Privacy Policy

The Philippine HIV Care Philippines (the “Platform”) is operated by Ramon Logan Jr. as a sole, independent, non-commercial public-information project. For purposes of Republic Act No. 10173, the “Data Privacy Act of 2012” (“DPA”), Ramon Logan Jr. is the Personal Information Controller (“PIC”).

We are committed to the principles of transparency, legitimate purpose, and proportionality set out in Section 11 of the DPA. We collect and process the minimum personal data strictly necessary to operate the Platform safely.

The Platform is a read-only directory. It does not require an account and does not knowingly collect sensitive personal information from users. The categories of data that may be processed are limited to:

• Technical access logs — IP address (truncated where feasible), user-agent string, requested URL, timestamp, and HTTP referer, retained by our hosting provider for security, abuse prevention, and aggregate analytics for a period not exceeding ninety (90) days;
• Theme preference — stored locally in your browser (localStorage) and never transmitted to us;
• Voluntary correspondence — if you choose to email the Operator, we will process the contact information and message contents you provide.

We do not collect names, addresses, government IDs, health status, HIV status, sexual orientation, gender identity, biometric data, or any other category of sensitive personal information as defined in Section 3(l) of the DPA.

The Platform mirrors publicly available facility information (institutional name, address, designated services, and official contact persons in their professional capacity) from DOH Department Circular No. 2026-0065 and other public records. This data concerns institutions and individuals in their professional/official capacity and is processed under the lawful basis of Section 12(f) of the DPA (legitimate interests in public health information access) and Section 4(c) (information relating to a person’s position or function in a public office). Affected officers may request correction or de-listing using the contact channel below.

The Platform does not use third-party advertising cookies, behavioral tracking pixels, or cross-site fingerprinting. Only essential first-party browser storage (theme preference) is used.

To know whether the directory is actually helping people, we count a small set of anonymous actions on the server — never a profile of you.

What we count (anonymously):

• Searches submitted, and whether they returned results;
• Facility detail views and which region they're in;
• Get-directions and call-facility taps;
• Near Me activations, grants, and denials (the result, not your coordinates);
• Share taps and which channel (e.g. Messenger, Copy link);
• Home-screen install acceptances;
• Which FAQ questions are opened.

What we never count:

• Your IP address, device fingerprint, or user-agent;
• Any account, name, email, or identifier;
• Your search terms, location, or browsing path;
• Anything that could re-identify you, alone or combined.

Counts under 5 for a single dimension are suppressed before they're published so no individual can be inferred. If your browser sends Do Not Track or Global Privacy Control, we don't count anything at all. See the public Impact page for the rounded numbers we publish.

Personal data we lawfully hold is used solely to:

• Operate, secure, and improve the Platform;
• Detect, prevent, and respond to abuse, fraud, or security incidents;
• Generate de-identified, aggregate usage statistics;
• Respond to your correspondence; and
• Comply with legal obligations and lawful orders.

We do not sell, rent, or trade personal data. Limited processing is performed on our behalf by our hosting and content-delivery providers, which act as Personal Information Processors bound by their own DPA-aligned obligations. Disclosure to law enforcement or regulators will occur only upon a valid subpoena, court order, or written demand under Philippine law.

Hosting infrastructure may store or process data outside the Philippines. Where this occurs, we rely on contractual safeguards consistent with NPC Circular No. 2023-06 to ensure a comparable level of protection.

Access logs are retained for no more than ninety (90) days. Voluntary correspondence is retained only for the time reasonably necessary to address the inquiry or to comply with legal obligations.

We implement organizational, physical, and technical safeguards proportionate to the risk, including transport-layer encryption (HTTPS), least-privilege access, and secure-by-default hosting. No system is perfectly secure; you use the Platform at your own risk.

Under Sections 16–19 of the DPA, you have the right to be informed, to object, to access, to rectification, to erasure or blocking, to damages, and to data portability, subject to lawful limitations. To exercise any of these rights, write to the Operator using the channel in Section 13 below. We will respond within a reasonable period not exceeding thirty (30) calendar days.

The Platform is intended for a general audience. We do not knowingly target or collect personal data from children under fifteen (15) years of age. If you believe a child has provided personal data, please contact us so we may delete it.

For privacy questions, takedown requests, or to exercise your data-subject rights, contact the Operator through ramonloganjr.com. If you believe your rights under the DPA have been violated and the matter cannot be resolved with us, you may file a complaint with the National Privacy Commission at privacy.gov.ph.

We may revise this Privacy Policy from time to time. Material changes will be indicated by updating the “Last updated” date above. Continued use of the Platform after revisions constitutes acceptance of the updated Policy.