Skip to main content

Privacy Policy

Last updated: December 15, 2024

This Privacy Policy is issued in compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012, and its Implementing Rules and Regulations.

1. Introduction

Bantay Proyekto ("we," "us," or "the Platform") is committed to protecting the privacy and personal information of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform. By using Bantay Proyekto, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information (for registered users)

  • Full name
  • Email address
  • Password (encrypted)
  • Role (Citizen, Agency Representative)
  • Agency affiliation (for agency representatives)

2.2 Usage Information

  • Browser type and version
  • Pages visited and features used
  • Date and time of access
  • IP address (for security purposes)

2.3 Report Information

  • Report content and descriptions
  • Uploaded photos and documents
  • Project references
  • Contact information (if voluntarily provided)

3. How We Use Your Information

We process personal information based on the following lawful criteria under RA 10173:

  • Consent: When you register for an account or submit reports
  • Contractual necessity: To provide the services you request
  • Legal obligation: To comply with government transparency requirements
  • Legitimate interest: To improve our Platform and prevent fraud

Specifically, we use your information to:

  • Create and manage your account
  • Process and route citizen reports to appropriate agencies
  • Send notifications about report status updates
  • Verify agency representative credentials
  • Improve Platform functionality and user experience
  • Detect and prevent fraudulent or malicious activity

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

  • With Government Agencies: Reports submitted are shared with relevant agencies for action. Anonymous reporter identities are protected.
  • Public Project Information: Project data published by agencies is publicly accessible as mandated by FOI and RA 9184.
  • Legal Requirements: When required by law, court order, or government investigation.
  • Service Providers: With third-party providers who help operate the Platform (e.g., hosting, analytics), bound by confidentiality agreements.

We do not sell personal information to third parties for marketing purposes.

5. Data Retention

We retain personal information according to the following guidelines:

  • Account Data: Retained while your account is active, plus 1 year after deletion request
  • Project Records: Retained permanently as public records (government documents)
  • Citizen Reports: Retained for 5 years after resolution for audit purposes
  • Activity Logs: Retained for 1 year for security and analytics

6. Your Rights Under RA 10173

As a data subject, you have the following rights:

  • Right to be Informed: Know what data we collect and how we use it
  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to Object: Object to processing based on legitimate interest
  • Right to Data Portability: Receive your data in a structured, commonly used format
  • Right to File a Complaint: Lodge a complaint with the National Privacy Commission

To exercise these rights, contact our Data Protection Officer at the address below.

7. Data Security

We implement reasonable security measures to protect your personal information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Password hashing using industry-standard algorithms
  • Access controls and authentication requirements
  • Regular security assessments and updates
  • Employee training on data privacy

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the National Privacy Commission within 72 hours and affected data subjects as soon as practicable, in accordance with RA 10173 and NPC Circular 16-03.

9. Cookies and Tracking

We use cookies and similar technologies to maintain user sessions and improve user experience. You can control cookie settings through your browser. Disabling cookies may limit Platform functionality.

10. Children's Privacy

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal information, we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Significant changes will be communicated to registered users via email or Platform notification.

12. Data Protection Officer

For questions, concerns, or requests regarding your personal data, please contact our Data Protection Officer:

Data Protection Officer

Bantay Proyekto

Email: dpo@bantayproyekto.ph (placeholder)

You may also file a complaint with the National Privacy Commission:

National Privacy Commission

3rd Floor, Core G, GSIS Headquarters

Financial Center, Pasay City 1308

Website: www.privacy.gov.ph