Book a demo Log in / Sign up

Privacy Notice Form Template for the Philippines

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Privacy Notice Form?

The Privacy Notice Form is a fundamental document required by the Data Privacy Act of 2012 in the Philippines, essential for any organization that collects, processes, or stores personal information. This document must be provided to data subjects before or at the time of data collection, clearly explaining the organization's data handling practices. The Privacy Notice Form serves multiple purposes: it ensures compliance with Philippine privacy laws, builds trust with data subjects, and provides a clear framework for internal data handling procedures. Organizations must update this document whenever there are significant changes to their data processing activities and ensure it remains accessible to all data subjects. The document should be written in clear, simple language while covering all legally required elements, including data subject rights, security measures, and contact information for privacy-related concerns.

Frequently Asked Questions

Is a Privacy Notice Form legally required under Philippine law?

Yes, Privacy Notice Forms are mandatory under the Data Privacy Act of 2012 (Republic Act 10173) and its Implementing Rules and Regulations. All organizations that collect, process, or store personal information in the Philippines must provide clear privacy notices to data subjects before or at the time of data collection.

Can I be penalized for not having a proper Privacy Notice Form in the Philippines?

Yes, the National Privacy Commission can impose administrative fines ranging from PHP 500,000 to PHP 5,000,000 for violations of privacy notice requirements. Criminal penalties under the Data Privacy Act can also apply, including imprisonment and additional fines for serious breaches.

How specific must my Privacy Notice Form be under Philippine data privacy law?

Your Privacy Notice must include specific mandatory elements: identity of the data controller, purposes of processing, categories of personal data collected, recipients of data, retention period, and data subject rights. Generic or vague language that doesn't clearly explain your actual data practices violates the Data Privacy Act.

How is a Privacy Notice Form different from a Data Privacy Agreement in the Philippines?

A Privacy Notice is a one-way disclosure document required by law that informs data subjects about data processing practices. A Data Privacy Agreement is a bilateral contract between parties that establishes specific terms for data sharing or processing arrangements between organizations.

How long does it typically take to prepare a compliant Privacy Notice Form for Philippine businesses?

A basic Privacy Notice can be drafted in 2-3 days for simple operations, but comprehensive notices for complex businesses may take 1-2 weeks. This includes reviewing data flows, consulting stakeholders, ensuring NPC compliance, and obtaining necessary approvals before implementation.

Can I use the same Privacy Notice Form for all my business activities in the Philippines?

No, you need separate or customized privacy notices for different data collection contexts (website, mobile app, employment, customer service, etc.). Each notice must accurately reflect the specific personal data collected and processing purposes for that particular activity or service.

Should I update my Privacy Notice Form when Philippine privacy regulations change?

Yes, you must update your Privacy Notice whenever there are changes to data processing practices, legal requirements, or National Privacy Commission guidelines. Regular reviews are recommended, and data subjects must be notified of material changes to ensure continued compliance with the Data Privacy Act.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

Philippines

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Notice

Sector

Business

Cost

Free to use

Last updated

About the Privacy Notice Form

A Privacy Notice Form is your organization's legal declaration of how you collect, use, and protect personal data under Philippine law. This document is not optional—the Data Privacy Act of 2012 mandates that you provide clear, comprehensive information to individuals before collecting their personal information. Your privacy notice serves as the foundation of trust between your organization and data subjects, demonstrating your commitment to responsible data handling.

When do you need this document?

You must provide a Privacy Notice Form whenever your organization collects personal data from individuals in the Philippines. This includes situations such as employee onboarding, customer registration, website data collection through cookies, marketing campaigns, and service delivery that involves personal information processing. Healthcare providers need this form when collecting patient information, while financial institutions require it for account openings and loan applications. Educational institutions must use privacy notices for student records, and e-commerce businesses need them for online transactions and customer profiles.

Key legal considerations

Your Privacy Notice Form must clearly identify the types of personal data you collect, distinguishing between ordinary personal information and sensitive personal information as defined by the Data Privacy Act. You must specify the purposes for data collection and processing, ensuring these align with your actual business practices. The notice should outline data subject rights, including access, correction, erasure, and portability rights. You must disclose any third-party sharing arrangements and international data transfers. Security measures should be described to assure data subjects of protection protocols. The form must include contact information for your Data Protection Officer and procedures for filing complaints with the National Privacy Commission.

Legal requirements in Philippines

Under Republic Act 10173 and its implementing regulations, your Privacy Notice Form must comply with specific content requirements. The notice must be written in Filipino or English, using clear and simple language that ordinary individuals can understand. You must identify the legal basis for processing under the Data Privacy Act, whether it's consent, legitimate interest, legal obligation, or another recognized ground. The form should specify data retention periods and deletion procedures when the purpose for processing is fulfilled. For sensitive personal information, you must obtain explicit consent and provide additional safeguards. NPC Circular No. 16-01 requires disclosure of security measures implemented to protect personal data. The notice must be easily accessible and provided in a format that allows data subjects to store and reproduce the information for their records.

GOVERNING LAW

Applicable law

This Privacy Notice Form is drafted to comply with Philippines law. Key legislation includes:

Data Privacy Act of 2012 (Republic Act 10173): The primary legislation governing the protection of personal information in the Philippines, establishing requirements for processing personal data and mandatory content for privacy notices
Implementing Rules and Regulations of the Data Privacy Act of 2012: Detailed regulations that implement the Data Privacy Act, providing specific requirements for privacy notices, consent mechanisms, and data protection measures
NPC Circular No. 16-01: Guidelines on Security of Personal Data in Compliance with the Data Privacy Act, providing requirements for security measures that should be mentioned in privacy notices
Consumer Act of the Philippines (Republic Act 7394): Contains provisions about consumer rights to information and disclosure requirements that may affect privacy notice content
E-Commerce Act of 2000 (Republic Act 8792): Relevant for online privacy notices, covering electronic data messages, electronic documents, and electronic signatures
NPC Advisory No. 2017-03: Guidelines on privacy impact assessments, which influence the content and scope of privacy notices

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it