Privacy Policy

1. Who We Are (Personal Information Controller)

Cancer and Hope ("we," "us," or "our") is a clinical coordination and facilitation service that connects Filipino cancer patients with specialist oncology care at Jinshazhou Hospital of Guangzhou University of Chinese Medicine (GZUCM) in Guangzhou, China.

Cancer and Hope operates as the Personal Information Controller (PIC) under the Philippine Data Privacy Act of 2012 (R.A. 10173) for all personal data collected through this website and its associated forms.

2. What Personal Data We Collect

We collect personal data through the following channels:

a) Patient Case Audit Form (Intake Form)

• Identity data: first name, last name, age, sex at birth
• Contact data: phone number, Viber number, email address, location (city/province), preferred contact method
• Sensitive personal information — Medical data: type of cancer, cancer stage, date of diagnosis, prior treatments, current medications, medical summary, clinical questions, DICOM imaging files, pathology reports, biopsy results, tumour marker results
• Financial readiness data: confirmation of bank certificate status, cost awareness, passport expiry date, DICOM file readiness
• Assessment tour registration data: preferred tour location, date, time preference

b) Contact Form

• Name, email address, phone number, message content

c) Newsletter / Waitlist Registration

• Name and email address

d) Automatically Collected Data

• We do not currently run analytics tracking, advertising pixels, or third-party cookies on this website.

3. Legal Basis and Purpose of Processing

We process your personal data on the following legal bases under R.A. 10173:

Medical data (cancer type, stage, clinical records) is classified as sensitive personal information under R.A. 10173 and is processed only with your explicit written consent.

4. Who We Share Your Data With

We do not sell, rent, or commercially share your personal data. We share your data only as follows:

a) Jinshazhou Hospital of GZUCM (Guangzhou, China)

Your medical dossier — including clinical records, imaging files, and pathology reports — is transmitted to the Multidisciplinary Team (MDT) at Jinshazhou Hospital of Guangzhou University of Chinese Medicine for specialist case review. This is a cross-border transfer from the Philippines to the People's Republic of China and is subject to your explicit consent under both R.A. 10173 and China's Personal Information Protection Law (PIPL, 2021).

Jinshazhou Hospital processes your data as a data processor under our instructions, solely for the purpose of MDT case review and treatment planning.

b) Google LLC (Google Sheets / Google Apps Script)

Intake form submissions are relayed to a secure Google Sheets spreadsheet via Google Apps Script for internal coordination purposes. This transfer involves Google's infrastructure, which is operated in the United States. Google processes data under its own Privacy Policy and applicable data processing agreements.

c) Hostinger (Email delivery)

Confirmation emails and coordinator notifications are delivered via the hosting provider's mail infrastructure. No personal data is retained by Hostinger beyond transactional email logs.

We do not share your data with any other third parties, advertisers, brokers, or unrelated healthcare providers without your explicit prior consent.

5. Cross-Border Data Transfers

Transfer to China — PIPL Compliance

Your medical dossier is transferred to Jinshazhou Hospital of GZUCM, located in Guangzhou, People's Republic of China. China's Personal Information Protection Law (PIPL, effective 1 November 2021) governs how your information is handled once received in China. Under PIPL Article 38, cross-border personal data transfers require one of the following mechanisms: a CAC Security Assessment, a Standard Contract (标准合同), or a Personal Information Protection Certification. Cancer and Hope relies on your explicit, separate, affirmative consent as the lawful basis for this transfer, collected at the point of dossier submission via the dual-gate consent checkboxes on the intake form.

You are not required to submit your dossier — and this transfer does not occur — unless you affirmatively consent to both the Philippine and China consent checkboxes.

Your Rights with the China-Side Recipient (GZUCM)

In accordance with PIPL Chapter IV, you have the right to access, correct, delete, or restrict processing of your personal information held by Jinshazhou Hospital of GZUCM. To exercise these rights with respect to data held in China, you may:

• Contact Cancer and Hope at info@medidocph.online (subject: "PIPL – Data Rights Request") — we will relay your request to GZUCM on your behalf.
• Contact Jinshazhou Hospital of GZUCM directly through the contact details provided to you during the consultation coordination process.

GZUCM processes your data solely for MDT case review and treatment planning and is contractually prohibited from using it for any other purpose.

Transfer to the United States — Google Infrastructure

Form submission data is also transmitted to Google's servers (Google Apps Script / Sheets) in the United States. This transfer is subject to Google's data processing terms. You consent to this by submitting the intake form.

6. How Long We Keep Your Data

After the applicable retention period, data is permanently deleted or anonymised. You may request earlier deletion by exercising your rights below.

7. Your Rights as a Data Subject

Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data:

• Right to be Informed — to know what data we hold and how we use it
• Right of Access — to request a copy of your personal data we hold
• Right to Rectification — to correct inaccurate or incomplete data
• Right to Erasure / Blocking — to request deletion of your data where legally permissible
• Right to Object — to object to processing on grounds of legitimate interest
• Right to Data Portability — to receive your data in a structured, commonly used format
• Right to Withdraw Consent — at any time, without affecting the lawfulness of prior processing
• Right to Lodge a Complaint — with the National Privacy Commission (NPC) at www.privacy.gov.ph

To exercise any of these rights, contact our Data Protection Officer at info@medidocph.online with the subject line "DPO – Privacy Request". We will respond within 15 business days.

8. How We Protect Your Data

• All data transmitted to and from this website is encrypted in transit (HTTPS/TLS)
• Uploaded medical files are stored outside the publicly accessible web root and are not directly accessible via URL
• File uploads are validated for type and size before storage
• Internal intake logs (CSV) are stored in a restricted server directory
• Only designated Cancer and Hope coordinators and the GZUCM MDT team have access to your data
• Spam and bot submissions are filtered before any data is stored

Despite these measures, no internet transmission is 100% secure. We encourage you not to submit information you consider irrelevant to your case.

Data Breach Notification

In the event of a personal data breach that is likely to result in harm to data subjects, Cancer and Hope will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, as required by the Philippine Data Privacy Act of 2012 and its Implementing Rules and Regulations (NPC Circular 16-03). Affected data subjects will also be notified without undue delay where the breach is likely to give rise to a real risk of serious harm.

9. Cookies and Tracking

This website does not currently use advertising cookies, third-party tracking pixels, or behavioural analytics tools. If we introduce analytics in the future (e.g., anonymised visitor statistics), this policy will be updated and appropriate notice will be provided.

The website may use session-level browser storage (not cookies) to maintain form state between steps. No personally identifiable data is stored in your browser beyond your active session.

10. Children's Data

This website does not knowingly collect personal data from individuals under 18 years of age without the verified consent of a parent or legal guardian. If you are submitting a case for a minor patient, the form must be completed by a parent or legal guardian who accepts these terms on the patient's behalf.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal obligations, or the services we offer. The "Last updated" date at the top of this page will always reflect the most recent revision. We encourage you to review this page periodically. Continued use of this website after a change constitutes acceptance of the revised policy.

12. Contact and Complaints

For any privacy-related queries, requests, or complaints, please contact:

If you believe your data privacy rights have been violated, you may also file a complaint with the National Privacy Commission of the Philippines: