The Republic Act No. 10173 also known as the Data Privacy Act of 2012 which requires the government and the private sector to follow and comply to fulfill their objective to protect personal data in information and communications systems.

With this, it ensures that the entities of the City Government of Cagayan de Oro are implementing measures and procedures that guarantee the safety and security of personal data under their control or custody and thereby upholding an individual’s data privacy rights; this also applies the principles of Transparency, Legitimate Purpose, and Proportionality in processing of the personal data submitted and stored in the information and communication system.

This Notice serves as a guide or handbook for ensuring the compliance of the City Government with the Data Privacy Act and its Implementing Rules and Regulations (IRR). This also encapsulates the privacy and data protection protocols that are being observed and carried out within this entity for specific circumstances (e.g., from collection to destruction), directed toward the fulfillment and realization of the rights of data subjects.



We, the City Government of Cagayan de Oro, respect and value your data privacy rights. It is our duty to give you assurance and confidence to notify you on the submitted data, most specifically your given personal information on how it is being collected, processed, and kept. This is also to inform you of your rights in accordance with the laws and regulations stated and specified in the Republic Act No. 10173 which is also known as the “Data Privacy Act of 2012 (DPA)”.




All personnel of the City Government of Cagayan de Oro, especially the processor, regardless of the type of employment or contractual arrangement, must comply with the terms set out in this Data Privacy Notice. This Data Privacy Notice is publicly posted for the information and transparency of the data being processed through this City Health Office Online Services System.

This Data Privacy Notice is written to notify data subjects of the City Health Office Online Services System regarding the processing of their personal information and sensitive personal information: from the collection of data through this City Health Office Online Services System, to the actual generation of the medical certificate and health card using the data collected; this notice also includes how the processors will keep, secure, and protect the collected data.


  1. Collection (What Information Do We Collect):
  2. The processors collect the information required in the [City Health Office (CHO) Online Services System.]. The CHO Online Services System has two types of consultation, the following information that are being collected in each consultation from the data subjects through this system are the following:  

    • Medical Type
    • Purpose
    • Reason to Travel
    • Full Name
    • Date of Birth
    • Blood Type
    • Sex
    • Civil Status
    • Mobile No.
    • Nationality
    • Building Name/Lot/Block/Street/Subdivision
    • Province
    • City/Municipality
    • Barangay
    • Occupation

    The City Health Office Online Services System stores the personal data in the database respectively and is being protected through a security protocol where the database system is located for data security and protection.  

  3. Use (How We Process Your Information):
  4. Personal data collected shall be used accordingly for the CHO Online Services System profiling. By filling up the application form through the City Health Office Online Services System, the data subject consents the processor and developer to obtain, collect, process, keep the personal data and sensitive personal information of the data subject.  

  5. Disclosure and Sharing
  6. All processors shall maintain the confidentiality and secrecy of all personal data that come to their knowledge and possession, even after resignation, termination of contract, or other contractual relations. Personal data under the custody of the City Government shall be disclosed only pursuant to a lawful purpose, and to authorized recipients of such data.  

  7. Access
  8. Due to the sensitive and confidential nature of the personal data under the custody of the City Government, only the data subject and the authorized processor shall be allowed to access such personal data, for any purpose, except for those contrary to law, public policy, public order or morals. The authorized processors of this information system are as follows:  

    • Processing Office: City Health Office
    • CMISID: The developer of the City Health Office Online Services System. Data accessibility of this unit is only limited to the structure of the database for the development purposes only. This shared accessibility is being protected by a data sharing agreement between the processing office and the developer.
    • Only statistical reports will be shown without any disclosure of personal information or sensitive personal information of the data subjects for transparency of the processor’s service.

    1. Storage, Retention and Destruction

    The processor as well as the CHO Online Services System will ensure that personal data under its custody are protected against any other unlawful processing (misused, modified, interfered, lost or disclosed to unauthorized processors without the Data Sharing Agreement).

    The implementation and the management of the information system shall have security practices and processes such as but not limited to the following:  

    • Document storage security policies;
    • Security measures to control access to our systems and premises;
    • Limitations on access to personal data;
    • Strict selection of third-party data processors and partners; and
    • Electronic security systems, such as firewalls, data encryption and transmission of data through a secured file transfer protocol.

    The personal data shall be kept and maintained up to a certain period or as long as necessary for the purpose for which they were collected or as required by laws and regulations.  


The developer [City Management Information Systems and Innovation Department shall always maintain a backup file for all personal data under its custody. In the event of a security incident or data breach, it shall always compare the backup with the affected file to determine the presence of any inconsistencies or alterations resulting from the incident or breach.

In case of any breach incident, the CMISID developer will report to the Data Protection Officer together with the responsible Compliance Officer for Privacy of the City Health Office. The CMISID detailed documentation of the incident or breach encountered as will be forwarded to the management and to the NPC depending on the City Government Data Privacy Officer’s advice.  


The privacy of data of the City Government is legally monitored and managed by the registered Data Privacy Officer. The Compliance Officer for Privacy in the City Health Office coordinates with the City Data Privacy Officer is given the role to oversee the compliance of the office or the PIC on the Data Privacy Act, its Implementing Rules and Regulations, and other related policies. PIPs of this request system were trained, oriented, and signed the Non-Disclosure Agreement. All the personal data that is stored in the database of this request system followed the security protocol


You as our Data Subjects have the following rights (RIGHTS OF DATA SUBJECTS):

Personal information will be made available to the clients and authorized processors anytime in case there are requests for correction, modification or deletion. It is the right of the individual owning the personal data to inquire or obtain a copy of the personal information provided to us.

  1. The right to be informed, thus this Data Privacy Notice on how your personal information collected be processed through this City Health Office Online Services System.
  2. The right to access, thus you have the access of your personal details and account.
  3. The right to object, thus you can the right not to submit the data so as not the data to be processed.
  4. The right to damages, thus you can request for assessment of your data that might be mishandled to our Data Privacy Officer.
  5. The right to file a complaint, thus you can file a complaint to our Data Privacy Officer to any misused, maliciously disclosed, or improperly disposition of your data.
  6. The right to rectify, thus you have the right to correct and update your submitted through CHO Online Services System.


For further inquiries or complaints, you may report or coordinate with our City Government’s Data Privacy Officer:

        Atty. Reymond Q. Villablanca

        Asst. City Legal Officer

        City Legal Office

        Ground Floor, Executive Building, City Hall, Cagayan de Oro City


        Contact Number: (088) 857-2260 / +63-960-902-1208

        Compliance Officer for Privacy:


The provisions of this Manual are effective this 29 day of June, 2021, until revoked or amended by this entity, the City Government of Cagayan de Oro. 

DPN Version 1.0 as of June 29, 2021