Privacy Notice

The Power Sector Assets & Liabilities Management Corporation (PSALM) is a Government-Owned and Controlled Corporation (GOCC), which manages the orderly sale, disposition and privatization of National Power Corporation’s assets with the objective of liquidating all its financial obligations. As we perform our mandate, we may process your personal data.

PSALM values the data privacy rights of all its data subjects and is committed to protecting your personal data. In this regard, PSALM will exercise utmost prudence in the collection, use, storage and disclosure of any personal data you provide in accordance with the Corporation’s Privacy Policy stated herein.

Rest assured that the protection of your data privacy is our commitment and paramount concern.

THIS PRIVACY NOTICE

This Privacy Notice is intended to inform you of how the corporation collects, uses, stores, discloses and protects your personal and sensitive personal information.

The words “personal data”, “personal information”, “sensitive personal information”, “processing of personal data” and other related terminologies in this Privacy Notice are used in the same context as they are found in the Data Privacy Act of 2012 (DPA) and all its related issuances (“Data Privacy Laws”). Please refer to the following definition:
  1. Personal data pertains to both personal and sensitive personal information.
  2. Personal information is any information or set of information that can be used to identify an individual or can reasonably and directly identify an individual, but are not considered as sensitive personal information.
  3. Sensitive Personal Information is any information about individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; individual’s health or education; about any criminal, civil or administrative proceeding of an individual; unique government issued identifiers; and those established by law as classified.
  4. Processing of Personal Data refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, use, storage, disclosure or disposal.

WHAT ARE OUR BASES FOR PROCESSING YOUR PERSONAL DATA?

PSALM process your personal data only under circumstances allowed by the Data Privacy Act of 2012, such as when you give your consent, when required by law or contracts, specifically PSALM process your personal data based on:
  1. Your informed consent, which you may withdraw at any time during the processing of your personal data by informing PSALM through our Data Protection Officer with the contact details provided below;
  2. The needs of the relevant contracts;
  3. The existence of our legitimate business interest;
  4. Compliance with legal obligation or as required by existing laws and regulations; and
  5. Our need to protect PSALM’s lawful rights and interests or establishment, exercise or defense of legal claims in court.

WHAT DO WE COLLECT?

PSALM collects your personal information such as your name, address, contact information, employment history and financial records. PSALM also collects your sensitive personal information such as personal characteristics, health records, educational background and government issued identifiers only when necessary to fulfill our specified and legitimate purpose. Specifically, PSALM may collect the following personal data:
  1. Personal information, such as your name, photo, signature, residential, business or mailing address;
  2. Contact information, such as your email address, telephone, mobile phone number;
  3. Employment background, which includes but is not limited to employment history, occupation, position or designation;
  4. Personal characteristics, such as sex, nationality, age, height, weight, built, complexion, eyes, hair, scars or other distinguishing marks, physical health condition or illnesses;
  5. Sensitive personal information, such as date and place of birth, marital status and history, arrest record and conduct, affiliations or organizations, government issued identifiers (i.e. identification numbers for PAG-IBIG Fund, SSS, GSIS, and PhilHealth, and copies of government issued IDs), professional licenses or civil service eligibility, tax identification number, health records and educational records;
  6. Information related to personal finances, such as bank account details, bank statements, taxation information and other relevant details needed for purposes of facilitating payments and taxes;
  7. Records of your transactions, the content you have provided us with, your requests, your agreements with us and the services provided to you;
  8. Information that we would need to conduct due diligence for identity and legitimacy verification; and
  9. Other information that may be collected from your interaction and use of our website.

HOW DO WE COLLECT YOUR PERSONAL DATA?

Most of the personal data we process is provided to us directly by you when you transact and interact or when you submit requirements for a work application. We may also collect your personal data from other sources such as our service providers for our health and wellness initiatives and other publicly available sources. Specifically, we collect your personal data when:
  1. Personal information, such as your name, photo, signature, residential, business or mailing address;
  2. Contact information, such as your email address, telephone, mobile phone number;
  3. Employment background, which includes but is not limited to employment history, occupation, position or designation;
  4. Personal characteristics, such as sex, nationality, age, height, weight, built, complexion, eyes, hair, scars or other distinguishing marks, physical health condition or illnesses;
  5. Sensitive personal information, such as date and place of birth, marital status and history, arrest record and conduct, affiliations or organizations, government issued identifiers (i.e. identification numbers for PAG-IBIG Fund, SSS, GSIS, and PhilHealth, and copies of government issued IDs), professional licenses or civil service eligibility, tax identification number, health records and educational records;
  6. Information related to personal finances, such as bank account details, bank statements, taxation information and other relevant details needed for purposes of facilitating payments and taxes;
  7. Records of your transactions, the content you have provided us with, your requests, your agreements with us and the services provided to you;
  8. Information that we would need to conduct due diligence for identity and legitimacy verification; and
  9. Other information that may be collected from your interaction and use of our website.

WHAT WE DO WITH THE INFORMATION WE GATHER?

We use your personal data to perform our mandate and provide you our services. For our employees, we use the personal data collected to facilitate employment related activities. We require the above information to better understand your needs, particularly for:
  1. The services we provide:
    • To provide you with information on PSALM’s mandate and services and respond accordingly to your queries, comments or feedback;
    • To carry-out our obligations arising from contracts that we entered into with you or the company you represent;
    • To gather information required by law and/or contracts that we entered into with you or the company you represent for purposes of standard business processing, record keeping, or good business practices;
    • To customize the website according to your informational requirements about our company and programs; and
    • To perform other services necessary for the effective administration of your transactions with us.

  2. For employment related activities:
    • To facilitate your job application and assess your qualifications;
    • To conduct onboarding activities and facilitate pre-employment assessments;
    • To process requests and queries related to employment opportunities, compensation and benefits, among others;
    • To accomplish the necessary reports and records relative to PSALM’s mandates and obligations for compliance to other government regulatory agencies; and
    • To use for other related similar purposes to those enumerated above.

Your personal information will be used only for the reasons stated above and for purposes related to those stated. Rest assured that PSALM will never sell your information nor disclose it to any other parties for direct marketing or promotional purposes.

WHERE DO WE SHARE YOUR DATA?

To fulfill the purpose We may disclose and share your personal data to the following:
  1. Regulatory government agencies for compliance with PSALM’s obligations, particularly the submission of reports and records pursuant to relevant issuances.
  2. Third-party vendors engaged by PSALM, who may collect and process your personal data in the course of their providing service to us. These third party service providers will only process your personal data in accordance to PSALM’s instructions and the terms agreed upon in the service agreement.

We ensure that your personal data being shared to third parties only to the extent of the declared and specified purpose, which said personal data was collected for. Further, we will only share your personal data when allowed by the Data Privacy Laws, or upon obtaining your consent, when required.

HOW LONG DO WE STORE YOUR PERSONAL DATA?

We will retain your personal data only for period necessary for us to fulfill the purposes for which they were collected, such as to execute the terms and conditions of our contracts and/or to fulfill PSALM’s legitimate business interests. Your personal data may also be retained by PSALM for as long as required by applicable laws, rules or regulations such as those prescribed by the National Archives of the Philippines (NAP) under Republic Act 9470.

Upon the expiration of the retention period, or, should you withdraw your consent for PSALM to collect and process your personal data, upon our receipt of the notice of your withdrawal, we will destroy your personal information in a secure manner in accordance with our Record Retention Schedule, such as by shredding the physical records, deletion or anonymization of electronic data, or any other secure disposal methods allowed by relevant regulations.

HOW DO WE STORE YOUR PERSONAL DATA?

Your personal data in electronic form is securely stored in our on-premise data center. On the other hand, physical records are securely stored and kept within our office premises.

HOW DO WE SECURE YOUR PERSONAL DATA?

Despite the best security features, data processing always comes with risks. Security threats and incidents are now a question of “when” rather than an “if”.

A data breach may happen when there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

PSALM implements reasonable and appropriate technical, physical and organizational security measures to protect personal data from these threats through the following measures:
  1. We implement data privacy and protection policies to provide standard guidelines and procedures on the processing and management of personal data.
  2. Our data processing systems are secured against unauthorized access through regularly review, monitoring and testing, which ensures that the security and integrity of the system is not compromised.
  3. We regularly monitor for security incidents and data breaches and take appropriate preventive, corrective and mitigating action.
  4. We ensure that our employees, agents, vendors, and others who are involved in the processing of your personal data shall operate under strict confidentiality and non-disclosure.

WHAT ARE YOUR DATA SUBJECT RIGHTS?

Under the DPA, you have rights to be informed how your personal data is processed, object to the processing of your personal data, access, rectify or erase your personal data. To specify:you have the following rights
  • Right to be informed. You have the right to be informed of how your data is collected, used, stored, shared and disposed before you disclose your information to us.
  • Right to object. You have the right to object from giving consent to our processing of your personal data or withdrawing the same thereafter in case our processing is based on your consent.
  • Right of access. You have the right to ask for information on how we use, store, disclose or protect your personal data.
  • Right to rectification. You have the right to ask us to modify or correct your personal data when the same is inaccurate, outdated, false or incomplete.
  • Right to erasure or blocking. You have the right to request us to delete your personal data in some instances or have us stop using your data for specific purpose/s.
  • Right to data portability. You have the right to ask that we transfer your personal data to another organization, or to you, in certain circumstances.
  • Right to file a complaint and ask for damages. If you think that your rights as a data subject have been violated, or if you sustained damages due to any inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal information, you may escalate your concern to our Data Protection Officer so we can assist you. In case we fail to resolve your complaint or if you are unsatisfied with the way we handle the matter, you have the right to file a complaint with the National Privacy Commission (NPC).

HOW TO EXERCISE YOUR DATA PRIVACY RIGHTS?

If you would like to exercise any of the mentioned rights, you may fill out this Data Subject Request Form and send the same via email to dpo@psalm.gov.ph.

If you have privacy concerns, has belief that your personal data has been breached or your rights as a data subject have been violated, you may contact our Data Protection Officer:

Name: Glenn B. Santos
Address: 24th Floor Vertis North Corporate Center 1,
Astra corner Lux Drives, North Avenue, Quezon City 1105
Email Address: dpo@psalm.gov.ph
Trunkline: (02) 8248 4800

LINK TO OTHER WEBSITES

When you use links and leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy notice applicable to the website in question.

CHANGES TO THIS PRIVACY NOTICE

This privacy notice is under regular review to make sure it is up to date and accurate.

This notice, and any updates, amendments or supplements thereto is available here in our official website. Any changes to this privacy notice shall be posted here.

Version No.: 2.0
Effectivity Date: 17 August 2023

Version History:
Version No. and Date: Version 1.0 (22 August 2022)