DATA PRIVACY NOTICE
As an organizational institution that processes personal information for membership purposes, the Association is duty bound to comply with all relevant privacy and data protection laws, particularly the provisions of Republic Act No. 10173 or the Data Privacy Act of 2012 (hereafter referred to as “DPA” for brevity) and its implementing rules. If you are a member or a registrant to our organization, know that this data privacy notice refers to your personal data.
As such, Road Engineering of the Philippines, is issuing this Data Privacy Notice, which explains in general terms the legal bases for the processing of personal information that it collects from members and registrants—collectively known as data subjects. It sets out the categories of personal data collected by the Association and provides for the purpose and extent of processing, securing and disposing of such personal data. More importantly, it enumerates the rights and remedies that data subjects may exercise and avail of, respectively, in relation to the protection of their data privacy.
Personal Data or Information We Collect, Acquire, or Process
We collect, acquire, or process your personal data in various ways. They may consist of written documents, photographic and video images, digital material, and other kind of records. In particular, these data, documents, and images are provided to us during your application for membership and registration to our events and stay with us as long as you are part of our Association. The following are examples:
- Personal details such as name, date and place of birth, gender, civil status, nationality, immigration status, religion and affiliations, disability;
- Contact information, such as addresses, email, mobile and telephone numbers, and social media accounts;
- Photographic and biometric data such as photos, CCTV videos, fingerprints, handwriting and signature specimens;
- Data issued by government agencies which include, but not limited to, social security numbers, passport identification numbers, health records, licenses, tax returns, criminal records and court proceedings;
- Employment information such as government-issued numbers, position, functions, employment history; and
- Financial and billing information
Methods of Data Collection
REAP collects personal data physically through printed forms, attachments and other documents; and electronically through online forms or via email.
Processing of Personal Data
Under the DPA, “processing” refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
Personal information shall only be processed if not prohibited by law and only when you have given your consent; pursuant to a contract with a data subject; for compliance with a legal obligation, for protection of vitally important interests, including life and health; respond to a national emergency; fulfill any legitimate interests pursued by REAP, except where such interests are overridden by your fundamental rights.
Sensitive personal information, such as age, date of birth, shall only be processed with your consent, when such is allowed by law, when there is need to protect the life and health of the data subject or another person and you are unable to legally and physically express consent; or for the protection of the rights and interests of natural or legal persons in court proceedings; for the establishment, exercise or defense of legal claims; or where required by government or public authority.
Purposes of Data Collection
To the extent allowed by law, REAP will use your personal data only to pursue legitimate interests as an organizational institution, including for membership and payment processing, administrative, research, and statistical purposes. The DPA imposes stricter rules for processing of sensitive personal information and privileged information, and we are committed to comply with those rules.
Personal data are collected in order for REAP to exercise its rights, fulfill its contractual obligations to you, to protect your interests, including your life and health, or for the pursuit of the legitimate interests of the Association, and further its mission as a duly accredited organizational institution. REAP may require your consent for any specific use of your personal data.
Pursuant to Section 1, Rule V of the Implementing Rules and Regulations of the DPA, information obtained from you shall be processed for any of the following legitimate educational interests of the Association:
- Processing of application for membership
- Processing of registration for an event
- Processing of payment for registration
- Communicating official organization announcements
- Documentation for directories and membership records
- Disclosure of personal data to proper authorities, such as the Department of Health, especially during health emergencies
- Maintaining safety and security
- Marketing and publicity of the Association
- Research purposes, such as evaluation for the improvement of programs, services and facilities and professional development of officers and staff
Storage of Personal Data
Personal Data are stored physically in file management systems organized and maintained by the Association. Meanwhile, electronic records are stored in the servers, electronic devices, and cloud systems maintained and controlled by the Association.
Disclosure of Personal Data
REAP shall disclose personal data under its control and custody without need for consent only to authorized recipients of such data, such as organization officials who have legitimate institutional interest in the data.
These include the REAP Officers, persons employed by the Association in administrative, supervisory, research and support staff positions, as well as those employed in contractual and consultancy positions such as an attorney, auditor, event management provider and security officer.
The Association may also share your data externally to government and regulatory agencies such as the Bureau of Internal Revenue, accrediting institutions and organizations and other service providers as needed.
Otherwise, the Association shall obtain your consent prior to sharing your personal information with third parties, and consent shall be specific to such purpose.
Retention of Data
Unless otherwise provided by law or policies issued by the Association, the Association shall retain the membership records of its registrants and members perpetually for documentation, historical and research purposes. Data shall be retained for as long as necessary for the fulfillment of the Association’s legitimate interests.
When personal data is no longer needed, the Association shall ensure that data are securely destroyed, shredded and permanently deleted.
Access to and Correction or Updating of Personal Data
You have the right to access any of your personal and sensitive personal information processed by the Association by requesting documents from relevant offices or through the Association’s information systems. For security purposes, the Association shall require you to present proof of identification or other documents to verify your identity. Should you be unable to access them personally, the Association shall require you to provide a letter of authorization, your membership ID and the government-issued ID of your representative. The letter of authorization shall only be specific to such request.
The law defines “personal data breach” as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
In case of breach, the Association shall take necessary steps to mitigate its harmful effects and shall notify you and the National Privacy Commission (NPC) within 72 hours upon knowledge of the breach. The Association shall also notify you and the NPC when there is reasonable belief that a data breach has occurred.
REAP recognize your rights with respect to your personal data, as provided by the DPA. If you wish to exercise any of your rights under the DPA, or if you have questions and concerns about the processing of your personal information, this Notice, or any matter involving data privacy and the REAP, you may contact the Secretariat through any of the following channels:
Email to: [email protected]
Road Engineering Association of the Philippines, Panay Avenue,
Quezon City, Metro Manila 1102, Philippines
Amendments and Modifications
REAP reserves the right to modify or amend this Data Privacy Notice at any time and without prior notice. You will be notified by such amendments via the Association’s website or through email.
I have carefully read, understood and agree voluntarily to adhere to the above REAP Data Privacy Notice. I also have given freely my consent for REAP to use and share my personal information for the abovementioned purposes.