The National Privacy Commission is the country’s privacy watchdog; an

independent body mandated to administer and implement the Data Privacy

Act of 2012, and to monitor and ensure compliance of the country with
international standards set for data protection.

THE VISION
A world-class regulatory and enforcement agency upholding the right to privacy
and data protection while ensuring the free flow of information, committed to
excellence, driven by a workforce that is highly competent, future-oriented, and
ethical, towards a competitive, knowledge-based, and innovative nation.

THE MISSION
We shall continuously deliver services to:

(1) Be the authority on data privacy and protection, providing knowledge, know-
how, and relevant technology.

(2) Establish a regulatory environment that ensures accountability in the

processing of personal data and promotes global standards for data privacy and
protection.

(3) Build a culture of privacy, through people empowerment, that enables and
upholds the right to privacy and supports free flow of information.

NPC Privacy Policy

Statement of Policy

The NPC is committed to protect and respect your personal data privacy. We are at
the forefront of not only implementing but complying with the Data Privacy Act of
2012.

We will provide individuals a Personal Information Collection Statement in an

appropriate format and manner whenever we collect personal data from them (i.e. in
the manual form or web page that collects personal data, or in a notice posted at the
reception area of NPC events where participants’ personal data is collected through
attendance sheets).
NPC’s Privacy Notice
For processing inquiries and requests

Personal Data Collected

We collect the following personal information from you when you manually or
electronically submit to us your inquiries or requests:

 Name
 Contact information, preferably email

The NPC uses WP Statistics, a third-party service to analyze the web traffic data for
us. This service does not use cookies. Data generated is not shared with any other
party. The following web traffic data are analyzed:

 Your IP address
 The search terms you used
 The pages and internal links accessed on our site
 The date and time you visited the site
 Geolocation
 The referring site or platform (if any) through which you clicked through to this site
 Your operating system
 Web browser type

Use
The collected personal information is utilized solely for documentation and processing
purposes within the NPC and is not shared with any outside parties. They enable the
NPC to properly address the inquiries and requests, forward them to appropriate
internal units for action and response, and provide clients with appropriate updates
and advisories in a legitimate format and in an orderly and timely manner.

Protection Measures
Only authorized NPC personnel has access to these personal information, the
exchange of which will be facilitated through email and hard copy. They will be stored
in a database for two years (after inquiries, requests are acted upon) after which
physical records shall be disposed of through shredding, while digital files shall be
anonymized.

Access and Correction

You have the right to ask for a copy of any personal information we hold about you, as
well as to ask for it to be corrected if you think it is wrong. To do so, please contact
our Data Protection Officer, Mr. Jonathan Ragsag, through the following email
address: dpo@privacy.gov.ph.

The Data Privacy Act of 2012

…is a 21st century law to address 21st century crimes and concerns. It (1) protects
the privacy of individuals while ensuring free flow of information to promote
innovation and growth; (2) regulates the collection, recording, organization, storage,
updating or modification, retrieval, consultation, use, consolidation, blocking, erasure
or destruction of personal data; and (3) ensures that the Philippines complies with
international standards set for data protection through National Privacy Commission
(NPC).
 The National Privacy Commission protects individual personal
information and upholds the right to privacy by regulating the
processing of personal information.

What is RA 10173?

RA 10173, or the Data Privacy Act, protects individuals from unauthorized processing of personal
information that is (1) private, not publicly available; and (2) identifiable, where the identity of the
individual is apparent either through direct attribution or when put together with other available
information.

What does this entail?

First, all personal information must be collected for reasons that are specified, legitimate, and
reasonable. In other words, customers must opt in for their data to be used for specific reasons that
are transparent and legal.

Second, personal information must be handled properly. Information must be kept accurate and
relevant, used only for the stated purposes, and retained only for as long as reasonably needed.
Customers must be active in ensuring that other, unauthorized parties do not have access to their
customers’ information.

Third, personal information must be discarded in a way that does not make it visible and accessible to
unauthorized third parties.

Unauthorized processing, negligent handling, or improper disposal of personal information is

punishable with up to six (6) years in prison or up to five million pesos (PHP 5,000,000) depending on
the nature and degree of the violation.