Privacy Policy for Website

This Privacy Policy can be used by any person or organization in the Philippines that owns a website (Personal Information Controller or PIC) to lay down the manner by which the collection or handling of data or information of the website's users is done. These users are known as the "data subjects".

A website that collects and handles data or information (also known as personal information) should have this document to enable the users to know how their data or information is collected and processed. A website owner or PIC should provide specific information as to how the personal information of users is processed.

Processing refers to any act by which data or information pertaining to the user is:

• Collected,
• Recorded,
• Organized,
• Stored,
• Modified or updated,
• Used,
• Combined or aggregated, or
• Deleted.

Personal Information refers to information about the user whether alone or combined with other pieces of information which tend to ascertain their identity. This can be directly ascertained (eg. the full name of the user) or indirectly by a combination of pieces of information (eg. the date of birth of the user, address, and contact information).

For the processing of Personal Information to be lawful, any of the following conditions must be complied with:

• The user must have given his or her consent prior to the collection, or as soon as possible;
• The processing involves the personal information of the user who is a party to a contractual agreement, in order to fulfill obligations under the contract or to take steps at the request of the user prior to entering the said agreement;
• The processing is necessary for compliance with a legal obligation to which the owner of the website (Personal Information Controller) is subject;
• The processing is necessary to protect the vitally important interests of the user, including his or her life and health;
• The processing of personal information is necessary to respond to national emergencies or to comply with the requirements of public order and safety, as prescribed by law;
• The processing of personal information is necessary for the fulfillment of the constitutional or statutory mandate of a public authority; or
• The processing is necessary to pursue the legitimate interests of the owner of the website (Personal Information Controller), or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the user, which require protection under the Philippine Constitution.

Other specific types of personal information are Sensitive Personal Information and Privileged Information, for which stricter rules apply due to the sensitive nature of the data. Sensitive Personal Information and Privileged Information can only be processed when this is justified.

Sensitive Personal Information is:

• information about the user's race, ethnic origin, marital status, age, color, religious, philosophical or political affiliations, health, education, genetic information, sexual life
• information regarding a proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
• information issued by government agencies related to the user which includes, but is not limited to, social security numbers, previous or current health records, licenses or their denials, suspension or revocation, and tax returns; and
• information that is specifically established by law or regulation to be kept classified.

Privileged Information refers to any and all forms of data or information, which cannot be disclosed due to its confidential nature. An example of privileged information is the communication between a lawyer and a client.

How to use this document

The website owner or the Personal Information Controller must provide the following details to complete their Privacy Policy:

• Description of the data or information to be entered into the website's system;
• Purposes for which they are being or will be processed;
• Criteria or Basis of processing, when processing is not based on the consent of the user;
• Scope and method of the processing;
• The recipients or classes of recipients to whom the personal data are or may be disclosed such as third parties;
• Methods utilized for automated access, if the same is allowed by the user, and the extent to which such access is authorized;
• The identity and contact details of the personal information controller or its personal information processor;
• The identity and contact details of the Data Privacy Officer if one is appointed;
• The period for which the information will be stored; and
• The existence of their rights as data subjects.

After providing the above details the website owner can now post the privacy policy on their website.

Applicable Law

This document is governed by the Provisions of R.A. 10173 or the Data Privacy Act of 2012 and its rules and regulations.

How to modify the template

You fill out a form. The document is created before your eyes as you respond to the questions.

At the end, you receive it in Word and PDF formats. You can modify it and reuse it.