This Policy sets out the commitment of the Commission on Filipinos Overseas (CFO) to collect and process personal information and sensitive personal information (collectively as personal data) in accordance with the applicable laws and regulations on data privacy, including the Philippine Data Privacy Act of 2012 (DPA) and its implementing rules and regulations (DPA IRR). It explains how CFO implements that commitment, and the terms and conditions under which we collect and process personal data.
In processing personal data, we adhere to the general privacy principles of transparency, legitimate purpose, and proportionality, and such other relevant principles in the collection, processing, and retention of personal data as required by applicable law.
Also, the CFO website adheres to the Government Website Template Design (GWTD) Guidelines prescribed by the Department of Information and Communications Technology (DICT), which highlights, among others, compliance with the Data Privacy Act of 2012 (Section 2.3.5) and recognizing the importance of improving user experience (Section 3).
This privacy statement applies to cfo.gov.ph and all its affiliate websites and services that collect or process data and display these terms.
Overall, you can browse the CFO website(s) without disclosing any information about yourself. If you visit the CFO website(s) to read information, we will collect and store only information that is automatically recognized. See Section 12 for details
2.Confidentiality under Philippine Law
Information that we receive from clients, whether or not constituting personal data, are generally protected as privileged communications, and covered by our responsibility to our clients to keep that information confidential. We diligently observe this professional obligation. We note that local law, regulations, and authorities permit disclosure of such information under certain conditions, as when the information has become public.
3. Data Collection and Use
In accordance with the Commission on Filipinos Overseas’ mandate to protect and promote the rights and welfare of overseas Filipinos, we collect various data and information, including personal information, from various subjects using different systems. Some of this information is provided directly while other information may be provided or collected from other sources as required by our services.
We process and collect personal information for a lawful purpose connected with our functions and activities of administering Batas Pambansa 79, as amended, and other existing and relevant laws.
We collect personal information directly from clients when they:
- as a client, fill out a CFO registration form either online or in hard copy;
- register, use or avail of various CFO services.
In addition, we may be able to obtain personal data in other ways. These include where a natural or juridical person
(i) enters into an agreement with us, whether or not written, including an employment contract, sponsorship agreement or other contracts to avail of our services or service contract;
(ii) submits to us any application, form, request, notice, or some other document;
(iii) inquires after or applies for internship or employment;
(iv) becomes an employee, officer, consultant, intern, supplier or service provider;
(v) accesses, browses, visits, or uses any of our websites, platforms, social media presence, and other online presence;
(vi) participates in any of the various programs (i.e. Linkapil, Presidential Awards, MAM) that we administer; or
(vii) otherwise provides us with personal data, whether directly or through another person (i.e. human trafficking reports by either from relative or concern citizen in 1343 hotline, email and 1343 official website).
On the categories of personal data that we collect and process, this would be the data that our clients or other data subjects provide to us, such as:
- name and personal particulars such as contact details, sex, address, birthdate, education;
- government ID details;
- employment details;
- civil status;
- foreign address and visa;
- images via CCTV and other similar recording devices and processes which may be observed when visiting our offices;
- other information that was included in the CFO registration form.
We collect and process personal data to:
- Perform our duties in accordance with our mandate;
- Respond to queries, requests and complaints and improve how we interact with our clients;
- Conduct studies and researches for the purpose of statistics, reviewing, developing and improving our services;
- Reach out to clients regarding their adjustments in settling down in their host country;
- Send out regular news from the CFO through press releases, e-bulletin, among others;
- Perform other such activities permitted by law or with our clients’ consent.
Recipients of personal data that we collect include our Philippine Embassies and Consulates, hence transfer of data will be cross-border. We may also disclose information, whether intended to be kept confidential or not, upon lawful request by a governmental authority, in response to a court order, or when required by applicable law.
4. Consent and other lawful criteria for collection and processing
Where you, as our client, have provided us with your personal data through any of the interactions mentioned in Section 3, in providing or making available the personal data, you agree and consent to our collecting, using, disclosing, sharing and otherwise processing the personal data for the Purposes, and in the manner and under the terms and conditions, in this Policy.
Applicable law allows us to process your personal data in accordance with other criteria or where the data is not covered by the DPA.
5. Scope and method of collection and processing
We utilize standard manual and computerized methods and systems to file, store and process personal data. Collection and processing of personal data will be undertaken in accordance with the principles set out in this Policy and as required by law.
6. Data Protection
We fully recognize the value of your personal information particularly as it may include sensitive personal information such as your gender, government-issued IDs, etc. Appropriately, we strive to maintain the confidentiality, integrity and availability of your personal information by employing physical, technological and procedural safeguards. We undertake reasonable precautions to protect personal information in our possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
We train our employees to properly handle your information. Whenever we engage with other institutions both local and overseas, we require them to protect personal information aligned with our own security standards.
7. Data Storage
Your personal information shall be retained for as long as the purpose for which it was collected, and such other purposes that you may have consented to from time to time, remains in effect and until such time as it is no longer required nor necessary to keep your information for any other legal or regulatory purposes.
8. Rights of Data Subjects
Under the DPA, data subjects have the following rights:
- Right to object – As a data subject, you have the right to indicate your refusal to the collection and processing of your personal data unless the processing is required pursuant to a subpoena, lawful order, or as required by law.
- Right to access – Upon your request, you may be given access to your personal data that we collect and process insofar as allowed by law.
- Right to rectification – You have the right to dispute any inaccuracy or error in your personal data and may request us to immediately correct it. Upon your request, and after correction has been made, we will inform any recipient of your personal data of its inaccuracy and the subsequent rectification that was made.
The rights mentioned under this item are not applicable if personal data are processed only for legal and statutory compliance, scientific and statistical research purposes, among others. Your rights as a data subject are also subject to other limitations provided by law and whose exercise is in a reasonable and non-arbitrary manner, and with regard to rights of other parties.
9. Data Breaches
We will comply with the relevant provisions of rules and circulars on handling personal data security breaches, including notification to you or to the National Privacy Commission, where an unauthorized acquisition of sensitive personal information or information that may be used to enable identity fraud has been acquired by an unauthorized person, and is likely to give rise to a real risk of serious harm to the affected data subject. Please note that under applicable law, not all personal data breaches are notifiable
10. Disclosure Pursuant to Judicial or Government Subpoenas, Warrants or Orders
We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on us.
11. Website Analytics
When you access our websites, we may collect non-personal information such as those provided by your device which may include the IP address, operating system, browser type and version, and other machine identifiers. Google Analytics is being used to track website performance. It gathers non-personal information from the browser whenever the site is visited. This may include the computer’s Internet Protocol (IP) address, browser type, browser version, pages visited, date and time of visit, and time spent on these pages, among others. These are reported through aggregated data that in no way will identify an individualS
12. Cookies and Other Technologies
As described above, we sometimes collect anonymous information from visits to our website(s) to help us provide better service. We use the information that we collect to measure the number of visitors to the different areas of our website(s), and to help us make our website(s) more useful to visitors. This includes analyzing these logs periodically to measure the traffic through our servers, the number of pages visited and the level of demand for pages and topics of interest. The logs may be preserved indefinitely and used at any time and in any way to prevent security breaches and to ensure the integrity of the data on our servers.
We collect the anonymous information we mentioned above through the use of various technologies, one of which is called “cookies”. A cookie is an element of data that a website can send to your browser, which may then be stored on your hard drive. The following information is stored in the cookies:
- IP address
- Unique ID
- Session Token
We do not associate the information stored in a visitor’s cookie with any other personal data about that visitor. All our employees and customer care officers who have access to personal data and are associated with the processing of that data are bound and obliged to respect the confidentiality of data.
13. Links to External Websites
14. Changes to this Policy
15. Data Protection Officer
The Data Protection Officer (DPO) is the individual principally responsible for ensuring CFO’s compliance with applicable laws and regulations for the protection of data privacy and security. The DPO is responsible for the supervision and enforcement of this Policy, and the relevant contact details are as follows:Data Protection Officer Commission on Filipinos Overseas 4/F Citigold Center 1345 Quirino Highway corner Osmeña Highway Manila Contact No: +632-552-4777 Email: firstname.lastname@example.org 16. Inquiries
For any inquiry related to this Policy, please contact our Data Protection Officer through the contact details indicated above. If you have received unwanted, unsolicited e-mail sent by CFO or purporting to be sent via CFO, please forward a copy of that e-mail with your comments to our DPO for review.
All requests, demands or notices which a data subject may send or submit to us under this Policy must be in writing, should be addressed to the Data Protection Officer using the contact details above, and will be deemed duly given (i) on the date of delivery if delivered personally, (ii) on the third Business Day following the date of sending if delivered by a nationally recognized next-day courier service and the service has confirmed delivery, or (iii) if given by electronic mail, when such electronic mail is transmitted to the email address specified above and the appropriate confirmation has been received by the sender via email.
Effective 11 July 2018