Privacy Policy

Last Updated: February 28, 2026

This Privacy Policy explains how GALEN – Clinical Archiving & Record Enhancement System ("GALEN", "System") collects, uses, stores, and protects personal and medical information in accordance with the Republic Act No. 10173, also known as the Data Privacy Act of 2012, and its Implementing Rules and Regulations.

1. Personal Data Controller

GALEN is operated under the authority of the Ilocos Sur Polytechnic State College (ISPSC) Health Services Department, which acts as the Personal Data Controller responsible for processing personal data.

2. Information We Collect

Personal Information

  • Full name
  • Contact information
  • Date of birth
  • Educational background
  • Institutional affiliation

Sensitive Personal Information

  • Medical history and consultations
  • Diagnoses and treatment records
  • Medical prescriptions
  • Clinical observations and notes
  • Health-related assessments

System Information

  • User account credentials
  • Login activity and audit logs
  • System usage records

3. Purpose of Data Processing

Your information is processed for legitimate purposes including:

  • Provision of healthcare services
  • Maintenance of medical records
  • Prescription management
  • Medicine inventory monitoring
  • Clinic administration and reporting
  • Compliance with institutional and legal obligations

4. Legal Basis for Processing

Processing of personal and sensitive personal information is performed under:

  • Data subject consent
  • Provision of medical treatment
  • Compliance with legal obligations
  • Protection of life and health
  • Legitimate institutional interests

5. Data Sharing and Disclosure

Personal data shall not be disclosed to third parties except when:

  • Authorized by the data subject
  • Required by law or government authorities
  • Necessary for medical emergencies
  • Required for institutional healthcare operations

6. Data Protection Measures

GALEN implements appropriate safeguards including:

  • Secure authentication and access control
  • Encrypted data transmission
  • Role-based system access
  • Audit logging and monitoring
  • Secure database storage

7. Data Retention

Personal and medical records shall be retained only for as long as necessary for healthcare delivery, institutional requirements, or legal compliance. Records are securely disposed of once retention periods expire.

8. Rights of Data Subjects

Under the Data Privacy Act, individuals have the right to:

  • Be informed about data processing
  • Access their personal data
  • Correct inaccurate information
  • Object to processing when applicable
  • Request data deletion or blocking
  • File complaints with the National Privacy Commission

9. Data Security Incident Management

In the event of a data breach involving sensitive personal information, GALEN shall follow breach notification procedures in accordance with National Privacy Commission regulations.

10. Cookies and System Monitoring

GALEN may use session technologies and monitoring tools solely for authentication, security, and system performance purposes.

11. Policy Updates

This Privacy Policy may be updated periodically to reflect legal, technical, or operational changes.

12. Contact Information

For privacy concerns or requests regarding personal data:

ISPSC Health Services Department
Ilocos Sur Polytechnic State College
Website: https://ispscgalen.cloud