Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), aims to protect personal data in information and communications systems both in the government and the private sector.
It ensures that entities or organizations processing personal data establish policies, and implement measures and procedures that guarantee the safety and security of personal data under their control or custody, thereby upholding an individual’s data privacy rights. A personal information controller or personal information processor is instructed to implement reasonable and appropriate measures to protect personal data against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.
To inform its personnel of such measures, each personal information controller or personal information processor is expected to produce a Privacy Manual. The Manual serves as a guide or handbook for ensuring the compliance of an organization or entity with the DPA, its Implementing Rules and Regulations (IRR), and other relevant issuances of the National Privacy Commission (NPC). It also encapsulates the privacy and data protection protocols that need to be observed and carried out within the organization for specific circumstances (e.g., from collection to destruction), directed toward the fulfillment and realization of the rights of data subjects.
We may collect and store personal or other information that you voluntarily supply to us online. The Site collects personally identifying information from our users during online registration and online purchasing. Generally, this information includes first name, last name,email address, mobile number and desired password for creating FREE account or opt-in purposes and full name, postal address, and credit card information when registering for our events or purchasing our products. All of this information is provided to us by you.
We also collect and store information that is generated automatically as you navigate online through the Site. For example, we may collect information about your computer’s connection to the Internet, which allows us, among other things, to improve the delivery of our web pages to you and to measure traffic on the Site. If you have accessed our site via a social media platform, such as Facebook, we may collect information related to your social media account, such as your handle or identifier on that platform. We also may use a standard feature found in browser software called a “cookie” to enhance your experience with the Site, and web beacons, to access cookies, count users who visit the Site, or open HTML-formatted email messages.
We use the information we collect from you while you are using the Site in a variety of ways, including using the information to customize features; advertising that appear on the Site; and, making other offers available to you via email, direct mail or otherwise. We also may provide your information to third parties, such as service providers, contractors and third-party publishers and advertisers for a variety of purposes. Unless you inform us in accordance with the process described below, we reserve the right to use, and to disclose to third parties, all of the information collected from and about you while you are using the Site in any way and for any purpose, such as to enable us or a third party to provide you with information about products and services.
Please keep in mind that whenever you voluntarily make your personal information available for viewing by third parties online – for example on message boards, web logs, through email, or in chat areas – that information can be seen, collected and used by others besides us. We cannot be responsible for any unauthorized third-party use of such information.
Please also note that as our business grows, we may buy or sell various assets. In the unlikely event that we sell some or all of our assets, or one or more of our websites is acquired by another company, information about our users may be among the transferred assets.
- We take our customer’s privacy seriously and we will only collect, record, hold, store, disclose, transfer and use your personal information as outlined below.
- We will only keep your information for as long as we are either required to by law or as is relevant for the purposes for which it was collected.
Definition of Terms
- “Data Subject” – refers to an individual whose personal, sensitive personal or privileged information is processed by the organization. It may refer to officers, employees, consultants, and clients of this organization.
- “Personal Information” – refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
- “Processing” refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
- “ Company or Organization” - refers to Openmind.ph Incorporated or Openmin.ph
- “Personnel” - refers to consultants, officers, employees, instructors, its successors, representatives/affiliates, and assigns and all other person within the organization.
- “Products” - refers to digital information products and services inside the platform of the company.
- “Orders or Purchase” - refers to purchase, enroll or access products and services whether digital form, service or live events inside the platform of the company.
- “Client” - refers to any person who paid for products and services inside the platform.
Scope and Limitations
Processing of Personal Data
Collection of Personal Information
When you create an OpenMind.ph account, or otherwise provide us with your personal information through the Platform and store in connection with the provision and fulfillment of our services, the personal information we collect will include the following:
- Full Name
- Residential Address
- Email Address
- Contact Number
- Date of Birth
The information above-mentioned must be accurate, not misleading and must be updated from time to time. We reserve the right to request the submission of documents to verify the information provided by you.
We will only be able to collect your personal information if you voluntarily submit the information to us. If you choose not to submit your personal information to us or subsequently withdraw your consent, we may not be able to provide you with our Services. You may access and update your personal information submitted to us at any time as described below.
If you provide personal information of any third party to us, we assume that you have obtained the required consent from the relevant third party to share and transfer his/her personal information to us.
- This company collects the basic contact information of students, members, any person who wants to have free access to Openmind.ph platform, clients and customers, including their full name, residential address, email address, contact number, date of birth and gender and will collect such information through accomplished online forms.
How We Use Personal Information
The personal information we collect from you will be used, or shared with third parties (including related companies, third party service providers, and third party sellers), for some or all of the following purposes:
- To process orders you submit through the Platform. Payments that you make through the Platform will be processed by a third party service provider, either Dragonpay or Paypal;
- To fulfill the products you have purchased through the Platform;
- To update you on the fulfillment of the products;
- Further, we will use the information you provided to administer your account (if any) with us; audit the downloading of data from the Platform; improve the layout and/or content of the pages of the Platform and customize them for users; identify visitors on the Platform; carry out research on our users’ demographics and behavior; provide you with information we think you may find useful or which you have requested from us, including information about our or third party sellers’ products and services, provided you have indicated that you have not objected to being contacted for these purposes;
- To send you marketing and/or promotional materials about our or third party sellers’ products and services from time to time. You can unsubscribe from receiving marketing information at any time by using the unsubscribe function within the electronic marketing material;
- To send you newsletters from us and from our related companies;
- To contact you, when you have opted in to receive email messaging; to respond to your email inquiries. Specifically, when Visitors or Members send email inquiries to us, the return email address is used to answer the email inquiry we receive. We do not use the return email address for any other purpose, or share it with third parties. To send you text notifications and announcement; and
- In exceptional circumstances, OpenMind.ph may be required to disclose personal information, such as when there are grounds to believe that the disclosure is necessary to prevent a threat to life or health, or for law enforcement purposes, or for fulfilment of legal and regulatory requirements and requests.
Storage, Retention and Destruction
- This company will ensure that personal data under its custody are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. The company will implement appropriate security measures in storing collected personal information, depending on the nature of the information. All information gathered shall not be retained for a period longer than one (1) year from the last log-in in openmind.ph or open of email from openmind.ph After one (1) year from the last log-in in openmind.ph or open of email from openmind.ph, all hard and soft copies of personal information shall be disposed and destroyed, through secured means.
Accessing & Updating Your Personal Information
Due to the sensitive and confidential nature of the personal data under the custody of the company, only the client and the authorized representative of the company shall be allowed to access such personal data, for any purpose, except for those contrary to law, public policy, public order or morals.
- You can update your personal information anytime by accessing your account on the OpenMind.ph Platform, contacting our support team or by contacting us at our e-mail address below . If you do not have an account with us, you can do so by contacting us at our e-mail address below.
- We take steps to share the updates to your personal information with third parties and our affiliates with whom we have shared your personal information if your personal information is still necessary for the above stated purposes.
- If you would like to view the personal information we have on you or inquire about the ways in which your personal information has been or may have been used or disclosed by OpenMind.ph within the past year, please contact us at our e-mail address below. We reserve the right to charge a reasonable administrative fee for retrieving your personal information records.
Disclosure and Sharing
- OpenMind.ph may share your personal information with employees, personnel third parties and our affiliates for the above mentioned purposes, specifically, completing a transaction with you, providing free consultation, managing your account and our relationship with you, marketing and fulfilling any legal or regulatory requirements and requests as deemed necessary by OpenMind.ph.
- In sharing your personal information with them, we endeavor to ensure that the third parties and our affiliates keep your personal information secure from unauthorized access, collection, use, disclosure, or similar risks and retain your personal information only for as long as they need your personal information to achieve the abovementioned purposes.
- In disclosing or transferring your personal information to third parties and our affiliates located overseas, OpenMind.ph take steps to ensure that the receiving jurisdiction has in place a standard of protection accorded to personal information that is comparable to the protection under or up to the standard of the Data Privacy Act of 2012, and its implementing rules and regulations.
- OpenMind.ph does not engage in the business of selling customers’ personal information to third parties.
- All employees and personnel of the company shall maintain the confidentiality and secrecy of all personal data that come to their knowledge and possession, even after resignation, termination of contract, or other contractual relations. Personal data under the custody of the company shall be disclosed only pursuant to a lawful purpose, and to authorized recipients of such data.
Withdrawal of Consent
- You may communicate your objection to our continual use and/or disclosure of your personal information for any of the purposes and in the manner as stated above at any time by contacting us at our e-mail address below.
- Please note that if you communicate your objection to our use and/or disclosure of your personal information for the purposes and in the manner as stated above, depending on the nature of your objection, we may not be in a position to continue to provide our products or services to you or perform on any contract we have with you. Our legal rights and remedies are expressly reserved in such event.
OpenMind.ph ensures that all information collected will be safely and securely stored. We protect your personal information by:
- Restricting access to personal information
- Maintaining technology products to prevent unauthorized computer access
- Securely destroying your personal information when it is no longer needed for any legal or business purpose
If you believe that your privacy has been breached by OpenMind.ph, please contact us at our e-mail address below.
Your password is the key to your account. Please use unique numbers, letters and special characters, and do not share your OpenMind.ph password to anyone. If you do share your password with others, you will be responsible for all actions taken in the name of your account and the consequences. If you lose control of your password, you may lose substantial control over your personal information and other information submitted to OpenMind.ph. You could also be subject to legally binding actions taken on your behalf. Therefore, if your password has been compromised for any reason or if you have grounds to believe that your password has been compromised, you should immediately contact us and change your password. You are reminded to log off of your account and close the browser when finished using a shared computer.
OpenMind.ph does not sell products for purchase by children. If you are under 18 years old, you may use our website only with the involvement of a parent or guardian.
Collection of Computer Data
When you visit Openmind.ph, our company servers will automatically record information that your browser sends whenever you visit a website. This data may include:
- Your computer's IP address
- Browser type
- Webpage you were visiting before you came to our Platform
- The pages within the Platform which you visit
- The time spent on those pages, items and information searched for on the Platform, access times and dates, and other statistics.
This information is collected for analysis and evaluation in order to help us improve our website and the services and products we provide.
Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. They allow us to recognize a particular device or browser and help us to personalize the content to match your preferred interests more quickly, and to make our Services and Platform more convenient and useful to you.
You may be able to manage and delete cookies through your browser or device settings. For more information on how to do so, visit the help material of your browser or device.
Web beacons are small graphic images that may be included on our Service and the Platform. They allow us to count users who have viewed these pages so that we can better understand your preference and interests.
No Spam, Spyware, or Virus
Spam, spyware or virus is not allowed on Platform. Please set and maintain your communication preferences so that we send communications to you as you prefer. You are not licensed or otherwise allowed to add other users (even a user who has purchased an item from you) to your mailing list (email or physical mail) without their express consent. You should not send any messages which contain spam, spyware or virus via the Platform. If you would like to report any suspicious messages, please contact us at our email address below.
Organization Security Measures
Data Protection Officer (DPO), or Compliance Officer for Privacy (COP)
- The designated Data Protection Officer is Mr/Ms___________________, who is concurrently serving as the ____________ of the organization.
Functions of the DPO, COP and/or any other responsible personnel with similar functions
- The Data Protection Officer shall oversee the compliance of the organization with the DPA, its IRR, and other related policies, including the conduct of a Privacy Impact Assessment, implementation of security measures, security incident and data breach protocol, and the inquiry and complaints procedure.
Conduct of trainings or seminars to keep personnel, especially the Data Protection Officer updated vis-à-vis developments in data privacy and security
- The organization shall sponsor a mandatory training on data privacy and security at least once a year. For personnel directly involved in the processing of personal data, management shall ensure their attendance and participation in relevant trainings and orientations, as often as necessary.
Conduct of Privacy Impact Assessment (PIA)
- The organization shall conduct a Privacy Impact Assessment (PIA) relative to all activities, projects and systems involving the processing of personal data. It may choose to outsource the conduct a PIA to a third party.
Recording and documentation of activities carried out by the DPO, or the organization itself, to ensure compliance with the DPA, its IRR and other relevant policies.
- The organization shall have recording and documentation of activities carried out by the DPO, or the organization itself, to ensure compliance with the DPA, its IRR and other relevant policies.
Duty of Confidentiality
- All personnel, consultants, officers, employees, instructors, its successors, representatives/affiliates, and assigns and all other person within the organization will be asked to sign a Non-Disclosure Agreement. All personnel, consultants, officers, employees, instructors, its successors, representatives/affiliates, and assigns and all other person within the organization with access to personal data shall operate and hold personal data under strict confidentiality if the same is not intended for public disclosure.
Review of Privacy Manual
- This Manual shall be reviewed and evaluated annually. Privacy and security policies and practices within the organization shall be updated to remain consistent with current data privacy best practices.
B. Physical Security Measures
Format of data to be collected
- Personal data in the custody of the organization may be in digital/electronic format and paper-based/physical format.
Storage type and location
- All personal data being processed by the organization shall be stored in a data room, where paper-based documents are kept in locked filing cabinets while the digital/electronic files are stored in cloud servers, computers and provided and installed by the company.
Access procedure of agency personnel
- Only authorized personnel shall be allowed inside the data room. For this purpose, they shall each be given a duplicate of the key to the room. Other personnel may be granted access to the room upon filing of an access request form with the Data Protection Officer and the latter’s approval thereof.
Monitoring and limitation of access to room or facility
- All personnel authorized to enter and access the data room or facility must fill out and register with the online registration platform of the organization, and a logbook placed at the entrance of the room. They shall indicate the date, time, duration and purpose of each access.
Design of office space/work station
- The computers are positioned with considerable spaces between them to maintain privacy and protect the processing of personal data.
Persons involved in processing, and their duties and responsibilities
- Persons involved in processing shall always maintain confidentiality and integrity of personal data. They are not allowed to bring their own gadgets or storage device of any form when entering the data storage room.
Modes of transfer of personal data within the organization, or to third parties
- Transfers of personal data via electronic mail shall use a secure email facility with encryption of the data, including any or all attachments. Facsimile technology shall not be used for transmitting documents containing personal data.
Retention and disposal procedure
- The organization shall retain the personal data of a client for one (1) year from the last log-in in openmind.ph or open of email from openmind.ph After one (1) year from the last log-in in openmind.ph or open of email from openmind.ph, all hard and soft copies of personal information shall be disposed and destroyed, through secured means.
C. Technical Security Measures
Monitoring for security breaches
- The organization shall use an intrusion detection system to monitor security breaches and alert the organization of any attempt to interrupt or disturb the system.
Security features of the software/s and application/s used
- The organization shall first review and evaluate software applications before the installation thereof in computers and devices of the organization to ensure the compatibility of security features with overall operations.
Process for regularly testing, assessment and evaluation of effectiveness of security measures
- The organization shall review security policies, conduct vulnerability assessments and perform penetration testing within the company on regular schedule to be prescribed by the appropriate department or unit.
Encryption, authentication process, and other technical security measures that control and limit access to personal data
- Each personnel with access to personal data shall verify his or her identity using a secure encrypted link and multi-level authentication.
Breach and Security Incidents
Creation of a Data Breach Response Team
- A Data Breach Response Team comprising of five (5) officers shall be responsible for ensuring immediate action in the event of a security incident or personal data breach. The team shall conduct an initial assessment of the incident or breach in order to ascertain the nature and extent thereof. It shall also execute measures to mitigate the adverse effects of the incident or breach.
Measures to prevent and minimize occurrence of breach and security incidents
- The organization shall regularly conduct a Privacy Impact Assessment to identify risks in the processing system and monitor for security breaches and vulnerability scanning of computer networks. Personnel directly involved in the processing of personal data must attend trainings and seminars for capacity building. There must also be a periodic review of policies and procedures being implemented in the organization.
Procedure for recovery and restoration of personal data
- The organization shall always maintain a backup file for all personal data under its custody. In the event of a security incident or data breach, it shall always compare the backup with the affected file to determine the presence of any inconsistencies or alterations resulting from the incident or breach.
- The Head of the Data Breach Response Team shall inform the management of the need to notify the NPC and the data subjects affected by the incident or breach within the period prescribed by law. Management may decide to delegate the actual notification to the head of the Data Breach Response Team.
Documentation and reporting procedure of security incidents or a personal data breach
- The Data Breach Response Team shall prepare a detailed documentation of every incident or breach encountered, as well as an annual report, to be submitted to management and the NPC, within the prescribed period.
YOU ACKNOWLEDGE AND AGREE THAT OPENMIND.PH HAS THE RIGHT TO DISCLOSE YOUR PERSONAL INFORMATION TO ANY LEGAL, REGULATORY, GOVERNMENTAL, TAX, LAW ENFORCEMENT OR OTHER AUTHORITIES OR THE RELEVANT RIGHT OWNERS, IF OPENMIND.PH HAS REASONABLE GROUNDS TO BELIEVE THAT DISCLOSURE OF YOUR PERSONAL INFORMATION IS NECESSARY FOR THE PURPOSE OF MEETING ANY OBLIGATIONS, REQUIREMENTS OR ARRANGEMENTS, WHETHER VOLUNTARY OR MANDATORY, AS A RESULT OF COOPERATING WITH AN ORDER, AN INVESTIGATION AND/OR A REQUEST OF ANY NATURE BY SUCH PARTIES. TO THE EXTENT PERMISSIBLE BY APPLICABLE LAW, YOU AGREE NOT TO TAKE ANY ACTION AND/OR WAIVE YOUR RIGHTS TO TAKE ANY ACTION AGAINST OPENMIND.PH FOR THE DISCLOSURE OF YOUR PERSONAL INFORMATION IN THESE CIRCUMSTANCES.
Inquiries and Complaints
- Data subjects may inquire or request for information regarding any matter relating to the processing of their personal data under the custody of the organization, including the data privacy and security policies implemented to ensure the protection of their personal data. They may write to the organization at email@example.com and briefly discuss the inquiry, together with their contact details for reference.
- Complaints shall be filed in three (3) printed copies, or sent to firstname.lastname@example.org. The concerned department or unit shall confirm with the complainant its receipt of the complaint.
- If you wish to withdraw your consent to our use of your personal information, request access and/or correction of your personal information, have any queries, comments or concerns, or require any help on technical or cookie-related matters, please feel free to contact us (and our Data Protection Officer) at ___________________.
This section indicates the period of effectivity of the Manual, as well as any other document that the organization may issue, and which has the effect of amending the provisions of the Manual.
- The provisions of this Manual are effective this __ day of _______, 2018, until revoked or amended by this company, through a Board Resolution.
Feedback on our Privacy Notice
If you have suggestions with regards to our privacy notice, you may reach us through this form.
Hey there! I'm ____. Ask me anything about data privacy!
What is your name?
What is your email address? [Please indicate a valid e-mail address so we can get back to you as soon as we can!]
What is your concern about?
Kindly explain your concern. Please be as detailed as possible.