PRIVACY NOTICE

SAN ROQUE POWER CORPORATION

PRIVACY NOTICE

San Roque Power Corporation (“SRPC,” “the Company,” “we,” “us,” or “our”) respects and protects the right to privacy of all individuals (“Data Subjects”) in accordance with Republic Act No. 10173 (Data Privacy Act of 2012), its Implementing Rules and Regulations (IRR), and all relevant National Privacy Commission (NPC) Circulars, Advisories, and Issuances.

This Privacy Notice explains what personal data we process, how and why we process it, how we protect it, and how you may exercise your rights as a Data Subject.

1. Personal Data Processed, Purpose, and Legal Basis

SRPC processes personal data in the course of its lawful business operations, including but not limited to employment administration, security, compliance, corporate governance, vendor management, and community relations.

The personal data processed may include:

  • Personal Information (e.g., name, address, contact details, position, employer, identification details);
  • Sensitive Personal Information (e.g., government-issued IDs, health and medical records, benefits information, biometric identifiers, and other data required by law); and
  • Traffic and Technical Data (e.g., IP addresses, system logs, device identifiers, and CCTV footage).

Processing is carried out on the basis of:

  • Compliance with legal obligations;
  • Performance of contracts or employment relationships;
  • Legitimate interests of SRPC (such as security, safety, and operational efficiency); and
  • Consent of the Data Subject, where required by law.

 

2. Primary and Secondary Uses of Personal Data

Primary purposes include:

  • Human resource administration (recruitment, payroll, benefits, performance management);
  • Security, access control, and incident investigation;
  • Regulatory compliance and reporting;
  • Vendor, contractor, and partner administration;
  • IT systems administration and cybersecurity monitoring.

Secondary purposes may include:

  • Internal audits, investigations, and compliance reviews;
  • Documentation of corporate events and activities;
  • Legal defense, claims management, and dispute resolution;
  • Corporate communications and archiving, where lawful.

 

3. Manner of Storage

Personal data is stored in secured physical and electronic environments, including:

  • Locked filing cabinets and restricted-access offices;
  • Company servers and authorized information systems;
  • Encrypted databases and secure cloud platforms (where applicable).

Access is strictly limited to authorized personnel based on role and necessity.

 

4. Data Sharing and Disclosure

Personal data may be disclosed to:

  • Government agencies and regulators, as required by law;
  • Service providers and contractors acting as Personal Information Processors (PIPs) under Outsourcing Agreements;
  • Affiliates or partners, where covered by a Data Sharing Agreement (DSA).

Disclosure is limited to the extent necessary, for legitimate purposes, and subject to contractual, organizational, and technical safeguards.

 

5. Retention Periods

Personal data is retained only for as long as necessary to fulfill the stated purposes or to comply with legal, regulatory, or contractual requirements, in accordance with SRPC’s Document Retention Policy.

Retention periods vary depending on the type of data and applicable laws.

 

6. Secure Disposal

Upon expiration of the retention period, personal data is securely disposed of through:

  • Shredding or physical destruction of hard copies;
  • Secure deletion, overwriting, or anonymization of electronic records.

Disposal methods are designed to prevent unauthorized access, recovery, or reconstruction.

 

7. Risks Involved in Processing

Risks may arise at various stages of processing, including:

  • Unauthorized access or disclosure;
  • Data breaches or cyber incidents;
  • Loss, alteration, or misuse of personal data.

 

8. Protection Measures

To address these risks, SRPC implements reasonable and appropriate organizational, physical, and technical security measures, including:

  • Access controls and role-based authorization;
  • Encryption, firewalls, and monitoring systems;
  • CCTV and physical security controls;
  • Regular audits, reviews, and employee awareness programs;
  • Incident response and breach management procedures.

 

9. Automated Access and Processing

Certain processing activities may involve automated systems, such as:

  • IT access management systems;
  • Payroll and attendance platforms;
  • Security and CCTV systems;
  • Log monitoring and cybersecurity tools.

Automated processing is conducted in accordance with law and subject to appropriate safeguards.

 

10. Data Protection Officer (DPO) Contact Details

For any data privacy concerns or inquiries, you may contact:

Data Protection Officer (DPO): Raymund N. Mariano – IT Officer

Brgy. San Roque, San Manuel, Pangasinan

dpo@sanroquepower.ph

 

11. Rights of Data Subjects

Under the Data Privacy Act, you have the right to:

  • Be informed;
  • Access your personal data;
  • Object to processing;
  • Rectify inaccurate or incomplete data;
  • Erase or block data under certain conditions;
  • Data portability; and
  • Claim damages and lodge a complaint with the NPC.

Requests may be submitted to the DPO. SRPC will act on such requests in accordance with law and applicable procedures.

 

12. Cookies and Website Usage Data.

SRPC’s website uses cookies and similar technologies to ensure proper functionality, enhance user experience, and support security and analytics. Through these technologies, limited personal data such as IP addresses, device identifiers, browser type, and usage logs may be collected and processed. Such data is processed based on the Company’s legitimate interest in maintaining a secure and efficient website, and, where applicable, with the consent of the data subject. Information collected through cookies may be accessed by authorized personnel or shared with service providers acting as Personal Information Processors under appropriate data protection agreements, and is retained only for as long as necessary for its intended purpose or in accordance with applicable laws. Users may manage or disable cookies through their browser settings, subject to potential limitations in website functionality.

 

Updates to This Notice

This Privacy Notice may be updated from time to time to reflect changes in laws, regulations, or SRPC’s data processing practices. Material updates will be made available through appropriate channels.

Safety Slogan Winners

FEATURES OF SRMP


Our AVP