Book a demo Log in / Sign up

Employee Privacy Notice Template for the Philippines

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Employee Privacy Notice?

The Employee Privacy Notice is a crucial document required under the Philippines Data Privacy Act of 2012 and its Implementing Rules and Regulations. It must be provided to employees, job applicants, and contractors to inform them about how their personal data is collected, processed, and protected by the organization. This document is essential for establishing transparency in data processing activities and ensuring compliance with Philippine privacy laws. Organizations must implement this notice before collecting any employee data and update it whenever there are significant changes to data processing practices. The notice serves as a fundamental tool for maintaining trust between employers and employees while demonstrating compliance with data protection regulations.

Frequently Asked Questions

Is an Employee Privacy Notice legally required in the Philippines?

Yes, under Republic Act No. 10173 (Data Privacy Act of 2012), employers in the Philippines are legally required to provide an Employee Privacy Notice to all employees, job applicants, and contractors before collecting their personal data. This notice must inform individuals about how their personal information will be collected, processed, stored, and protected. Failure to provide this notice can result in penalties from the National Privacy Commission.

Can I be fined if my company doesn't have an Employee Privacy Notice in the Philippines?

Yes, the National Privacy Commission can impose penalties ranging from PHP 500,000 to PHP 5,000,000 for violations of the Data Privacy Act, including failure to provide proper privacy notices. Additionally, your company may face imprisonment of up to 6 years and be subject to civil lawsuits from affected employees. The lack of a privacy notice is considered a serious compliance violation under Philippine law.

How is an Employee Privacy Notice different from a Data Processing Agreement in the Philippines?

An Employee Privacy Notice is a disclosure document that informs employees about data collection practices, while a Data Processing Agreement is a contract between a company and third-party processors handling employee data. The privacy notice is given to data subjects (employees), whereas the processing agreement is between business entities. Both are required under Republic Act No. 10173 but serve different compliance purposes.

How long does it typically take to prepare an Employee Privacy Notice for Philippine companies?

For most Philippine companies, creating an Employee Privacy Notice takes 2-4 weeks with legal assistance, or 1-2 weeks using a template. The timeline depends on the complexity of your data processing activities, number of third-party vendors, and internal review processes. Companies with extensive HR systems or international data transfers may need 4-6 weeks to ensure comprehensive coverage of all data processing activities.

Must I update my Employee Privacy Notice when changing HR software or payroll systems?

Yes, under the Data Privacy Act of 2012, you must update your Employee Privacy Notice whenever there are material changes to how you collect, process, or share employee data. This includes implementing new HR software, changing payroll providers, or adding third-party background check services. The National Privacy Commission requires that employees be notified of these changes promptly and given updated privacy notices.

Which employee information requires special disclosure in Philippine privacy notices?

Under Republic Act No. 10173, sensitive personal information such as health records, government ID numbers, biometric data, and financial information requires special disclosure in your privacy notice. You must specify the lawful basis for processing this sensitive data, additional security measures, and retention periods. Regular personal data like names and contact information has different disclosure requirements under the law.

Can foreign employees in the Philippines request their data be deleted from company records?

Yes, all employees in the Philippines, including foreign workers, have the right to request erasure of their personal data under the Data Privacy Act. However, companies can refuse if they have legitimate business interests, legal obligations, or need the data for employment compliance. Your Employee Privacy Notice must explain these rights and the process for making such requests to the company's Data Protection Officer.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

Philippines

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Policy

Sector

Business

Cost

Free to use

Last updated

About the Employee Privacy Notice

An Employee Privacy Notice is a fundamental legal document that organizations in the Philippines must provide to inform workers about personal data processing practices. Under the Data Privacy Act of 2012, you are required to clearly communicate how you collect, use, store, and protect employee personal information before any data processing begins.

When do you need this document?

You must implement an Employee Privacy Notice when hiring new employees, engaging contractors, or collecting personal data from job applicants. The notice is also required when introducing new data processing activities, implementing employee monitoring systems, or transferring personal data to third parties. If you're conducting background checks, processing biometric data, or maintaining employee health records, this notice becomes essential for legal compliance. The document must be updated whenever you make significant changes to your data processing practices or introduce new technologies that affect employee privacy.

Key legal considerations

Your Employee Privacy Notice must clearly identify the types of personal and sensitive personal information you collect, including basic employee details, employment history, financial information, and any biometric or health data. The document should specify the lawful basis for processing under the Data Privacy Act, whether it's legitimate interest, contractual necessity, or legal compliance. You must outline data retention periods, explain employee rights including access, rectification, and deletion, and provide details about data sharing with third parties. The notice should also include information about your Data Protection Officer, security measures in place, and procedures for filing complaints with the National Privacy Commission.

Legal requirements in Philippines

Under Republic Act No. 10173 and its Implementing Rules and Regulations, you must provide the Employee Privacy Notice in a clear, understandable format using plain language that employees can easily comprehend. The notice must be given at or before the point of data collection and should be accessible to all affected individuals, including those with disabilities. Philippine law requires that you obtain appropriate consent for sensitive personal information processing and maintain records of when and how the notice was provided. The National Privacy Commission mandates that the notice includes your organization's contact details, the purpose and legal basis for processing, and information about international data transfers if applicable. Failure to provide adequate privacy notices can result in penalties ranging from PHP 500,000 to PHP 5,000,000 depending on the severity of the violation.

GOVERNING LAW

Applicable law

This Employee Privacy Notice is drafted to comply with Philippines law. Key legislation includes:

Republic Act No. 10173 (Data Privacy Act of 2012): The primary law governing personal data protection in the Philippines, establishing rules for processing of personal and sensitive information, rights of data subjects, and obligations of personal information controllers and processors.
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed regulations that provide specific guidelines on how to implement the Data Privacy Act, including requirements for privacy notices and consent mechanisms.
1987 Philippine Constitution (Article III, Section 3): Constitutional provision protecting the privacy of communication and correspondence, which forms the fundamental basis for privacy rights in the Philippines.
Labor Code of the Philippines (Presidential Decree No. 442): Contains provisions relating to employee records, confidentiality of employment information, and general employment rights that may affect data privacy.
NPC Circular No. 16-01: National Privacy Commission guidelines on security of personal data in government agencies, which can serve as best practice guidelines for private sector.
NPC Advisory No. 2017-01: Guidelines on data sharing agreements involving government agencies, providing insights on proper handling of employee data sharing.
Republic Act No. 8792 (Electronic Commerce Act): Relevant for electronic processing and storage of employee data, including provisions on electronic documents and signatures.
Civil Code of the Philippines: Contains general provisions on privacy rights and personality rights that may affect employee privacy.

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it