exercising your rights under the DPA.
Definition of Terms
- “Data Subject” – refers to an individual whose personal, sensitive personal or privileged information
is processed by the organization. It may refer to officers, employees, consultants, and clients of this
- “Personal Information” – refers to any information whether recorded in a material form or not, from
which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding
the information, or when put together with other information would directly and certainly identify an individual.
- “Processing” - refers to any operation or any set of operations performed upon personal information
including, but not limited to, the collection, recording, organization, storage, updating or modification,
retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
Processing of Personal Data
- Collection (e.g. type of data collected, mode of collection, person collecting information, etc.) -
This company collects the basic contact information of clients and customers, including their full name, address,
email address, contact number, together with the products that they would like to purchase. The sales representative
attending to customers will collect such information through accomplished order forms.
Use - Personal data collected shall be used by the company for documentation purposes, for warranty tracking
vis-à-vis purchased items, and for the inventory of products.
- Storage, Retention and Destruction (e.g. means of storage, security measures, form of information
stored, retention period, disposal procedure, etc.) - This company will ensure that personal data under its custody
are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other
unlawful processing. The company will implement appropriate security measures in storing collected personal
information, depending on the nature of the information. All information gathered shall not be retained for a period
longer than one (1) year after the client has ceased to use the service. After one (1) year, all hard and soft
copies of personal information shall be disposed and destroyed, through secured means.
- Access (e.g. personnel authorized to access personal data, purpose of access, mode of access, request
for amendment of personal data, etc.) - Due to the sensitive and confidential nature of the personal data under the
custody of the company, only the client and the authorized representative of the company shall be allowed to access
such personal data, for any purpose, except for those contrary to law, public policy, public order or morals.
- Disclosure and Sharing (e.g. individuals to whom personal data is shared, disclosure of policy and
processes, outsourcing and subcontracting, etc.) - All employees and personnel of the company shall maintain the
confidentiality and secrecy of all personal data that come to their knowledge and possession, even after
resignation, termination of contract, or other contractual relations. Personal data under the custody of the company
shall be disclosed only pursuant to a lawful purpose, and to authorized recipients of such data.
Every personal information controller and personal information processor must also consider the human aspect of data
protection. The provisions under this section shall include the following:
- 1. Data Protection Officer (DPO)
The designated Data Protection Officer is the individual principally responsible for ensuring compliance with
applicable laws and regulations for the protection of data privacy and security. The DPO is responsible for the
supervision and enforcement of this Policy, the concerned person may send an email to the DPO via [email protected].
The Data Protection Officer shall oversee the compliance of the organization with the DPA, its IRR, and other
related policies, including the conduct of a Privacy Impact Assessment, implementation of security measures,
security incident and data breach protocol, and the inquiry and complaints procedure.
- 2. Duty of Confidentiality
Information that we receive from clients, whether or not constituting personal data, are generally protected as
privileged communications, and covered by our responsibility to our clients to keep that information confidential.
We diligently observe this professional obligation. We note that local law, regulations, and authorities permit
disclosure of such information under certain conditions, as when the information has become public.
The provisions of this Manual are effective this August 1, 2020, until revoked or amended by this company, through a Board Resolution.