Privacy Policy for Website - Template, Sample Form Pro · PH-law

PRIVACY POLICY
________

§ 1. INTRODUCTION

At ________ ("we", "us" or "our"), we are committed to protecting the personal data of the users ("you", "your" or "yours") obtained in the course of our business. We take the privacy of our users seriously and urge all users to read this Privacy Policy carefully. By using our Website or purchasing any of our Products, you acknowledge and agree to this Privacy Policy. This also means that you consent to the processing of your personal data or information obtained from your use of the Website, in accordance with the parameters set out herein. If you do not agree to or do not understand this Privacy Policy, you may cease or refrain from using the Website.

This Privacy Policy (hereinafter the "Privacy Policy") provides important information regarding:

1. The types of personal data or information we collect;

2. The manner of collection, storage, and usage of personal data or information;

3. The purposes for which we collect and process personal data;

4. How we share your personal data or information;

5. How long we retain your personal data or information;

6. Your rights as a data subject concerning your personal data or information;

7. The management of any modifications to this Privacy Policy; and

8. How to contact us in case you have any inquiry, concern, or complaint.

This Privacy Policy incorporates the minimum standards prescribed by Republic Act No. 10173, otherwise known as the "Data Privacy Act of 2012" (An Act Protecting Individual Personal Information in Information and Communications Systems in the Government and the Private Sector, Creating for this Purpose a National Privacy Commission, and for Other Purposes), which took effect on 08 September 2012, together with its Implementing Rules and Regulations and the relevant issuances, circulars, and advisories of the National Privacy Commission (collectively, the "Act").

This Privacy Policy excludes personal information about the user obtained from sources other than the use of this Website.

§ 2. EFFECTIVE DATE

This Privacy Policy comes into force and effect on ________.

§ 3. DEFINITIONS

Website: This Privacy Policy applies to ________, which shall hereinafter be referred to as the "Website".

Who we are: ________ ("we", "us" or "our"), a duly organized entity with principal office address at ________ and business registration/SEC/DTI No. ________, operates ________, and collects, stores, and processes your personal data or information.

User: The user ("you", "your" or "yours") using this Website, who, by such use, agrees to the provisions of this Privacy Policy.

Parties: The parties to this Privacy Policy are the Personal Information Controller ("________") and the user.

Personal Information Controller (PIC): Refers to ________, the entity that controls the collection, holding, processing, or use of your personal data or information, as defined under Section 3(h) of the Act.

Personal Information: Refers to and is used interchangeably with your "data or information", being any information whether recorded in material form or not, from which your identity is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify you, as defined under Section 3(g) of the Act.

Sensitive Personal Information: Refers to personal information about your race, ethnic origin, marital status, age, color, religious, philosophical or political affiliations, health, education, genetic or sexual life, any proceeding for any offense committed or alleged to have been committed, government-issued identifiers, and other information specifically established by law to be kept classified, as defined under Section 3(l) of the Act.

Processing: Refers to any operation or set of operations performed upon personal data, including, but not limited to, collection, recording, organization, storage, updating, retrieval, consultation, use, consolidation, blocking, erasure, or destruction.

Products: Refers to any goods or products offered for sale on ________.

§ 4. PERSONAL INFORMATION

The following are the types of personal information that may be collected from your use of the Website:

Types of personal information:

________

Where we collect Sensitive Personal Information, we shall do so only with your express consent or where otherwise permitted under Section 13 of the Act.

§ 5. LEGITIMATE PURPOSE OF PROCESSING PERSONAL INFORMATION

Your personal information shall be processed pursuant to the following declared, specified, and legitimate purposes:

________

We will process your personal information only in accordance with the purposes for which it was collected, and not in a manner that is incompatible with those purposes. Should we intend to process your personal information for any other purpose, we will notify you and, where required, obtain your consent prior to such processing.

Personal Information may also be processed for the following purposes:

1. Registration of your account for the use of various features of our Website;

2. Communication of user account and marketing information, if any;

3. Enhancement of user experience;

4. Billing or credit information, or fulfilment of transactions, if any;

5. Sharing of your data or information with affiliate companies;

6. Providing customer service;

7. Aggregation or combination of data (analytics); and

8. Automated decision-making.

§ 6. COLLECTION OF DATA OR INFORMATION

Depending on your usage of our Website, your personal information may be collected in any of the following manners:

A. Registration of users: As a user of the Website, you may register or create an account to access more features of the Website. By registering, we will collect or obtain the following personal information from you:

________

Personal information may be collected from you after registration in order to:

a. Allow our officers or representatives to interact with you in any manner, such as by messaging or email;

b. Notify you via email or SMS about general information regarding your use of our Website; and

c. Allow you to leave comments on our Website's content, including but not limited to photos, videos, text content, and forms.

The completion of your registration constitutes your free, informed, and specific consent allowing us to collect, store, use, or disclose your personal information in accordance with this Privacy Policy.

B. Passive usage: Data may be collected from you passively through "Cookies", even if you do not undergo the registration process. Passive data collection may include location information, IP address information, or browser data such as session information.

C. Data sharing with affiliate companies: We may share your personal information, or information that tends to identify you, with any of our affiliate companies or trusted organizations in order to provide a better user experience and offer you products best suited to your needs.

This is, however, subject to such affiliate or trusted organization first adhering to this Privacy Policy and agreeing to comply with the same standards by which we protect your data or information, through appropriate data sharing or outsourcing agreements compliant with the Act.

D. Billing Information: For purposes of purchasing the goods or products offered on our Website, we may ask you to provide certain credit information, billing address information, and additional specific information to enable us to charge you accordingly. This information may be stored for the following period: ________. The billing information you provide shall be used solely for facilitating your transactions with us.

E. User Experience: We may request your suggestions on how we can improve our Website, by means of surveys, questions, or ratings, which may be conducted from time to time.

F. Automated decision-making: We maintain an automated decision-making system that may decide and take actions on your behalf, meaning that your data or information will be used to run processes automatically through software programming or data management systems, without human intervention.

At each instance in which you are subjected to an automated decision-making process, we will notify you that a decision or action was made in such manner. Pursuant to your right to access, you may request a review of such decision or action. Any automated decision-making process will take place in the following manner:

________

G. Combination of Data or Information: We may aggregate or combine some of your personal information to provide you with the best user experience and offer products best suited to your needs or usage patterns. This combined or aggregated information may also be shared with affiliate companies or trusted organizations in accordance with this Privacy Policy.

§ 7. PERSONAL INFORMATION WE RECEIVE AUTOMATICALLY (COOKIES)

Lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat duis aute irure dolor in reprehenderit voluptate velit esse cillum dolore eu fugiat nulla pariatur lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis nostrud exercitation ullamco laboris.

A. HTML or technical cookies are used to allow you to access and navigate the pages of the Website; they are required to transmit communications over the network and provide the services you request, ensuring safe and efficient use of our Website.

B. Analytics or statistics cookies may be used to collect aggregated or combined data or information.

C. Temporary session cookies are deleted after a browsing session and are used to identify you and avoid repeated log-ins during a session, so long as your browser is not closed.

D. Permanent cookies remain for a longer period and function like temporary cookies but remain on your device even after your browser is closed.

E. Profiling cookies are used to establish user profiles and send you marketing or advertising communications according to your browsing behaviour and history.

F. Third-party cookies are transmitted by a third party to your device, and are often permanent cookies used to determine your browsing behaviour and history for customized browsing.

G. Third-party profiling cookies are used to establish your profile to send you marketing or advertising communications according to your browsing behaviour and history.

H. Third-party analytical cookies may be sent by outside third parties to our Website, enabling us to determine browsing behaviour and history to monitor performance and provide a better user experience.

You provide your specific consent when these types of cookies, other than strictly necessary technical cookies, are used to enable you to have the best experience on our Website.

§ 8. CRITERIA FOR LAWFUL PROCESSING OF PERSONAL INFORMATION

In accordance with the specified purposes of using your data or information, and pursuant to Sections 12 and 13 of the Act, the following are the criteria or legal bases for processing your personal information:

A. You give your consent before we collect and process your personal information;

B. Processing is necessary for the performance of, or in relation to, a contract to which you are a party, including taking steps at your request prior to entering into a contract;

C. Processing is necessary for compliance with a legal obligation to which we are subject;

D. Processing is necessary to protect your vitally important interests, including your life and health, or those of another person;

E. Processing is necessary to respond to a national emergency, or to comply with the requirements of public order and safety, as prescribed by law;

F. Processing is necessary to fulfil the constitutional or statutory mandate of a public authority; or

G. Processing is necessary to pursue our legitimate interests or those of a third party, except where such interests are overridden by your fundamental rights and freedoms. Where this is the basis of processing, the relevant legitimate interests will be provided to you.

Sensitive Personal Information shall be processed only upon your express consent, or where processing is otherwise authorized under Section 13 of the Act.

§ 9. THIRD-PARTY SERVICE PROVIDERS

We may share your information with third-party service providers, and vice versa, to help improve your experience on our Website, subject to appropriate confidentiality and data protection undertakings. This includes the following:

A. Non-sale of Data: Your personal information will not be sold to third parties without first obtaining your specific consent.

B. Hosting: We may use the services of third-party providers to host our Website, which may allow such providers to access your personal information.

C. Storage: We may use third-party providers for web or cloud storage to assist us in storing your information.

D. Tracking: We may use third-party providers to track usage data and determine user behaviour and patterns to improve the Website and your experience.

E. Advertising: We may allow third-party providers to advertise on our Website and use cookies for marketing and advertising purposes.

F. Logistics: We may use third-party providers to fulfil orders relating to products offered on our Website.

Lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat duis aute irure dolor in reprehenderit voluptate velit esse cillum dolore eu fugiat nulla pariatur lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis nostrud exercitation ullamco laboris.

Where we engage a personal information processor, we shall ensure, through a written agreement, that such processor implements security measures consistent with the Act.

§ 10. LENGTH OF RETENTION OF PERSONAL INFORMATION

Your data or information will be retained by us only for as long as necessary to fulfil the purposes specified in this Privacy Policy, or as required by applicable law.

The manner by which we will retain your data or information is described as follows:

________

Upon the lapse of the applicable retention period, your information shall be securely destroyed, deleted, or anonymized in a manner that prevents further processing, unauthorized access, or disclosure.

§ 11. SECURITY MEASURES

We undertake to keep your data or information safe and secure through reasonable and appropriate organizational, physical, and technical measures, in compliance with Sections 20 to 24 of the Act, intended to protect personal information against any accidental or unlawful destruction, alteration, and disclosure, as well as against any other unlawful processing.

Organizational Security Measures:

We have appointed a Data Protection Officer who shall ensure that your data or information is protected and that we comply with the requirements of the Data Privacy Act of 2012 and other applicable privacy laws, rules, and regulations;

________

Physical Security Measures:

________

Technical Security Measures:

________

In the event of a personal data breach, we shall notify the National Privacy Commission and the affected data subjects in accordance with Section 20(f) of the Act and the relevant issuances of the National Privacy Commission.

§ 12. LOCATION OR SCOPE AND CROSS-BORDER TRANSFER OF DATA

Your data or information may be processed not only within the Republic of the Philippines but also in other countries and with third parties therein, subject to the requirements of the Data Privacy Act of 2012 and other relevant laws or regulations, such as the European Union's General Data Protection Regulation (GDPR). We shall remain responsible and accountable for any personal information transferred for processing to third parties, including those located outside the Philippines, and shall ensure that comparable levels of protection are maintained.

§ 13. RIGHTS OF THE USER

The following are your rights as a data subject in relation to your data or information processed by us, as provided under the Data Privacy Act of 2012:

A. Right to be informed: You have the right to be informed whether data or information pertaining to you shall be, are being, or have been processed, including the existence of automated decision-making and profiling.

B. Right to object: You have the right to object to the processing of your data or information, including processing for direct marketing, automated processing, or profiling.

When you object or withhold your consent, we shall no longer process the personal data, unless:

a. The data or information is needed pursuant to a subpoena;

b. The collection and processing are for obvious purposes, including when necessary for the performance of or in relation to a contract or service to which you are a party, or when necessary or desirable in the context of an employer-employee relationship between the collector and the data subject; or

c. The information is being collected and processed pursuant to a legal obligation.

C. Right to access: You have the right to reasonable access to, upon demand, the following:

a. The contents of your data or information that were processed;

b. The sources from which your data or information were obtained;

c. The names and addresses of recipients of your data or information;

d. The manner by which such data were processed;

e. The reasons for the disclosure of your data or information to recipients, if any;

f. Information on automated processes where the data will, or is likely to, be the sole basis for any decision that significantly affects or will affect you;

g. The date when your personal information was last accessed and modified; and

h. Our designation, name or identity, and address.

D. Right to rectification: You have the right to dispute any inaccuracy or error in your data or information and have us correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable.

E. Right to erasure or blocking: You have the right to suspend, withdraw, or order the blocking, removal, or destruction of your data or information from our systems, under the circumstances provided by the Act.

F. Right to data portability: You have the right to obtain a copy of, and to electronically move, copy, or transfer, your data or information in a structured and commonly used format, for further use.

G. Right to damages and to file a complaint: You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your data or information, and to lodge a complaint before the National Privacy Commission, taking into account any violation of your rights as a data subject.

H. Transmissibility of rights: Your lawful heirs and assigns may invoke the foregoing rights at any time after your death or when you are incapacitated or incapable of exercising such rights.

§ 14. REVISION AND UPDATE OF PRIVACY POLICY

We may update and revise this Privacy Policy from time to time and will notify you of any material changes. This Privacy Policy was last published and updated on ________.

The notice of revision may be made in the following manners:

________

§ 15. GOVERNING LAW AND VENUE

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of the Philippines. Any dispute arising from or in connection with this Privacy Policy shall be brought exclusively before the proper courts of ________, without prejudice to your right to lodge a complaint with the National Privacy Commission.

§ 16. CONTACT AND DATA PROTECTION OFFICER

The party responsible for the processing of your data or information is: ________. The Personal Information Controller ("Us") may be contacted using the following information:

________

The Data Protection Officer is: ________, who may be contacted using the following information:

________