Create a bespoke document in minutes, or upload and review your own.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Privacy Notice
"I need a privacy notice detailing data collection, usage, and storage practices for a mobile app, including user consent, data retention for 2 years, and third-party sharing policies, updated annually."
What is a Privacy Notice?
A Privacy Notice explains how an organization collects, uses, and protects personal data. In the Philippines, it's a key document required under the Data Privacy Act that helps businesses communicate their data handling practices clearly to customers, employees, and other stakeholders.
The notice outlines specific details like what information is gathered, why it's needed, who can access it, and how long it's kept. It also tells people about their rights as data subjects under Philippine law, including their right to access their information, correct errors, and file complaints with the National Privacy Commission. Good privacy notices use simple language and avoid technical jargon.
When should you use a Privacy Notice?
Use a Privacy Notice when collecting personal information from customers, employees, or website visitors in the Philippines. This includes launching new products or services, setting up customer databases, installing CCTV systems, or creating online accounts that gather user data.
It's essential to have your Privacy Notice ready before starting any data collection activities. Under the Data Privacy Act, organizations must inform individuals about their data processing upfront. Common trigger points include: opening new business locations, rolling out marketing campaigns, implementing HR systems, or updating existing data collection methods. The notice helps build trust while meeting legal requirements.
What are the different types of Privacy Notice?
- Data Privacy Notice: Standard format for general data collection, suitable for most business operations and customer interactions
- Company Privacy Notice: Comprehensive version covering all company-wide data practices and policies
- Employee Privacy Notice: Specialized version for workforce data handling, including HR processes and workplace monitoring
- Data Privacy Notice and Consent Form: Combined document that includes both disclosure and explicit consent mechanisms
- Data Protection Policy and Privacy Notice: Detailed version integrating broader data protection measures with privacy requirements
Who should typically use a Privacy Notice?
- Business Owners and Companies: Responsible for creating and maintaining Privacy Notices that comply with Philippine data protection laws
- Legal Teams and Data Protection Officers: Draft and review notices, ensure compliance with the Data Privacy Act requirements
- Customers and Service Users: Read and agree to privacy terms before sharing personal data with organizations
- Employees: Subject to workplace privacy policies and must understand how their personal information is processed
- National Privacy Commission: Oversees compliance, provides guidelines, and handles privacy-related complaints
- IT and Security Teams: Implement technical measures described in the notice to protect personal data
How do you write a Privacy Notice?
- Data Mapping: List all personal information your organization collects, processes, and stores
- Purpose Assessment: Document why each type of data is needed and how it will be used
- Security Measures: Detail your data protection methods, including technical and organizational safeguards
- Access Controls: Identify who can access the data and any third-party sharing arrangements
- Data Subject Rights: Outline how individuals can exercise their rights under Philippine law
- Contact Details: Include your Data Protection Officer's information and complaint procedures
- Plain Language Review: Ensure the notice is clear and understandable for your target audience
What should be included in a Privacy Notice?
- Personal Data Types: Clear list of all information collected, including sensitive personal data
- Collection Methods: How data is gathered, including automated and direct collection
- Processing Purposes: Specific reasons for collecting and using personal information
- Data Sharing: Details about third-party access and international data transfers
- Security Measures: Safeguards used to protect personal information
- Retention Period: How long data will be kept and disposal procedures
- Data Subject Rights: Individual rights under the Data Privacy Act
- DPO Contact Details: Information for privacy-related inquiries and complaints
- Consent Mechanism: Clear method for users to provide or withdraw consent
What's the difference between a Privacy Notice and a Data Processing Notice?
A Privacy Notice differs significantly from a Data Processing Notice in several key ways, though they're often confused because both deal with personal information handling. Let's explore their main differences:
- Scope and Purpose: Privacy Notices provide a broad overview of all data handling practices, while Data Processing Notices focus specifically on how particular data sets are processed for specific activities
- Timing of Use: Privacy Notices are ongoing documents displayed continuously, while Data Processing Notices are typically issued for specific processing activities or changes
- Legal Requirements: Under Philippine law, Privacy Notices are mandatory for all organizations collecting personal data, while Data Processing Notices are required only for specific processing scenarios
- Content Detail: Privacy Notices cover general principles and practices, while Data Processing Notices contain detailed technical information about specific processing operations
- Target Audience: Privacy Notices are written for the general public, while Data Processing Notices are often more technical and targeted at specific data subjects
Download our whitepaper on the future of AI in Legal
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.