Privacy Policy

 Privacy Policy for Project Affected Persons

  1. Purpose

This Privacy Policy outlines how EcosysCorp Inc. collects, uses, processes, and protects the personal information of Project Affected Persons (PAPs) in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations. Our commitment is to respect and protect the privacy rights of PAPs throughout all interactions.
EcosysCorp Inc acts as a Personal Information Processor on behalf of the Project Proponent, who is the Personal Information Controller and determines the purposes and means of processing; EcosysCorp Inc. processes personal data strictly on the Proponent’s documented instructions.

  1. Personal Information We Collect

We collect personal information from PAPs that is necessary for project alignment, socio-economic surveys, and related engagements. This information includes, but is not limited to:

  • Personal identifiers
  • Contact details
  • Socio-economic data as provided during surveys
  • Consent records for participation and data processing
  • Structure Detailed Measurements
  1. Consent
  • Prior to any collection or processing of personal information, EcosysCorp Inc. obtains explicit consent from PAPs.
  • Consent is obtained through the presentation of a Survey Consent Form by our Census and Tagging Team (CAT) after verification of project alignment lines.
  • PAPs are informed of the purpose of data collection, their rights, and potential next steps.
  • A PAP may refuse consent without any penalty; refusals are promptly reported to the Project Coordinator.
  • Recordings of Stakeholder Consultation Meetings are securely stored as part of the consent process.
  • We may use handwritten fullname and by ticking yes to our mobile/online data entry system as an indication of consent to authorize us to collect and process electronic data through our mobile/online data entry system under the guidance of our official collection agent/interviewer in our Perception Surveys.

Where a Project Proponent is the Personal Information Controller, consent and other lawful bases for processing are set by the Proponent; EcosysCorp Inc. implements the Proponent’s documented instructions for the collection and use of PAP data.

  1. Use and Processing of Personal Information
  • When processing PAP data for project delivery, EcosysCorp Inc. does not independently decide how or why data is processed and performs processing solely to provide services defined by the Project Proponent under documented instructions
  • The personal data collected will be used solely for project-related assessments, surveys, and consultations.
  • Information is encoded into secure systems and thoroughly checked to ensure accuracy and integrity.
  • Access to PAP’s data is strictly controlled and limited to authorized personnel.
  1. Data Storage and Security
  • Personal information is stored securely using AES-256 encryption both in transit and at rest.
  • Digital data is stored on MEGA NZ, managed under strict access controls overseen by the IT Manager.
  • Physical documents, such as printed answer sheets, are securely handled by the Document Controller.
  • Unauthorized transmission or disclosure of PAPs’ information is strictly prohibited.
  • All staff involved in handling PAP data must comply with the Clean Desk Policy and access control measures, including mandatory two-factor authentication on relevant accounts.
  1. Data Retention and Disposal
  • PAP data will be retained only for the duration necessary for project completion and compliance with relevant laws.
  • After the retention period, personal information will be securely disposed of by shredding physical documents and permanently deleting digital records.
  1. Rights of PAPs

PAPs have the following rights regarding their personal information:

  • Right to be informed about data collection and processing
  • Right to access their personal data
  • Right to rectify any inaccurate or incomplete information
  • Right to object to the processing of their personal information
  • Right to erasure or blocking of personal data (“right to be forgotten”)
  • Right to data portability
  • Right to file complaints with the National Privacy Commission (NPC)
  • Right to be indemnified for damages due to improper handling or breaches of their data

How are requests handled?
Ecosyscorp will:
(a) acknowledge receipt of a request and verify the requester’s identity;
(b) promptly coordinate the request with the Project Proponent as the Personal Information Controller, who will decide on the outcome;
(c) give the contact number of the Project Proponent to the requestor.

  1. Data Breach and Incident Response
  • In the event of a security incident or personal data breach involving PAP information, EcosysCorp Inc. will take immediate steps to contain and investigate the breach.
  • The Data Protection Officer (DPO) will notify the National Privacy Commission and affected PAPs as required by law.
  • Corrective actions will be implemented to prevent recurrence and protect PAPs’ privacy.
  1. Contact Information

Requests concerning project-related data will be routed to the relevant Project Proponent (PIC) and addressed in coordination with them; EcosysCorp Inc. will act based on the Proponent’s documented instructions, PAPs may contact the EcosysCorp Inc. Data Protection Officer (DPO):

  • Email: dpo@ecosyscorp.ph
  • Phone:0932 883 0964
  • Address: 3rd Floor, Diliman Commercial Center, Commonwealth Avenue, Quezon City

This Privacy Policy ensures the protection and proper management of Project Affected Persons’ personal data consistent with applicable laws and EcosysCorp Inc.’s robust privacy framework