I. Introduction

Betita Cabilao Casuela Sarmiento is a full service firm providing legal services to international and Philippine clients.  We own and operate the website www.bccslaw.com and the Intellectual Property docketing system, GRAVITAS®.  Our principal place of business is situated in the Philippines. 

We respect the data privacy rights of all persons and entities we transact with and strive to comply with the Philippine Data Privacy Act of 2012 that all personal information we collect are processed in accordance with the general principles of transparency, legitimate purpose and proportionality, and the requirements of lawful processing.

Our Policy aims to describe the scope of our collection, use, access, transfer, storage, or otherwise processing of personal data, our data protection principles to safeguard personal data in our custody, and the rights of persons and entities whose personal data were, are, or will be, processed by us.

II. Definitions

For purposes of this Policy, the following shall have the respective meanings hereafter set forth:

“BCCS” (“us”, “we”, “our”, “the firm”) refer to Betita Cabilao Casuela Sarmiento;

“Web services” refers to bccslaw.com and GRAVITAS®;

“Data Subject” (“you”, “your”) refers to an individual whose personal, sensitive personal, or privileged information is subject to processing. Included in the term are our web visitors and users, as well as existing and potential clients, employees and vendors;

“Consent” refers to any freely given, specific, informed indication of will, where the Data Subject agree to the collection and processing of the personal, sensitive, or privileged information;

“Personal information” refers to any information where the identity of the Data Subject is apparent or can be reasonably and directly ascertained or when put together with other information would directly and certainly identify of a Data Subject;

“Personal data” refers to all types of personal information;

“Data sharing” is the disclosure or transfer to a third party of personal data under our custody;

“Processing” refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data;

“Privileged information” refers to any and all forms of data, which, under the Rules of Court and other pertinent laws constitute privileged communication;

 “Sensitive personal information” refers to personal information:

1. About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
2. About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
3. Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
4. Specifically established by an executive order or an act of Congress to be kept classified.

“Public authority” refers to any government entity created by the Constitution or law, and vested with law enforcement or regulatory authority and functions

III. Collection

A. Sources

BCCS may collect, directly or indirectly, personal data, from the following sources:

1. Clients who provide us personal data, for the fulfillment of the specified undertaking or matter for which have been engaged to perform;
2. Communications to us, whether in person, via email, by telephone or by mail, which contain personal data;
3. Web Analytics that contain non-identifiable web traffic data which may include:
   • IP Address
   • Search Terms
   • Pages and internal links accessed on our site
   • Date and time of visit
   • Geolocation
   • Referring site or platform
   • Operating system
   • Web browser type;
4. Third parties who provide us personal data in any of the following ways:
   • Referrals
   • Job Applications
   • Investigation Reports; and
5. Publicly Available Resources that contain personal data.

B. Types of Personal Information

1. “Contact data” refers to basic contact information including complete name, position, role, company, organization, telephone, mobile, mailing address and/or email;
2. “Billing data” refers to invoicing details, bank account details, credit card information, proof of transaction and other payment related information;
3. “Web data” refers to information about your visit and use of our web services, or information collected through cookies and other tracking devices, as well as your interactions with our social media presence;
4. “Verification data” refers to appropriate records for verification purposes, such as proof of beneficial ownership or the source of funds;
5. “Client data” refers to all data provided to us by or on behalf of our clients or collected by us in the course of providing our services;
6. “Recruitment data” refers to recruitment related data such as your profession, employment history, curriculum vitae, resume, details of professional memberships, and other information relevant to potential employment to BCCS;
7. “Events data” refers to information you may provide to us through registration and attendance at our events or meetings, including information in feedback forms;
8. “Vendor data” refers to information from potential vendors and vendors who provide goods and services to BCCS;
9. “Preference data” refers to personal information such as dietary preference, likes and dislikes, health restrictions and other requirements corresponding to your specific needs or preferences;
10. “Investigation data” refers to personal data gathered for the purpose of investigations in relation to any criminal, civil, and/or administrative or tax liability;
11. “Sensitive personal information” refers to personal information:

• About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
• About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings
• Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns
• Specifically established by an executive order or an act of Congress to be kept classified; and
• Any other personal information that you may disclose.

C. Uses

Generally, we may process personal information in the following circumstances:

1. The data subject has given his or her consent prior to the collection, or as soon as practicable and reasonable;
2. The processing involves the personal information of a data subject who is a party to a contractual agreement, in order to fulfill obligations under the contract or to take steps at the request of the data subject prior to entering the said agreement;
3. The processing is necessary for compliance with a legal obligation to which the BCCS is subject;
4. The processing is necessary to protect vitally important interests of the data subject, including his or her life and health;
5. The processing of personal information is necessary to respond to national emergency or to comply with the requirements of public order and safety, as prescribed by law;
6. The processing of personal information is necessary for the fulfillment of the constitutional or statutory mandate of a public authority; or
7. The processing is necessary to pursue the legitimate interests of BCCS, or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject, which require protection under the Philippine Constitution.

Some specific ways we use categories of personal data are explained below.

We use Contact data to communicate and respond to inquiries, identIfy a conflict of interest, and develop our business relationships through communications.

We use Billing data in the preparation of invoices, verify financial transactions and more importantly, ensure that we process payments only through official channels and/or release funds only to authorized personnel.

We use Web data to monitor the security as well as improve the functionality of our web services for users and visitors.  Web analytics and interactions with our social media profiles make it possible for us to gain useful insight on what matters to our visitors and clients allowing us to improve our online presence and share only the most up-to-date and relevant information.

We use Verification data to conduct necessary background verification in order to comply with client due diligence such as those under anti-money laundering laws, KYC (“know-your-client”) and other compliance procedures and regulatory checks to prevent fraud or crime.  We may not be able act on instructions unless we are provided with the necessary information to complete these mandatory checks.

We use Client data to provide legal services to our clients and render specific services, such as the trademark, copyright and patent registration and business registration, among others.

We use Recruitment data to evaluate applicants for employment, conduct appropriate background checks, communicate with the status of an application, and any other purpose relating to employment to BCCS.

We use Events data to run our events in order to improve our succeeding events and meetings.

We use Vendor data to deal with our suppliers who provide goods and services to us, as well as consider potential suppliers for our future requirements;

We use Preference data to meet specific needs.

We use Investigation data when we have been engaged to perform specific services to our clients involving the protection and enforcement of their rights against third parties who are usually the subject of the investigation.

We may, in limited circumstances, process Sensitive personal information when:

1. We have your explicit consent to use the information for particular purposes, unless your consent is not required for the processing based on existing laws and regulations;
2. It is necessary to protect your vital interests or those of another person and you are not legally or physically able to express your consent prior to processing;
3. It is necessary to achieve lawful and noncommercial objectives of public organizations and their associations, provided it is done with your consent and not transferred to third parties;
4. It is necessary for the purpose of medical treatment by a medical practitioner or institution; and
5. It is necessary to protect lawful rights and interests of persons in court proceedings, or the establishment, exercise, or defense of legal claims, or when provided to government pursuant to a constitutional or statutory mandate.

We will ask for consent before using personal information for a purpose that is not covered in our Privacy Policy.

D. Storage

Personal data are processed and held at our principal place of business in the Philippines where we take reasonable measures to comply with locally applicable data privacy standards.  However, whenever necessary for the purposes stated in this Privacy Policy, information may be transferred outside of the Philippines where data privacy laws vary by country.  With respect to data transferred to a third party, whether domestically or internationally, we use reasonable means to provide a comparable level of protection to the personal data, to the extent applicable to us.

The period of storage shall be for as long as necessary to fulfill the purpose for which the personal data was collected. 

IV. Data Sharing

To the extent that we are required to do so by applicable laws and/or rules and regulations, we may share personal information with others, as follows:

1. The Firm. The partners, associates, and staff in order to provide our services;
2. Correspondents. Our correspondent firms whether domestically or internationally;
3. Government. Government officials, employees, and persons in authority where we have been engaged to represent the data subject before the courts and other government bodies and/or agencies or in compliance with mandatory regulatory checks;
4. Third Party Providers. Our technical, architectural, and administrative third party service providers in connection with information technology, accounting, background investigation and other services;
5. Banks; and
6. Any third party, where the data subject gives consent.

BCCS will not share personal information with any other third parties without the consent of the data subject, unless the data sharing is for any of the following reasons:

1. The personal data is needed pursuant to a subpoena;
2. The collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which the data subject is a party, or when necessary or desirable in the context of an employer-employee relationship; oR
3. The information is being collected and processed as a result of a legal obligation.

V. Security

We take reasonable organizational, physical and technical security measures for the protection of personal data . 

We take steps to ensure that any person acting under our authority and who has access to personal data, does not process them except upon our instructions, or as required by law.

Our security measures aim to maintain the availability, integrity, and confidentiality of personal data and are intended for the protection of personal data against any accidental or unlawful destruction, alteration, disclosure, as well as against any other unlawful processing. 

We take reasonable and necessary measures to protect personal data against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.

VI. Risks

While we are committed to protecting personal information that we collect, information transmitted over the Internet is not completely secure.  As such, we cannot make a guarantee on the absolute security of information transmitted.

VII. Your rights

For any concern regarding your personal information and the exercise of any of your rights, you may contact the relevant Data Privacy contact as listed in this Policy.

Under certain circumstances and in accordance with applicable data protection laws in the Philippines, you are entitled to the following rights.

1. Information. You have the right to be informed that your personal data is subject to processing and the right to be notified if your data has been compromised, in a timely manner;
2. Access. You may request us in writing to provide you with a copy of information that we hold about you;
3. Rectification. You are entitled to request that any inaccuracy or error in the personal data we hold about you be corrected;
4. Erasure or blocking. In certain circumstances, you have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data;
5. Data portability. You are allowed to obtain a copy of your personal data undergoing processing in an electronic or structured format, for further use;
6. Objection. You may object to the processing of your personal information based on consent or legitimate interests unless the processing is pursuant to a subpoena, for obvious purposes (contract, employer-employee relationship, etc.) or a result of a legal obligation;
7. To damages. You may claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, considering any violation of your rights and freedoms as data subject.

If you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated, you have the right to file a complaint with the National Privacy Commission (NPC).

VIII. Data Privacy Contact

If you have any questions about this Policy, please contact us by sending an email to dataprotection@bccslaw.com or sending a letter to the address below:

Betita Cabilao Casuela Sarmiento
Suite 1104, Page One Building
1215 Acacia Avenue, Madrigal Business Park
Ayala Alabang, Muntinlupa City 1780
Metro Manila, Philippines

1. Updates

This Privacy Policy was last updated on 9 September 2019.