1. Personal Data We Collect

A. Personal Information

• Full name
• Email address
• Contact number
• Company name and position
• Address
• Visitor log details
• CCTV recordings
• Participant or trainee information

B. Sensitive Personal Information (when necessary)

• Government-issued IDs
• Financial information
• Other information classified as sensitive under the Data Privacy Act
• Sensitive Personal Information is collected only when necessary and with appropriate lawful basis.

C. Technical Information

• IP address
• Browser type
• Device information
• Cookies and usage data

2. Lawful Basis for Processing

• Consent of the data subject
• Performance of a contract
• Compliance with legal obligations
• Legitimate business interests (provided these are not overridden by your rights)

3. Purpose of Processing

Personal data is processed for the following primary purposes:

• Responding to inquiries
• Providing ICT services (professional services, managed services, staff augmentation, training, testing)
• Contract management
• Account management
• Security monitoring (including CCTV)
• System administration and cybersecurity

Secondary purposes (when applicable and with proper basis):

• Service improvement and analytics
• Marketing communications (with consent)
• Business development activities

We do not process personal data for purposes incompatible with those stated above.

4. Methods of Collection

• Through website forms
• During contract negotiations
• Via email and official communications
• During events and training sessions
• Through CCTV systems
• Through cookies and analytics tools

5. Storage and Security Measures

Personal data is stored:

• In secured servers or encrypted cloud systems
• In access-controlled physical storage areas

We implement:

• Encryption (data at rest and in transit)
• Role-based access control
• Strong authentication measures
• Firewalls and endpoint protection
• Regular vulnerability assessments
• Data Processing Agreements with service providers

6. Data Sharing and Disclosure

• Government agencies (when legally required)
• Accredited service providers (IT providers, cloud services, logistics partners)
• Professional advisors (legal, accounting)
• Clients (when required for service delivery)

All disclosures are covered by appropriate Data Sharing Agreements or Data Processing Agreements in compliance with NPC requirements. We do not sell personal data.

7. Cross-Border Transfers

• Adequate safeguards are in place
• The recipient complies with applicable data protection standards
• Contracts contain appropriate data protection clauses

8. Retention Period

• Contract records: Duration of contract + up to 5 years
• Financial records: As required under tax and accounting laws
• CCTV footage: Typically retained for 30–90 days unless needed for investigation
• Marketing data: Until consent is withdrawn

After the retention period, data is securely deleted or anonymized.

9. Secure Disposal

Physical Records

• Shredding
• Secure document destruction

Electronic Records

• Secure wiping
• Permanent deletion
• Anonymization

Disposal follows NPC Circular No. 2022-01 and internal data lifecycle policies.

10. Risks and Mitigation Measures

We recognize risks such as:

• Unauthorized access
• Cyberattacks
• Human error
• Accidental loss

To mitigate these, we implement:

• Information Security Policies
• Access controls
• Employee confidentiality agreements
• Incident response procedures
• Regular staff privacy training

11. Automated Processing

DSI does not use automated decision-making that significantly affects data subjects without human intervention.

If profiling or automated tools are used (e.g., analytics), these are solely for system optimization and service improvement.

12. Rights of Data Subjects

Under the Data Privacy Act, you have the right to:

• Be informed
• Access your personal data
• Rectify incorrect data
• Erasure or blocking
• Object to processing
• Data portability
• File a complaint with the NPC
• Claim damages

To exercise your rights, please contact our Data Protection Officer.

13. Contact Details

Data Protection Officer

Email: dataprotection@d-source.com.ph

Address: Brgy. Mataas na Lupa, Lipa City, Batangas

You may also lodge complaints with the National Privacy Commission at www.privacy.gov.ph.

14. Updates to This Privacy Notice

This Privacy Notice may be updated from time to time. Updates will be posted on our official website.