1. ACCEPTANCE OF TERMS

Welcome to the Reyes-Guansing Dental Clinic (RGDC) Dental Management System. These Terms and Conditions ("Terms", "T&C", or "Agreement") constitute a legally binding agreement between you ("User") and Reyes-Guansing Dental Clinic ("RGDC") governing your access to and use of the RGDC Dental Management System website and all associated services (collectively, the "System").

By creating an account, you explicitly agree to be bound by these Terms. During account registration, you must check the acknowledgment box confirming that you have read, understood, and agreed to these Terms before your account can be activated. If you do not agree to these Terms, you cannot create an account or use the System.

For Minor Patients:

If you are registering on behalf of a patient under 18 years of age, you represent that you are the parent or legal guardian of the minor and have authority to agree to these Terms on their behalf. Moreover, you accept full responsibility for the minor's use of the System.

Continued Use:

Your continued access to and use of the System after updates to these Terms take effect constitutes acceptance of such changes. You, as the user, are responsible for reviewing these Terms periodically.

2. DEFINITIONS AND USER TYPES

2.1 System Definitions

System: The RGDC Dental Management System, including the website interface, database, APIs, integrations, and all associated services.
Account: A unique user profile within the System protected by login credentials and associated with a specific user role.
Records: All data stored within the System, including patient information, dental records, treatment histories, appointments, billing information, and system logs.
Archive: A deactivated state or a long-term storage state applied to accounts, appointments, and records that are removed from active use but retained in the database for legal, audit, or recovery purposes, and in accordance with the Data Privacy Act document. Archived items are not visible in normal system operations, but are not permanently deleted.
Branch: Any physical location of Reyes-Guansing Dental Clinic operating under the RGDC network.

2.2 User Types and Access Privileges

The System recognizes four distinct user types, each with defined access levels and responsibilities:

Owner

• Full administrative control over all System functions and data across all branches.
• Create, modify, and archive all user accounts; configure system settings; manage branch operations.
• Validates the email account creation for the dentist/dental staff user account.
• View comprehensive audit trails, approve or disapprove appointment requests, and monitor all clinic activity.

Dentist

• Clinical record management and patient account oversight.
• Access and modify dental records for assigned patients; document treatments; manage personal appointment calendar.
• Can view appointment schedule

Dental Staff

• Administrative support: schedule and coordinate appointments, assist with patient registration, and process billing entries.
• View and manage appointment calendars; relay rescheduling notices on behalf of dentists where authorized.
• Can initiate rescheduling of appointments and communicate directly with affected patients, providing a written reason for any schedule change in coordination with the dentist.

Patient

• View personal dental records, treatment history, and payment statements.
• View the appointment calendar showing all dentists' availability.
• Select an available dentist and preferred time slot when booking a new appointment.
• Update personal contact information.

2.3 Branch-Wide Access

Access to patient records within the RGDC Dental Management System is governed by role-based permissions. Users are granted access based on their assigned roles and responsibilities, regardless of branch affiliation, as the System operates as a centralized platform for all RGDC branches. All access must be strictly for legitimate business and clinical purposes, in compliance with applicable data privacy and confidentiality policies and laws.

3. ACCOUNT REGISTRATION AND SECURITY

3.1 Account Creation

Patient accounts are created through self-registration on the System's sign-up portal. Owner, Dentist, and Staff accounts are created by users through a registration process using a designated email address, with roles assigned based on their account type. To register, users must provide accurate and complete information, including, but not limited to, their full legal name, a valid email address, a contact number, date of birth, and residential address. By submitting the registration form, the user affirms that all information provided is true and correct to the best of their knowledge. Providing false, misleading, or fraudulent information may result in account suspension or termination and may subject the user to legal consequences under applicable laws, including the Cybercrime Prevention Act and the Data Privacy Act.

Users may also create an account through Google Sign-In. By registering via Google, users agree to comply with Google’s Terms of Service and Privacy Policy. Users are responsible for maintaining the confidentiality of their passwords and account credentials. Any unauthorized access or misuse of an account caused by negligence in safeguarding login information is the user’s responsibility.

3.2 Password Requirements

You, as the user, must create a strong password with at least 8 characters, containing at least one uppercase letter, one lowercase letter, one number, and one special character. You are solely responsible for maintaining the confidentiality of your credentials. You must never share your password, must change it immediately if you suspect unauthorized access, and must notify RGDC of any suspected security breach. The clinic is not responsible for forgotten passwords, and it is the user’s responsibility to manage and securely maintain their account credentials.

4. SYSTEM FEATURES AND FUNCTIONALITY

4.1 Appointment Management and Calendar Scheduling

The System provides a real-time appointment calendar visible to all user types. The following rules govern how the calendar functions:

Patient Appointment Booking

• Patients can view the appointment calendar to see all available and unavailable time slots for each dentist.
• Time slots that are already booked, blocked, or outside a dentist's working hours are displayed in gray to indicate unavailability. Patients cannot select these slots.
• Patients select a preferred available dentist and time slot when creating a new appointment request.
• All appointment requests are subject to approval or disapproval by the assigned dentist or an authorized Staff member.

Appointment Approval and Disapproval

• Staff must review pending appointment requests through the Dentist’s time schedule and may approve or disapprove requests based on the Dentist’s availability.
• Owners and authorized Staff may also act on appointment requests where appropriate.
• A disapproved appointment request includes a reason or note visible to the patient.
• If a Dentist needs to reschedule an existing appointment, then the Dentist must communicate with the dental staff, who uses the rescheduling function in the System.
• The Patient may accept the new schedule, propose a different time, or contact the clinic by phone to discuss rescheduling options.

Phone Rescheduling Option

Patients who are unable to use the online scheduling system may contact the clinic directly by phone to request rescheduling. Clinic contact information is provided in Section 14 of these Terms. Staff will update the System to reflect any changes agreed upon by phone.

Cancellation Policy

Patients should cancel or reschedule appointments at least 24 hours in advance when possible. Rescheduling beyond these hours is not permitted under clinic policy. The clinic reserves the right to cancel or reschedule appointments due to emergencies, unforeseen circumstances, system maintenance, or professional availability. In such cases, affected patients will be notified promptly through their registered email address with the reason for the change.

4.2 Payment Records and Online/E-Payment

The System allows tracking of all financial transactions within the dental clinic. Payments may be listed using any of the following methods:

• Cash — paid directly at the clinic
• Credit or Debit Card — processed at the clinic's payment terminal
• Bank Transfer — direct transfer to the clinic's designated bank account
• E-Payment / Online Payment — via GCash, Maya, or other supported digital wallet or online payment platforms

The RGDC Dental Website does not process, settle, or facilitate payments for dental procedures. All payment transactions are completed entirely outside the System through external payment methods (cash, card terminals, bank transfers, GCash, etc.). The System serves only as a record-keeping tool, with authorized clinic personnel manually entering payment information after transactions have been settled externally.

The clinic and System are not liable for any issues arising from third-party payment platforms, external transaction errors, payment processing failures, or disputes related to actual payment settlement. Users are responsible for ensuring payments are properly settled through external means before being recorded in the System for documentation and transparency purposes only.

Patients can view their full billing history, outstanding balances, and payment records through the Finance tab. Payment records are maintained for audit and reference purposes and are subject to the same archiving and retention policies as other clinic records. In the event of errors or discrepancies in the recorded payment information, patients are encouraged to report them immediately to authorized clinic personnel for verification and correction.

4.3 Dental Records Management

Authorized dental professionals and staff (e.g., Owner, Dentist, and Staff) may create, access, update, and manage patient dental records, including medical history, dental charts, progress notes, forms, treatment plans, and post-operation instructions. Access to such records is strictly role-based to protect patient information confidentiality.

Patients may view their own records and update their personal biodata. The attending dentist shall be solely responsible for the accuracy, completeness, and integrity of all clinical entries. Any discrepancies in dental or medical records must be reviewed and corrected by the attending dentist.

The clinic reserves the right to retain and archive dental records for legitimate medical, legal, and regulatory purposes. Archived records shall be restricted from general access and may only be accessed or restored by authorized personnel when necessary.

4.4 Security Features

The System implements the following security measures:

• Password Encryption: All passwords are hashed using industry-standard algorithms. Passwords are never stored in plain text.
• Role-Based Access Control (RBAC): Users can only access information and perform actions appropriate to their assigned role.
• Account Lockout: After 3 consecutive failed login attempts, the account is automatically locked for 5 minutes.
• Audit Trails: The system records essential account activity details, including user identity, timestamps for account creation, updates, and last login, as well as Google Calendar integration status, to ensure compliance and accountability.

4.5 Google Calendar and Gmail API Integration

The System integrates with Google Calendar API to synchronize appointments with the clinic's Google Calendar, and with Gmail API to send automated email notifications for appointment confirmations, reminders, rescheduling notices, password resets, and billing statements. By creating an account or registering using your Google account, you consent to receive these automated communications. Critical notifications such as security alerts and legal notices cannot be disabled.

4.6 Audit Trails and Compliance Logging

The System maintains comprehensive audit logs that record all user login and logout events, patient record access, changes to appointment and payment records, and administrative actions. Only the Owners can access audit logs. Audit logs cannot be modified or deleted.

5. ACCEPTABLE USE POLICY

5.1 Permitted Uses

You may use the RGDC Dental Management System solely for legitimate purposes related to receiving or providing dental healthcare services, managing appointments and treatment schedules, accessing personal dental records, performing authorized administrative tasks, and communicating with RGDC regarding appointments or account inquiries.

5.2 Prohibited Activities

You agree NOT to engage in any of the following:

• Attempting to access accounts, records, or system areas you are not authorized to access.
• Sharing login credentials or using another person's credentials.
• Accessing, copying, or using patient data for unauthorized purposes.
• Introducing viruses, malware, or malicious code into the System.
• Providing false information during registration or in patient records.
• Using the System for any illegal purpose or in violation of Philippine law.

5.3 Consequences of Violations

Violation of this Acceptable Use Policy may result in immediate suspension or archiving of your account, notification to law enforcement for illegal activities, and legal action to recover damages. RGDC reserves the right to investigate suspected violations and take appropriate protective action.

6. SYSTEM LIMITATIONS AND DISCLAIMERS

6.1 Internet Connectivity

The System is a web-based application requiring stable internet connectivity for real-time data synchronization across branches. Network disruptions may temporarily affect access to records, appointment updates, notifications, and system performance. RGDC is not liable for issues arising from poor or unavailable internet connections.

6.2 System Availability

While RGDC strives to maintain continuous system availability, there may be instances where the System becomes temporarily unavailable due to scheduled maintenance, emergency security updates, server issues, or force majeure events, During such periods, the clinic shall not be held responsible for any data loss, data discrepancies, delayed updates, or other system-related issues arising from maintenance activities, technical interruptions, or unforeseen system failures.

7. INTELLECTUAL PROPERTY RIGHTS

The RGDC Dental Management System, including its software, source code, design, features, functionality, user interface, graphics, and logos, is owned by or licensed to the Reyes-Guansing Dental Clinic and is protected by applicable intellectual property laws, including the Intellectual Property Code of the Philippines (Republic Act No. 8293) and relevant international treaties.

Subject to compliance with these Terms, RGDC grants you a limited, non-exclusive, non-transferable, and revocable license to access and use the System solely for its intended purposes. You may not copy, reproduce, modify, distribute, reverse engineer, decompile, create derivative works of the System, or sublicense, sell, lease, or transfer your access rights to any third party without prior written authorization.

Any unauthorized use, reproduction, or distribution of the System or its components constitutes a violation of intellectual property rights and may result in disciplinary action, suspension or termination of access, and possible legal action. Offenders may be held liable for civil and/or criminal penalties under applicable laws, including fines and imprisonment as provided under the Intellectual Property Code of the Philippines and other relevant regulations.

8. PRIVACY AND DATA PROTECTION

Your use of the System is governed by the RGDC Privacy Policy. By agreeing to these Terms, you explicitly consent to the collection and processing of your personal and sensitive personal information, storage of your dental records and health data within the System, and sharing of your information with authorized RGDC personnel and integrated third-party services as described in the Privacy Policy. This consent requirement ensures every user has explicitly agreed to data storage and processing.

9. MODIFICATIONS TO TERMS

RGDC reserves the right to update these Terms at any time to reflect changes in System features, legal requirements, or business practices. Version control maintains each version, timestamped and stored. For significant changes that materially affect your rights, you will receive an For minor, non-material changes, the "Last Updated" date will be updated without direct notification. Continued use of the System after the effective date of the updated Terms constitutes your acceptance of the changes.

10. DISPUTE RESOLUTION

These Terms are governed by the laws of the Republic of the Philippines. Before initiating formal legal proceedings, you agree to first attempt informal resolution by contacting RGDC and providing a reasonable opportunity (30 days) to address your concerns. If informal resolution fails, the parties agree to attempt mediation before pursuing litigation. Any disputes not resolved through mediation may be brought before the appropriate courts of the Philippines. Claims must be filed within one (1) year from the date the claim arose.

11. INDEMNIFICATION

You agree to indemnify and hold harmless RGDC, its owners, directors, employees, dentists, and staff from any claims, liabilities, damages, or expenses arising from your violation of these Terms, violation of applicable laws or regulations, unauthorized use of the System, infringement of intellectual property rights, or data breaches resulting from your failure to maintain password confidentiality and other activities that may result in similar consequences.

12. MISCELLANEOUS

These Terms, together with the Privacy Policy and any other referenced policies, constitute the entire agreement between you and RGDC regarding use of the System. If any provision is found invalid or unenforceable, it shall be modified to the minimum extent necessary, and the remaining provisions continue in full force. RGDC's failure to enforce a right does not constitute a waiver of that right. You may not assign your rights under these Terms without RGDC's prior written consent. RGDC is not liable for failures caused by circumstances beyond its reasonable control, including natural disasters, power outages, or cyber attacks.

13. CONTACT INFORMATION

For questions, concerns, security reports, or formal notices regarding these Terms and Conditions, please contact:

Reyes-Guansing Dental Clinic

• Location: 1191 Velarde Bldg, Del Pilar St., Cabanatuan City
• General Inquiries: dentalclinicreyesguansing@gmail.com
• Contact: 0963-220-1556

Response Timeframe: RGDC strives to respond to all inquiries within the day. Urgent security matters receive immediate attention either by phone or email. Formal written notices should be sent via registered mail to the address above marked "Attention: Legal Department."

14. ACKNOWLEDGMENT AND ACCEPTANCE

BY CHECKING THE "I AGREE" BOX DURING ACCOUNT REGISTRATION AND CLICKING THE "CREATE ACCOUNT" BUTTON, YOU ACKNOWLEDGE AND CONFIRM THAT:

• You have carefully read and fully understand these Terms and Conditions in their entirety.
• You agree to be legally bound by all provisions of these Terms.
• You understand your rights, responsibilities, and obligations as a System user.
• You consent to the collection, processing, and storage of your personal data as described in these Terms and the Privacy Policy.
• You understand that your account will be archived upon deactivation, and that records are retained per legal requirements.
• You acknowledge that appointment scheduling is subject to dentist approval or disapproval, and that rescheduling notices will include a written reason.
• You acknowledge that all payments are made directly through the clinic using accepted methods such as cash, card, bank transfer, or approved e-payment platforms. The System is used solely for recording and tracking payments and does not process or facilitate any payment transactions.
• For minor patients: You are the parent or legal guardian with authority to consent on behalf of the minor.
• You have had the opportunity to seek independent legal advice regarding these Terms if desired.

Your acceptance of these terms and conditions is required to fully use the system.

Effective Date: December 17, 2025 | Last Updated: April 27, 2026

© 2026 Reyes-Guansing Dental Clinic. All Rights Reserved.

1. INTRODUCTION

Welcome to the Reyes-Guansing Dental Clinic (RGDC) Dental Management System. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website and services. We are committed to protecting your privacy and ensuring the security of your sensitive health information in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173).

By creating an account and using the RGDC Dental Management System, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our services.

2. INFORMATION WE COLLECT

We collect the following personal information to provide dental healthcare services and manage your account:

• Full name, date of birth, age, and gender.
• Contact information, including email address, phone number, and home address.
• Emergency contact details for urgent situations.
• Government-issued identification numbers are required for insurance claims or legal purposes.

2.2 Sensitive Personal Information

As healthcare providers, we collect and process sensitive personal information necessary for delivering quality dental care:

• Complete dental history, including previous treatments, procedures, and outcomes.
• Comprehensive medical records relevant to dental treatment.
• Treatment plans, clinical diagnoses, and progress notes created by dentists.
• Dental charts, x-rays, and photographs.
• Current and past medication history, including dosages and frequencies.
• Known allergies to medications, materials, or substances.
• Insurance information and billing records for payment processing

2.3 Account and System Information

To maintain system security and functionality, we automatically store:

• Username and encrypted password for account access.
• Account creation date and assigned user role (Owner, Dentist, Staff, or Patient).
• Login timestamps and session duration for security monitoring.
• Appointment history, scheduling preferences, and attendance records.
• System interaction logs for troubleshooting and service improvement.

3. HOW WE COLLECT YOUR INFORMATION

We collect your information through multiple methods designed to provide comprehensive dental care:

Direct Input: You provide information voluntarily during account registration, profile updates, appointment booking, and when communicating with our staff.

Clinical Documentation: Our licensed dentists and authorized staff record information during in-person consultations, examinations, treatments, and follow-up visits.

System Integrations: We utilize the Google Calendar API to synchronize appointment schedules and the Gmail API to send email notifications, confirmations, and reminders.

4. HOW WE USE YOUR INFORMATION

Your personal and sensitive information is used exclusively for the following legitimate purposes:

Healthcare Delivery: Providing comprehensive dental healthcare services, maintaining accurate treatment records, developing personalized treatment plans, tracking treatment progress, and ensuring continuity of care across multiple visits and clinic branches.

Appointment Management: Scheduling dental appointments, sending automated reminders via email, coordinating schedules across multiple dentists and branches, managing waitlists, and reducing missed appointments through proactive communication.

Communication: Sending appointment confirmations and changes, providing treatment updates and post-procedure care instructions, sharing important clinic announcements and policy changes, requesting feedback on services, and responding to your inquiries and concerns.

Administrative Operations: Processing billing and insurance claims accurately, maintaining organized financial records, managing inventory and supplies, coordinating staff schedules, and supporting efficient clinic operations across all branches.

Legal and Regulatory Compliance: Meeting healthcare documentation requirements, responding to valid legal requests and court orders, maintaining records for the mandated retention period, supporting medical-legal cases when necessary, and ensuring compliance with Department of Health regulations.

Security and Fraud Prevention: Protecting your account from unauthorized access, detecting and preventing fraudulent activities, investigating security incidents, monitoring system integrity, and enforcing our Terms and Conditions.

Service Improvement: Analyzing usage patterns to enhance system functionality, identifying areas for operational improvement, developing new features based on user needs, and ensuring the platform meets evolving healthcare standards.

5. DATA SHARING AND DISCLOSURE

Reyes-Guansing Dental Clinic respects your privacy and does not sell, rent, or trade your personal information to third parties for commercial purposes. Your information may only be shared under the following strictly limited circumstances:

Within the Clinic Network: Your information is accessible to authorized RGDC personnel across our clinic branches who have a legitimate need to access your records to provide healthcare services. This includes dentists who treat you, administrative staff who manage your appointments and billing, and clinic owners who oversee operations. All personnel are bound by professional confidentiality obligations and data privacy training requirements.

Trusted Service Providers: We utilize reputable third-party services essential for system functionality, specifically Google Calendar API for appointment synchronization and Gmail API for email communications. These providers operate under strict confidentiality agreements and are contractually obligated to protect your information. They can only access information necessary to perform their specific services and cannot use your data for their own purposes.

Legal and Regulatory Requirements: We may disclose your information when required by Philippine law, valid court orders, subpoenas, or government regulations. This includes responding to Department of Health inquiries, cooperating with law enforcement investigations involving legitimate healthcare matters, and complying with National Privacy Commission directives. We will notify you of such disclosures unless legally prohibited.

Protection of Rights and Safety: We may share information when necessary to protect the legal rights of the clinic, prevent fraud or abuse of our services, respond to emergency situations where your health or safety is at risk, enforce our Terms and Conditions, or protect the rights and safety of other patients, staff, or the public.

With Your Explicit Consent: When you provide clear, informed consent, we may share your information for specific purposes such as referring you to dental specialists outside our clinic, coordinating care with your other healthcare providers, processing insurance claims with your insurer, or sharing information with family members you designate.

Business Transfers: In the unlikely event that RGDC is involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, which will be required to honor this Privacy Policy and maintain the same level of data protection.

6. DATA RETENTION PERIODS

RGDC maintains your information for different periods based on legal requirements, healthcare standards, and operational needs:

Active Patient Records: While you remain an active patient receiving ongoing dental care, your complete records are maintained indefinitely to ensure continuity of care, track treatment history, and provide a reference for future procedures.

Inactive Patient Records: Following your last visit or account closure, records are retained for a minimum of 10 years before archiving, in accordance with healthcare regulations and professional standards. This extended retention period allows dentists to reference your dental history in case of dental emergencies, complications from previous treatments, legal disputes, or if you return for care after an extended absence.

Account Archiving and Legal Compliance:In compliance with the Data Privacy Act of 2012, deactivated accounts are securely archived rather than permanently deleted. This ensures associated medical records are safely retained for legitimate healthcare and legal purposes, while protecting your personal data from unauthorized access.

Legal Hold Periods: If your records become subject to legal proceedings, regulatory investigations, pending insurance claims, or government audits, they will be retained beyond normal retention periods as required by law, court order, or regulatory directive, regardless of archiving or deletion requests.

Account Archiving: User accounts are not permanently deleted; instead, they are retained in a secure, controlled manner when no longer active. When an account is deactivated, whether by user request or administrative action, it is placed into an ARCHIVED state. The following rules apply:

• Archived accounts are immediately inaccessible to the account holder, hidden from regular system views, and cannot be accessed or modified by the former account holder unless explicitly restored by an authorized user.
• Only authorized users (such as system administrators or designated clinic management personnel) can view, restore, or manage archived accounts.
• Requests for account archiving may be submitted through the clinic’s official RGDC administration email.

All account archiving and data retention practices are carried out in compliance with the Data Privacy Act of 2012, ensuring that personal data is processed securely, retained only for legitimate purposes, and protected against unauthorized access or disclosure.

No Permanent Account Deletion

As established in Section 3.2, RGDC does not permanently delete user accounts. All account deactivations result in archiving. This policy ensures that medical records associated with their respective accounts are stored long-term in accordance with the Data Privacy Act and supports accountability and data integrity across all clinic branches.

Voluntary Account Archiving

You may request to archive/deactivate your account at any time by submitting a written request to the RGDC administration, preferably by email or other available means. Upon the approval of your request, your account access will be disabled immediately, and your account will be placed in archived status. Associated dental records will be retained for emergency purposes, as required by the Department of Health.

7. YOUR PRIVACY RIGHTS

Under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), you have the following rights regarding your personal information:

Right to Be Informed: You have the right to receive clear, transparent information about how we collect, use, and process your personal data. This Privacy Policy fulfills that obligation, and we also provide specific notices during account registration and when collecting sensitive information.

Right to Access: You can view, download, and review your personal information, dental records, treatment history, and appointment records through your patient dashboard at any time. For information not available through your account, you may submit a formal access request to our Data Privacy Officer.

Right to Rectification: If you discover that your personal information is inaccurate, incomplete, or outdated, you can request corrections through your account settings or by contacting our administrative staff. We will verify and update your information promptly, notifying any third parties with whom the information was shared if necessary.

Right to Erasure or Blocking: You may request archiving of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent (where consent was the basis for processing), or when processing is unlawful. However, this right is subject to our legal obligation to retain medical records for 10 years for healthcare compliance, patient safety, and potential legal requirements.

Right to Object: You can object to the processing of your personal data for specific purposes such as direct marketing or automated decision-making. While we cannot stop processing information essential for providing healthcare services or meeting legal obligations, we will honor objections to non-essential processing activities.

Right to Data Portability: Upon request, we will provide copies of your dental records and personal information in a structured, commonly used, and machine-readable electronic format (such as PDF or CSV) that allows you to transfer the data to another healthcare provider or system.

Right to Withdraw Consent: For data processing activities based on your consent rather than legal obligation, you may withdraw your consent at any time. However, withdrawal does not affect the lawfulness of processing that occurred before withdrawal, and we may need to continue processing certain information to fulfill our legal and professional obligations.

Right to File a Complaint: If you believe your data privacy rights have been violated, you have the right to file a complaint with RGDC's Data Privacy Officer and/or directly with the National Privacy Commission. We are committed to resolving your concerns promptly and transparently.

Right to Damages: Under Republic Act No. 10173, you may be entitled to compensation if you suffer damage due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.

In response to the user’s request, we will respond within a reasonable period as required under the Data Privacy Act of 2012 and its implementing Rules and Regulations, typically within fifteen (15) business days for straightforward requests, in accordance with guidance from the National Privacy Commission.

8. DATA SECURITY MEASURES

RGDC implements comprehensive technical, organizational, and physical security measures to protect your sensitive personal information from unauthorized access, disclosure, alteration, and destruction:

Encryption and Data Protection: All user passwords are encrypted using industry-standard encryption, making them unreadable even to system administrators. All data transmitted between your device and our servers is protected using HTTPS/TLS encryption protocols. Sensitive personal information stored in our databases is encrypted at rest using AES-256 or equivalent encryption standards.

Access Controls: We implement strict role-based access control (RBAC) systems that limit data access based on job function. Owners have full administrative control; Dentists can access their patients' clinical records; Staff can access administrative functions; and Patients can only view their own information.

Authentication Security: The system enforces strong password requirements, including minimum length, complexity requirements, and prohibitions on commonly used passwords. User accounts are automatically locked after 3 consecutive failed login attempts to prevent brute force attacks. We offer optional multi-factor authentication for enhanced security. Sessions automatically timeout after periods of inactivity, requiring re-authentication.

Security Limitations: The System strictly prohibits any malicious, fraudulent, or harmful activities, including, but not limited to: malware distribution, phishing, and fraudulent transactions. Such actions may result in account termination and legal consequences under applicable laws, including the Philippine Cybercrime Prevention Act of 2012 (Republic Act No. 10175). The Clinic Organization is not liable for any loss, misuse, or unauthorized access to personal data resulting from user negligence or external factors beyond its control. All data-handling and protection measures comply with the Data Privacy Act of 2012 (Republic Act No. 10173).

Audit Trails and Compliance Logging: The System maintains comprehensive audit logs that record all user login and logout events, patient record access, changes to appointment and payment records, and administrative actions. Audit logs are accessible only to system Owners and cannot be modified or deleted, ensuring the integrity and accountability of all data operations within the System.

9. THIRD-PARTY SERVICES AND LINKS

The RGDC Dental Management System integrates with third-party services to provide enhanced functionality:

Google Calendar API:We use Google Calendar API to synchronize your dental appointments with your personal Google Calendar, allowing you to manage your schedule across multiple devices and receive reminders through your preferred calendar application. When you enable this integration, we share your appointment date, time, and clinic location with Google's services.

Gmail API: We utilize Gmail API to send automated email notifications, including appointment confirmations, reminders, treatment updates, system announcements, and password reset requests. This integration allows for reliable, timely delivery of important communications.

10. INTERNATIONAL DATA TRANSFERS

While RGDC primarily operates within the Philippines, certain aspects of our system may involve international data transfers:

Cloud Infrastructure: Our system may utilize cloud hosting services with data centers located in various countries. When your information is stored or processed outside the Philippines, we ensure that service providers maintain data protection standards equivalent to or exceeding Philippine requirements under Republic Act No. 10173.

Third-Party Services: Google Calendar and Gmail services are provided by Google LLC, a US-based company with global infrastructure. When you enable integration with these services, your appointment information and email address may be processed on servers located outside the Philippines.

Your Rights Remain Protected: Regardless of where your data is physically stored or processed, you retain all privacy rights granted under Philippine law, including the right to access, correct, and archive your information, and the right to file complaints with the National Privacy Commission.

11. CHANGES TO THIS PRIVACY POLICY

RGDC reserves the right to update, modify, or replace this Privacy Policy at any time to reflect changes in our practices, legal requirements, technological developments, or system enhancements. We are committed to keeping you informed about how we protect your privacy:

Notification of Changes: When we make significant changes that materially affect how we collect, use, or protect your personal information, we will notify you through:

• Email notification sent to the address associated with your account using our Gmail API integration
• A prominent notice is displayed on your dashboard when you log into the system
• An updated "Last Updated" date at the top of this Privacy Policy.

Acceptance of Changes: By continuing to use the RGDC Dental Management System after the effective date of the updated Privacy Policy, you acknowledge that you have read, understood, and agree to be bound by the revised terms. Your continued use constitutes acceptance of the changes.

Right to Object: If you disagree with significant changes to this Privacy Policy, you have the right to:

• Contact us to discuss your concerns
• Request account closure and archiving of your data, subject to our legal record retention obligations

Version Control: We maintain historical versions of our Privacy Policy for reference. You may request access to previous versions by contacting our Data Privacy Officer.

12. CONTACT INFORMATION

For questions, concerns, security reports, or formal notices regarding the Data Privacy Policy, please contact:

Reyes-Guansing Dental Clinic

• Location: 1191 Velarde Bldg, Del Pilar St., Cabanatuan City
• General Inquiries: dentalclinicreyesguansing@gmail.com
• Contact: 0963-220-1556

Response Timeframe: RGDC strives to respond to all inquiries within the day. Urgent security matters receive immediate attention either by phone or email. Formal written notices should be sent via registered mail to the address above marked "Attention: Legal Department."

Your acceptance of this Data Privacy Policy is required to fully use the system.

Effective Date: December 17, 2025 | Last Updated: April 26, 2026

© 2026 Reyes-Guansing Dental Clinic. All Rights Reserved.