I. Our Commitment to Privacy
II. How we collect your Personal Data
i.) Information You Provide to Us
We collect the information that you directly provide to us, such as when you enter it on our website, or include personal information in an e-mail that you send to us. This type of collection often occurs through our website or in the course of performing our legal services, such as:
a) Personal Data you provide when you complete forms available on the Website;
b) Personal Data you provide when you contact us;
c) Personal Data provided to us in connection of an attorney-client relationship you may have with us;
d) Personal Data you provide in connection with your application for employment with Castillo & Bello Law.
ii.) Automatic Information Collection
We may also automatically or passively collect information about your use of our site. Data collected in this manner may include:
a) Details of visits to our Website, including the volume of traffic received;
b) Logs and the resources that you have accessed;
c) Devices you have used to access such information;
d) Physical or geographic location data, such as country, region, city. Technologies used in our Services to passively collect such information may include:
Cookies. Small data files placed on a devices hard drive.
Embedded Scripts. Programming code that is temporarily downloaded onto a device, and is active only while you are connected to our website, and is deactivated or deleted thereafter.
III. Why we collect your Personal and Non-personal Data
i.) We process your personal data based on our legitimate interest to function effectively as a business.
a) To continuously provide you with better service and meet your needs.
We process data to determine your usage of our Website. We do so in order to provide you a better overall experience and ease of use when you visit our website.
b) To continuously improve our business and operations.
We process your Personal Information such as contact details in order to facilitate an effective communication between you and our Firm. This includes responses to requests for information submitted by you through the Website or in connection with your employment with Castillo & Bello Law.
ii.) We process your personal data to comply with a legal obligation including the monitoring of web traffic and ensuring the security of our site from possible technological threats.
a) To detect security incidents and to protect against malicious, deceptive, fraudulent, or illegal activity.
In order to help protect you and others, we may use the data we collect and receive in order to identify fraudulent activities and transactions; prevent abuse of and investigate and/or prosecute any potential threat to or misuse of our Services.
b) To generally comply with Philippine laws, rules and regulations.
IV. When do we store, use, share and disclose our site visitors' information?
i.) We do not share the information you provide to us without your consent. However, we wish to inform you as follows:
b) Our company is hosted by a third-party platform provider. This platform provides us with an online domain, server support, and online tools that allows us to inform you of our services. The data gathered in our site may be stored through our provider’s data storage, databases and general applications. They store your data on secure servers behind a firewall.
ii.) Law enforcement and government agencies, but only when required by laws and regulations and other lawful orders and processes.
There are circumstances where we may need to share some of the information that you have provided to us. In these cases, we ensure that your personal data is disclosed on a confidential basis, through secure channels, and only in compliance with applicable privacy laws and regulations.
We will never share, rent, or sell your personal data to third parties outside of Castillo & Bello Law except in special circumstances where you may have given your consent for, and as described in this statement.
V. Security and Retention
i.) We keep your information only for as long as necessary for the fulfillment of the purposes for which the information was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law, and in no case longer than a year from the concerned visit;
ii.) We ensure that third parties processing personal information on our behalf shall implement regular monitoring for security breaches.
iii.) We restrict access to your information only to qualified and authorized personnel who handle your information with strict confidentiality.
iv.) We promptly notify you and the National Privacy Commission, when personal information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person;
v.) We let you update your information securely to keep our records accurate.
vi.) The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
VI. What you can ask of us
i.) We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please reach us through firstname.lastname@example.org.
ii.) As may be warranted by circumstances, we honor a data subject’s rights under the Data Privacy Act of 2012 and its implementing rules and regulations, viz.:
a) The right to be informed.
The data subject has a right to be informed whether personal data pertaining to him or her will be, are being, or were processed.
b) The right to be furnished information with the following information at the next practical opportunity.
• Description of the personal information to be entered into the system;
• Purposes for which you are being or are to be processed;
• Scope and method of the personal information processing;
• The recipients or classes of recipients to whom you are or may be disclosed;
• Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized; including meaningful information about the logic involved, as well as the significance and the expected consequences of such processing for the data subject;
• The identity and contact details of the personal information controller or its representative;
• The period for which the information will be stored; and
• The existence of their rights, i.e., to access, correction, as well as the right to lodge a complaint before the Commission.
c) The right to object. You have the right to the processing of your personal data, including processing for direct marketing, automated processing or profiling. You shall be given an opportunity to withhold consent in case of any amendment to the information supplied to the data subject under the right to be informed.
We shall not process the personal data without consent unless:
• The personal data is needed pursuant to a subpoena;
• The collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which the data subject is a party, or when necessary or desirable in the context of an employer-employee relationship between the collector and the data subject;
• The information is being collected and processed because of a legal obligation. d) The right to access. You have the right to to reasonable access to, upon demand, the following:
• Contents of your personal data that were processed;
• Sources from which your personal data were obtained;
• Names and addresses of recipients of the personal data;
• Manner by which such data were processed;
• Reasons for the disclosure of the personal data to recipients, if any;
• Information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the data subject;
• Date when his or her personal data concerning the data subject were last accessed and modified;
• The designation, name or identity, and address of the personal information controller.
d) The right to suspend, withdraw or order the blocking, removal or destruction of your personal data from the personal information controller’s filing system.
This right may be exercised upon discovery and substantial proof of any of the following:
• The personal data is incomplete, outdated, false, or unlawfully obtained;
• The personal data is being used for a purpose not authorized by the data subject;
• The personal data is no longer necessary for the purposes for which they were collected;
• The data subject withdraws consent or objects to the processing of his or her information, and there is no other legal ground or overriding legitimate interest for the processing;
• The personal data concerns private information that is prejudicial to data subject, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;
• The processing is unlawful;
• The personal information controller or personal information processor violated the rights of the data subject.
The personal information controller may notify third parties who have previously received such processed personal information.
e) The right to damages. You shall be indemnified for any damages sustained due to such false, incomplete, outdated, unlawfully obtained or unauthorized use of personal data, considering any violation of your rights and freedoms as a data subject.
f) Transmissibility of rights. Your lawful heirs and assigns may invoke your rights at any time after your death or when you are incapacitated or incapable of exercising your rights.
g) The right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format
h) Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data.
Any information supplied or declaration made to the you on these matters shall not be amended without prior notification to you: Provided, That the notification under this section, subsection (e), shall not apply should the personal information be needed pursuant to a subpoena or when the collection and processing are for obvious purposes, including when it is necessary for the performance of or in relation to a contract or service or when necessary or desirable in the context of an employer-employee relationship, between the collector and the data subject, or when the information is being collected and processed as a result of legal obligation;
Your data protection rights, described above, are covered by the Philippine Data Privacy Act of 2012. To find out more, visit the official National Privacy Commission’s Website at https://www.privacy.gov.ph/data-privacy-act/
Last updated: 01/26/2021