.

.

 

Effective Date: January 14, 2026

Last Updated: January 14, 2026

Data Controller: Servicios Medicos de Baja California SA de CV, operating as Hospital PBM Photomedicine (“we,” “us,” “our,” or the “Hospital”).

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our website pbmhospital.mx (the “Site”), use our medical services, or otherwise interact with us. We are committed to handling your personal and sensitive health data with the highest ethical and legal standards, in strict compliance with the Mexican Federal Law on Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares, or LFPDPPP) and its accompanying regulations.

By using our Site or services, you acknowledge you have read and understood this Privacy Policy. If you do not agree, please do not use our services.

1. Information We Collect
We collect information to provide and improve our medical services, communicate with you, and fulfill legal obligations. The types of information we collect include:

A. Information You Provide Directly:

Identification & Contact Information: Name, date of birth, gender, nationality, home address, email, phone number, official identification (e.g., CURP, passport).

Medical & Health Information (Sensitive Personal Data): Complete medical history, current symptoms, diagnoses, treatment plans (including specific bio-photonic therapy protocols for oncology, dermatology, pain management, autoimmune diseases, etc.), clinical notes, laboratory and imaging results, genetic data, and family medical history where relevant.

Administrative & Financial Information: Insurance details, payment information (e.g., credit card details, which are processed securely by third-party processors), billing address, and transaction history.

Communications: Records of your interactions with us via email, phone, contact forms, or patient portals.

B. Information Collected Automatically:

Usage Data: When you visit our Site, we may collect your IP address, browser type, operating system, referring URLs, pages viewed, links clicked, dates/times of access, and other diagnostic data.

Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to enhance site functionality, analyze trends, personalize content (e.g., language preference), and understand user behavior. You can manage cookie preferences through your browser settings. For more details, please see our separate Cookie Policy.

C. Information from Third Parties:
We may receive information about you from other healthcare providers (with your explicit consent), family members (in cases of emergency or with authorization), insurance companies, or publicly available sources, as necessary for your integrated care.

2. Legal Basis and Purposes for Processing Your Information
We process your personal data based on the following legal bases under the LFPDPPP: your express consent, the necessity for the performance of a contractual relationship (providing medical services), compliance with legal obligations (e.g., health regulations, tax law), and our legitimate interests (e.g., improving our services, security).

Specifically, we use your information to:

Provide Medical Diagnosis & Treatment: To evaluate, diagnose, and administer bio-photonic and other therapies, manage your patient record, and coordinate care.

Perform Contractual & Administrative Functions: To schedule and confirm appointments, process payments, manage billing and insurance claims, and provide customer support.

Communicate with You: To send important notices regarding your treatment, changes to terms, policies, or services, and to respond to your inquiries.

Improve Services & Security: To conduct internal research and analysis, monitor Site performance and security, prevent fraud, and develop new services.

Marketing (with Your Prior Opt-in Consent): To send newsletters, educational materials, or promotional communications about our services. You may opt-out at any time.

Comply with the Law: To fulfill obligations under Mexican health, safety, and tax regulations, including reporting to competent authorities when legally required.

3. How We Share and Disclose Your Information
We do not sell, rent, or trade your personal information for commercial purposes. We may share your information only in the following circumstances:

With Your Explicit Consent: For specific purposes you authorize, such as sharing records with another specialist or healthcare institution.

Service Providers: We engage trusted third-party vendors who act on our behalf under strict contractual data protection agreements. These include IT hosting and maintenance providers, secure payment processors, email service providers, and legal/financial advisors.

Healthcare Partners: For coordinated, multi-disciplinary care, we may share relevant information with affiliated medical professionals within our network, all bound by confidentiality.

Legal Obligations and Vital Interests: We may disclose information if required by law, regulation, subpoena, or court order, or if necessary to protect the rights, property, or safety of you, the Hospital, or the public (e.g., public health emergencies).

Corporate Transactions: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you and outline your choices.

4. International Data Transfers
Your information is processed primarily in Mexico. If any transfer of your data to a third party located outside Mexico is required, we will ensure such transfer is conducted in compliance with the LFPDPPP, either to a jurisdiction deemed “adequate” by Mexican authorities or under appropriate safeguards, such as standard contractual clauses approved by regulators.

5. Data Security and Retention
Security: We implement and maintain technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, and destruction. These include encryption (in transit and at rest), access controls, secure facilities, and regular security assessments. All staff and contractors are bound by strict confidentiality obligations.

Retention: We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations (Mexican health law requires retaining medical records for specific periods), resolve disputes, and enforce our agreements. After this period, data is securely deleted or anonymized.

6. Your Rights (ARCO Rights and More)
Under the LFPDPPP, you have the right to:

Access your personal data in our possession.

Rectify inaccurate or incomplete data.

Cancel (delete) your data, subject to legal retention periods.

Oppose the use or processing of your data for specific purposes.

Withdraw Consent for processing where consent is our legal basis.

Limit the use or disclosure of your information.

Revoke consent for marketing communications at any time.

To exercise any of these rights, or to obtain information about our privacy procedures, you must submit a formal, written request via the contact details in Section 9. We may request information to verify your identity. We will respond within the legal timeframe (20 business days under LFPDPPP) and inform you of the action taken.

7. Specific Provisions
Sensitive Personal Data: Your health information is treated with the utmost confidentiality and receives heightened security protections. We will only process such sensitive data with your explicit, informed, and unequivocal consent, except where required by law or for preventive/ diagnostic medicine.

Children’s Privacy: Our services are not directed to individuals under 18. We do not knowingly collect personal information from minors without the prior, verifiable consent of a parent or legal guardian. If we become aware of such collection, we will take steps to delete it.

Third-Party Links: Our Site may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

8. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or services. The updated version will be posted on our Site with a revised “Last Updated” date. Material changes that affect your rights will be communicated to you directly (e.g., via email or a prominent notice on our Site) prior to the change becoming effective. We encourage you to review this policy periodically.

9. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or have a privacy-related complaint, please contact our Data Privacy Officer at:

Servicios Medicos de Baja California SA de CV (Hospital PBM Photomedicine)
Attn: Data Privacy Officer
Blvd. Agua Caliente 11550-303, Aviacion, 22014 Tijuana, B.C., Mexico
Email: [privacidad@pbmhospital.mx] (Recommended for faster processing)
Phone: +52 (664) 974-9396

If you are not satisfied with our response, you have the right to lodge a complaint with the Mexican data protection authority, the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI).