The Center for Police Strategy Management (CPSM) endeavors to meet leading standards and regulations for data protection and privacy. The CPSM respects and values data privacy rights of data subjects, and makes sure that all personal data collected from the data subjects are processed in accordance to the general principles of transparency, legitimate purpose, and proportionality.
This DPP informs the data subjects of the CPSM data protection and security measures is relation to the implementation of the PNP Stakeholder Information System (PNPSIS) and may serve as the guide for data subjects in exercising their rights under the DPA.
A. Service description
The PNP SIS provides database of Advisory Group Member (AGM) records nationwide, make a system-generated IDs with security features, generate real time demographics and contribution reports.
B. Identification of the Group
The administrator account of the PNP SIS is fully managed by the CPSM, while actual encoding of actual data is conducted by respective encoders in PNP offices/units. Data Privacy concerns are managed by the Data Privacy Officer (“DPO”), IT Alignment Section, Organizational Alignment Division (OAD), CPSM. They are located at CPSM Building, Camp Rafael T Crame, Quezon City with contact number (02) 8723-0401 local 7676.
C. Personal data that are collected
The following personal data and sensitive personal information are collected to the Advisory Group members: First Name, Middle Name, Last Name, Suffix, Sector, Birthday, Gender, E-mail Address, Contact Number, Contact Person in Case of Emergency, Contact Person Contact Number, Contact Person Address, Photo, Signature, Consent Form, Office/Organization, Position/Designation/ Office/Address and Appointment Information. The said details will be viewable to the PNP office/unit where the data was originally encoded and the printer of the ID if the member applied for one. First Name, Middle Name, Last Name, Suffix and Photo will be available for viewing in all PNP offices/units and Verification Page
D. Collection method
Prior to encoding of personal information and sensitive personal information in the PNPSIS the encoder in respective PNP offices/unit shall secure a duly signed application form by the AGM to include the expressed written consent to collect and encode the details in Paragraph C. The said form shall also be uploaded in the system. The encoder of PNP office/units shall also sign a non-disclosure agreement form an upload it in the PNPSIS.
E. Timing of collection
The timing of collection will be arranged by the encoder in PNP office/unit considering the availability of the AGM. It shall be ideally done in the premises of the PNP office/unit.
F. Purposes for which the personal data will be collected and used
The purpose of collection is to primarily provide real-time demographics and contribution reports. In addition, this will enable to provide uniformed ID of AGMs nationwide with security features.
G. Storage and transmission of the personal data
The data is stored in a dedicated server (HostGator) located at Houston, Texas. A daily backup is conducted and secured at the CPSM Server. Soft copy of data will be given to National Advisory Group for Police Transformation and Development (NAGPTD) accredited ID printing provider for printing of ID purposes only. Once printed it will be deleted/destructed/destroyed. A Non-disclosure agreement shall also be signed by the accredited ID printing provider.
H. Method of use
The data will be used on as is basis. No modification/alteration/revision will be applied in the personal data and sensitive personal information. However, in case of typographical error of the encoder, the administrator, may correct the error at any time.
I. Location of personal data
The location is primarily located in the location mentioned in Paragraph G. In addition, a third copy is secured in an external drive.
J. Third party transfer or sharing
The data will be shared to the NAGPTD contracted printer of ID upon request of the AGM. The CPSM shall inform the Advisory Group members and secure their individual consent should their data be shared to third party for genuine and noble purposes, for example, newsletters from Bayaning Pulis Foundation, Inc.
The data of the AGM will be retained/archived for record keeping purposes and reference. However, may be removed by a written request from the AGM addressed to the DPO.
L. Rights of Advisory Group Member
1. Right to access and correction. The AGM may access the information and seek correction.
2. Right to complaint. The AGM may make a written privacy complaint addressed to the DPO and will address the issue within 15 working days from receipt;
3. Right to inquiry. The AGM may ask inquiries regarding the processing of personal information.
M. Intended recipients of personal data
The recipient of personal data and sensitive personal information is the respective PNP Offices/Units where the AGM is affiliated and the CPSM. The CPSM reserved the right to subject the personal data and sensitive personal information under background investigation/record check prior to ensure that the organization is not being infiltrated by its identified enemies.
N. Basis of collection
1.) NAPOLCOM Resolution No. 2021-0597 “Institutionalizing the Philippine National Police (PNP) P.A.T.R.O.L. Plan 2030 as the PNP’s Long-Term Transformation Strategy” dated June 8, 2021.
2.) Joint Technical Working Group (TWG) for PNP P.A.T.R.O.L. Plan 2030 and NAGPTD Meeting dated September 14, 2021.
3.) 60th NAGPTD Meeting dated September 8, 2021.
4.) Verbal Instruction of the CPNP to reorganize the NAGPTD dated May 18, 2021.
O. Main consequences of not providing personal data
The AGM has the right not to provide personal data and sensitive personal information, however, the AGM may not acquire an Advisory Group ID. In addition, the AGM may not be included in the roster of Advisory Group Members that may be generated during National Advisory Summits and related activities.
The CPSM shall only use the personal data and sensitive personal information on the purposes stated in Paragraph F and J. Other usage aside from it is considered unauthorized.
Q. Access and Correction
the DPO shall, at the request of the data subject, provide the data subject with access to his/her personal data within a reasonable time after such request is made and will consider a request from the data subject for correction of that information. The DPO can only impose a minimal and reasonable charge upon the data subject to cover the cost of locating, retrieving, reviewing and copying any material requested by the data subject.
R. Third Party Data Sharing
Refer to Paragraph J.
S. Storage and Transmission
The CPSM shall ensure that appropriate physical, technical and organizational security measures are implemented on personal information storage facilities.
Personal data and sensitive personal collected for other purposes may be processed for historical, statistical or scientific purposes, and in cases laid down in law may be stored for longer periods, provided that adequate safeguards are guaranteed by said guidelines authorizing their processing.
U. Disposal and Destruction
Upon written request of the AGM, the CPSM shall delete the record from the database. In addition, any printed output from PNPSIS in relation to the personal information and sensitive personal information of the AGM shall be destroyed (via paper shredder).
V. Further Updates
The CPSM reserved the right to update this Privacy Notice at any time. A notice of update will be announced via PNPSIS and CPSM Official Website. It is the AGM’s responsibility to check updated from time to time. Encoder from PNP Offices/Units are also responsible to update formally or informally their respective AGMs.