The Data Protection Policy and Privacy Notice is essential for organizations operating in the Philippines that collect, process, or store personal information. This document is required under the Data Privacy Act of 2012 (RA 10173) and must be maintained by all personal information controllers and processors. It serves multiple purposes: ensuring compliance with Philippine data protection laws, establishing transparent data handling practices, protecting data subjects' rights, and demonstrating the organization's commitment to privacy protection. The document should be regularly reviewed and updated to reflect changes in data processing activities, regulatory requirements, or organizational practices. It is particularly crucial in today's digital environment where data processing is integral to business operations and customer relationships.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your data doesn't train Genie's AI
You keep IP ownership of your docs
Alternatively...
1. Introduction: Overview of the policy's purpose and scope, including the organization's commitment to data protection
2. Definitions: Clear explanations of technical terms and concepts used throughout the policy
3. Scope and Application: Details of who the policy applies to and what types of data processing it covers
4. Data Protection Principles: Core principles governing the collection and processing of personal data
5. Types of Personal Data Collected: Comprehensive list of personal data categories collected and processed
6. Purposes of Processing: Detailed explanation of why personal data is collected and how it will be used
7. Legal Basis for Processing: Legal grounds under the Data Privacy Act for processing personal data
8. Data Subject Rights: Enumeration and explanation of all rights granted to data subjects under the law
9. Data Protection Measures: Security measures implemented to protect personal data
10. Data Retention and Disposal: Policies on how long data is kept and how it is safely disposed
11. Data Breach Procedures: Protocols for handling and reporting data breaches
12. Contact Information: Details of the Data Protection Officer and how to raise privacy concerns
1. International Data Transfers: Required if personal data is transferred outside the Philippines
2. Automated Decision Making: Needed if the organization uses automated processing to make decisions about individuals
3. Cookie Policy: Required for organizations with websites using cookies or similar tracking technologies
4. Children's Privacy: Necessary if the organization collects data from minors
5. Employee Data Processing: Required for organizations processing employee personal data
6. CCTV and Surveillance: Needed if the organization uses surveillance systems
7. Direct Marketing: Required if personal data is used for marketing purposes
8. Third-Party Processing: Necessary when external processors handle personal data
1. Schedule 1 - Data Processing Register: Detailed inventory of data processing activities
2. Schedule 2 - Technical Security Measures: Specific security protocols and measures implemented
3. Schedule 3 - Data Subject Request Forms: Standard forms for exercising data subject rights
4. Schedule 4 - Data Breach Response Plan: Detailed procedures for managing data breaches
5. Schedule 5 - Consent Forms: Template consent forms for different types of data processing
6. Appendix A - Privacy Impact Assessment Template: Standard form for conducting privacy impact assessments
7. Appendix B - Data Protection Training Program: Overview of staff training requirements and materials
8. Appendix C - Third-Party Processor Requirements: Standards and requirements for external data processors
Authors
Find the document you need
Data Privacy Notice
A legally mandated document under Philippine law (RA 10173) that explains how an organization handles and protects personal data.
Download
Short Privacy Notice
A concise privacy notice that complies with Philippines' Data Privacy Act requirements, explaining an organization's data collection and processing practices.
Download
Privacy Notice Form
A legally required document under Philippine law that explains how an organization handles personal data and protects privacy rights.
Download
Data Protection Policy And Privacy Notice
A comprehensive data protection and privacy policy document compliant with Philippine data privacy laws (RA 10173), outlining personal data handling practices and subject rights.
Download
External Privacy Notice
A mandatory privacy notice compliant with Philippine data protection laws that explains how an organization handles personal information.
Download
Data Collection Notice
A Philippine-compliant notice detailing how personal data is collected and processed, adhering to the Data Privacy Act of 2012.
Download
Data Privacy Notice And Consent Form
A Philippine-law compliant document that provides privacy information to individuals and obtains their consent for personal data processing activities.
Download
Company Privacy Notice
A privacy notice outlining a company's personal data handling practices in compliance with Philippine privacy laws.
Download
Website Privacy Notice
A legal document outlining website data collection and privacy practices in compliance with Philippine Data Privacy Act requirements.
Download
Employee Privacy Notice
A Philippine law-compliant privacy notice detailing how organizations handle employee personal data under the Data Privacy Act of 2012.
Download
Genie’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your data is private:
We do not train on your data; Genie’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it
