Embedded Files
PRIVACY POLICY
PDRRMO Management Information System (MIS) and Mobile Application
Effective Date: July 4, 2025
Last Updated: July 4, 2025
===============================================================================
1. INTRODUCTION
This Privacy Policy governs the collection, use, storage, and disclosure of personal information by the Provincial Disaster Risk Reduction and Management Office (PDRRMO) through its Management Information System (MIS) web application and mobile application (collectively referred to as "the Services").
This policy is enacted in compliance with Republic Act No. 10173, otherwise known as the "Data Privacy Act of 2012" (DPA), its Implementing Rules and Regulations (IRR), and all applicable circulars and issuances of the National Privacy Commission (NPC).
1.1 Data Controller Information
Data Controller: Provincial Disaster Risk Reduction and Management Office (PDRRMO)
Address: PDRRM Operations Center, Surigao City, Surigao del Norte
Contact: daryll@inno.ph
Data Protection Officer: JONATHAN LITANG, ENP
===============================================================================
2. SCOPE OF APPLICATION
This Privacy Policy applies to:
- PDRRMO Mobile Application (Android and iOS)
- PDRRMO Web Application (Progressive Web App)
- PDRRMO Management Information System (MIS)
- All related web services and APIs
===============================================================================
3. TYPES OF PERSONAL INFORMATION COLLECTED
3.1 Personal Information
We collect the following categories of personal information:
Basic Personal Information:
- Full name
- Contact information (phone number, email address)
- Government-issued identification numbers (when required)
- Address information
- Emergency contact details
Location Information:
- Real-time GPS coordinates
- Historical location data during emergency incidents
- Geofenced area information
- Address and landmark information
Technical Information:
- Device information (device type, operating system, browser type)
- IP address and network information
- Application usage data and logs
- Session information and timestamps
Emergency-Related Information:
- Incident reports and details
- Emergency response history
- Communication logs during emergencies
- Photos and media files related to incidents
3.2 Sensitive Personal Information
Under special circumstances and with explicit consent, we may collect:
- Health information during medical emergencies
- Information about vulnerabilities or disabilities
- Information about minors in emergency situations
===============================================================================
4. LEGAL BASIS FOR PROCESSING
We process personal information based on the following legal grounds under the Data Privacy Act:
4.1 Consent
- Explicit consent for location tracking services
- Consent for receiving notifications and alerts
- Consent for data sharing with partner agencies
4.2 Legal Obligation
- Compliance with disaster management laws and regulations
- Reporting requirements to national government agencies
- Emergency response coordination as mandated by law
4.3 Public Interest
- Disaster risk reduction and management activities
- Public safety and emergency response
- Community preparedness and resilience building
4.4 Vital Interests
- Life-threatening emergency situations
- Immediate safety concerns
- Critical disaster response operations
===============================================================================
5. HOW WE COLLECT PERSONAL INFORMATION
5.1 Direct Collection
- User registration and account creation
- Emergency incident reporting
- Voluntary participation in surveys and feedback
- Direct communication with PDRRMO personnel
5.2 Automatic Collection
- Location data through GPS services
- Device and usage information through application analytics
- Log files and system-generated data
- Cookies and similar tracking technologies (web application only)
5.3 Third-Party Sources
- Partner agencies and local government units
- Emergency services and first responders
- Public records and official government databases
- Weather and environmental monitoring services
===============================================================================
6. PURPOSE OF PROCESSING
Personal information is processed for the following purposes:
6.1 Primary Purposes
- Emergency response coordination and management
- Disaster risk assessment and mitigation
- Public safety and security
- Communication of emergency alerts and information
- Resource allocation and deployment
6.2 Secondary Purposes
- Statistical analysis and reporting
- System improvement and optimization
- Research and development for disaster preparedness
- Training and capacity building activities
- Performance monitoring and evaluation
===============================================================================
7. DISCLOSURE AND SHARING
7.1 Authorized Disclosures
Personal information may be disclosed to:
Government Agencies:
- National Disaster Risk Reduction and Management Council (NDRRMC)
- Department of the Interior and Local Government (DILG)
- Philippine National Police (PNP)
- Bureau of Fire Protection (BFP)
- Department of Health (DOH)
- Philippine Atmospheric, Geophysical and Astronomical Services Administration (PAGASA)
- Local Government Units (LGUs)
Emergency Services:
- Hospital and medical facilities
- Search and rescue teams
- Emergency response organizations
- Humanitarian aid organizations
Technical Partners:
- IT service providers and system administrators
- Cloud storage and hosting providers
- Communication service providers
- Mapping and geolocation service providers
7.2 Conditions for Disclosure
All disclosures are subject to:
- Strict data sharing agreements
- Purpose limitation principles
- Data minimization requirements
- Security and confidentiality measures
- Compliance with applicable laws and regulations
===============================================================================
8. DATA RETENTION
8.1 Retention Periods
- Emergency Incident Data: 7 years from incident resolution
- Personal Contact Information: 5 years from last activity
- Location Data: 3 years from collection date
- System Logs: 2 years from creation date
- Communication Records: 5 years from last communication
8.2 Disposal Methods
- Secure deletion of digital records
- Physical destruction of printed materials
- Cryptographic erasure of encrypted data
- Certificate of destruction for sensitive information
===============================================================================
9. SECURITY MEASURES
9.1 Technical Safeguards
- End-to-end encryption for data transmission
- Multi-factor authentication for system access
- Regular security audits and penetration testing
- Intrusion detection and prevention systems
- Secure backup and recovery procedures
9.2 Administrative Safeguards
- Access control policies and procedures
- Regular staff training on data protection
- Incident response and breach notification procedures
- Vendor management and due diligence
- Regular policy reviews and updates
9.3 Physical Safeguards
- Secure data centers and server facilities
- Physical access controls and monitoring
- Environmental controls and disaster recovery
- Secure disposal of hardware and media
===============================================================================
10. INDIVIDUAL RIGHTS
Under the Data Privacy Act, data subjects have the following rights:
10.1 Right to be Informed
- Notification of data collection and processing
- Access to this privacy policy
- Information about data sharing and transfers
10.2 Right to Access
- Request copies of personal information
- Information about processing activities
- Details about data recipients
10.3 Right to Object
- Object to processing for direct marketing
- Object to automated decision-making
- Object to processing based on legitimate interests
10.4 Right to Rectification
- Correction of inaccurate personal information
- Completion of incomplete data
- Update of outdated information
10.5 Right to Erasure/Deletion
- Request deletion of personal information
- Subject to legal retention requirements
- Considering public interest in emergency management
10.6 Right to Restrict Processing
- Limit processing activities
- Temporary suspension of processing
- Pending resolution of disputes
10.7 Right to Data Portability
- Request data in structured, machine-readable format
- Transfer data to another controller
- Subject to technical feasibility
10.8 Right to Damages
- Compensation for damages caused by violations
- Legal remedies available under the DPA
- Complaint mechanisms with the NPC
===============================================================================
11. COOKIES AND TRACKING TECHNOLOGIES
11.1 Web Application Cookies
The PDRRMO web application and MIS use cookies for:
- Session management and authentication
- User preference settings
- Analytics and performance monitoring
- Security and fraud prevention
11.2 Mobile Application Tracking
The mobile application may use:
- Device identifiers for analytics
- Location tracking for emergency services
- Push notification tokens
- Application usage statistics
11.3 Cookie Management
Users can manage cookies through:
- Browser settings and preferences
- Application settings and permissions
- Opt-out mechanisms where available
===============================================================================
12. INTERNATIONAL TRANSFERS
12.1 Cross-Border Data Transfers
Personal information may be transferred internationally for:
- Cloud storage and hosting services
- Technical support and maintenance
- International disaster response coordination
- Regional cooperation and information sharing
12.2 Adequacy and Safeguards
International transfers are subject to:
- Adequacy decisions by the NPC
- Standard contractual clauses
- Binding corporate rules
- Certification mechanisms
===============================================================================
13. CHILDREN'S PRIVACY
13.1 Age Restrictions
- Services are primarily intended for users 18 years and older
- Parental consent required for users under 18
- Special protections for children's personal information
13.2 Special Considerations
- Emergency situations may override age restrictions
- Best interests of the child principle
- Enhanced security measures for children's data
===============================================================================
14. CONTACT INFORMATION
14.1 Data Protection Officer
Name: [DPO Name]
Email: dpo@pdrrmo.gov.ph
Phone: [Contact Number]
Address: [Office Address]
14.2 Privacy Inquiries
For privacy-related questions or complaints:
- Email: privacy@pdrrmo.gov.ph
- Phone: [Contact Number]
- Online form: [Website URL]
14.3 Data Subject Rights Requests
To exercise your rights under the Data Privacy Act:
- Submit written request to: rights@pdrrmo.gov.ph
- Include proof of identity
- Specify the right you wish to exercise
- Provide relevant details and documentation
===============================================================================
15. UPDATES TO THIS POLICY
15.1 Policy Changes
- This policy may be updated periodically
- Material changes will be communicated to users
- Continued use constitutes acceptance of changes
15.2 Notification Methods
- Email notifications to registered users
- In-app notifications and alerts
- Website and application announcements
- Public notices as required by law
===============================================================================
16. LEGAL COMPLIANCE
16.1 Applicable Laws
This policy complies with:
- Republic Act No. 10173 (Data Privacy Act of 2012)
- Republic Act No. 10121 (Disaster Risk Reduction Management Act)
- Republic Act No. 8749 (Clean Air Act)
- Republic Act No. 9003 (Ecological Solid Waste Management Act)
- Other relevant laws and regulations
16.2 Regulatory Oversight
- National Privacy Commission (NPC) oversight
- Regular compliance audits and assessments
- Cooperation with regulatory investigations
- Adherence to NPC circulars and issuances
===============================================================================
17. EMERGENCY PROVISIONS
17.1 Emergency Override
During declared emergencies or disasters:
- Enhanced data collection may be necessary
- Expedited processing for urgent situations
- Temporary suspension of certain rights
- Immediate disclosure for life-saving purposes
17.2 Post-Emergency Procedures
- Data review and purification after emergencies
- Restoration of normal privacy procedures
- Documentation of emergency processing activities
- Notification of affected individuals
===============================================================================
18. GRIEVANCE MECHANISMS
18.1 Internal Complaints
- File complaints with the Data Protection Officer
- Internal review and investigation process
- Resolution within 30 days of receipt
- Appeal mechanisms for unsatisfactory resolutions
18.2 External Complaints
- National Privacy Commission complaints procedure
- Department of Justice oversight
- Court proceedings for legal remedies
- Alternative dispute resolution mechanisms
===============================================================================
19. TRAINING AND AWARENESS
19.1 Staff Training
- Regular data protection training for all personnel
- Specialized training for data handlers
- Awareness programs on privacy rights
- Update training for policy changes
19.2 Public Awareness
- Educational materials on data privacy
- Community outreach programs
- Public consultations on privacy matters
- Transparency reports and publications
===============================================================================
20. ACKNOWLEDGMENT
By using the PDRRMO services, you acknowledge that:
- You have read and understood this privacy policy
- You consent to the collection and processing of your personal information
- You understand your rights under the Data Privacy Act
- You agree to comply with the terms and conditions of use
===============================================================================
For more information about the Data Privacy Act of 2012 and your rights, please visit the National Privacy Commission website at www.privacy.gov.ph
===============================================================================
Page updated
Google Sites
Report abuse