I. Purpose:

The purpose of this manual is to:

• Establish PHOA's commitment to data protection and privacy.
• Define the responsibilities of employees and stakeholders in safeguarding personal data.
• Outline the procedures to collect, process, store, distribute, and dispose of personal data.
• Inform individuals about their rights regarding their personal data and how to exercise them.
• Provide guidance for handling data breaches or incidents involving personal data.

II. Scope:

This manual applies to all employees, departments, units, systems, and processes within PHOA that collect, process, store, or handle members personal data in any form, including electronic, physical, or verbal.

III. Definition of Terms:

• Personal Data: Any information relating to an identified or identifiable natural person.
• Data Subject: The individual to whom the personal data relates.
• Data Controller: The entity that determines the purposes and means of processing personal data.
• Data Processor: The entity that processes personal data on behalf of the data controller.
• Data Protection Officer (DPO): The appointed person responsible for overseeing PHOA's data protection policies and practices.

IV. Principles:

PHOA is committed to upholding the following data protection principles:

• Lawfulness, fairness, and transparency in data processing.
• Limitation of purpose: Personal data should be collected for specific, legitimate purposes and not further processed in a manner incompatible with those purposes.
• Data minimization: Personal data collected should be adequate, relevant, and limited to what is necessary for the intended purposes.
• Accuracy: Personal data should be accurate, kept up to date, and corrected if necessary.
• Storage limitation: Personal data should be stored only for as long as necessary for the intended purposes.
• Integrity and confidentiality: Personal data should be processed in a manner that ensures appropriate security and protection against unauthorized access, loss, or disclosure.

V. Data Collection and Processing:

• Consent: PHOA will obtain explicit, informed, and freely given consent from individuals before collecting and processing their personal data, unless another lawful basis for processing exists.
• Data Subject Rights: PHOA will respect and facilitate individuals' rights, including the right to access, rectify, erase, and restrict processing, data portability, and object.
• Data Transfers: When transferring personal data to countries outside of the Philippines, PHOA will ensure adequate safeguards are in place to protect the data.

VI. Information Security:

• Access Controls: PHOA will implement appropriate technical and organizational measures to restrict access to personal data to authorized individuals.
• Data Security Breaches: PHOA will promptly investigate and respond to any actual or suspected data security breaches and will notify affected individuals and regulatory authorities as required by law.

VII. Employee Responsibilities:

• Awareness and Training: PHOA will provide regular training and awareness programs to employees to ensure their understanding of data protection obligations and practices.
• Confidentiality Undertakings: All employees will be required to sign confidentiality undertakings and adhere to data protection policies and procedures.

VIII. Data Protection Officer (DPO)

PHOA will appoint a Data Protection Officer (DPO) who will be responsible for overseeing data protection activities, ensuring compliance with applicable laws, and acting as the central point of contact for individuals regarding their personal data.

IX. Compliance and Enforcement:

• PHOA will regularly review and assess its compliance with this Data Privacy Manual and applicable data protection laws.
• Non-compliance with this manual or relevant laws may lead to disciplinary action, including termination of employment or legal action, as appropriate.

X. Contact Information:

Ms. Minoll Alano
Data Privacy Officer
minollalano.phoa@gmail.com