Privacy Statement

WHAT PERSONAL INFORMATION DO WE COLLECT?

Personal data refers to all types of personal information.

Personal information is any information from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

Sensitive personal information refers to personal information:

1. About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations

2. About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings

3. Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns or

4. Specifically established by an executive order or an act of Congress to be kept classified

In providing clients the legal services that they need, the law office may collect personal information, including sensitive personal information, about them. Generally, the information the law office collects include:

• Basic personal details, such as name and job/professional title or designation

• Contact details, such as telephone number, postal address and e-mail address

• Financial information, such as bank account details

• Business endeavors and affiliations

• Personal data generated by the law office in the course of providing our services, which may, where relevant, include special categories of personal data

• Identification and other background verification data, such as a copy of identification cards, passport, utility bills, evidence of ownership, or source of funds

• Employment-related data, such as curriculum vitae, employment contract, education and employment history, and details of professional memberships

• Demographic data, such as preferences or interests

• Other personal data that the client may provide

WHY DO WE COLLECT PERSONAL INFORMATION?

The law office collects personal information to serve the legal and related needs of our clients, to understand and assist clients with their ongoing legal needs, and to ensure information is accurate and up-to-date.

HOW DO WE COLLECT PERSONAL INFORMATION?

1. Directly from clients

2. Requesting information from third-party sources – Dependent on the legal services sought and provided, with the client’s consent, the law office may obtain relevant information from:

• Medical professionals

• Public registries

• Motor vehicle and driver licensing authorities

• Your employer (current or previous)

• Law enforcement agencies

• Investigators

3. Through publicly available sources – For example, LinkedIn, Facebook

WHAT IS CONSENT?

Consent means any freely given, specific, informed indication of will, whereby the data subject (the client) agrees to the collection and processing of his or her personal, sensitive personal, or privileged information.

Your consent shall be evidenced by written, electronic or recorded means. The client may also give his or her consent through a representative or an agent whom the client duly and specifically authorized to do so.

The law office will process personal information even without client consent when the processing is necessary:

1. And is related to the fulfillment of the retrainership or legal services agreement with the client, or in order to take steps, at the client’s request, prior to entering into a retainership or legal services agreement with the client

2. For compliance with a legal obligation to which the law office is subject

3. To protect the client’s vitally important interests, including life and health

4. In order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority, which necessarily includes the processing of personal data for the fulfillment of its mandate or

5. For the purposes of the legitimate interests pursued by the law office or by a third party or parties to whom the data is disclosed, except where such interests are overridden by the client’s fundamental rights and freedoms, which require protection under the Philippine Constitution

The law office will process client sensitive personal information and privileged information even without client consent when the processing of the same:

1. Is provided for by existing laws and regulations, and the consent of the client is not required by said law or regulation

2. Is necessary to protect the client’s life and health, or the life and health of another person, and the client is not legally or physically able to express his or her consent prior to the processing or

3. Concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority

UNDER WHAT CIRCUMSTANCES MAY THE LAW OFFICE USE CLIENT INFORMATION?

The grounds that justify the law office’s use of client personal information are:

1. Consent – Where the client consents to the use of his or her information

2. Performance of legal services – Where client information is necessary to administer and perform our services, including to carry out our obligations arising from any agreements entered into between the client and the law office

3. Legal, compliance, regulatory or risk-management obligations – Where the law office needs to use client information to comply with its legal obligations; to comply with client due diligence/ “know your client”/ anti-money laundering or anti-graft and corruption laws/ identifying conflicts of interests; and when collected as part of the office’s client-acceptance and ongoing monitoring procedures

4. Legitimate interest – Where the law office uses client information to achieve a legitimate interest and the law office’s reasons for using it outweigh any prejudice to the client’s data protection rights

5. Legal claims – Where client information is necessary for the law office to defend, prosecute or make a claim against the client, the law office, or a third party

TO WHOM DO WE RELEASE CLIENT INFORMATION?

In the course of providing you legal services, the law office may, with client consent, provide information to:

• Our staff and agents who use the information for the reasonable business purpose of providing the client with legal services

• Professionals working with us such as investigators, auditors, paralegals and experts

• Court offices where the notarial registries of notaries public are required to be submitted

• Financial institutions, for example, the institution that carries the client’s mortgage

HOW DO WE PROTECT CLIENT PERSONAL INFORMATION?

WHAT ABOUT COMMUNICATIONS BY E-MAIL?

E-mail is not a secure, confidential method of communicating client confidential and personal information with us. We will not use e-mail to send personal or confidential information unless the client expressly authorize this form of communication and accept all the inherent risks associated with this type of communication.

WHAT ARE THE CLIENT'S DATA PRIVACY RIGHTS?

The law office manages client personal information in compliance with the Data Privacy Act of 2012 (RA 10173). Under said law, the client has the following data privacy rights:

1. Right to be informed – Prior to collection and processing of client personal data, he or she has the right to be informed of the following:

• The fact of collection and processing of personal data pertaining to the client

• Description and categories of client personal data being collected and processed

• Purposes for the collection, and processing, including the purposes for data sharing or automated processing

• Lawful basis of the collection and processing, when the client not given consent

• Scope and method of personal data processing

• Identities of intended recipients of client personal data

• Methods and logic used for automated processing, if any

• Identity and contact details of the personal data controller (other than the law office) or its representative

• Retention period and

• The client’s rights as a data subject

2. Right to object – The client has the right to indicate his or her refusal to the collection and processing of his or her personal data. The client also has the right to be informed and to withhold his or her consent to further processing in case there are any changes or amendments to information given to the client concerning the processing of his or her personal data. Once the client has withheld consent, further processing of client personal data will no longer be allowed, subject to certain exceptions under the law.

Personal data controllers, collectors and processors must stop processing client data when the client asserts his or her right to object unless they can cite legitimate grounds for overriding it, such as the following:

• When the personal data is needed pursuant to a subpoena

• When the collection and processing are for obvious purposes — such as in contracts where the client is a party

• When the information being collected and processed is due to a legal obligation on the part of the Personal Information Controller

3. Right to access –This is the client’s right to find out whether an organization holds any personal data about him or her and if so, gain reasonable access to them.

4. Right to rectification – The client has the right to dispute any inaccuracy or error in his or her personal data and may request the law office to immediately correct any such inaccuracy or error. Upon reasonable request, and after the correction has been made, the law office should then inform any recipient of the client’s personal data of its inaccuracy and the subsequent rectification that was made.

5. Right to erasure or blocking – In the absence of any other legal ground or overriding legitimate interest for the lawful processing of client personal data, or when there is substantial proof that client personal data is incomplete, outdated, false, or has been unlawfully obtained, the client may request the law office to suspend, withdraw, or order the blocking, removal, or destruction of his or her personal data from its filing system. The law office may also notify those who have previously received the client’s processed personal data.

The client may request access to-, or rectification or erasure or blocking of- the personal information the law office has about his or her. The request must be in writing and directed to the law office’s Data Protection Officer (DPO) identified below. The law office will charge a reasonable fee for retrieval and copying of client personal information. If the retrieval or copying or the client request is extensive, the law office will notify the client of the fee prior to retrieval and copying.

6. Right to damages – The client has the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of his or her personal data, taking into account any violation of the client’s rights and freedoms as a data subject.

7. Right to data portability – In case your personal data was processed through electronic means and in a structured and commonly used format, the client has the right to obtain a copy of his or her personal data in such electronic or structured format for the client’s further use, subject to the guidelines of the National Privacy Commission (NPC) with regard to the exercise of such right.

The NPC provides that the client must execute a written request to the law office, addressed to the law office’s DPO, and have it received. In the letter, the client should mention that his or her request is being made in exercise of his or her right to data portability under the Data Privacy Act of 2012. Documents to support the client’s request must be attached.

8. Transmissibility of rights of the data subject – Upon the client’s death, or in case of the client’s incapacity or incapability, his or her lawful heirs and assigns may invoke the client’s rights as a data subject in his or her place and stead.

9. Right to lodge a complaint before the National Privacy Commission – For any complaint about the law office’s compliance with applicable data privacy laws, please contact the law office’s Data Protection Officer. See contact details below.

​

The client also has the right to lodge a complaint before the NPC in accordance with the NPC’s relevant rules of procedure. The client can visit the NPC at the 5th Floor Delegation Building, PICC Complex, Roxas Boulevard, Pasay, Metro Manila. The client can also visit their website (https://privacy.gov.ph/) and find there the steps on how to go about making a complaint (https://privacy.gov.ph/citizens-charter/filing-a-complaint/).

WHEN CAN ACCESS TO CLIENT PERSONAL INFORMATION BE DENIED?

Client request for access to-, or rectification or erasure or blocking of- personal information may be denied when:

• The client file contains personal information on a third party and the information cannot be severed to maintain the privacy of the third party information

• Required or authorized by law

• Client information relates to existing or anticipated legal proceedings against said client, including unpaid bills to the law firm

If the law office denies the client’s request for access to, or refuse a request to correct, erase or block information, the law office shall explain why. In all cases, the law office will attempt to mediate a resolution if possible.

IF YOU HAVE QUESTIONS REGARDING THIS PRIVACY STATEMENT, WHO SHOULD YOU CONTACT?

CHANGES TO THIS PRIVACY STATEMENT

The law office may review and change this Privacy Statement from time to time in order to update our privacy commitment to our clients in keeping with current privacy laws.