Your Privacy Matters to Us
ASilva Innovations ("we", "us", "our", or "Company") is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use our Platform and Services.
This Privacy Policy applies to all users of ASilva Innovations' websites, platforms, applications, and services. By using our Platform, you consent to the data practices described in this Privacy Policy.
This Privacy Policy should be read in conjunction with our Terms and Conditions and Cookie Policy.
1. Data Controller Information
For the purposes of applicable data protection laws, including the Philippine Data Privacy Act of 2012 (RA 10173) and the General Data Protection Regulation (GDPR), ASilva Innovations is the data controller responsible for your personal information.
Data Controller Contact Details
Data Protection Officer
In compliance with the Philippine Data Privacy Act, we have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with applicable privacy laws.
DPO Email: dpo@asilvainnovations.com
2. Key Definitions
For the purposes of this Privacy Policy:
- "Personal Information" or "Personal Data" means any information relating to an identified or identifiable natural person, as defined under Philippine and international data protection laws.
- "Sensitive Personal Information" means personal information about an individual's race, ethnic origin, marital status, age, color, religious, philosophical or political affiliations, health, education, genetic or sexual life, or any proceeding for any offense committed or alleged to have been committed.
- "Processing" means any operation performed on personal data, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, and erasure.
- "Platform" refers to all ASilva Innovations websites, applications, software, and services.
- "Services" means all products and services offered by ASilva Innovations.
- "User", "you", "your" refers to any individual using our Platform or Services.
3. Information We Collect
3.1 Information You Provide Directly
We collect personal information that you voluntarily provide to us when you:
- Create an Account: Name, email address, phone number, job title, organization name, password
- Use Our Services: Risk assessments, strategic plans, organizational data, project information, disaster resilience data
- Make Payments: Billing name, billing address, payment card information (processed by third-party payment processors)
- Contact Us: Name, email address, phone number, message content, support tickets
- Participate in Training: Educational background, professional certifications, training completion data
- Complete Assessments: SPARC assessment responses, organizational resilience data, risk evaluation information
- Subscribe to Communications: Email address, communication preferences
3.2 Information Collected Automatically
When you access our Platform, we automatically collect certain information:
- Device Information: IP address, browser type and version, operating system, device type, unique device identifiers
- Usage Information: Pages visited, time spent on pages, links clicked, referring URL, search terms, date and time stamps
- Location Information: General geographic location derived from IP address
- Technical Information: Cookie data, web beacons, pixel tags, log files, crash reports
3.3 Information from Third Parties
We may receive information about you from third-party sources, including:
- Public databases and government agencies (for verification purposes)
- Social media platforms (if you connect your account)
- Analytics providers
- Marketing partners
- Security service providers
3.4 Sensitive Personal Information
Important: We do not intentionally collect Sensitive Personal Information as defined under Philippine law unless explicitly required for specific Services and with your express consent. If collection of Sensitive Personal Information is necessary, we will:
- Obtain your explicit, informed consent
- Clearly explain the purpose of collection
- Implement enhanced security measures
- Limit access to authorized personnel only
4. How We Use Your Information
We use your personal information for the following purposes:
| Purpose | Description |
|---|---|
| Service Delivery | To provide, maintain, and improve our Platform and Services, including DDRiVE-M, Strategic Planner Pro, RTL programs, and SPARC assessments |
| Account Management | To create and manage your account, authenticate your identity, and provide customer support |
| Payment Processing | To process transactions, send billing invoices, and manage subscriptions |
| Communication | To send service-related notifications, updates, security alerts, and respond to your inquiries |
| Personalization | To customize your experience, provide personalized recommendations, and tailor content to your interests |
| Analytics & Improvement | To analyze usage patterns, measure service effectiveness, and improve Platform functionality |
| Security | To detect, prevent, and respond to fraud, security incidents, and other harmful activities |
| Legal Compliance | To comply with legal obligations, enforce our Terms and Conditions, and respond to legal requests |
| Marketing | To send promotional materials, newsletters, and marketing communications (with your consent where required) |
| Research & Development | To develop new products, services, and features, and conduct research to improve disaster resilience solutions |
5. Legal Basis for Processing
Under applicable data protection laws, we process your personal information based on the following legal grounds:
5.1 Consent
We process personal information when you have given clear, informed consent for specific purposes, such as:
- Marketing communications
- Optional data collection for service improvements
- Collection of Sensitive Personal Information (when applicable)
You have the right to withdraw consent at any time.
5.2 Contractual Necessity
Processing is necessary to perform our contract with you, including:
- Providing the Services you requested
- Managing your account
- Processing payments
- Providing customer support
5.3 Legal Obligation
Processing is necessary to comply with legal and regulatory requirements, such as:
- Tax and accounting obligations
- Responding to lawful government requests
- Compliance with court orders
- Meeting data protection and security requirements
5.4 Legitimate Interests
Processing is necessary for our legitimate business interests, provided these interests do not override your rights and freedoms:
- Improving and developing our Services
- Ensuring Platform security and preventing fraud
- Conducting analytics and research
- Marketing our Services to existing customers
- Operating and managing our business efficiently
5.5 Vital Interests
In rare circumstances, processing may be necessary to protect vital interests, such as preventing serious harm or danger to individuals.
7. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, accounting, or reporting requirements.
7.1 Retention Periods
| Data Type | Retention Period |
|---|---|
| Account Information | Duration of active account plus 90 days after account closure |
| Transaction Records | 7 years (tax and accounting compliance) |
| Service Usage Data | 3 years from collection |
| Marketing Data | Until consent is withdrawn or 3 years of inactivity |
| Support Tickets | 5 years from case closure |
| Backup Copies | Up to 90 days (automatic deletion cycle) |
| Legal Hold Data | Duration of legal proceedings plus applicable statute of limitations |
7.2 Deletion and Anonymization
When personal information is no longer needed, we will:
- Securely delete or destroy the data
- Anonymize the data so it cannot be associated with you
- Retain only what is legally required
7.3 Exceptions
We may retain certain information beyond the standard retention periods when:
- Required by law or regulation
- Necessary for legal proceedings or investigations
- Needed to exercise or defend legal claims
- Required to comply with National Privacy Commission orders
8. Data Security
We implement comprehensive technical, organizational, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
8.1 Technical Safeguards
- Encryption: Data in transit is protected using TLS/SSL encryption (256-bit); data at rest is encrypted using AES-256 encryption
- Access Controls: Role-based access control (RBAC) limits data access to authorized personnel only
- Authentication: Multi-factor authentication (MFA) for administrative access
- Firewalls: Network-level and application-level firewalls protect against unauthorized access
- Intrusion Detection: Real-time monitoring systems detect and respond to security threats
- Vulnerability Management: Regular security scans and penetration testing
- Secure Development: Security-by-design principles in software development
8.2 Organizational Safeguards
- Security Policies: Comprehensive information security policies and procedures
- Employee Training: Regular security awareness and data protection training
- Background Checks: Screening of employees with access to sensitive data
- Confidentiality Agreements: All employees and contractors sign confidentiality agreements
- Incident Response: Documented incident response plan and procedures
- Third-Party Management: Vendor security assessments and contractual data protection requirements
8.3 Physical Safeguards
- Secure data center facilities with restricted access
- Environmental controls (fire suppression, climate control)
- Video surveillance and access logging
- Secure disposal of physical media containing personal information
8.4 Data Breach Response
In the event of a data breach affecting your personal information:
- We will investigate and contain the breach immediately
- We will notify affected individuals within 72 hours of discovery (as required by law)
- We will notify the National Privacy Commission as required
- We will provide information about the breach, its impact, and remedial measures
- We will offer assistance and support to affected individuals
Important Security Reminder: While we implement industry-leading security measures, no method of transmission over the Internet or electronic storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately of any unauthorized access.
9. Your Privacy Rights
Under the Philippine Data Privacy Act and other applicable laws, you have the following rights regarding your personal information:
9.1 Right to Information
You have the right to be informed about the collection and processing of your personal data, including the purposes, legal basis, and your rights.
9.2 Right of Access
You have the right to obtain confirmation of whether we process your personal information and to access such information, including:
- Categories of personal information collected
- Purposes of processing
- Recipients or categories of recipients
- Retention period
- Source of the information (if not collected from you)
9.3 Right to Rectification
You have the right to correct inaccurate or incomplete personal information. You can update most information through your account settings or by contacting us.
9.4 Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your personal information when:
- The data is no longer necessary for the purpose it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Deletion is required to comply with legal obligations
9.5 Right to Object
You have the right to object to processing of your personal information for:
- Direct marketing purposes (at any time)
- Processing based on legitimate interests (unless we demonstrate compelling legitimate grounds)
- Scientific, historical research, or statistical purposes
9.6 Right to Data Portability
You have the right to receive your personal information in a structured, commonly used, machine-readable format and to transmit that data to another controller.
9.7 Right to Restrict Processing
You have the right to request restriction of processing when:
- You contest the accuracy of the data
- Processing is unlawful but you oppose erasure
- We no longer need the data but you need it for legal claims
- You have objected to processing pending verification of grounds
9.8 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
9.9 Right to Lodge a Complaint
You have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines if you believe your privacy rights have been violated.
National Privacy Commission:
Website: www.privacy.gov.ph
Email: info@privacy.gov.ph
9.10 Exercising Your Rights
To exercise any of these rights, please contact us at:
- Email: privacy@asilvainnovations.com
- Subject line: "Privacy Rights Request"
- Include: Your name, email address, and specific request
We will respond to your request within 15 days as required by Philippine law. For complex requests, we may extend this period by an additional 15 days with notice.
10. International Data Transfers
Your personal information may be transferred to, stored, and processed in countries other than the Philippines, including countries that may not provide the same level of data protection.
10.1 Transfer Safeguards
When transferring personal information internationally, we implement appropriate safeguards, including:
- Standard Contractual Clauses: Approved by the European Commission and Philippine NPC
- Adequacy Decisions: Transfers to countries deemed to provide adequate protection
- Privacy Shield Frameworks: Where applicable and recognized
- Binding Corporate Rules: For intra-group transfers
- Encryption: Data encrypted during transfer and storage
10.2 NPC Authorization
For transfers outside the Philippines, we comply with National Privacy Commission requirements, including obtaining necessary authorizations for transfers to countries without adequate data protection.
10.3 Your Rights
You have the right to obtain information about international transfers and the safeguards in place. Contact us for more details about specific transfers.
11. Children's Privacy
Our Platform and Services are not intended for children under the age of 18.
We do not knowingly collect, use, or disclose personal information from children under 18 years of age without verifiable parental consent. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete such information.
Parental Rights
If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at privacy@asilvainnovations.com.
Parents and guardians have the right to:
- Review personal information collected from their child
- Request deletion of their child's personal information
- Refuse further collection or use of their child's information
13. Third-Party Services
13.1 Third-Party Links
Our Platform may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
13.2 Third-Party Service Providers
We work with the following categories of third-party service providers:
- Cloud Infrastructure: Data hosting and storage services
- Payment Processing: Secure payment transaction services
- Analytics: Website and application analytics
- Communication: Email and messaging services
- Customer Support: Help desk and ticketing systems
- Marketing: Email marketing and advertising platforms
13.3 Social Media Integration
Our Platform may include social media features and widgets. These features may collect your IP address, track which pages you visit, and set cookies. Your interactions with these features are governed by the privacy policies of the social media companies.
14. Philippine Data Privacy Compliance
ASilva Innovations is committed to full compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations (IRR).
14.1 National Privacy Commission Registration
As required by the Data Privacy Act, ASilva Innovations is registered with the National Privacy Commission as a Personal Information Controller (PIC).
14.2 Data Protection Principles
We adhere to the following data protection principles under Philippine law:
- Transparency: Clear communication about data processing activities
- Legitimate Purpose: Processing only for declared, specified, and legitimate purposes
- Proportionality: Collecting only data that is adequate, relevant, and necessary
- Accountability: Demonstrating compliance with data protection obligations
- Security: Implementing appropriate organizational, physical, and technical measures
- Rights Protection: Respecting and facilitating data subject rights
14.3 Sensitive Personal Information Handling
For Sensitive Personal Information, we:
- Obtain explicit consent before collection
- Limit access to authorized personnel with legitimate need
- Implement enhanced security measures
- Maintain detailed processing records
- Conduct privacy impact assessments
14.4 Data Breach Notification
In accordance with NPC Circular No. 16-03, we will:
- Notify the National Privacy Commission within 72 hours of breach discovery
- Notify affected individuals when the breach is likely to pose a real risk of serious harm
- Provide details about the nature of the breach, affected data, and remedial measures
- Maintain records of all data breaches
14.5 Cross-Border Data Transfer Compliance
We comply with NPC Circular No. 16-01 on cross-border data transfers, ensuring:
- Adequacy of protection in the recipient country
- Appropriate contractual safeguards
- NPC authorization when required
- Accountability for transferred data
15. GDPR Compliance (for EU Users)
For users located in the European Union, we comply with the General Data Protection Regulation (GDPR). In addition to the rights described in Section 9, EU users have:
15.1 Legal Basis for Processing
We process EU users' data based on the legal bases described in Section 5, ensuring compliance with Article 6 of the GDPR.
15.2 Data Protection Officer
EU users can contact our Data Protection Officer at dpo@asilvainnovations.com.
15.3 Supervisory Authority
EU users have the right to lodge a complaint with their local Data Protection Authority if they believe we have violated their privacy rights.
15.4 Data Transfer Mechanisms
We transfer EU personal data using appropriate safeguards, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions
- Binding Corporate Rules (where applicable)
16. Changes to This Privacy Policy
16.1 Right to Modify
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors.
16.2 Notification of Changes
When we make changes to this Privacy Policy, we will:
- Update the "Last Updated" date at the top of this page
- Post the revised Privacy Policy on our Platform
- For material changes, provide notice through:
- Email notification to registered users
- Prominent notice on our Platform
- Pop-up notification upon login
16.3 Acceptance of Changes
Your continued use of the Platform after changes to this Privacy Policy constitutes acceptance of the updated policy. If you do not agree with the changes, you should discontinue use of the Platform and contact us to close your account.
16.4 Review Responsibility
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. The "Last Updated" date indicates when the policy was last revised.
17. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy Inquiries
Alabang Muntinlupa City, Philippines
Response Time
We aim to respond to all privacy inquiries within:
- General Questions: 5 business days
- Privacy Rights Requests: 15 days (as required by Philippine law)
- Data Breach Inquiries: 48 hours
- Urgent Matters: Indicate "URGENT" in the subject line for priority handling
Regulatory Authority
For complaints or concerns not resolved to your satisfaction, you may contact:
National Privacy Commission (Philippines)
Website: www.privacy.gov.ph
Email: info@privacy.gov.ph
Address: 5th Floor, Delegation Building, PICC Complex, Pasay City, Philippines
Acknowledgment: By using the ASilva Innovations Platform, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy.