationship already exists, express consent has previously been given, or the purpose of using the personal information is reasonably apparent to you. You can change your consent preferences at any time via your account profile or by contacting PHIX’s designated Privacy Officer at the address referred to in section 1.4 above.
5. AUTOMATICALLY GATHERED INFORMATION
5.1 We may receive and store certain types of computer information whenever you interact with the PHIX Site or the Services. Examples of the information that we may automatically receive and store may include the Internet protocol (IP) address used to connect your computer to the Internet; computer and connection information such as browser type and version, operating system, and platform; and the full Uniform Resource Locators (URL) click stream to, through, and from our PHIX Site, including date and time information relating to your visits.
5.2 Such automatically gathered information may be used by PHIX for the operation of the Services provided to you via the PHIX Site or otherwise, to maintain the quality of the Services provided through the PHIX Site or otherwise, and to provide PHIX with general statistics relating to use of the Services and/or PHIX Site. We may use IP addresses to analyze trends, administer the site, and track user’s movement, to determine what Services are the most popular, advertise, and gather broad demographic information for aggregate use. Although we do receive IP addresses, we do not use them to identify you personally or disclose them to others.
5.3 The PHIX website may use “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize PHIX pages, or register with the PHIX website or services, a cookie helps PHIX to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same PHIX website, the information you previously provided can be retrieved, so you can easily use the PHIX features that you customized. You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the PHIX services or websites you visit.
6. SECURITY AND RETENTION OF PERSONAL INFORMATION
6.1 PHIX secures your Personal Information from unauthorized access, use and disclosure by third parties. We use a variety of physical, electronic, and managerial procedures in order to protect the Personal Information that we collect. This includes maintaining computer equipment, networks, programs, and documentation to a high standard and restricting access to equipment and information to appropriate staff. The PHIX database holding personal health information was developed according to the principles of Privacy by Design and has advanced features for privacy, security, and governance. Sophisticated controls for data de-identification and audit logging for compliance reporting are employed.
6.2 PHIX’s database security is aligned with the Philippine’s Republic Act 10173 – Data Privacy Act of 2012. All of our Third Party Service Providers and Research Partners are required under their contracts with us to use commercially reasonable efforts to maintain your confidentiality and may not use your information for any unauthorized purpose. We review our procedures and security measures regularly to ensure that they are properly administered and remain effective and appropriate for the sensitivity of the information.
6.3 There are always risks associated with providing Personal Information and sensitive data, whether in person, by phone, mobile, or tablet device, via the Internet or via other technologies. You acknowledge that the transmission of information and data over the Internet is inherently insecure, and there are no security systems that are completely safe or fool-proof against hacking or tampering. PHIX endeavours to take commercially reasonable precautions to prevent and minimize such risks in connection with your Personal Information, but PHIX offers no (and hereby expressly disclaims any) guarantee, representation, warranty, or covenant of any kind with respect to securing your Personal Information from unauthorized access, use and disclosure by third parties.
6.4 You are solely responsible for controlling access to your accounts associated with the PHIX Site and/or the Services, and maintaining the confidentiality and security of your accounts and related password information.
7. THIRD PARTY PRIVACY POLICIES AND LINKS
7.1 The PHIX Site may include hyperlinks to, and details of, third party web sites or Internet resources. PHIX does not endorse, approve of, verify, attest to, or offer any representation or warranty with respect to, the accuracy of the content of such web sites that are linked. If you decide to leave the PHIX Site and access these third-party sites, you do so at your own risk.
7.2 When you click on one of these links, you are contacting another web site or Internet resource that may collect information about you including Personal Information, voluntarily or through cookies. The privacy policies of such third parties may not mirror those of PHIX. PHIX has no control over other web sites or Internet resources or their policies regarding the collection, use and disclosure of your Personal Information, and PHIX accepts no responsibility or liability for the privacy practices of third parties, including any unauthorized collection, use or disclosure of your Personal Information through third party web sites or Internet resources. Use of these web sites is at your own risk.