The National Privacy Commission (NPC) is committed to fully protect your personal data privacy in compliance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA).
We shall detail the manner in which we process your personal data and provide a separate privacy notice in an appropriate format and manner whenever we collect personal data through other channels (e.g., publicly facing data processing systems implemented, notice posted at the reception area of NPC during events where participants' personal data is collected through attendance sheets or registration forms when personal data is collected according to the NPC's mandate).
In all instances, we assure you that processing your personal data will strictly follow the provisions of DPA, especially the general data privacy principles of Transparency, Legitimate Purpose, and Proportionality.
Our official website www.privacy.gov.ph
This Privacy Notice is for the NPC's website. These functionalities enable the NPC to collect and process your personal information.
We collect the following personal data from you when you manually or electronically submit to us your inquiries or requests:
This form is used by the data subject to submit inquiries and concerns to NPC.
While your consent may be solicited to process your personal data, we may also process personal data without your consent, such as when processing is according to our mandate or when processing is allowed under Section 12 or Section 13 of the DPA.
In these instances, your personal data is utilized for the following purposes:
Moreover, we may collect other personal data that are relevant and necessary to perform our mandate of providing compliance support and data subject assistance.
The NPC uses WordPress Statistics, a third-party service, to analyze our web traffic data, help us determine our website's engagement, and improve our website services and features. This service uses cookies. Data generated is not shared with any other party.
The following web traffic data are processed for this purpose:
Personal data processed by the NPC is not shared with any other party unless such disclosure is allowed under Section 12 or 13 of the DPA.
Risk refers to the potential of an incident to result in harm or danger to a data subject or organization. Risks may lead to the unauthorized collection, use, disclosure, or access to personal data. It includes risks involving the confidentiality, integrity, and availability of personal data or the risk that processing will violate the general data privacy principles and the rights of data subjects.
The NPC ensures that adequate physical, technical, and organizational security measures are in place to protect personal information's confidentiality, integrity, and availability. However, this does not guarantee absolute protection against certain risks involving the processing of personal data, such as when systems are exposed to targeted cyberattacks, malware, ransomware, and computer viruses or when manual records are accessed without authority.
However, adequate policies are in place to ensure appropriate security incident management in line with existing NPC policies, circulars, and other issuances.
We safeguard the confidentiality, integrity, and availability of your personal information by maintaining a combination of organizational, physical, and technical security measures based on generally accepted data privacy and information security standards. Among the measures we implement are the following:
We store files containing personal information in our computers and servers, which are kept in a secure environment. We may also store your personal information with cloud-based third-party data storage providers. We shall ensure that proper measures are adopted to protect your information.
Personal data shall be stored in a database for two (2) years after inquiries and requests are
acted upon. After which, records shall be disposed of securely.
Other categories of data may be kept longer than two (2) years when its retention period is determined by other relevant laws and regulations.
Physical records shall be disposed of through shredding, while digital files shall be anonymized. In all instances, our manner of disposal shall ensure that the personal information shall no longer be retrieved, processed, or accessed by unauthorized persons.
Under the DPA, you have the right to be informed regarding processing the personal information we hold about you.
Further, you may be entitled to request:
You may claim compensation if you believe you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data or for violating your rights and freedoms as a data subject.
Suppose you think that your personal information has been misused, maliciously disclosed, or improperly disposed of or that your data privacy rights have been violated. In that case, you have a right to file a complaint with the NPC.
NPC reserves the right to update or revise this privacy notice at any time and will provide a new privacy notice whenever there are substantial changes. Prior versions of the privacy notice shall be retained by the Commission and shall be provided to data subjects upon request.
Suppose you have suggestions or comments regarding our privacy statement and notice or for any issues concerning NPC's data privacy practices. In that case, you may reach us through our Data Protection Officer, Atty. Ivin Ronald D.M. Alzona, via this address: 5th Floor Delegation Building, PICC Complex, Vicente Sotto Avenue, Pasay City, Metro Manila 1307, or email us at [email protected].
Date last updated: 18 May 2023
All content is in the public domain unless otherwise stated.
Learn more about the Philippine government, its structure, how government works and the officials behind it.
GOV.PH