What is the Data Privacy Act of 2012?
Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), aims to protect your personal data while ensuring free flow of information for innovation, growth, and national development.
When was the DPA enforced?
The DPA took effect on August 15, 2012,and its Implementing Rules and Regulations (IRR) took effect on September 10, 2016.
What is personal data?
"Personal data" refers to any information that somebody can use to identify you. (i.e. cellphone number, home address, employer details, etc.)
is sensitive personal information?
Sensitive personal information is information about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations. It also includes information about his health, education, genetic or sexual life of a person, or any proceeding for any offense committed involving such individual. It also applies to numbers or Identification Numbers (IDs) issued by government agencies like social security numbers, previous or current health records and tax returns.
What is data sharing?
"Data sharing" is the disclosure or transfer to a third party of personal data under the custody of a personal information controller or personal information processor. In the case of the latter, such disclosure or transfer must have been upon the instructions of the personal information controller concerned.
What is processing of personal information?
"Processing" is any action done to or with personal data including the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. Processing may be performed through automated means, or manual processing.
What is a data subject?
"Data subject" is the individual who owns the personal data or information that is processed.
What are the rights of the data subject?
The data subject is entitled to the following rights:
- Right to be informed. The data subject has a right to be informed when his personal data is to be processed.
- Right to object. The data subject shall have the right to object to the processing of his personal data. If there will be changes to how the data will be processed, the data subject will be informed and given the right to object.
- Right to Access. The data subject has the right to reasonable access to his personal data. Measures are taken to verify the identity of the data subject before giving access to his personal data is given.
- Right to correct. The data subject has the right to identify errors in the personal data and have the personal information controller correct it immediately unless the request is unreasonable.
- Right to Erasure or Blocking. The data subject shall have the right to suspend, withdraw or order the blocking, removal or destruction of his or her personal data from the personal information controller’s filing system.
- Right to damages. The data subject shall be - indemnified for damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data.
What can the company do with your consent?
We collect, use, process and analyze your personal information to deliver the services you signed up for, and to improve our products and services.
What happens if the data subject does not give his consent?
Your information may still be processed for purposes of service delivery, billing, and the like but you will not recieve advertising and promotions from Cignal, its partners and affiliates, loyalty rewards, raffle notices, and other promos.
Can the data subject withdraw his consent?
Subscriber may request for the suspension, withdrawal, blocking, removal, and destruction of Personal Information from processing systems.
Can the data subject request access to his personal data?
Yes. You may request for your Personal Data by emailing email@example.com.
How does the company protect personal data?
Data security is of utmost importance. Organizational, physical, and technical measures are taken to ensure the security and confidentiality of your personal data. In the event that data is disclosed to third party partners, agents and service providers, equivalent or higher standards in the handling of the data provided them are maintained.
What security measures ensure that personal data is kept secure by other parties when it is disclosed?
Access to personal data is not given beyond what is required to render the service. A variety of tools are used, including data encryption and data loss prevention software, to securely transmit and process your data.
How long does the company keep personal data?
For Individuals with Active Subscriptions, personal data is kept for as long as required by the service. Else, data is kept for no longer than 10 years.