Privacy Policy

 

Effective Date: [Insert Today’s Date]
Last Updated: [YYYY-MM-DD]

Introduction

This Privacy Policy outlines how Dima Health Technology Inc. ("Dima," "we," "our," or "us") collects, uses, discloses, and safeguards your personal data when you use our website at https://dima.ph ("Website") or related services. We operate under the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations (IRR).

By using our services, you signify your consent to the practices described herein. If you do not agree, please refrain from using our services.

1. Definitions

  • Customer/User: An individual who contacts or contracts us for goods or services.

  • Personal Data: Any information that identifies or could reasonably identify a person, whether alone or combined with other accessible data.

2. Types of Personal Data We Collect

We may collect:

  1. Identity & Contact Data: Full name, government-issued ID numbers, passport, address, email, mobile number, nationality, gender, and date of birth.

  2. Health & Medical Data: Medical history, questionnaire responses, lab results, diagnostic images, claims, and photos.

  3. Payment & Billing Data: Credit card data, GCash, GrabPay, Paypal, or other billing details.

  4. Technical & Usage Data: IP address, device/browser type, cookies, connection speed, site activity, and geolocation.

  5. Other Data: Any other data you provide via forms, uploads, or communications.

3. Purpose & Legal Basis for Processing

We process your data for:

  • Delivering medical and pharmacy services.

  • Verifying your identity.

  • Handling inquiries, feedback, complaints, and customer support.

  • Processing payments, refunds, and medication orders.

  • Enhancing service quality and monitoring platform performance.

  • Generating anonymized research or analytics.

  • Marketing updates and service announcements (only with consent).

  • Complying with legal obligations and fraud prevention (based on legitimate interest).

We rely on your consent, contractual necessity, or legitimate interest as the legal basis, in line with Philippine law.

4. Disclosure of Personal Data (Data Recipients)

Your data may be disclosed to:

  • Partner doctors and pharmacists (under confidentiality agreements).

  • Logistics, IT, payment processors, and other third-party service providers with strict data handling obligations.

  • Government authorities or legal bodies when legally required (e.g., DOH, FDA).

  • Affiliates or subsidiaries, as necessary for operational and legal purposes.

  • In case of mergers or business restructuring — always safeguarded under confidentiality.

5. Retention Period & Disposal

We retain data only as necessary to fulfill service obligations or as required by law. Personal data no longer needed will be securely anonymized or deleted in compliance with our internal retention schedules.

6. International Data Transfers

While we generally do not transfer personal data outside the Philippines, any such case will ensure equivalent protection under Philippine privacy standards.

7. Your Data Subject Rights

Under RA 10173, you have the right to:

  • Access: Request a copy of your personal data.

  • Correction: Rectify inaccuracies or complete missing data.

  • Deletion/Erasure: Remove data when no legal basis exists for retention.

  • Objection: Challenge processing based on legitimate interest grounds.

  • Withdraw Consent: Revoke consent for previously authorized processing (may affect service availability).

  • File a Complaint: Lodge complaints with our Data Protection Officer (DPO) or the National Privacy Commission (NPC).

Requests will be addressed within 14 business days; any fees will be communicated in advance.

8. Withdrawal of Consent

You may withdraw consent at any time by contacting us. Withdrawal will affect related services, and we may still retain data needed for legal or operational compliance.

9. Protection of Personal Data

We implement robust technical, physical, and organizational safeguards (e.g., encryption, access controls, antivirus protection) to protect your data. Regular reviews and updates ensure continued data security.

10. DATA PROTECTION CONTACT

For inquiries or requests related to personal data protection, you may contact us via:

11. Policy Updates

We may amend this policy to reflect changes in legal standards or business needs. Updated versions will be published at https://dima.ph/pages/privacy-policy, and continued use signifies your acceptance.


Effective date: January 1, 2018
Updated date: September 3, 2025