SANGALANG & GAERLAN, BUSINESS LAWYERS
PRIVACY POLICY & PRIVACY NOTICE
Sangalang & Gaerlan, Business Lawyers, doing business as Paladins of Law (hereinafter referred to as “the Firm”) values your privacy and is fully committed to protecting personal data in accordance with the Data Privacy Act of 2012 (R.A. No. 10173), its Implementing Rules and Regulations, and other applicable laws, including the Anti-Money Laundering Act (AMLA).
This Privacy Notice applies to all clients, website visitors, and members of our social media and messaging platforms, including those who interact with us through third-party services.
Definition of Terms
“Consent of the data subject” refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged information. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of a data subject by a lawful representative or an agent specifically authorized by the data subject to do so.
“Data Subject” – refers to an individual whose personal, sensitive personal or privileged information is processed by the organization. It may refer to officers, employees, consultants, and clients of this company.
“Data processing systems” refers to the structure and procedure by which personal data is collected and further processed in an information and communications system or relevant filing system, including the purpose and intended output of the processing;
“Data sharing” is the disclosure or transfer to a third party of personal data under the custody of a personal information controller or personal information processor. In the case of the latter, such disclosure or transfer must have been upon the instructions of the personal information controller concerned. The term excludes outsourcing, or the disclosure or transfer of personal data by a personal information controller to a personal information processor;
“Direct marketing” refers to communication by whatever means of any advertising or marketing material which is directed to particular individuals;
“Filing system” refers to any set of information relating to natural or juridical persons to the extent that, although the information is not processed by equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible;
“Information and communications system” refers to a system for generating, sending, receiving, storing, or otherwise processing electronic data messages or electronic documents, and includes the computer system or other similar device by which data is recorded, transmitted, or stored, and any procedure related to the recording, transmission, or storage of electronic data, electronic message, or electronic document;
“Personal data” refers to all types of personal information. This term may be used interchangeably with “Personal Information.”
“Personal data breach” refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
“Personal Information” – refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
“Personal information controller” refers to a natural or juridical person, or any other body who controls the processing of personal data, or instructs another to process personal data on its behalf. The term excludes:
A natural or juridical person, or any other body, who performs such functions as instructed by another person or organization; or
A person who processes personal data in connection with his or her personal, family, or household affairs;
There is control if the natural or juridical person or any other body decides on what information is collected, or the purpose or extent of its processing;
“Personal information processor” refers to any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject;
“Privileged information” refers to any and all forms of data, which, under the Rules of Court and other pertinent laws constitute privileged communication;
“Processing” refers to any operation or set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system;
“Profiling” refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
“Public authority” refers to any government entity created by the Constitution or law, and vested with law enforcement or regulatory authority and functions;
“Security incident” is an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It includes incidents that would result to a personal data breach, if not for safeguards that have been put in place;
“Sensitive personal information” refers to personal information:
About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
Those specifically established by an executive order or an act of Congress to be kept classified.
Personal Data We Collect
We may collect the following types of personal data:
Name, contact number, email, TIN and official registered principal place of business address;
Business registration or employment-related information;
Identification documents for client verification;
Messages, legal queries, or documents shared through consultations;
Technical data from your device or browser, including IP address and usage data, which may be gathered by our third party service providers;
Any other information voluntarily provided to us or required under law.
Sources and Channels of Collection
We collect personal data through the following platforms and channels:
Our official website: www.paladinslaw.org
Facebook Pages:
SGLAWFIRM Online
Business Law Made Easy
Data Privacy Compliance Advisor
Facebook Groups:
Business Labor Forum
Business Legal Strategies
Ask the Business Lawyers
Labor Law Made Easy
Viber Groups:
SGLawFirm Online
Business Legal Strategies
Ask the Business Lawyers
Data Privacy Compliance Advisor
Email, phone, or direct messaging platforms;
In-person or remote consultations;
Events, webinars, and newsletters.
Purpose of Data Processing
We process personal data for the following purposes:
To provide legal advice, representation, or related services;
To verify identity and comply with client due diligence requirements under the AMLA;
To send legal updates, newsletters, or invitations to events;
To respond to legal inquiries, requests, or complaints;
To manage online communities and monitor participation in social media platforms;
To maintain records for legal, regulatory, or administrative purposes;
To protect our legal rights and prevent misuse or abuse of our platforms;
To enhance website functionality and analyze web traffic (via cookies and analytics tools).
Use of Third-Party Service Providers
We use third-party service platforms, including:
Meta Platforms, Inc. (for Facebook Pages and Groups);
Rakuten Viber (for Viber Groups);
External web hosting and analytics providers (for our official website).
These providers have their own privacy policies, which govern the data you provide on their platforms. We do not control how these third parties collect, process, or share data. By using these platforms, you agree to their respective terms.
Public Posting Disclaimer
Our Facebook groups, pages, and Viber groups may be publicly accessible. If you post or disclose personal information in any of these public channels, you do so at your own risk. We cannot guarantee the confidentiality or security of information shared in forums not controlled by us.
Cookies and Website Tracking
Our website service providers use cookies to enhance your browsing experience and gather usage analytics. Cookies may collect:
IP addresses;
Browser types and device information;
Pages visited and time spent on the site.
You may disable cookies through your browser settings. However, doing so may affect some website functions. By continuing to use our site, you consent to our Service providers’ use of cookies.
Data Sharing and Disclosure
We do not sell personal data. We may share your data only under the following circumstances:
With our authorized personnel who need access for legitimate purposes;
With service providers who support our communication, hosting, or data storage, under strict confidentiality, and their respective data privacy protection policies;
When required by law, court order, subpoena, or lawful request from government agencies;
In compliance with the AMLA and its related issuances.
Data Retention and Disposal
We retain personal data only for as long as necessary to achieve the purposes stated above or as required by law. When no longer needed, data will be securely disposed of, de-identified, or anonymized. As a general rule, personal data which are no longer needed by our firm, as for terminated engagement agreements or past clients, are deleted from our database after a period of 2 years.
Security Measures
We implement appropriate organizational, physical, and technical safeguards to protect personal data from unauthorized access, disclosure, alteration, or destruction. Access to data is limited to personnel with a lawful basis and duty to know. The technical measures adopted by our third party service providers are hereby considered and deemed incorporated in this Privacy Notice
Rights of Data Subjects
As a data subject under the Data Privacy Act of 2012, you have the following rights:
Right to be Informed – You have the right to know how your personal data is collected and used.
Right to Object – You may withhold or withdraw consent to the processing of your personal data, subject to legal or contractual obligations.
Right to Access – You may request access to the personal data we hold about you.
Right to Rectify – You may request correction of inaccurate or outdated personal data.
Right to Erasure or Blocking – You may request the deletion or blocking of data that is inaccurate, outdated, or unlawfully collected.
Right to Data Portability – You may obtain a copy of your personal data in a commonly used format.
Right to Damages – You may claim compensation if your rights are violated due to unlawful processing.
Right to File a Complaint – You may file a complaint with the National Privacy Commission (NPC) if you believe your data rights have been violated.
To exercise these rights, contact us through the details provided below.
If you have any complaints, concerns, or questions regarding the processing of your Information, please contact:
Atty. Nathalie Pattugalan, CPA
Data Protection Officer
Sangalang & Gaerlan, Business Lawyers (SGLawFirm Online)
35-A Legaspi Road, PhilAm Quezon City, 1104, Metro Manila
Contact No. +63 905 265 6760
Email: dpo@paladinslaw.org
Policy Updates
We may amend this Privacy Notice to reflect changes in law, technology, or business operations. Updates will be posted on our website and, where necessary, communicated through our digital platforms.
By using our website, participating in our platforms, or engaging with us as a client, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Notice.