Privacy Policy

Effective Date: July 30, 2025
Last Updated: July 30, 2025

This Privacy Policy sets out how Andyou.ph (operated by Rx Ventures Pte. Ltd. in the Philippines), (“&you,” "Andyou.ph," "we," "us," or "our"), collects, uses, discloses, and processes your personal data when you use our website at andyou.ph (the "Platform") and our related services.

We are fully committed to protecting your privacy and personal data in strict compliance with Republic Act No. 10173, or the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and all relevant issuances by the National Privacy Commission (NPC).

By using our Platform and services, you signify your acceptance of this Privacy Policy. If you do not agree, please do not use our Platform.

Section 1: Our Commitment to Your Privacy

1.1. Protecting Your Trust: At &you, we understand the sensitive nature of health information and your personal data. We are dedicated to providing a safe, private, and secure online healthcare and e-commerce experience.

1.2. Privacy by Design: We commit to embedding privacy and data protection principles into the design and operation of all our services, systems, and business practices from the outset. Your privacy is a default setting, not an afterthought.

1.3. Scope: This Policy applies to all personal data collected and processed through the Andyou.ph Platform, encompassing customers, users, visitors, healthcare professionals, and partners in the Philippines.

1.4. Data Quality and Accuracy: We are committed to maintaining the accuracy, completeness, and currency of your personal data. We take reasonable steps to ensure that the personal data we collect and process is reliable for its intended use and accurate. We rely on you to ensure that the personal data you provide to us is accurate, complete, and up-to-date. If you believe any of your personal data held by us is inaccurate or incomplete, please exercise your Right to Rectification as outlined in Section 7 of this Policy.

Section 2: Definitions

Personal Data: Refers to any information, whether true or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
Sensitive Personal Information: Refers to personal information:
- About an individual’s health, education, genetic or sexual life.
- About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations.
- About any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings.
- Issued by government agencies peculiar to an individual, such as social security numbers, licenses, or tax returns.
- For &you, your medical history, health status, diagnoses, consultation notes, laboratory results, and prescriptions are considered Sensitive Personal Information.
Data Subject: Refers to the individual to whom the personal data belongs (e.g., our customers, users, patients).
Personal Information Controller (PIC): Refers to the person or organization who controls the collection, holding, processing, or use of personal data (i.e., Andyou.ph / Rx Ventures Pte. Ltd.).
Personal Information Processor (PIP): Refers to any person or organization to whom a PIC may outsource or instruct the processing of personal data.
Processing: Refers to any operation performed upon personal data, including collection, recording, organization, storage, updating, retrieval, consultation, use, consolidation, blocking, erasure, or destruction.

Section 3: What Personal Data We Collect

We collect various types of personal data depending on your interaction with our Platform and services:

3.1. Information You Give Us Directly: This includes your contact and account details like your name, address, email, phone number, birthday, gender, nationality, and login information. When needed, and with your consent or as otherwise permitted by applicable law, we might also collect sensitive information including medical and health data you share during consultations or in forms. For payments, we collect your billing and payment information, like card details (handled securely) and billing address. We keep records of your conversations with customer support, feedback, and survey answers. Lastly, we collect any content you create and share publicly on our platform or related social media pages, like reviews or comments.

3.2. Information We Collect Automatically: This covers details about your device and how you use it, such as your device's IP address, browser, operating system, and how you interact with our platform (e.g., pages you visit, features you click). We also track your website activity, like searches you make, pages you view, or features you use. Our website uses cookies and trackers, which are small files that help our site work, remember you, understand how you use it, and show relevant ads. (You can find more about these in Section 7).

Information We Figure Out (Inferences): We might collect your location if your device settings allow it, to help connect you with nearby doctors or for deliveries. We can also guess your general location (like your city or country) from your IP address. We use automated tools to guess what products or content you might like, based on your activity.

Section 4: How We Use Your Personal Data (Purposes)

We collect and use your personal information for clear and legitimate reasons, always related to providing you with our services:

To Provide and Manage Our Services to You: We use your data to connect you with doctors for online consultations, create and manage your personalized treatment plans, process and deliver your medication orders nationwide, confirm your identity and eligibility for services, handle your payments and billing, and provide customer support, responding to your questions or feedback.
For Platform Improvement & Personalization: We analyze how our Platform is used to make it better and add new features. We also create anonymous reports for research and improving our services. We use your data to show you personalized product recommendations and content based on your activity and what you like.
For Marketing & Communications: We send you Platform updates, service notifications, and helpful health information. If you give us your specific permission, we'll also send you marketing and promotional messages about our products and services.
For Security & Legal Compliance: We use your data to detect and prevent fraud and other illegal activities. We also use it to follow laws, regulations, or court orders (like reporting requirements to the Department of Health), and to protect the safety, rights, and property of Andyou.ph, our users, and the public.

Section 5: Lawful Basis for Processing Your Data

We process your personal data based on specific lawful grounds under the DPA:

5.1. Your Explicit Consent: For processing your Sensitive Personal Information (health data), we will obtain your explicit, specific, and informed consent. This is also the basis for sending you marketing communications. You may withdraw your consent at any time (see Section 6).

5.2. Performance of a Contract: Processing is necessary to provide the services you request (e.g., online consultation, medication delivery, payment processing).

5.3. Compliance with Legal Obligation: When processing is required by law (e.g., mandatory reporting to the Department of Health, tax compliance).

5.4. Protection of Life and Health: In emergencies, when necessary to protect your life or health, especially if you are physically or legally unable to give consent

5.5. Legitimate Interest: We may process your personal information (but not your Sensitive Personal Information) where it is necessary for our legitimate interests or the legitimate interests of a third party, provided that your fundamental rights and freedoms are not overridden. Such interests include improving our platform, ensuring the security of our services, and preventing fraud.

Section 6: How We Share and Disclose Your Personal Data

We may share your personal data with third parties under strict confidentiality and security protocols, and only for the purposes outlined in this Policy. We ensure that all our Personal Information Processors are bound by legally enforceable contracts or data sharing agreements that require them to implement adequate security measures to protect your data in line with the DPA. The categories of third parties we may share personal information with but not limited to are as follows:

Healthcare Service Providers: Licensed doctors, specialists, and laboratory/diagnostic partners on our platform who provide you with consultations, diagnoses, and treatment.
Logistics & Delivery Services: Companies that deliver your medication to your specified address.
Payment Processors: Services that securely handle your payments for our products and services.
Cloud Hosting & Technology Services: Providers who host our platform, store our data securely, and offer other essential IT services.
Marketing & Analytics Services: Partners who help us understand user behavior, improve our services, and deliver relevant advertising (often using anonymous data).
Customer Support Tools: Platforms that help us manage your inquiries and provide efficient customer service.
Website Hosting & Testing Tools: Providers who help us run and improve our online platform.

We also may need to share your personal information in the following situations:

Business Transfers: We may share or transfer your information if our company is involved in a merger, sale of company assets, financing, or acquisition of all or part of our business by another company.
Affiliates: We may share your information with our related companies. These are our parent company, subsidiaries, joint venture partners, or other companies under common control with us. When we do, we require them to follow this privacy policy.
Compliance with Law: We may share your information when required by law, a court order, or to help in investigations by government bodies (like the National Privacy Commission or Department of Health) or law enforcement.
With Your Employer or Insurer: If you use our services through your employer or insurer, and you specifically agree, we may share your health data for claims processing.
Public Content You Post: Any information you choose to share publicly on our platform (like product reviews or comments) may be seen by other users and the general public. Please be careful what you share in public.

Section 7: Your Data Privacy Rights as a Data Subject

As a data subject under the DPA, you have the following rights concerning your personal data. We are committed to facilitating the exercise of these rights:

7.1. The Right to be Informed: To know that your personal data will be, are being, or have been processed.

7.2. The Right to Object: To object to the processing of your personal data, especially for direct marketing.

7.3. The Right to Access: To request access to your personal data held by us, including its categories, sources, and purposes of processing.

7.4. The Right to Rectification: To dispute the inaccuracy or error in your personal data and have us correct it promptly.

7.5. The Right to Erasure or Blocking: To demand the suspension, withdrawal, blocking, removal, or destruction of your personal data under certain conditions.

7.6. The Right to Damages: To be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.

7.7. The Right to Data Portability: To obtain a copy of your personal data in an electronic or structured format, and to transmit it to another entity.

7.8. The Right to File a Complaint: To lodge a complaint with the National Privacy Commission if you believe your privacy rights have been violated.

To exercise any of these rights, please contact our Data Protection Officer (see Section 15).

Section 8: How We Protect Your Personal Data

We implement comprehensive organizational, physical, and technical security measures designed to protect your personal data from unauthorized access, use, alteration, disclosure, or destruction in line with the requirements of the Philippine Data Privacy Act of 2012. In the unfortunate event of a personal data breach that is likely to result in a real risk of serious harm to you, we will notify the National Privacy Commission and affected data subjects in a timely manner, in accordance with our obligations under the Data Privacy Act.

Section 9: Cookies and Tracking Technologies

We use cookies (may include essential, analytics and marketing cookies), web beacons, and similar technologies to improve your experience on our Platform, analyze trends, administer the website, track users’ movements, and gather demographic information.

You can manage your cookie preferences through your browser settings or our Platform's cookie consent banner. Please note that disabling certain cookies may affect the functionality of the Platform.

Section 10: Policy on Artificial Intelligence (AI) Use

We may use AI to enhance your user experience, such as facilitating customer support through chatbots, and improving internal operational efficiencies.

Where your personal data is used to train our AI models, it is always anonymized. We do not use Sensitive Personal Information for AI model training without a specific, explicit, and lawful basis. For any AI-driven automated decision that could significantly affect you, there will always be a mechanism for human review and intervention.

Section 11: Data Storage and Management

Our data is stored on an encrypted cloud storage system and is managed exclusively within the Philippines. During any transfer of data, we ensure that your personal data is protected by implementing legally recognized data transfer mechanisms and safeguards as required by the Philippine Data Privacy Act of 2012.

Section 12: Children's Privacy

Our Platform and services are not intended for, and do not knowingly collect personal data from, individuals under the age of eighteen (18) years. By using our Platform, you confirm that you are at least 18 years old. If we become aware that we have inadvertently collected personal data from a minor without verifiable parental consent, we will take immediate steps to delete such information from our records. If you believe a minor has provided us with their personal data, please contact our Data Protection Officer immediately.

Section 13: Data Retention and Disposal

We will retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy. The retention period will be determined by the duration of your active account with us, the necessity to fulfill our contractual obligations to you and compliance with legal, regulatory, or evidentiary requirements (e.g., medical record retention periods mandated by the Department of Health, tax laws). After the retention period, your personal data will be securely and permanently disposed of in a manner that prevents further processing, unauthorized access, or disclosure.

Section 14: Links to Other Websites

Our Platform may contain links to other websites not operated by us. We are not responsible for the privacy practices of these third-party websites. We encourage you to review their privacy policies.

Section 15: Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or service offerings.

We will notify you of any material changes by posting the updated policy on our Platform with a revised "Last Updated" date. Your continued use of the Platform after such changes constitutes your acceptance of the updated policy.

Section 16: How to Contact Us / Data Protection Officer (DPO)

If you have any questions, concerns, requests, or wish to exercise your data privacy rights, please contact our Data Protection Officer:

Data Protection Officer (DPO) Email: privacy@andyou.ph Phone: +639603126996