The Department of Labor and Employment (DOLE) recognizes and respects your right to data privacy, and is committed to protect your personal data in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA).

Basis
      DOLE may lawfully process your personal data pursuant to Sections 12 or Section 13 of the DPA and Rule V of its Implementing Rules and Regulations.

Personal Data Collected and Manner of Collection
      DOLE may collect personal data such as your name, address, email address and contact details, among others, depending on the transaction you made with DOLE.

      DOLE may collect personal data directly from you, as a data subject, through several means, including but not limited to the following:

• Forms;
• Our website (when you contact us, or when you fill in forms displayed on our website);
• E-mail correspondence;
• Postal mail;
• Cookies, or other similar technologies;
• In-person collection.

Use and Purpose of Personal Data
      Your personal data is utilized for purposes relative to your transaction with DOLE, such as:

• For documentation and processing of inquiries and requests within DOLE to enable us to properly address them and forward them to the appropriate internal units for appropriate action;
• To solicit feedback for the services we provide;
• To provide you with the appropriate updates and advisories in an appropriate format and orderly and timely manner;
• To comply with a legal obligation to which DOLE is subject;
• To comply with the requirements of public order and safety or to fulfill the functions of public authority, including processing personal data to fulfill DOLE's mandate;
• To be able to provide the appropriate action that a data subject may require concerning their data privacy rights;

      Moreover, we may collect other personal data that are relevant and necessary to perform our mandate of facilitating registration of labor organizations, workers’ associations and collective bargaining agreements, and serving as central registry of such registrations. 

Disclosure of Personal Data
      Personal Data processed by the DOLE is not shared with any other party except to other regulatory agencies or when it falls in the exemptions provided in Section 4 of the DPA, and unless such disclosure is allowed under Section 12 or 13 of the same law.

Risks Involved
      Risk refers to the potential of an incident to result in harm or danger to a data subject or organization. Risks may lead to the unauthorized collection, use, disclosure, or access to personal data. It includes risks involving the confidentiality, integrity, and availability of personal data or the risk that processing will violate the general data privacy principles and the rights of data subjects.

      DOLE ensures that adequate physical, technical, and organizational security measures are in place to protect personal information's confidentiality, integrity, and availability. However, this does not guarantee absolute protection against certain risks involving the processing of personal data, such as when systems are exposed to targeted cyberattacks, malware, ransomware, and computer viruses or when manual records are accessed without authority.

      However, adequate policies are in place to ensure appropriate security incident management in line with existing National Privacy Commission’s (NPC’s) policies, circulars, and other issuances.

Data Protection and Security Measures
      DOLE safeguards the confidentiality, integrity, and availability of your personal data by maintaining a combination of organizational, physical, and technical security measures based on generally accepted data privacy and information security standards. This includes encryption protocols such as AES-256, firewall configurations, secure cloud storage solutions, and IP address whitelisting for access control where applicable.

Storage and Retention
      DOLE stores files containing personal data in our computers and servers, which are kept in a secure environment. We may also store your personal data with cloud-based third-party data storage providers. We shall ensure that proper measures are adopted to protect your information.

      Personal data shall be stored in a database for 2 years after inquiries and requests are acted upon. After which, records shall be disposed of securely.

      Other categories of data may be kept longer than 2 years when its retention period is determined by other relevant laws and regulations.

Disposal
      Physical records shall be disposed of through shredding, while digital files shall be anonymized. In all instances, our manner of disposal shall ensure that the personal information shall no longer be retrieved, processed, or accessed by unauthorized persons.

Rights of a Data Subject
      Under the DPA, you have the right to the following:

• Right to be Informed;
• Right to Object;
• Right to Access;
• Right to Rectification;
• Right to Erasure or Blocking;
• Right to Data Portability;
• Right to Damages.

      For more information on Data Subject Rights, please see NPC Advisory No. 2021-01.

      The Data Subject may avail of the remedies under the DPA, its IRR and the NPC issuances, in case of breach of his/her rights.

Changes to the Privacy Notice
      DOLE reserves the right to update, amend or revise this privacy notice at any time and will provide a new privacy notice in case of substantial changes.

Feedback on our Privacy Notice
      For any suggestions or comments regarding DOLE’s Privacy Notice or Data Privacy Policies, you may reach us through our Data Protection Officer, Assistant Secretary Paul Vincent W. Añover, via this address: 7th Floor, DOLE Central Office Building, Intramuros, Manila, or email us at urwed@blr.dole.gov.ph.