Privacy Notice



Pi Health, Inc., a subsidiary of First Philippine Holdings, (the “Company”) values the confidentiality of personal data. This document details how the Company uses and protects personal data for the purpose of obtaining the consent of data subjects, in accordance with the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), other issuances of the National Privacy Commission (NPC) and other relevant laws of the Philippines.

As a job applicant of the Company, you are considered a data subject. Please read this document carefully to ensure informed consent.


A. What is Personal Data?  

Personal data refers to all types of:

  1. Personal information – “any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;”
  2. Sensitive personal information – “personal information about an individual’s race, ethnic origin, marital status, age, color, religious/philosophical/political affiliations, health, education genetic or sexual life, legal proceedings, government issued identifiers and other information specifically established by an executive order or an act of congress to be kept classified;” and
  3. Privileged information – “any and all forms of information which, under the Rules of Court and other pertinent laws, constitute privileged communication, such as, but not limited to, information which a person authorized to practice medicine, surgery or obstetrics may have acquired in attending to a patient in a professional capacity.”


B. Why does the Company collect personal data?  

The Company collects, uses, processes, stores, and retains personal data when reasonable and necessary to perform its recruitment and selection processes effectively, safely, and efficiently and in accordance with corporate policies.

In particular, the Company uses personal data:


C. What type of personal data does the Company collect and generate?  

When you elect to apply for a job opening with the Company, you are required to provide certain personal and sensitive personal information to complete your application for employment.

The types of personal data that you provide in connection with your application for employment varies depending on the position for which you apply. You are also required to provide us a copy of your resume/curriculum vitae.

The Company collects personal data such as the following:


D. How does the Company collect, acquire, or generate personal data?

The Company collects personal data when the subject:

The Company also acquires personal data through third parties, such as:

Data subjects are primarily responsible for ensuring that all personal data submitted are accurate, complete, and up to date. From time to time, the Company requests updated data; it is important that subjects cooperate and provide the same.


E. With whom may the Company share personal data?  

As a rule, the Company does not and will not share personal data with third parties except as necessary for the proper execution of processes related to a declared purpose, or the use or disclosure is reasonably necessary, required, or authorized by or under law.

This means the Company may provide personal data to the following:

However, such third parties may only use personal data for the purpose(s) disclosed in this document and may not use it for any other purpose.


F. How does the Company protect personal data?  

The Company strictly enforces its Privacy Policy. It has implemented technological, organizational, and physical security measures to protect personal data from loss, misuse, unauthorized modification, unauthorized or accidental access or disclosure, alteration, or destruction. The Company uses safeguards such as the following:


G. Where and how long does the Company keep personal data?  

The Company stores personal data in both local and offshore facilities, such as data centers (on premise and cloud) and physical document storage facilities. Personal data and health data are retained for five (5) years from the date of application, unless the data subject requests personal data to be deleted from the Company’s systems, databases, and hard copies within a reasonable requested date.


H. What are the rights of data subjects under the Data Privacy Act?

Data subjects have the following rights:

The Company’s decisions to provide access, consider requests for correction or erasure, and address objection to process personal data as it appears in the Company’s official records, are always subject to applicable and relevant laws and/or the DPA, its IRR and other issuances of the NPC.


I. Who should you contact in case of inquiry, feedback, or complaints?  

Should you have any inquiries, feedback, and/or complaints, you may reach the Data Protection Officer (DPO) through the following contact details:

6F Rockwell Business Center Tower 3

Ortigas Ave., Pasig City 1604 Philippines

Tel: (632) 449-6400

You may also lodge a complaint before the National Privacy Commission (NPC). For further details, please refer to NPC’s website: