OPC Privacy Policy
I. Introduction
This Privacy Policy explains how the OPC collects, uses, shares and safeguards Personal Data and Non-Personal Data on facebook.com/OnePiyuCommunity, facebook.com/groups/onepiyucommunity, mobile websites, microsites, mobile applications, OPC profiles on OPC social media sites and any other digital services and platforms officially operated or used by the OPC from time to time (“Sites”), as well as by phone or by paper.
II. Changes to the Privacy Policy
As the OPC, its membership, services change from time to time, this Privacy Policy is expected to change as well. We reserve the right to amend the Privacy Policy at any time, for any reason. The date of the last revision to the Privacy Policy will be indicated by the "Effective Date" at the bottom of this page.
III. Types of Data We Collect
Personal Data
We collect information that enables the OPC to identify or contact you (“Personal Data”) to carry out its purposes. OPC Sites collect this information for a variety of reasons, including but not limited to, applying for membership, or otherwise interacting with the OPC.
The types of Personal Data we collect include, but are not limited to:
General data (e.g., names, email addresses, mobile/landline business/personal telephone numbers that are provided by our members)
Non-Personal Data
We collect information that does not directly identify you as you interact with our Sites (“Non-Personal Data”). The types of Non-Personal Data we collect includes, but is not limited to:
Site usage (e.g., date/time stamp, time on Site)
Your industry and business (e.g., company location, job functions and seniority levels)
IV. How We Use Your Data
In addition to the uses described above, we use your Personal Data, sometimes combined with Non-Personal Data, in a variety of ways including, but not limited to the below, in order to:
Personal Data
Identify you when you visit our Sites
Provide communications such as messages
Respond to your messages
Non-Personal Data
We use Non-Personal Data to improve the usability of our Sites and for other reasons.
V. How We Share Your Data
We share your Personal Data, sometimes combined with Non-Personal Data, in a variety of ways including, but not limited to the below:
Share data with third parties to fulfill service requests and to perform functions.
Share data with third parties as required by law or to protect the OPC in the good-faith belief that such action is necessary to: (a) conform to legal requirements or comply with legal process served on the OPC; (b) protect and defend the OPC’s rights or property; or (c) protect the personal safety of OPC personnel or members of the public in appropriate circumstances.
Share data with third parties under other unanticipated situations, but only with your consent.
VI. How You Can Manage the Processing of Your Data
Our processing of your data is based upon your consent, or compliance with law. You have the right to object to our processing of your data or to restrict our processing of your data. In addition, if you have consented to the processing of your Personal Data, you have the right to withdraw your consent at any time.
Definition of Terms. – Whenever used in this Act, the following terms shall have the respective meanings hereafter set forth:
(a) Commission shall refer to the National Privacy Commission created by virtue of this Act.
(b) Consent of the data subject refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of the data subject by an agent specifically authorized by the data subject to do so.
(c) Data subject refers to an individual whose personal information is processed.
(d) Direct marketing refers to communication by whatever means of any advertising or marketing material which is directed to particular individuals.
(e) Filing system refers to any act of information relating to natural or juridical persons to the extent that, although the information is not processed by equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular person is readily accessible.
(f) Information and Communications System refers to a system for generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents and includes the computer system or other similar device by or which data is recorded, transmitted or stored and any procedure related to the recording, transmission or storage of electronic data, electronic message, or electronic document.
(g) Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
(h) Personal information controller refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf. The term excludes:
(1) A person or organization who performs such functions as instructed by another person or organization; and
(2) An individual who collects, holds, processes or uses personal information in connection with the individual’s personal, family or household affairs.
(i) Personal information processor refers to any natural or juridical person qualified to act as such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.
(j) Processing refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
(k) Privileged information refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.
(l) Sensitive personal information refers to personal information:
(1) About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
(2) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
(3) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
(4) Specifically established by an executive order or an act of Congress to be kept classified.
Criteria for Lawful Processing of Personal Information. – The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists:
(a) The data subject has given his or her consent;
(b) The processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract;
(c) The processing is necessary for compliance with a legal obligation to which the personal information controller is subject;
(d) The processing is necessary to protect vitally important interests of the data subject, including life and health;
(e) The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate; or
(f) The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution.
Sensitive Personal Information and Privileged Information. – The processing of sensitive personal information and privileged information shall be prohibited, except in the following cases:
(a) The data subject has given his or her consent, specific to the purpose prior to the processing, or in the case of privileged information, all parties to the exchange have given their consent prior to processing;
(b) The processing of the same is provided for by existing laws and regulations: Provided, That such regulatory enactments guarantee the protection of the sensitive personal information and the privileged information: Provided, further, That the consent of the data subjects are not required by law or regulation permitting the processing of the sensitive personal information or the privileged information;
(c) The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing;
(d) The processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations: Provided, That such processing is only confined and related to the bona fide members of these organizations or their associations: Provided, further, That the sensitive personal information are not transferred to third parties: Provided, finally, That consent of the data subject was obtained prior to processing;
(e) The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured; or
(f) The processing concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority.
Extent of Liability. – If the offender is a corporation, partnership or any juridical person, the penalty shall be imposed upon the responsible officers, as the case may be, who participated in, or by their gross negligence, allowed the commission of the crime.
VIII. The Constitution and Decisions of the Supreme Court in Relation to Data Privacy
In the Philippines, the Constitution (1987) is the supreme law. It establishes the Philippines' government's structure, policies, roles, and responsibilities. It includes the Bill of Rights (article III) and establishes the State's obligations to promote and protect social justice and human rights (article XIII). The Constitution states in Article II, Section 2 that "generally accepted principles of international law" are "part of the law of the land" (International Commission of Jurists, 2018).
Section 3. (1) The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law.
(2) Any evidence obtained in violation of this or the preceding section shall be inadmissible for any purpose in any proceeding.
Section 10. No law impairing the obligation of contracts shall be passed.
The individual’s desire for privacy is never absolute, since participation in society is an equally powerful desire. Thus each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication of himself to others, in light of the environmental conditions and social norms set by the society in which he lives.
~ Alan Westin, Privacy and Freedom (1967)
Online Social Network (OSN) users are said to have a subjective expectation that only those to whom they grant access to their profile will view the information they post or upload thereto.
On Cyber Responsibility, self-regulation on the part of OSN users and internet consumers in general is the best means of avoiding privacy rights violations. As a cyberspace community member, one has to be proactive in protecting his or her own privacy.
OSN users should be aware of the risks that they expose themselves to whenever they engage in cyberspace activities. Accordingly, they should be cautious enough to control their privacy and to exercise sound discretion regarding how much information about themselves they are willing to give up. Internet consumers ought to be aware that, by entering or uploading any kind of data or information online, they are automatically and inevitably making it permanently available online, the perpetuation of which is outside the ambit of their control. Furthermore, and more importantly, information, otherwise private, voluntarily surrendered by them can be opened, read, or copied by third parties who may or may not be allowed access to such.
It is, thus, incumbent upon internet users to exercise due diligence in their online dealings and activities and must not be negligent in protecting their rights. Equity serves the vigilant. We cannot afford protection to persons if they themselves did nothing to place the matter within the confines of their private zone. OSN users must be mindful enough to learn the use of privacy tools, to use them if they desire to keep the information private, and to keep track of changes in the available privacy settings, such as those of Facebook, especially because Facebook is notorious for changing these settings and the site’s layout often.
IX. Children
We do not knowingly collect Personal Data from children under the age of 16.
X. How We Protect Personal Data
The OPC implements reasonable security measures to help protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. Except for the sharing of information as set forth in this Privacy Policy, we restrict access to Personal Data to certain companies who need the data to operate, develop, or improve our services. These individuals or partner organizations are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
Unfortunately, no data transmission over the Internet or electronic storage is fully secure. Accordingly, and despite our reasonable efforts to protect your Personal Data from unauthorized access, use, or disclosure, the OPC cannot guarantee or warrant the security of the Personal Data you transmit to us, or to or from our online Sites. If you have questions about this Privacy Policy, please contact us.
XIII. How You Can Access, Change and Delete Your Personal Data
Typically, we retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. This may include retaining your Personal Data indefinitely, even after you are no longer an OPC member, to comply with our legal obligations, resolve disputes, or enforce any of our agreements. Please note that you can request, at any time, that we delete your Personal Data. All requests must be directed to the contact in the “Contact Information” section below. We can decide to delete your Personal Data if we believe that the data is incomplete, inaccurate, or that our continued use and storage are contrary to our obligations to other members, individuals, or third parties. When we delete your Personal Data, it will be removed from our active databases or anonymized so that the data is no longer identified with you, but the data may remain in our archives if the OPC determines that it is not practical or possible to delete it.
XIV. Cookies and Other Web Devices
Our website sends cookies (e.g., pieces of code or text placed on your computer by us or third-parties when you browse our Sites) to your web browser (if your browser’s preferences allow it) to collect data when you browse our Sites. Cookie settings can be controlled in your Internet browser to automatically reject some forms of cookies. If you view our website without changing your cookie settings, you are indicating your consent to receive all cookies from our Sites. If you do not allow cookies, some features and functionality of our Sites may not operate as expected. In addition to cookies, we place technological tools (and allow certain third parties to place technological tools) such as tags and beacons (e.g., code scripts that are primarily used to track visitors’ activities on our Sites by web analytics software), Internet Protocol (IP) addresses, and other tools, to collect your data for the purposes listed in this Privacy Policy.
XVI. Right to Complain to Supervisory Authority
You, as the data subject, have the right to lodge a complaint with a supervisory authority, in particular in the State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data does not comply with legal requirements.
XVII. Breach Notification
In the event we determine the occurrence of a data security incident, we will notify you by means as permitted by law.
XVIII. Contact Information
If you have questions, comments, or complaints concerning our privacy practices or if you wish to change, access, or remove your Personal Data, please contact us as indicated below. We will attempt, where practical, to respond to your requests and to provide you with additional privacy related information.
One Piyu Community
onepiyucommunity@gmail.com
Effective Date: September 10, 2023
Updated: January 27, 2025