Activate 
Login 
Search
Register
Sign in
Privacy Notice
We, at Maxicare Healthcare Corporation (“Maxicare”), value your privacy as much as we value your health. We are committed to comply with Republic Act No. 10173 or the Philippine Data Privacy Act of 2012 (“Data Privacy Act”), its Implementing Rules and Regulations, and related issuances from the National Privacy Commission, to protect and safeguard your privacy.
We periodically update this notice when necessary to ensure that our practices remain compliant with the applicable laws and are up to date with industry standards.
This notice will inform you how we process and protect your personal information. By visiting this page or reading this notice, you certify that you have read, understood, and agree to the terms below
Service Overview
Maxicare is a Health Maintenance Organization (“HMO”), which provides different healthcare services to our members through our vast network of providers: hospitals, clinics, physicians, diagnostic centers, and other healthcare providers (collectively, “Providers”). To effectively provide these services, our healthcare providers may collect, process, and share your information with us so that the healthcare services will always be available when you need them most.
Primary Purposes of Processing Personal Data
We collect and process your personal information primarily to carry out transactions and perform essential functions necessary for the implementation and administration of your healthcare benefits with Maxicare. This includes the use of your data to ensure the efficient delivery of services, compliance with legal requirements, and enhancement of the overall customer experience.
Specifically, we use your personal data to:
1. Process, review, and approve applications for enrollment, employment, affiliation, and/or coverage under any of our healthcare products and services;
2. Facilitate transactions such as availment of HMO services, claims for reimbursements, and online payments;
3. Review and evaluate applications for accreditation of agents and/or brokers;
4. Comply with applicable Philippine laws and regulatory issuances.
We may also share your personal information with authorized parties to ensure that you receive high-quality healthcare services and a seamless customer experience, as permitted or required by law.
Secondary Purposes of Processing Personal Data
In addition to the primary purposes stated above, your personal data may also be used for the following secondary purposes:
1. Conduct internal studies and research to review, develop, and enhance our healthcare products and services;
2. Perform customer profiling, behavioral modeling, and analytics to better understand preferences, market trends, and needs, allowing us to recommend more suitable and personalized healthcare solutions.
Personal Information Collected and Processed
The information we collect and process shall include the following:
a. Personal contact information: name, address, email address, and phone number/s;
b. Demographic information: gender, date of birth, age, and civil status;
c. Government-Issued Identification;
d. Financial information;
e. Medical history and profile;
f. Emergency Contacts: name, address, telephone number;
The manner of storage of the data collected
Your personal data is securely stored in a protected cloud environment with appropriate safeguards in place to ensure its confidentiality, integrity, and availability.
Methods of Collection
We collect your personal data from any documents or communications that you may have directly submitted to us or from third parties, including:
a. When filling out the application forms, agreements, and other similar or related documents;
b. When logging in and using our website, mobile applications, and other web-based platforms;
c. When availing of our product and services through our affiliate network;
d. When getting in touch with our customer service representatives to inquire, file a complaint, or request for service/s;
e. From your employer as part of your medical and healthcare benefits provided to you by your employer;
f. From the principal member in case you are a dependent; and
g. In the course of using our website and electronic platforms: Third Party web analytics tools, including those of third parties, that use cookies to collect anonymous information and data generated in connection with your activities when you visit the pages and our network of websites.
We may also obtain your personal information from third parties and other sources which have obtained your consent for such disclosure or where it is lawfully permitted on our part to acquire such information. Where you have provided us with the personal data of individuals other than yourself, you warrant that you have obtained their consent for the disclosure, in accordance with the Data Privacy Act.
Transfers/Disclosures
In the course of providing services in accordance with the agreement that you or your employer have entered into with us, we normally engage the services of, and/or interact with, third parties, such as, but not limited to our parent company, affiliated companies, subsidiaries, financial advisors, affiliated third parties or independent/non-affiliated third parties and service providers, whether local or foreign.
We may transfer or disclose your personal data to the following parties:
a. Hospitals and Clinics – for purposes of healthcare service delivery;
b. Your Employer (Our Client) – to help monitor your health in relation to your employment;
c. Vendors and Service Providers – contracted parties engaged to perform services on our behalf.
All third parties are strictly bound by the appropriate data privacy covenants in our contracts with them.
We only transfer data that is directly relevant to the service to be provided, to the minimum extent necessary.
Such disclosures are made mainly to ensure the efficient and satisfactory delivery of our services to you. We also disclose limited data for legitimate business purposes, as we may reasonably determine to be in your best interest. These purposes include, but are not limited to, the outsourced processing of transactions, profiling, historical and statistical analysis, and other relevant activities that we use to improve the quality of our services.
The risks involved at any stage of the processing
The two most common risks identified though this process are unauthorized access and/or data disclosure, often arising from process deviation or evolving new attack vectors.
We ensure our ongoing commitment to the principles of transparency, legitimate purpose and proportionality in data privacy. Our teams are constantly at work to identify emerging threats, train and educate our employees and partners to strictly observe data privacy tenets, and evaluate integration of Privacy-Enhancing Technologies for improved risk mitigation strategies.
Personal Information Controller
Maxicare is the primary Personal Information Controller of your information, as we determine the purposes and policies that govern the data that we process. We may also enter into data sharing agreements with third parties for essential service purposes, who become personal information controllers as well under various circumstances.
Data Protection Measures
We maintain, enforce, and implement organizational, physical, technical, electronic, and procedural security measures that ensure the integrity, confidentiality, and security of your personal information.
We adopt certain policies and safeguards, including the following:
a. Access and use your personal information only to the extent necessary in order to administer the healthcare benefit;
b. Use a secured server maintained with firewall, encryption, anti-virus, and other appropriate security controls;
c. Restrict access to your information to only authorized personnel who will handle it with strict confidentiality;
d. Undergo regular audits internally by our audit team and third-party auditors to ensure that your personal information is secured and security controls are effective; Keep our security systems up to date and conduct training and seminars to our personnel in relation to protecting your personal information;
e. We have confidentiality agreements with contracted parties that receive, process, and store non-public personal, health, and financial (when applicable) information about you;
f. We perform data privacy and security assessment with contracted parties to ensure that non-public personal, sensitive, and privileged information are secured and appropriate controls are enforced by the contracted parties; and
g. To safeguard the integrity, availability, and confidentiality of personal data, we implement a comprehensive set of physical, organizational, data, and technical security measures.
h. We enforce strict and well-defined privacy policies across our operations. These are supported by multiple layers of information and cybersecurity controls designed to protect your data from unauthorized access, disclosure, or misuse.
i. We may implement additional data protection, technical, organizational, and physical security measures, as well as Privacy-Enhancing Technologies (PETs) in the future to further strengthen the security and safeguarding of your personal information.
We keep your information in a secured facility within the Philippines, and remotely in cloud servers located in compliant countries for as long as necessary for the fulfillment of the purposes for which the information was obtained or for the establishment, exercise, or defense of any claims arising from our agreement with you or your employer, or as required or permitted for by the law and regulations.
Data Retention
Your personal data will be retained or stored for as long as the purposes for which they are being processed subsist and/or have not been satisfied. We will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Information provided to us shall be disposed of or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party, or prejudice your interest.
We generally observe the following guidelines:
| Data Category | Retention Period | Rationale |
|---|---|---|
| Billing and Financial Records | 5 years | BIR regulations; tax and audit compliance |
| Employee Records | 3 years after termination (unless required longer by law) | DOLE and the Labor Code of the Philippines |
| Claims and Reimbursement Records | 6 months after claim settlement or termination of member account | For potential disputes, audits |
| Marketing and Consent Forms | Until consent is withdrawn or purpose fulfilled | Respecting data subject’s right to withdraw consent |
| Others | 5 years | Company Policy |
How data is securely disposed
Maxicare takes full responsibility for the secure disposal of both electronic and physical records, in accordance with internal company policies and applicable data protection regulations.
Scope of Data Disposal Activities:
a. Storage Device Disposal
All storage devices including servers, hard drives, removable media, and endpoint devices are subject to proper disposal and destruction due to cleanup, system decommissioning, or end-of-product lifecycle.
b. Media Sanitization
Before disposal, electronic storage media undergo media sanitization using methods such as secure overwriting, degaussing, or physical destruction to ensure complete data erasure.
c. Destruction Method Selection
●Paper/Physical Records: Secure destruction is carried out through shredding, crushing, pulping, or incineration. Incineration may be used for highly sensitive materials requiring enhanced security measures.
● Hard Drives and Digital Media: Destruction methods include physical destruction, degaussing, or secure overwriting.
● Cloud-Based Data: Permanent deletion of data hosted in cloud environments is ensured through deletion protocols verified by the cloud provider, with issuance of a certificate of data destruction when applicable.
The methods utilized for automated access
In compliance with the Philippine Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulations, we may collect personal data and other relevant information electronically through digital or online forms. At the point of collection, we ensure transparency and informed consent by providing a clear and accessible privacy notice either through a direct link to this Privacy Statement or by presenting it in full.
These notices are designed using plain language, presented in a readable format, and structured for ease of understanding to help data subjects clearly comprehend how their personal information will be collected, used, stored, shared, and protected in accordance with applicable data privacy standards.
Data Subject Rights
In accordance with the Data Privacy Act, we uphold your right in relation to your personal information. You have the right to:
a. Right to Be Informed -You have the right to know why your personal data is being collected, how it will be used, stored, and shared. We will always provide clear and easy-to-understand privacy notices whenever we collect your information.
b. Right to Object – You may opt not to allow us to process your data in certain ways such as for marketing purposes unless required by law or necessary to fulfill our healthcare services to you.
c. Right to Access – You may request a copy of any personal data we currently hold about you.
d. Right to Rectification – If you believe your information is inaccurate or outdated, you may request that we correct or update it.
e. Right to Erasure or Blocking – You can ask us to delete or block your personal data if it is no longer needed for the purpose it was collected, or if it was unlawfully processed, subject to legal limitations.
f. Right to Damages – incurred based on a final decision as a result of inaccurate, incomplete, outdated, false, unlawfully obtained, erroneous data, or unlawful processing of personal data.
g. Right to Data Portability – You can request your personal data in a commonly used format and transmit it to another service provider, where technically feasible.
h. Right to File a Complaint – If you believe your rights have been violated, you may lodge a complaint with the National Privacy Commission.
Basis for Processing Personal Data
Maxicare collects and processes personal data in accordance with the Philippine Data Privacy Act of 2012 and other applicable laws and regulations. The lawful bases for processing personal information include the following:
a. Compliance with Legal Obligations – We process personal data when required by law, regulation, or government authority, including obligations under the Data Privacy Act, requirement of the Insurance Commission, Anti-Money Laundering Act, and other applicable legislation.
b. Performance of a Contract – Personal data is processed when necessary for the performance of a contract to which the data subject is a party, such as healthcare service agreements, enrollment, accreditation, or reimbursement processes.
Maxicare Data Privacy Team
If you have data privacy inquiries and concerns, or you wish to report any violation of your data privacy rights or to enforce any of your data privacy rights, you may contact our Data Privacy Officer through the following contact details:
Data Protection Officer
Tel #: +632 7908 6989
Email address: dpo@maxicare.com.ph
Maxicare Contact Information
If you have any inquiries, clarifications, and /or concerns regarding your membership, our products and services, and/or the updating of your personal information, you may contact:
24/7 Customer Care Hotline
+632 8582 1900 (PLDT)
+632 7798 7777 (GLOBE)
Email Address: customercare@maxicare.com.ph
Sales Agent Concerns:
Email Address: partners.management@maxicare.com.ph
Careers at Maxicare:
Email Address: talentacquisitionteam@maxicare.com.ph
Intermediary – Agents and Brokers Accreditation:
Email Address: accreditation@maxicare.com.ph
Agent Commissions:
Email Address: commission@maxicare.com.ph
