PRIVACY POLICY  
  AND  
  TERMS OF USE  

Definition of Terms

“Consent of the data subject” refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged  information.  Consent  shall  be  evidenced  by  written, electronic or recorded means. It may also be given on behalf of a data  subject  by  a  lawful  representative  or  an  agent  specifically authorized by the data subject to do so.

“Data Subject” – refers to an individual whose personal, sensitive personal or privileged information is processed by the organization. It may refer to officers, employees, consultants, and clients of this company. 

“Data processing systems” refers to the structure and procedure by which  personal  data  is  collected  and  further  processed  in  an information  and  communications  system  or  relevant  filing  system, including the purpose and intended output of the processing;

“Data  sharing”  is  the  disclosure  or  transfer  to  a  third  party  of personal data under the custody of a personal information controller or  personal information  processor.  In  the case  of the latter,  such disclosure or transfer must have been upon the instructions of the personal  information  controller  concerned.  The  term  excludes outsourcing,  or  the  disclosure  or  transfer  of  personal  data  by  a personal information controller to a personal information processor;

“Direct marketing” refers to communication by whatever means of any advertising or marketing material which is directed to particular individuals;

“Filing system” refers to any set of information relating to natural or juridical persons to the extent that, although the information is not processed  by  equipment  operating  automatically  in  response  to instructions given for that purpose, the set is structured, either by reference  to  individuals  or  by  reference  to  criteria  relating  to individuals,  in  such  a  way  that  specific  information  relating  to  a particular individual is readily accessible;

“Information  and  communications  system”  refers  to  a  system  for generating,  sending,  receiving,  storing,  or  otherwise  processing electronic data messages or electronic documents, and includes the computer system or other similar device by which data is recorded, transmitted, or stored, and any procedure related to the recording, transmission, or storage of electronic data, electronic message, or electronic document;

“Personal data” refers to all types of personal information. This term may be used interchangeably with “Personal Information.”

“Personal data breach” refers to a breach of security leading to the accidental  or  unlawful  destruction,  loss,  alteration,  unauthorized disclosure  of,  or  access  to,  personal  data  transmitted,  stored,  or otherwise processed.

“Personal Information” – refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

“Personal  information  controller”  refers  to  a  natural  or  juridical person, or any other body who controls the processing of personal data, or instructs another to process personal data on its behalf. The term excludes:

1.  A natural or juridical person,  or  any other body,  who performs such functions as instructed by another person or organization; or

2.  A person who processes personal data in connection with his or her personal, family, or household affairs; 

There is control if the natural or juridical person or any other body decides on what information is collected, or the purpose or extent of its processing;

“Personal information processor” refers to any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject;

“Privileged information” refers to any and all forms of data, which, under the Rules of Court and other pertinent laws constitute privileged communication;

“Processing” refers to any operation or set of operations performed upon  personal  data  including,  but  not  limited  to,  the collection, recording, organization, storage, updating or modification,  retrieval,  consultation,  use,  consolidation,  blocking, erasure or destruction of data. Processing may be performed through automated  means,  or manual processing,  if the  personal data  are contained or are intended to be contained in a filing system; 

“Profiling” refers to any form of automated processing of personal data  consisting  of  the  use  of  personal  data  to  evaluate  certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work,  economic  situation,  health,  personal  preferences,  interests, reliability, behavior, location or movements;

“Public authority” refers to any government entity created by the Constitution or law, and vested with law enforcement or regulatory authority and functions;

“Security incident” is an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It includes incidents that would result to a personal data breach, if not for safeguards that have been put in place;

“Sensitive personal information” refers to personal information:

1. About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;

2. About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;

3. Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and

4. Those specifically established by an executive order or an act of Congress to be kept classified.

Sources and Channels of Collection

We collect personal data through the following platforms and channels:

• Our official website: www.paladinslaw.org

• Facebook Pages:

  • SGLAWFIRM Online

  • Business Law Made Easy

  • Data Privacy Compliance Advisor

• Facebook Groups:

  • Business Labor Forum

  • Business Legal Strategies

  • Ask the Business Lawyers

  • Labor Law Made Easy

• Viber Groups:

  • SGLawFirm Online

  • Business Legal Strategies

  • Ask the Business Lawyers

  • Data Privacy Compliance Advisor

• Email, phone, or direct messaging platforms;

  • In-person or remote consultations;

  • Events, webinars, and newsletters.

Use of Third-Party Service Providers

We use third-party service platforms, including:

• Meta Platforms, Inc. (for Facebook Pages and Groups);

• Rakuten Viber (for Viber Groups);

• External web hosting and analytics providers (for our official website).

These providers have their own privacy policies, which govern the data you provide on their platforms. We do not control how these third parties collect, process, or share data. By using these platforms, you agree to their respective terms.

Cookies and Website Tracking

Our website service providers use cookies to enhance your browsing experience and gather usage analytics. Cookies may collect:

• IP addresses;

• Browser types and device information;

• Pages visited and time spent on the site.

You may disable cookies through your browser settings. However, doing so may affect some website functions. By continuing to use our site, you consent to our Service providers’ use of cookies.

Data Retention and Disposal

We retain personal data only for as long as necessary to achieve the purposes stated above or as required by law. When no longer needed, data will be securely disposed of, de-identified, or anonymized. As a general rule, personal data which are no longer needed by our firm, as for terminated engagement agreements or past clients, are deleted from our database after a period of 2 years.

Rights of Data Subjects

As a data subject under the Data Privacy Act of 2012, you have the following rights:

• Right to be Informed – You have the right to know how your personal data is collected and used.

• Right to Object – You may withhold or withdraw consent to the processing of your personal data, subject to legal or contractual obligations.

• Right to Access – You may request access to the personal data we hold about you.

• Right to Rectify – You may request correction of inaccurate or outdated personal data.

• Right to Erasure or Blocking – You may request the deletion or blocking of data that is inaccurate, outdated, or unlawfully collected.

• Right to Data Portability – You may obtain a copy of your personal data in a commonly used format.

• Right to Damages – You may claim compensation if your rights are violated due to unlawful processing.

• Right to File a Complaint – You may file a complaint with the National Privacy Commission (NPC) if you believe your data rights have been violated.

• To exercise these rights, contact us through the details provided below.

Policy Updates

We may amend this Privacy Notice to reflect changes in law, technology, or business operations. Updates will be posted on our website and, where necessary, communicated through our digital platforms.