Privacy Policy

Gestalt Neuropsychological and Psychological Services (the "Clinic", "we", "us", "our") is the Personal Information Controller for the data we collect from you under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173).

If you have questions about how your data is handled, please contact our Data Protection Officer using the details at the top of this page.

We collect the following categories of personal information:

• Identifiers — your full name, email address, mobile number, and (where applicable) date of birth.
• Booking details — chosen service, branch, therapist, appointment date and time, and any notes you provide during booking.
• Payment proofs — screenshots of your bank or e-wallet transfer when you pay online.
• Clinical assessment data — test responses, scores, and clinician observations that result from your sessions or evaluations.
• Patient portal credentials — your email and a hashed password (we never store your password in plain text).
• Intern application data — academic background, document uploads, and program-specific responses if you apply to our intern program.
• AI chat transcripts — messages you send through the on-site chat assistant, retained for support and quality monitoring.

We use the information we collect to:

• Schedule, confirm, reschedule, or cancel your appointments.
• Process your payments and maintain financial records as required by the BIR and other Philippine regulators.
• Deliver clinical certificates, test results, and other documents you have requested.
• Administer the intern program — including document review, hours logging, and certificate issuance.
• Respond to your inquiries via email, our website chat, or other channels.
• Comply with applicable laws, court orders, or regulatory obligations.

We process your personal information under the lawful bases set out in Section 12 of RA 10173, namely:

• Consent — you have given clear, informed consent at the point of collection (for example, when registering for the patient portal or submitting an intake form).
• Contractual necessity — processing is necessary to provide the service you booked.
• Legitimate interest — limited operational uses such as fraud prevention, service improvement, and audit logs, balanced against your privacy rights.

Sensitive personal information (clinical data) is processed only with your explicit consent, or where required by law.

We do not sell your personal information.

We share data only with the following third-party processors, and only to the extent needed to operate this service:

• Hosting — DigitalOcean (servers located outside the Philippines).
• Email delivery — our transactional email provider sends booking confirmations, password resets, and certificate links.
• AI chat — the on-site chat assistant uses a third-party large-language-model provider; the contents of your chat messages are sent to that provider to generate responses.
• Payment verification — payment proof images you upload are reviewed manually by our admin team and are not transmitted to a payment processor.

We require all processors to use your data only for the purposes described above and to maintain reasonable security measures.

We retain your personal information only as long as necessary for the purposes described above:

• Clinical records are retained for 10 years after your final session, in line with Philippine medical-records norms.
• Patient portal accounts are retained until you delete your account, after which only audit-trail data required by law is kept.
• Payment proof images and transaction records are retained for 5 years to satisfy tax and audit requirements.
• AI chat transcripts are retained for 90 days for quality monitoring, then deleted.

You may request deletion of your data at any time by contacting our Data Protection Officer; we will comply except where retention is required by law.

Under RA 10173, you have the following rights:

• The right to be informed about how your data is processed.
• The right to access the data we hold about you.
• The right to correct inaccurate or outdated information.
• The right to delete or block your data, where lawful.
• The right to object to processing in certain circumstances.
• The right to data portability — to receive your data in a structured, commonly used format.
• The right to lodge a complaint with the National Privacy Commission (privacy.gov.ph).

To exercise any of these rights, contact our Data Protection Officer using the details at the top of this page.

For any privacy-related concern, please reach out to our Data Protection Officer using the contact details shown at the top of this page.

We aim to respond to all data-subject requests within 15 working days as required by RA 10173.