Book a demo Log in / Sign up

Company Privacy Notice Template for the Philippines

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Company Privacy Notice?

The Company Privacy Notice is a mandatory document under the Philippines Data Privacy Act of 2012, required for organizations that collect and process personal data. It serves as a primary mechanism for transparency and compliance with data protection regulations in the Philippines. The notice must be provided to data subjects (including customers, employees, and other stakeholders) before or at the time of data collection, detailing how their personal information will be handled. This document is essential for establishing trust with stakeholders while demonstrating compliance with regulatory requirements, including those set by the National Privacy Commission. It should be regularly reviewed and updated to reflect changes in data processing activities or regulatory requirements.

Frequently Asked Questions

Is a company privacy notice legally required in the Philippines?

Yes, under the Data Privacy Act of 2012 (Republic Act No. 10173), all organizations that collect, process, or store personal data must provide a privacy notice to data subjects. The National Privacy Commission enforces this requirement, and failure to comply can result in fines ranging from PHP 500,000 to PHP 5 million for violations.

Can I be penalized for not having a proper privacy notice in the Philippines?

Yes, the National Privacy Commission can impose administrative fines and sanctions for non-compliance with privacy notice requirements. Penalties range from PHP 500,000 to PHP 5 million depending on the severity of the violation, and repeat offenders face higher fines.

How is a company privacy notice different from data processing agreements in the Philippines?

A privacy notice is a public-facing document that informs data subjects about how their personal data will be handled, while data processing agreements are contracts between data controllers and processors governing data handling responsibilities. Both are required under the Data Privacy Act but serve different compliance purposes.

How long does it typically take to prepare a compliant privacy notice in the Philippines?

Creating a comprehensive privacy notice usually takes 2-4 weeks, depending on your business complexity and data processing activities. This includes drafting the notice, legal review for NPC compliance, stakeholder approval, and implementation across all customer touchpoints.

Which specific elements must be included in a Philippines privacy notice under the DPA?

The Data Privacy Act requires disclosure of: identity of data controller, purposes of processing, categories of personal data collected, recipients of data, retention periods, data subject rights, and contact details for privacy concerns. The notice must also explain the legal basis for processing and any international data transfers.

Can employees in the Philippines refuse to accept our company privacy notice?

Employees cannot refuse a legitimate privacy notice for necessary employment processing, but they can object to non-essential data processing activities. Under the Data Privacy Act, employees have rights to access, correct, and in some cases, request deletion of their personal data even after accepting the notice.

Common mistakes companies make with privacy notices in the Philippines?

Frequent errors include using generic templates not tailored to Philippines law, failing to specify data retention periods, omitting mandatory data subject rights information, and not updating notices when processing activities change. Many companies also forget to obtain proper consent before collecting sensitive personal information.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

Philippines

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Notice

Sector

Business

Cost

Free to use

Last updated

About the Company Privacy Notice

A Company Privacy Notice is your organization's formal declaration of how you handle personal data, required by law under the Philippines Data Privacy Act of 2012. This document serves as the foundation of your data protection compliance program, ensuring transparency with data subjects while meeting regulatory obligations set by the National Privacy Commission.

When do you need this document?

You must provide a privacy notice before or at the time you collect personal data from any individual. This applies when onboarding new employees, collecting customer information for purchases or services, gathering visitor data through your website, or processing personal information for marketing purposes. The notice is also required when engaging third-party processors, updating your data collection practices, or expanding business operations that involve personal data. If you operate without a compliant privacy notice, you risk regulatory penalties and loss of stakeholder trust.

Key legal considerations

Your privacy notice must clearly identify your organization as the data controller and specify your Data Protection Officer contact details. You need to comprehensively list all categories of personal data you collect, from basic contact information to sensitive data like financial records or biometric information. The document must explain your lawful basis for processing under the Data Privacy Act, whether for legitimate business interests, contractual necessity, or explicit consent. Include detailed information about data retention periods, security measures, and data subject rights including access, correction, and deletion. Address international data transfers if applicable, ensuring adequate protection levels. The notice should also outline complaint procedures and your commitment to data breach notification protocols.

Legal requirements in Philippines

The Data Privacy Act of 2012 and its Implementing Rules and Regulations establish strict requirements for privacy notices in the Philippines. Your notice must be written in clear, plain language that data subjects can easily understand, avoiding legal jargon or technical terms. The National Privacy Commission requires specific disclosures about automated decision-making processes and profiling activities if applicable to your operations. You must provide the notice in appropriate languages based on your target audience and ensure accessibility for persons with disabilities. The document should reference relevant National Privacy Commission circulars and advisory opinions that apply to your industry. Regular updates are mandatory when you change data processing purposes, introduce new technologies, or modify third-party relationships. Failure to maintain an adequate privacy notice can result in administrative fines, cease and desist orders, and reputational damage under NPC enforcement actions.

GOVERNING LAW

Applicable law

This Company Privacy Notice is drafted to comply with Philippines law. Key legislation includes:

Data Privacy Act of 2012 (Republic Act No. 10173): The primary legislation governing personal data protection in the Philippines, establishing the framework for data privacy compliance and creating the National Privacy Commission
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed regulations that provide specific requirements and guidelines for implementing the Data Privacy Act, including requirements for privacy notices
National Privacy Commission Circulars and Advisory Opinions: Various circulars and opinions issued by the NPC that provide additional guidance on specific aspects of data privacy compliance
Electronic Commerce Act of 2000 (Republic Act No. 8792): Legislation governing electronic data messages and electronic documents, relevant for online privacy notices and digital data collection
Cybercrime Prevention Act of 2012 (Republic Act No. 10175): Law addressing cybercrime and data security, relevant for sections dealing with data security measures and breach notifications
Consumer Act of the Philippines (Republic Act No. 7394): General consumer protection law that includes provisions relevant to the handling of consumer information and transparency requirements
NPC Circular No. 16-01 on Security of Personal Data in Government Agencies: While primarily for government agencies, provides good practice guidelines that private companies often reference for data security measures
NPC Privacy Policy Office Advisory No. 2017-003: Guidelines on privacy impact assessments, relevant for explaining risk assessment approaches in privacy notices

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it