Associhealth

Privacy Policy

Last updated: March 11, 2026

1. Introduction

Associhealth ("we," "us," or "our") operates a dental electronic health records (EHR) platform for practices in the Philippines. We are committed to protecting your privacy and to complying with the Data Privacy Act of 2012 (Republic Act No. 10173) and the implementing rules and guidelines of the National Privacy Commission (NPC). This Privacy Policy explains how we collect, use, store, and protect personal and sensitive personal information, including health information, in line with Philippine law.

2. Legal Framework

Our processing of personal data is governed by Republic Act No. 10173 (Data Privacy Act of 2012). Under the DPA, "personal information" refers to any information from which the identity of an individual is apparent or can be reasonably ascertained. "Sensitive personal information" includes, among others, information about an individual's health, including medical and dental records. We treat patient and practice data in accordance with these definitions and with the heightened protections required for sensitive personal information.

3. Information We Collect

We may collect:

  • Account and practice information: Name, email, contact details, practice name and address, and similar data that you or your practice provide when using our services.
  • Health and dental data: When you use our EHR platform, we process patient and clinical data (e.g., patient demographics, dental records, treatment notes, appointments) that you input or that are generated through the service. Under the DPA, such data are classified as sensitive personal information.
  • Technical and usage data: Logs, device information, and usage data necessary for security, support, and improving our services.

We collect only what is necessary for the stated purposes and in proportion to the legitimate aims of our service (principle of proportionality under the DPA).

4. Purpose and Lawful Basis for Processing

We process personal and sensitive personal information only for legitimate purposes, including:

  • Providing and operating the dental EHR and related services.
  • Fulfilling our contract with your practice and complying with legal obligations.
  • Protecting vital interests where necessary (e.g., in emergencies).
  • Where required by the DPA, we process sensitive personal information (including health data) on the basis of your consent, or where processing is necessary for the provision of health services, as permitted under Philippine law.

We are transparent about these purposes and will not use your data for purposes incompatible with what we have disclosed (principle of transparency and legitimate purpose).

5. How We Protect Your Data

In line with the DPA and NPC guidelines, we implement organizational, physical, and technological measures to safeguard personal and sensitive personal information, including:

  • Access controls and role-based permissions so only authorized users can access health data.
  • Encryption and secure transmission of data where appropriate.
  • Policies and procedures for handling, retention, and disposal of data.
  • Training for personnel who handle personal and health data.

We require our processors and partners to uphold similar standards when they process data on our behalf.

6. Data Retention and Disposal

We retain personal and health data only for as long as necessary to fulfill the purposes for which they were collected, to comply with legal obligations (including record-keeping requirements applicable to dental practices in the Philippines), and to resolve disputes. When data are no longer needed, we dispose of them in a secure manner in accordance with our retention and disposal policies.

7. Disclosure and Sharing

We do not sell your personal or health data. We may share data only: (a) with your consent; (b) with service providers who act on our instructions and under appropriate agreements; (c) when required by law or court order; or (d) when necessary to protect vital interests. Any disclosure of sensitive personal information will be done in compliance with the DPA and only for lawful grounds.

8. Data Breach Notification

In the event of a personal data breach that is likely to pose a real risk to the rights and freedoms of data subjects, we will notify the National Privacy Commission and affected individuals in accordance with the DPA and NPC rules, including within the timeframes required by law (e.g., notification to the NPC and to affected data subjects where required).

9. Your Rights Under the Data Privacy Act

You have the right to:

  • Be informed about the collection and use of your personal data.
  • Object to processing or withdraw consent where applicable.
  • Access and request a copy of your personal data we hold.
  • Rectify or correct inaccurate or incomplete data.
  • Erase or block your data in certain circumstances.
  • Data portability, where applicable.
  • File a complaint with the National Privacy Commission.

To exercise these rights, contact us at the details below. We will respond in line with the DPA and NPC guidelines.

10. Contact Us

For privacy-related requests, questions, or complaints, you may contact us at support@associhealth.com. You may also lodge a complaint with the National Privacy Commission (www.privacy.gov.ph).

← Back to home