Privacy Policy

1. Scope

This policy applies to personal information we collect through our website (glamer.ph), our booking platform (book.glamer.ph), our online services and SaaS tools, our social media channels, and during in-person visits and consultations at our clinic.

2. Information We Collect

Depending on how you interact with us, we may collect:

• Personal information: Full name, age, gender, civil status, nationality, mobile number, email address, and home or professional address.
• Sensitive personal information: Medical history, skin or hair conditions, allergies, current medications, and past aesthetic procedures (needed for safe assessment and treatment).
• System and account data: Booking history, patient or client records, appointment schedules, and subscription or account details when you use our platforms.
• Financial details: Payment information for bookings and purchases made through our channels.
• Technical data: IP address, browser type, cookies, and related usage data to improve experience, security, and system performance.

3. How We Collect Data

We obtain data through:

• Online forms and our booking site (book.glamer.ph) and other digital services.
• In-clinic interviews, assessments, and paper or digital medical forms.
• Phone, SMS, email, or social media messages.
• Third-party payment gateways and authorized integrations.

4. Purpose of Processing

We use your information to:

• Schedule and manage appointments, bookings, and account subscriptions.
• Perform medical assessments and deliver safe, appropriate aesthetic care.
• Operate and improve our websites, booking systems, and SaaS features (e.g., clinical mapping and patient management tools).
• Send appointment reminders, follow-up care instructions, and important service or system updates.
• Conduct marketing (e.g., SMS or email about treatments or promotions) where permitted and with your consent when required.
• Provide customer support and respond to inquiries.
• Meet legal, regulatory, and record-keeping requirements.

5. Data Sharing and Disclosure

We do not sell your personal data. We only share information when necessary and as allowed by law, including with:

• Internal authorized personnel: Doctors, clinicians, and trained staff involved in your care or account support.
• Service providers: Cloud hosting, IT support, and platform vendors (e.g., AWS, Azure, Google Cloud, Vercel) contractually required to protect your data.
• Payment and operational partners: Payment processors and similar providers needed to complete transactions.
• Government agencies or other parties: When required by law, regulation, or valid legal process.

6. Data Retention

We retain data only as long as needed for the purposes above and as required by law. Medical and related records may be kept for up to ten (10) years from your last relevant visit or interaction, in line with applicable standards, before secure destruction or anonymization where appropriate.

7. Data Security

We use technical, organizational, and physical safeguards appropriate to the data we hold. These include SSL encryption, secure database configuration, access controls, encrypted handling for our booking platform, and restricted access to clinical and system records, to reduce unauthorized access, alteration, or disclosure.

8. Your Rights as a Data Subject

Under the Data Privacy Act of 2012 (RA 10173), you have the right to:

• Be informed about how your data is processed.
• Access and request a copy of the personal data we hold about you.
• Rectify or update inaccurate or incomplete information.
• Request erasure or blocking of your data where applicable, including deletion of your account and associated data when the law allows.
• Object to certain processing, such as direct marketing.
• Seek compensation for damages due to unlawful processing, where provided by law.
• Lodge a complaint with the National Privacy Commission (NPC) if you believe your privacy rights have been violated.

9. Contact Information

For privacy questions, data access requests, or concerns, contact our Data Protection Officer (DPO):