1. Maxicare Healthcare Corporation (“Maxicare”)

Website: https://www.maxicare.com.ph/

2. Maxicare Health Services, Inc. (“Maxihealth”)

Website: https://www.maxihealth.com.ph/

Products & Services: https://www.maxihealth.com.ph/products/

3. Maxicare Life Insurance Corporation (“Maxicare Insurance”)

Website: https://www.maxilife.com.ph/

Products & Services: https://www.maxilife.com.ph/products

I. PURPOSE

This Consent governs how the Maxicare Group collects, uses, processes, stores, shares, retains, and disposes of your personal data and sensitive personal information in accordance with:

1. Republic Act No. 10173 or the Data Privacy Act of 2012;
2. Its Implementing Rules and Regulations and
3. NPC Circular No. 2023-04 on the Guidelines on Consent.

II. DEFINITION OF TERMS

For purposes of this Member Consent, the following terms shall have the meanings set forth below:

1. “Agreement” - Refers to any Service Agreement, Policy Contract, Membership Agreement, Application Form, Letter of Authorization (LOA), Conforme Letter, Terms and Conditions, endorsement, addendum, schedule, rider, digital acceptance, or any other document governing the relationship between the Member and any entity within the Maxicare Group.
2. “Authorized Representatives” - Refers to directors, officers, employees, agents, affiliates, subsidiaries, parent companies, service providers, contractors, auditors, consultants, brokers, and other persons or entities duly authorized to process personal data on behalf of the Maxicare Group.
3. “Consent” - Refers to any freely given, specific, informed, and unambiguous indication of will by which the data subject agrees to the processing of personal data relating to him or her, evidenced by written, electronic, or recorded means, pursuant to Republic Act No. 10173 and NPC Circular No. 2023-04.
4. “Core Services” - Refers to healthcare, clinic, insurance, wellness, teleconsultation, vaccination, claims processing, policy administration, and other services necessary for the performance of the Agreement.
5. “Data Privacy Act” or “DPA” Refers to Republic Act No. 10173 or Data Privacy Act of 2012, its Implementing Rules and Regulations, and issuances of the National Privacy Commission.
6. “Data Subject” - Refers to an individual whose personal data is processed under this Member Consent, including the Principal Member and any Dependents.
7. “Dependent” - Refers to a person enrolled under a Principal Member’s coverage, including but not limited to spouse, children (including legally adopted children), parents, or other eligible beneficiaries as defined under the applicable Agreement.
8. “Legitimate Interest” - Refers to lawful processing necessary for purposes pursued by the Maxicare Group or a third party, provided such interest is not overridden by fundamental rights and freedoms of the data subject.
9. “Legitimate Interest” - Refers to lawful processing necessary for purposes pursued by the Maxicare Group or a third party, provided such interest is not overridden by fundamental rights and freedoms of the data subject.
10. “Maxicare Group” - Collectively refers to:
    • Maxicare Healthcare Corporation (“Maxicare”)
    • Maxicare Health Services, Inc. (“Maxihealth”)
    • Maxicare Life Insurance Corporation (“Maxicare Insurance”)
    Each entity may act as a Personal Information Controller (PIC) independently or jointly depending on the specific processing activity, or as a Personal Information Processor (PIP) for certain transactions and services.
11. “Member” - Refers to a Principal Member or Dependent who is eligible and accepted for membership, insurance coverage, or healthcare services under an Agreement.
12. “Personal Data” - Refers collectively to Personal Information, Sensitive Personal Information, and Privileged Information as defined under the Data Privacy Act.
13. “Personal Information” - Refers to any information, whether recorded in material form or not, from which the identity of an individual is apparent or can reasonably and directly be ascertained.
14. “Sensitive Personal Information” - Refers to personal information:
    • About an individual’s health, medical history, diagnosis, treatment, or condition;
    • Concerning race, ethnicity, marital status, age, religion, or affiliations;
    • Issued by government agencies (e.g., SSS, GSIS, PhilHealth, TIN);
    • Classified as sensitive under the Data Privacy Act.
15. “Processing” - Refers to any operation or set of operations performed upon personal data including, but not limited to:

    Collection, recording, organization, storage, updating, modification, retrieval, consultation, use, consolidation, blocking, sharing, disclosure, erasure, or destruction.

    Processing may be manual or automated.

16. “Representatives” - Refers to healthcare providers, hospitals, clinics, laboratories, insurers, underwriters, third-party administrators, IT providers, hosting providers, analytics partners, sub-processors/ third-party service provider, government agencies, and other entities that may receive personal data for legitimate purposes.
17. “Retention Period” - Refers to the duration for which personal data is stored in accordance with:
    • Legal and regulatory requirements
    • Contractual obligations
    • Legitimate business purposes
    • Defense of legal claims
    • Thereafter securely disposed or anonymized
18. “Super App” - Refers to the integrated digital platform of the Maxicare Group intended to consolidate healthcare, clinic, and insurance services and manage digital consent. (future service)
19. “Company/ Customer” - Refers to an employer, corporate client, group policyholder, or contracting entity that has entered into an Agreement with any member of the Maxicare Group for the benefit of the Member.
20. “Third-Party Service Provider” - Refers to any external entity contracted by the Maxicare Group to provide services involving the processing of personal data, subject to data sharing agreements and confidentiality obligations.

III. PERSONAL INFORMATION COLLECTED

Personal data processed may include, but are not limited to:

1. Personal Information
   1. Name, address, contact details
   2. Date of birth, gender, civil status
   3. Employment information
   4. Membership and policy details
2. Sensitive Personal Information
   1. Health and medical records
   2. Diagnostic results
   3. Consultation and treatment records
   4. Claims data
   5. Medical utilization
3. Other Information
   1. Photos and CCTV footage, where applicable and within premises
   2. Voice recordings (during inbound or outbound calls or teleconsultation)
   3. Video recording (during teleconsultation)
   4. AI Video Recording
   5. Portal/app logs and digital identifiers

IV. PURPOSES OF PROCESSING

1. Core Healthcare and Insurance Services

   Your personal data may be processed for purposes that are necessary for:

   1. Enrollment, membership validation, and activation
   2. Policy coverage
   3. Issuance of LOAs and policy documents
   4. Claims adjudication and benefit management
   5. Healthcare coordination
   6. Healthcare clinic, teleconsult, and insurance services
   7. Billing, co-pay, and Administrative Services Only (ASO) arrangements
   8. Compliance with:
      1. Universal Health Care Act or RA No. 11223
      2. Mandatory Reporting of Notifiable Diseases Act or RA No. 11332
      3. Other applicable laws and reporting requirements

   Processing for these purposes may be based on:

   1. Performance of Contract – to provide healthcare, clinic, insurance, and related services under the Agreement;
   2. Compliance with Legal Obligation – including reporting and regulatory requirements under applicable laws;
   3. Protection of Life and Health – where processing is necessary for medical treatment or emergency;
   4. Legitimate Interest – where lawful and not overridden by fundamental rights and freedoms;
   5. Consent – where required under the Data Privacy Act.
2. Intra-Group Data Sharing

   Your data may be shared internally within the Maxicare Group as necessary for:

   1. Member benefit coordination
   2. Continuity of care
   3. Underwriting (where applicable)
   4. Risk management
   5. Service quality improvement
   6. Internal analytics (where practicable, de-identified)
3. Third-Parties & Government Disclosures

   Your personal data will only be shared with:

   1. Accredited healthcare providers
   2. Government agencies (such as but not limited to DOH, PhilHealth, NPC, Insurance Commission)
   3. Third-party service providers (IT, hosting, cloud, analytics)

   All recipients will be contractually bound to safeguard your data.

4. Additional Consent

   The Maxicare Group shall also process your personal information for the following purposes:

   1. Marketing communications
   2. Surveys or research participation
   3. Promotional and partner offers
5. Withdrawal of Consent

   You may withdraw consent in accordance with Article VII of this policy. However, the Maxicare Group shall not comply with your instruction unless you confirm that you are fully aware of the consequences of such withdrawal for any purpose, including any impairment of services to you, and that you waive any and all claims of liability for the impairment of services due to your withdrawal of consent.

   1. Marketing communications
   2. Surveys or research participation
   3. Promotional and partner offers

V. RETENTION AND DISPOSAL

Personal data shall be retained:

1. While you remain active under a membership or policy
2. For claims and reimbursements records
3. For billing and financial records
4. For legal compliance and regulatory obligations
5. As necessary to establish, exercise, or defend legal claims
6. For legitimate business purposes

After retention periods expire, data will be securely disposed or anonymized.

VI. DATA SUBJECT RIGHTS

Under the Data Privacy Act of 2012, you have the right to:

1. Be informed
2. Access your data
3. Rectify inaccuracies
4. Object to processing
5. Withdraw consent
6. Request erasure, blocking or suspension
7. File a complaint with the National Privacy Commission
8. Seek damages for unlawful processing

Data Protection Officer (DPO) Contact Information:

VII. WITHDRAWAL OF CONSENT

You may withdraw consent at any time via:

1. Super App (future service)
2. Official Opt-Out Link
3. Email to the appropriate DPO

VIII. AUTHORITY FOR DEPENDENTS

If signing on behalf of minor dependent(s), you warrant that:

1. You are duly authorized to consent on their behalf;
2. You have informed dependents about data processing.

IX. FAIR AND TRANSPARENT PROCESSING

All personal information processing shall be:

1. Fair and lawful
2. Transparent and specific
3. Limited to stated purposes
4. Proportionate and necessary

X. CONSENT & SIGNATURE

You authorize the Maxicare Group and its Authorized Representatives to:

1. Collect, record, organize, store, update, retrieve, consult, use, consolidate, share, disclose, block, erase, or destroy your personal data;
2. Process personal information, sensitive personal information, privileged information, and medical records;
3. Process personal information, sensitive personal information, privileged information, and medical records;
4. Share personal data within the Maxicare Group and with accredited healthcare providers, regulators, and authorized third-party service providers for legitimate and lawful purposes described above.