+63 946 492 0495 kaelco_ddp@yahoo.com
Paracelis Road, Callagdao BulanaoTabuk City, Kalinga

Privacy Policy

KAELCO DATA PRIVACY POLICY

Kalinga-Apayao Electric Cooperative, Inc. (KAELCO) adhere to the protection of information pertaining to person, natural or juridical, as provided under Republic Act No. 10173 or the Data Privacy Act of 2012. The Cooperative values the privacy of all personal, sensitive, and privilege information obtained from its Member Consumer-Owners, Members of the Board, Officers, and Employees of the Cooperative (regular or permanent), retirees, applicant employee/staff, applicant consumer, donors, donees, contract counterparties, partners, subcontractors, outsourcees, licensors, licensees and other persons with a juridical link with KAELCO. It is committed to keep all personal, sensitive, and privilege information obtained secured and hold the same in trust.

In compliance with the law, KAELCO designated its Data Privacy Officer (DPO) whose function is to oversee the compliance of the Cooperative with the said law. Following the designation of the DPO is the constitution of Data Privacy Committee with function like data protection, data control, and data disclosure.

OBJECTIVES

This policy is adopted to:

  1. To protect all forms of information, be it private, personal, sensitive, or privilege.
  2. To ensure the proper handling and disposal of information of the data subject.
  3. To determine which information is for public consumption and which are covered by the Data Privacy Act.
  4. To ensure the confidentiality and integrity of information of the Data Subject.
  5. To ensure that no information, private, personal, sensitive, or privilege, are disclosed without authority from the Data Subject.
  6. To protect the Cooperative form any responsibility and liability from improper disclosure of information by the Personal Information Controller (PIC) and Personal Information Processor (PIP).

DEFINITION OF TERMS

Data Privacy Officer refers to an individual duly designated by an Office Order and duly approved by a Board Resolution to be as such.

Data Sharing refers to the disclosure of personal, sensitive, and privilege information under the control and custody of the Cooperative.

Data subject refers to an individual whose personal information is processed.

Filing system refers to any act of information relating to natural or juridical persons to the extent that, although the information is not processed by equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular person is readily accessible.

Information and Communications System refers to a system for generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents and includes the computer system or other similar device by or which data is recorded, transmitted or stored and any procedure related to the recording, transmission or storage of electronic data, electronic message, or electronic document.

Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

Personal information controller refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.

Personal information processor refers to any natural or juridical person qualified to act as such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.

Processing refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.

Privileged information refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.

Sensitive personal information refers to personal information:

  1. About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
  2. About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
  3. Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
  4. Specifically established by an executive order or an act of Congress to be kept classified.

Covered by the Policy

This policy applies to Member Consumer-Owners, Members of the Board, Officers, and Employees of the Cooperative (regular or permanent), retirees, applicant employee/staff, applicant consumer, donors, donees, contract counterparties, partners, subcontractors, outsourcees, licensors, licensees, guests and other persons with a juridical link with KAELCO whose personal information, sensitive personal information or privileged information (“Personal Data”) are processed by KAELCO.

Purpose of Personal Data Processing

  1. Perform its obligations, exercise its rights, and conduct its associated functions as a distribution utility, an industry indispensable to national interest.
  2. To pursue its purposes and mandates under PD. 269 as amended by RA No. 10531, RA No. 9136 and other pertinent laws.

Personal Data to be Processed

  1. KAELCO processes Personal Data including but not limited to:
  2. Personal details such as name, birth, gender, civil status and affiliations;
  3. Contact information such as address, email, mobile and telephone numbers;
  1. Academic information such as grades, course and academic standing;
  2. Employment information such as government-issued numbers, position and functions;
  3. Applicant information such as academic background and previous employments;
  4. Medical information such as physical, psychiatric and psychological information.

KAELCO processes other Personal Data necessary for the following purposes:

  1. Purposes necessary for KAELCO to perform its obligations, exercise its rights, and conduct its associated functions as a distribution utility;
  2. Purposes to pursue KAELCO‘s mandates under existing laws and regulations;
  3. Purposes to perform acts and decisions necessary for KAELCO to manage and administer its internal and external affairs as a juridical entity with its own rights and interests;
  4. Compliance with legal, regulatory, administrative or judicial requirements including audit, reporting and transparency requirements;
  5. Records and account purposes such as:
  6. Creation and update of record entries and accounts;
  7. Creation and maintenance of MCO, BOD, Officers or employees records and accounts, electronic or otherwise;
  8. Security and community affairs purposes
  9. Maintenance of safety, security, peace and order in and around KAELCO offices as well as venues which KAELCO has presence or activities;
  10. Prevention of crimes and damages to persons or property within or outside the premises of KAELCO.
  11. Administration, management and supervision of KAELCO employees;
  12. Research, ethics and intellectual property matters.
  13. Administration of human resources such as:
  14. Processing and provision of employee rights;
  15. Provision of compensation and benefits;
  16. Management and supervision of employees and work conduct such as:
  17. Employee administration, assignment, work supervision, evaluation, promotion, discipline, and transfer;
  18. Preservation of labor relations and industrial peace.
  19. Application purposes such as:
  20. Processing of application and application requirements;
  21. Evaluation of eligibility to work in the Cooperative;
  22. Verification purposes such as:
  23. Determination of veracity of claims;
  24. Background investigation relevant to the position applied for.
  25. Donation processing such as:
  26. Legal requirements such as filing of tax returns;
  27. Recording sources and uses of donations for transparency in KAELCO.
  28. Contract counterparties, partners, subcontractors, outsourcees, licensors, licensees, lessors, lessees, vendors, purchasers and customers
  29. Timely realization of KAELCO’s legitimate rights, interests, obligations and responsibilities in law, contract, equity or public policy;
  30. Compliance with the spirit and intent of KAELCO in engaging the counterparty involved.
  31. Other persons with a juridical link with KAELCO
    1. Any of the purposes above as applicable to the circumstances;
    2. For each particular KAELCO Offices, the purposes used by analogous bodies performing similar functions.

Manner of Personal Data Processing and Period of Retention

KAELCO processes and retains Personal Data as necessary for the Purposes in accordance with:

  1. The Data Privacy Act of 2012, its Implementing Rules, and relevant issuances of the National Privacy Commission;
  2. The Republic Act 9136 or the Electric Power Industry Reform Act of 2001;
  3. The Republic Act 10531 or the National Electrification Administration Reform Act of 2013;
  4. Magna Carta for Residential Electricity Consumers; and
  5. Policies, guidelines, and rules of the KAELCO

In the absence of an applicable rule of retention, Personal Data shall be retained by a KAELCO in accordance with the practices of other entities with analogous functions.

Where and how are Personal Data Stored Transmitted

Personal Data are stored in physical and electronic “Data Processing Systems” of KAELCO as defined under National Privacy Commission Circular No. 17-01. Personal Data are transmitted in accordance with Chapter III of the Data Privacy Act of 2012 and Rule V of its Implementing Rules and Regulations.

Rights of Data Subject

Right to be informed

  1. The data subject has a right to know whether personal data pertaining to him or her shall be, are being or have been processed, and whether the processing is partly or wholly automatic. In cases where the collection of data shall be done over a period of time, including automatic or passive collection of categories of data, the data subject must be notified in clear and simple language of this fact, and his or her express consent must be obtained prior to the processing.
  2. The data subject shall be notified and furnished the information indicated hereunder before the entry of his or her personal data into the processing system of the personal information controller, or at the next practical opportunity:
  3. Description of the personal data to be entered into the system;
  4. Purposes for which they are being or are to be processed, including processing for direct marketing or historical, statistical or scientific purpose;
  5. Scope and method of the personal data processing;
  6. The recipients or classes of recipients to whom they are or may be disclosed;
  7. Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized;
  8. The identity and contact details of the personal data controller or its representative;
  9. The period for which the information will be stored; and
  10. The existence of their rights including the right to access, correction, and object to the processing, as well as the right to lodge a complaint before the Commission.

Right to object

The data subject shall be notified and given an opportunity to object or withhold consent to processing in case of changes or any amendment to the information supplied or declared to the data subject in the preceding paragraph, unless the change refers to processing of personal data in the following cases:

  1. The personal data is needed pursuant to a subpoena;
  2. When the collection and processing are for obvious purposes, including when it is necessary for the performance of or in relation to a contract or service to which the data subject is a party, or when necessary or desirable in the context of an employer-employee relationship between the collector and the data subject; or
  3. When the information is being collected and processed as a result of a legal obligation.

Right to Access

The data subject has the right to reasonable access to, upon demand, of the following:

  1. Contents of his or her personal data that were processed;
  2. Sources from which personal data were obtained;
  3. Names and addresses of recipients of the personal data;
  4. Manner by which such data were processed;
  5. Reasons for the disclosure of the personal data to recipients;
  6. Information on automated processes where the data will or likely to be made as the sole basis for any decision significantly affecting or will affect the data subject;
  7. Date when his or her personal data concerning the data subject were last accessed and modified; and
  8. The designation, or name or identity and address of the personal information controller.

Right to Correct

The data subject has the right to dispute the inaccuracy or error in the personal data and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal data have been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by recipients thereof: Provided, That the third parties who have previously received such processed personal data shall be informed of its inaccuracy and its rectification upon reasonable request of the data subject.

Right to Rectification, Erasure or Blocking

 The data subject shall have the right to suspend, withdraw or order the blocking, removal or destruction of his or her personal data from the personal information controller’s filing system.

  1. This right may be exercised upon discovery and substantial proof that:
    1. The personal data is incomplete, outdated, false, or unlawfully obtained;
    2. The personal data is being used for purpose not authorized by the data subject;
    3. The personal data is no longer necessary for the purposes for which they were collected;
    4. The personal data concerns private information that is prejudicial to data subject unless matter of public concern, part of fair and true reporting or otherwise justified; or
    5. The personal information controller or processor violated the rights of the data subject.
  2. The data subject may request the personal information controller to notify third parties who have previously received such processed personal data.

Unauthorized Processing and/or Disposal of Material Information

  1. Unauthorized accessing, processing and/or disposal of material information shall be penalize as follows:
  1. First offense – written reprimand (The violator shall be required to submit a written explanation)
  2. Second Offense – 1 week suspension.
  3. Third Offense – Dismissal from service

Where however, if the unauthorized accessing, processing and/or disposal of material information is with intent to injure or if such accessing, processing and/or disposal of such information is likely to cause injury to the data subject, the penalty of dismissal from the service shall be imposed without prejudice to the penalty imposed by law.

Security of Information

KAELCO assures to the stakeholders that the cooperative have established protocols on security measures to protect material information gathered from unauthorized access, use or disclosure. Security measure to protect material information from unlawful access, misuse, unlawful destruction, alteration, and contamination. The Data Subject has the right to ask a copy of information and have them corrected that the cooperative hold in trust.

Likewise, KAELCO has an existing policy, entitled “Policy on the release or disclosure of documents pertaining to the cooperative, board of directors, employees, member consumer-owner and other pertinent information”, which mandate the protection of material information.

The KAELCO Data Protection Officer

The KAELCO Data Protection Officer, reporting to the General Manager, is tasked to protect the privacy of personal information to, in, and from KAELCO with the following functions:

  1. Comply with data privacy laws and regulations including implementing data protection measures, submitting regulatory requirements, and managing privacy incidents.
  2. Prevent legal, financial, and operational risks by improving current and future forms, contracts, processes, and I.T. systems to secure against leakage of information.
  3. Develop in the Cooperative a culture of respect for privacy by formulating policies and establishing practices at par with domestic and international standards.

Revision/Amendment

Should KAELCO decided to revise or amend this privacy policy, the public shall be notified through posting of the same to the cooperative’s website and offices.

Effectivity of this Policy

The KAELCO Data Protection Officer may promulgate policies, guidelines and rules which are not inconsistent with this Policy.

If any law or regulation cited in this Policy is amended or superseded, then it shall be considered that this Policy is referring to such amending or superseding law or regulation, without prejudice to a person’s right against retroactive effect of laws.

If any part of this Policy is declared null and void, then the other unaffected parts shall remain in full force and effect.

This Policy shall take effect 15 days after its posting in KAELCO website and offices from receipt of NEAs approval.