1) Personal Information Controller (PIC) & Contact

PIC: RDAHUNAN I.T. Services (trading as “RDAHUNAN Privacy & Compliance Consulting”)
Registered email: rdahunanconsulting@protonmail.com
Data Protection Officer (DPO): DPO, RDAHUNAN I.T. Services — contact via the above email (subject: “DPO – Data Privacy Request”).

2) What We Collect

Depending on your interactions with us (email inquiry, discovery call, engagement, training, or events), we may process:

• Basic identifiers: name, company, role, contact details.
• Engagement data: scope, statements of work, invoices, audit evidence you provide, meeting records.
• Device/usage data: IP address, user agent, timestamps, and pages visited (for site security/analytics).
• Sensitive personal information (only if necessary): e.g., IDs or documents containing sensitive data for due diligence or mandated checks; processed with enhanced safeguards and minimized strictly to purpose.

We collect directly from you, from your authorized representatives, and—where lawful—from publicly available sources or contractors engaged by you for a project.

3) Lawful Bases & Purposes

We process personal data under one or more lawful criteria, including:

• Contract – to enter into and perform our consulting or training engagements.
• Legal obligation – invoicing, taxation, regulatory reporting, or lawful requests.
• Legitimate interests – securing systems, preventing fraud, managing relationships, improving services (balanced against your rights).
• Consent – for optional activities (e.g., marketing updates) or where required by law. You may withdraw consent at any time without affecting prior lawful processing. :contentReference[oaicite:1]{index=1}

We use data to: deliver services; manage accounts, billing, and support; conduct risk/privacy assessments; provide training; communicate proposals and updates; fulfill legal duties; and protect our platform and clients.

4) Disclosures & Recipients

We share personal data only as needed with: (a) you and your authorized representatives; (b) subcontractors or cloud providers under data processing agreements; (c) professional advisors (legal, tax) under confidentiality; and (d) government authorities when legally required. We prohibit unauthorized onward disclosure and apply proportionality and need-to-know principles. :contentReference[oaicite:2]{index=2}

5) International or Cross-Border Transfers

Where tools or subprocessors host or access data outside the Philippines, we implement appropriate safeguards and ensure comparable protection consistent with the DPA and NPC guidance. You may request a list of current subprocessors relevant to your engagement. :contentReference[oaicite:3]{index=3}

6) Retention

We retain personal data only for as long as necessary to fulfill the purposes above and to comply with legal, regulatory, accounting, or reporting requirements. When no longer needed, data are securely deleted or anonymized per documented schedules.

7) Security

We apply organizational, physical, and technical measures aligned with the DPA’s security requirements (e.g., access controls, encryption where appropriate, least-privilege, secure configurations, incident response, supplier due diligence). We also maintain breach reporting procedures consistent with NPC issuances. :contentReference[oaicite:4]{index=4}

8) Your Rights as a Data Subject

Under RA 10173, you have the rights to:

• Be informed and access your data; obtain copies in a portable form where applicable.
• Rectify inaccuracies and erase data when legally permissible.
• Object or restrict processing based on legitimate interests or for direct marketing.
• Data portability, and redress for damages for violations of your rights under the DPA.

Requests are subject to identity verification and applicable limitations under law (e.g., privilege, legal retention). :contentReference[oaicite:5]{index=5}

9) How to Exercise Your Rights

Email our DPO at rdahunanconsulting@protonmail.com with the subject “DPO – Data Privacy Request” and describe the right you wish to exercise. We will acknowledge, evaluate, and respond within reasonable periods set by NPC guidance. If you believe your rights have been violated, you may lodge a complaint with the National Privacy Commission. :contentReference[oaicite:6]{index=6}

National Privacy Commission — File a complaint or learn more at the NPC website. :contentReference[oaicite:7]{index=7}

10) Cookies, Analytics & Just-in-Time Notices

We use minimal cookies/telemetry necessary for basic site operations and security. Where additional analytics or new processing is introduced, we will display a just-in-time/context privacy notice and, where required, obtain consent separate from this notice. :contentReference[oaicite:8]{index=8}

11) Children’s Data

Our services target organizations and professionals. We do not knowingly collect children’s data. If you believe a child has provided personal data, contact our DPO to request deletion unless retention is legally required.

12) Automated Decision-Making

We do not rely on solely automated decisions that produce legal or similarly significant effects. If this changes, we will provide prior notice and appropriate safeguards per NPC guidance. :contentReference[oaicite:9]{index=9}

13) Updates to This Notice

We may revise this notice to reflect changes in practices or law. Substantial changes will be communicated through our website or direct notices where appropriate. Prior versions can be made available upon request. :contentReference[oaicite:10]{index=10}

Effective date: 13 September 2025 • Last reviewed: 13 September 2025 (Asia/Manila)