This Policy sets out the commitment of the People’s Initiative for Reforms and Movement for Action (“PIRMA”) to collect and process personal information and sensitive personal information (collectively, "personal data") in accordance with the applicable laws and regulations on data privacy and confidentiality of information, including the Philippine Data Privacy Act of 2012 ("DPA") and its implementing rules and regulations ("DPA IRR"). It explains how PIRMA implements that commitment, and the terms and conditions under which we collect and process personal data. In processing personal data, we seek to adhere to the general privacy principles of transparency, legitimate purpose, and proportionality, and such other relevant principles in the collection, processing, and retention of personal data as required by applicable law. This Policy, and any updates, amendments or supplements thereto, is available at PRIMA’s website at pirma.ph.
Definitions and construction
Definitions of certain terms used in this Policy follow the provisions in the DPA and the DPA IRR. In addition to such definitions are the following:
- Initiative refers to the power of the people to propose amendments to the Constitution or to propose and enact legislations through an election called for the purpose.
- Petition refers to the written instrument containing the proposition and the required number of signatories. It shall be in a form to be determined by and submitted to the Commission on Elections.
- Petitioner refers to a registered voter who signs the Petition.
- Plebiscite refers to the electoral process by which an initiative on the Constitution is approved or rejected by the people.
- Proponent refers to any registered voter or group of registered voters, except those whose registration has been deactivated, proposing amendments to the Constitution, and approval or rejection of national or local legislations.
- Proposition refers to the measure proposed by the voters.
- Referendum refers to the power of the electorate to approve or reject a legislation through an election called for the purpose.
- Registered Voters refer to the qualified voters who have been registered in the permanent list of voters in a precinct of the city or municipality where they reside, per the data used in the immediately preceding elections, excluding those whose registrations have been deactivated.
In this Policy, unless the context requires a different interpretation, –
- Reference to any statutory provision includes any modification or amendment of it;
- The words “"include," "includes" or "including" shall be deemed to be followed by the words “without limitation;”
- The meaning assigned to each term used in this Policy shall be equally applicable to both the singular and plural forms of such term;
- A reference to a person includes firms, companies, government entities, trusts and partnerships; and
- The words denoting any gender shall include all genders.
Confidentiality under Philippine Law
Information that we receive from volunteers and signatories who become petitioners, whether or not constituting personal data, are generally protected under Philippine law. We diligently observe this legal obligation. We note that local law, regulations, and authorities permit disclosure of such information under certain conditions, as when the information has become public.
The DPA exempts from its application or does not apply to certain personal data and their collection and processing. Thus, such data and activities are not covered by this Policy. These data include:
- Information processed for the purpose of allowing public access to information that fall within matters of public concern, pertaining to:
- Information about any individual who is or was an officer or employee of government that relates to his or her position or functions, including:
- The fact that the individual is or was an officer or employee of the government;
- The title, office address, and office telephone number of the individual;
- The classification, salary range, and responsibilities of the position held by the individual; and
- The name of the individual on a document he or she prepared in the course of his or her employment with the government;
- Information about an individual who is or was performing a service under contract for a government institution, but only insofar as it relates to such service, including his or her name and the terms of his or her contract; and
- Information relating to a benefit of a financial nature conferred on an individual upon the discretion of the government, such as the granting of a license or permit, including the name of the individual and the exact nature of the benefit: Provided, that they do not include benefits given in the course of an ordinary transaction or as a matter of right.
- Personal information processed for journalistic, artistic or literary purpose, in order to uphold freedom of speech, of expression, or of the press, subject to requirements of other applicable law or regulations;
- Personal information that will be processed for research purpose, intended for a public benefit, subject to the requirements of applicable laws, regulations, or ethical standards;
- Information necessary in order to carry out the functions of public authority, in accordance with a constitutionally or statutorily mandated function pertaining to law enforcement or regulatory function, including the performance of the functions of the independent, central monetary authority, subject to restrictions provided by law;
- Information necessary for banks, other financial institutions under the jurisdiction of the independent, central monetary authority or Bangko Sentral ng Pilipinas, and other bodies authorized by law, to the extent necessary to comply with Republic Act No. 9510 (CISA), Republic Act No. 9160, as amended, otherwise known as the Anti-Money Laundering Act, and other applicable laws;
- Personal information originally collected from residents of foreign jurisdictions in accordance with the laws of those foreign jurisdictions, including any applicable data privacy laws, which is being processed in the Philippines.
How we collect and process personal data
We may be able to obtain personal data in various ways. These include where a natural or juridical person (a "Person") –
- signs a form to become a volunteer for the PIRMA Kapamilya campaign;
- signs the Petition drafted and circulated by PIRMA in relation to the Proposition to Enact a national legislation granting ABS-CBN a franchise, and become a Proponent or Petitioner;
- contributes in any way, financially or otherwise, to the movement which may entail the collection of certain information for verification and record keeping; or
- makes an inquiry about the movement and gives information in the process of making such an inquiry.
Where personal data is publicly available, we may be able to collect the data from such public sources, including any online presence you may have.
On the categories of personal data we collect and process, this would be the data that you or other data subjects provide to us, such as your name, address, email address, telephone number, age, fact of being a registered voter, legislative district in which one is registered as a voter, information issued by government agencies, and other information that may be used to communicate with you, or in the performance or conduct of activities in relation to the campaign/movement.
Insofar as you disclose personal data when accessing or visiting the PIRMA website, we may process such personal data as well. Further, we may collect and process information that is normally collected as a standard part of your browsing activity. This may include your IP-address, access times, system activity, cookies, device identifier and hardware information, and other log information that is collected when you browse or visit our sites and accounts.
No government funds will be used in the collection and submission of your signature.
Purposes of collection and processing; recipients of personal data
We collect and process personal data for the purposes (i) for which you have provided the data or made it otherwise available to us or to the public, including signing as Petitioner in the Petition to Enact a National Legislation Granting ABS-CBN Corporation and to volunteer in such campaign, and to enable us to fully and efficiently achieve those purposes, and (ii) as allowed by applicable law.
Recipients of personal data that we collect include persons within PIRMA (including the Proponents, other Petitioners, volunteers in the campaign, ally organizations, and the Commission on Elections). We may also disclose information, whether intended to be kept confidential or not, upon lawful request by a governmental authority, in response to a court order, or when required by applicable law.
Consent and other lawful criteria for collection and processing
- Where you have provided us with your personal data through any of the interactions mentioned in Section 5, in providing or making available the personal data, you agree and consent to our collecting, using, disclosing, sharing and otherwise processing the personal data for the Purposes, and in the manner and under the terms and conditions, in this Policy.
This supplements but does not supersede nor replace any other consents you may have previously provided or will provide to us in respect of your personal data, or the existence of a lawful basis or bases for the collection and processing of your personal data.
- Applicable law allows us to process your personal data in accordance with other criteria or where the data is not covered by the DPA.
Scope and method of collection and processing
- We utilize standard manual and computerized methods and systems to file, store and process personal data. Collection and processing of personal data will be undertaken in accordance with the principles set out in this Policy and as required by law.
- We will store and retain personal data for such period as may be required by applicable law or as may be needed to enable us to fully and efficiently achieve the Purposes.
Amendments and supplements
We may amend or update this Policy. You agree to be bound by the prevailing terms of this Policy as updated from time to time, upon the amendment or supplement being published on our website or otherwise advised to you. Please check our website regularly for updated information about, or amendments or supplements to, the Policy.
Rights of data subjects
Under the DPA, data subjects have the following rights:
- Right to object As a data subject, you have the right to indicate your refusal to the collection and processing of your personal data, including processing for direct marketing, automated processing, or profiling. You also have the right to be informed and to withhold your consent to further processing in case there are any changes or amendment to information given to you. Once you have notified us of the withholding of your consent, further processing of your personal data will no longer be allowed, unless:
- The processing is required pursuant to a subpoena, lawful order, or as required by law; or
- The collection and processing is undertaken pursuant to any lawful basis or criteria indicated under Clause 7.2.
- Right to access Upon your request, you may be given access to your personal data that we collect and process, as described in Section 5. You also have the right to request access to the circumstances relating to the processing and collection of your personal data, insofar as allowed by law.
- Right to rectification You have the right to dispute any inaccuracy or error in your personal data and may request us to immediately correct it. Upon your request, and after correction has been made, we will inform any recipient of your personal data of its inaccuracy and the subsequent rectification that was made.
- Right to erasure or blocking In the absence of any other legal ground or overriding legitimate interest for the lawful processing of your personal data, or when there is substantial proof that your personal data is incomplete, outdated, false, or has been unlawfully obtained, you may request us to suspend, withdraw, or order the blocking, removal, or destruction of your personal data from our filing system. We may also notify those who have previously received your processed personal data.
- Right to damages You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your rights and freedoms as a data subject, as provided by law.
- Right to data portability In case your personal data was processed through electronic means and in a structured and commonly used format, you have the right to obtain a copy of your personal data in such electronic or structured format for your further use, subject to the guidelines of the National Privacy Commission with regard to the exercise of such right.
- Transmissibility of rights of the data subject We wish to advise you that upon the passing of a data subject, or in case of a data subject’s incapacity or incapability to exercise legal rights, the data subject’s lawful heirs and assigns may invoke the data subject’s rights in place of the data subject.
- Limitation on rights; manner of exercising The rights mentioned under this item are not applicable if personal data are processed only for scientific and statistical research purposes, and without being used as basis for carrying out any activity or taking any decision regarding you as the data subject. Your rights as a data subject are also subject to other limitations provided by law.
The law requires you to exercise your rights as described in this Policy in a reasonable and non-arbitrary manner, and with regard to rights of other parties.
All requests, demands or notices which you may make under this Policy or applicable law must be made in writing, and will only be considered made and received if sent in accordance with Provision 13.2.
We have taken appropriate security measures to protect your personal data against unauthorized access or unauthorized alteration, disclosure, or destruction. These measures include internal reviews of our data collection, storage, and processing practices, as well as physical security measures to protect your information against unauthorized access. As part of our efforts to ensure your information is protected, we restrict access to personal data to personnel who would need that information to perform their functions. We store the data in a secure cloud storage, using AES 256 encryption for data at rest and SSL/TLS for data in transit.
We will comply with the relevant provisions of rules and circulars on handling personal data security breaches, including notification to you or to the National Privacy Commission, where an unauthorized acquisition of sensitive personal information or information that may be used to enable identity fraud has been acquired by an unauthorized person, and is likely to give rise to a real risk of serious harm to the affected data subject. Please note that under applicable law, not all personal data breaches are notifiable.
- For any inquiry related to this Policy, please contact firstname.lastname@example.org
- All requests, demands or notices which a data subject may send or submit to us under this Policy must be in writing, should be addressed to the email@example.com using the contact details above. We will endeavor to respond to such requests, demands, or notices as promptly as possible.