Book a demo Log in / Sign up

Privacy Agreement Template for the Philippines

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Privacy Agreement?

This Privacy Agreement is essential for organizations operating in the Philippines that collect, process, or store personal information of individuals. It serves as a crucial compliance document under the Data Privacy Act of 2012 and its Implementing Rules and Regulations. The agreement should be implemented when establishing new data processing relationships or updating existing privacy practices to ensure compliance with Philippine privacy laws. It covers key aspects such as consent mechanisms, data subject rights, security measures, breach notification procedures, and data retention policies. The Privacy Agreement is particularly important given the increasing focus on data protection by the National Privacy Commission and the potential penalties for non-compliance with Philippine privacy regulations. This document helps organizations demonstrate their commitment to protecting personal information while maintaining transparency in their data processing activities.

Frequently Asked Questions

Is a Privacy Agreement legally required under Philippines Data Privacy Act?

Yes, Privacy Agreements are legally required under Republic Act No. 10173 (Data Privacy Act of 2012) for organizations collecting personal data. The National Privacy Commission mandates that data controllers must obtain proper consent and clearly communicate data processing activities to data subjects. Non-compliance can result in penalties ranging from PHP 500,000 to PHP 5,000,000.

Can the National Privacy Commission fine my company for missing Privacy Agreement?

Yes, the National Privacy Commission can impose significant penalties for non-compliance with data privacy requirements, including missing or inadequate Privacy Agreements. Fines range from PHP 500,000 to PHP 5,000,000 depending on the violation severity. The NPC also has authority to issue cease and desist orders and may pursue criminal charges for willful violations.

How does a Privacy Agreement differ from a Privacy Policy in Philippines law?

A Privacy Agreement is a bilateral contract requiring active consent from data subjects, while a Privacy Policy is typically a unilateral statement posted publicly. Under the Data Privacy Act, Privacy Agreements are used for specific data processing activities requiring explicit consent, whereas Privacy Policies inform about general data handling practices. Both documents must comply with NPC regulations but serve different legal purposes.

Must Privacy Agreements include specific data subject rights under Philippines law?

Yes, Privacy Agreements must clearly outline all data subject rights guaranteed under the Data Privacy Act, including rights to access, rectification, erasure, data portability, and objection to processing. The agreement must also specify how data subjects can exercise these rights and provide contact information for the Data Protection Officer if required. Failure to include these provisions violates NPC implementing rules.

How long does it typically take to prepare a Privacy Agreement for Philippines compliance?

A basic Privacy Agreement using templates can be prepared in 1-3 days, while custom agreements for complex organizations may take 2-4 weeks. The timeline depends on your data processing activities, cross-border transfers, and whether you need NPC registration as a Personal Information Controller. Legal review and stakeholder approval can add additional time to the process.

Can I use international Privacy Agreement templates for Philippines businesses?

International templates must be significantly modified to comply with Philippines Data Privacy Act requirements and NPC implementing rules. The agreement must reference specific Philippine laws, include mandated data subject rights, and align with local consent mechanisms. Using unmodified foreign templates may result in non-compliance and potential NPC penalties.

What mistakes do companies commonly make with Privacy Agreements in the Philippines?

Common mistakes include using generic consent language instead of specific, informed consent required by the Data Privacy Act, failing to include mandatory data subject rights, and not updating agreements for cross-border data transfers. Many companies also forget to register with the NPC as Personal Information Controllers when required, or fail to appoint Data Protection Officers for qualifying organizations.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

Philippines

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Policy

Sector

Business

Cost

Free to use

Last updated

About the Privacy Agreement

A Privacy Agreement is a fundamental legal document that governs how personal information is collected, processed, and protected in the Philippines. Under the Data Privacy Act of 2012, this agreement serves as the cornerstone of compliance for any organization handling personal data, establishing clear boundaries and responsibilities between data controllers, processors, and data subjects.

When do you need this document?

You need a Privacy Agreement whenever your organization collects, processes, or stores personal information of individuals in the Philippines. This includes situations such as customer onboarding, employee data management, vendor relationships involving data sharing, or any business activity that involves personal data processing. The agreement is particularly crucial when establishing new data processing relationships, updating existing privacy practices, or expanding business operations that involve personal data. Given the National Privacy Commission's active enforcement of privacy regulations, having a comprehensive Privacy Agreement is essential for demonstrating compliance and avoiding potential penalties.

Key legal considerations

Your Privacy Agreement must include several critical elements to ensure legal compliance. The document must clearly define the parties involved, specify the types of personal data being collected, and outline the specific purposes for processing. Consent provisions are particularly important, as the Data Privacy Act requires clear, informed, and freely given consent for most data processing activities. The agreement should address data subject rights, including access, rectification, erasure, and portability rights. Security measures and breach notification procedures must be detailed, along with data retention policies and cross-border transfer restrictions. Additionally, the agreement should specify the roles and responsibilities of Data Protection Officers where required, and include provisions for third-party data processors.

Legal requirements in Philippines

Under Philippine law, your Privacy Agreement must comply with the Data Privacy Act of 2012 and its Implementing Rules and Regulations. The agreement must align with NPC Circular No. 16-01 regarding Data Protection Officer requirements when applicable. Key legal requirements include obtaining explicit consent before processing personal data, implementing appropriate security measures to protect personal information, and establishing procedures for handling data subject requests. The agreement must also address the legal bases for data processing beyond consent, such as legitimate interests or legal obligations. For organizations processing sensitive personal information, additional safeguards and stricter consent requirements apply. The document must include provisions for data breach notification to both the National Privacy Commission and affected data subjects within prescribed timeframes. Cross-border data transfers require specific legal mechanisms and safeguards as outlined in the implementing regulations.

GOVERNING LAW

Applicable law

This Privacy Agreement is drafted to comply with Philippines law. Key legislation includes:

Data Privacy Act of 2012 (Republic Act No. 10173): The primary legislation governing personal data protection in the Philippines, establishing the framework for data privacy compliance, data subject rights, and obligations of personal information controllers and processors.
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed regulations that implement the Data Privacy Act, providing specific requirements for compliance, security measures, and data protection procedures.
NPC Circular No. 16-01: Guidelines for data protection officers, providing requirements for the appointment and responsibilities of DPOs in organizations.
The 1987 Constitution of the Philippines, Article III, Section 3: Constitutional provision protecting the privacy of communication and correspondence, serving as the fundamental basis for privacy rights.
Electronic Commerce Act of 2000 (Republic Act No. 8792): Relevant for privacy agreements involving online transactions or electronic data collection, covering aspects of electronic data messages and privacy in electronic commerce.
NPC Circular No. 2020-03: Guidelines on personal data breach notification, relevant for including breach notification procedures in privacy agreements.
Consumer Act of the Philippines (Republic Act No. 7394): Provisions relating to consumer rights and privacy, particularly relevant if the privacy agreement involves consumer transactions.

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it