The City Government of Muntinlupa (CGM) values your privacy and is dedicated to protecting your personal data in compliance with the Data Privacy Act (DPA) of 2012 (Republic Act No. 10173).
This Privacy Notice explains how we process and protect your personal data.
This Privacy Notice is for the CGM's Website.
Personal Data Collected and Manner of Collection:
We collect the following personal data from you when you manually or electronically submit your applications, inquiries, or requests using our Downloadable Forms and Online Services:
- Name
- Residential Address
- Gender
- Age
- Birthday
- Contact information, including email address
- Identification cards including the signature and photograph thereon
- Other information relevant to an individual’s applications, inquiries, or requests.
We may also collect your personal data from other sources through [if applicable, enumerate methods of collection of data indirectly from the data subject, e.g., data is collected from other sources other than the data subjects themselves, collected from third parties, from our partners.
Basis, Use, and Purpose for Processing of Personal Data:
Your personal data is used for the following purposes:
- To document and process your applications, inquiries, or requests within the CGM.
- To provide you with updates on your applications, inquiries, or requests.
- To improve our services.
- To address any requests related to your data privacy rights.
We may also process your personal data with or without your consent. This includes situations where processing aligns with our mandate or is permitted under Sections 12 or 13 of the DPA.
Methods utilized for automated access:
We use G Site Kit to analyze our website traffic data and improve our services. This service uses cookies. Data generated is not shared or used to identify you. The data is solely used to enhance the website according to client preferences.
The following data are processed for this purpose:
- Information about the site's visits
- Timestamp upon access to the website
- Geolocation
- Device used
Disclosure of Personal Data:
We do not share personal data with any other party unless allowed by Sections 12 or 13 of the DPA.
Risks Involved:
Risk refers to potential harm or danger to individuals or organizations. This can happen through unauthorized collection, use, disclosure, or access to personal data, affecting confidentiality, integrity, and availability. We ensure security measures to safeguard personal information, but absolute protection is not guaranteed, especially against cyberattacks or unauthorized access. However, we have policies in place to manage security incidents, which align with existing National Privacy Commission (NPC) policies, circulars, and other guidelines.
Data Protection and Security Measures:
We use reasonable and appropriate technical, physical, and organizational security measures to protect personal data from unauthorized disclosure, misuse, alteration, loss, or destruction.
We implement the following mechanisms to protect your data:
- Access Control and Security Measures
- Comprehensive Security Policies
- Data Protection and Compliance
- Human Resources Management for Privacy
Storage, Retention, and Disposal:
We store personal data on our secure computers and servers and may also use cloud-based third-party storage. Physical records are stored in our storage facilities within our office premises. But your information is always protected, regardless of where it is stored
We keep your personal data only for as long as necessary to fulfill the purpose/s for which they were collected, following our Record Disposition Retention Schedule/ Policy and the National Archive of the Philippines Act of 2007.
After the retention period ends, we will securely dispose of your personal data according to our Record Disposition Schedule/Policy. This includes shredding physical records and either deleting or anonymizing electronic data to prevent any further use or access.
Rights of a Data Subject:
Under the DPA, you have the following rights:
- Right to be informed. You have the right to know how we collect, use, store, share, and dispose of your data. We share this information with you through our Privacy Notices.
- Right to object. If the personal data processing involved is based on consent or legitimate interest.
- Right of access. You have the right to request information about how we use, store, disclose, or protect your personal data.
- Right to rectification. You have the right to request modifications or corrections to your personal data if it is inaccurate, outdated, or false.
- Right to erasure or blocking. You have the right to request the deletion of your personal data or ask us to stop using your data for specific purposes.
- Right to data portability. You have the right to request that we transfer your personal data to another organization, or directly to you, under certain circumstances.
- Right to file a complaint and ask for damages. If you believe your rights as a data subject have been violated or if you have suffered damages due to any issues with your personal data, you can reach out to our Data Privacy Committee for assistance. If we cannot resolve your concerns or if you are unsatisfied with our response, you have the right to file a complaint with the NPC.
If you have privacy concerns, believe your personal data has been breached, or feel your rights as a data subject have been violated, you can fill out our Data Subject Request (DSR) Form and submit it together with the form all the supporting documents necessary to facilitate your request and verify your identity.
To access the form, scan the QR Code below.
Changes to the Privacy Notice:
We reserve the right to update or revise this privacy notice at any time and will issue a new one whenever there are significant changes. Previous versions of the privacy notice can be provided to data subjects upon request.
Feedback on our Privacy Notice:
If you have any suggestions, comments, or concerns about our privacy notice, or if you have questions about our data privacy practices, you can reach out to:
Atty. NEMEI S. SANTIAGO
Data Protection Officer
[email protected]
095550677317
Date last updated: April 24, 2024