This is a page is created for investors, parents looking for Premium Lifestyle and University Residences located in Loyola Heights, Quezon City across Ateneo de Manila University, Miriam College, University of the Philippines Diliman. PRIVACY STATEMENT
This Privacy Policy reflects Torre Lorenzo Development Corporation and its related companies’
(“TLDC Group”) commitment to ensure that all personal
data collected and processed by the organization
and its partners in the provision of real property development and other related services. Should there be
any future amendments to TLDC Group’s Privacy Policy because of any changes in its personal data
processing activities including any disclosures of such data, to any third party, and future developments in
local and/or foreign data privacy regulations, where applicable, TLDC Group shall undertake reasonable
efforts to effectively notify affected data subjects, and, where applicable, appropriately obtain their consent.
2. This Privacy Policy enumerates TLDC Group’s organizational policy in relation to the
collection and processing of all personal data.
2.2. TLDC Group reserves the right to amend and/or modify its Privacy Policy to comply with any
future developments in local and/or foreign data privacy regulations where applicable.
2.3. This Privacy Policy applies to all personal data processing activities conducted by TLDC
Group, including, but not limited to, the collection, use, storage, sharing and disposal of all
personal data about the organization’s customers and employees.
3. DEFINITIONS
Data Subject – is defined under Section 3(c) of the Data Privacy Act as any individual whose
personal information is processed.
Data Sharing Agreement – is defined as the disclosure or transfer to a third party of personal
data under the control or custody of a personal information controller. The term excludes
outsourcing, or the disclosure or transfer of personal data by a personal information controller
to a personal information processor.
Processing – is defined as any operation or any set of operations performed upon personal
information including, but not limited to, the collection, recording, organization, storage,
updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or
destruction of data.
Personal Information – is defined as any information whether recorded in a material form or
not, from which the identity of an individual is apparent or can be reasonably and directly
ascertained by the entity holding the information, or when put together with other information
would directly and certainly identify an individual.
Personal Information Controller – is defined as a person or organization who controls the
collection, holding, processing or use of personal information, including a person or
organization who instructs another person or organization to collect, hold, process, use,
transfer or disclose personal data on his or her behalf.
Personal Information Processor – is defined as any natural or juridical person qualified to
act as such under this Act to whom a personal information controller may outsource the
processing of personal data pertaining to a data subject. Legal 8.29.2018
FAJARDO © 2018 ALL RIGHTS RESERVED
LAW OFFICES
Sensitive Personal Information – is defined as personal information (a) About an individual’s
race, ethnic origin, marital status, age, color, religious, philosophical or political affiliations,
beliefs or opinions, and trade union membership; (b) About an individual’s health, education,
genetic and/or biometric data, sexual life and/or orientation., or any proceeding for any offense
committed or alleged to have been committed by such person, the disposal of such
proceedings, or the sentence of any court in such proceedings; (c) Issued by government
agencies peculiar to an individual which includes, but not limited to, social security numbers,
previous or current health records, licenses or its denials, suspension or revocation, and tax
returns; (d) Specifically established by applicable local and/or foreign laws as classified;
Personal Data - shall refer to all types of personal information, including those pertaining to
agency personnel
4. COLLECTION AND USE OF PERSONAL DATA
4.1. Customer Personal Data
As a real property development company, we collect personal data from both prospective and
current clients for purposes of business development, service delivery, the achievement of corporate
objectives and business endeavors and compliance to applicable laws, rules and regulations. We collect
such information directly from data subjects through our data collection forms, including the Customer
Registration Form, and encode such information in our system database.
4.2. Employee Personal Data
As an organization which employs a significant number of individuals to meet our corporate
objectives and business endeavors, we collect and process personal data from our employees for
Administrative and Human Resource Development purposes as well as in compliance to applicable laws,
rules and regulations covering government employees, including, but not limited to:
1. Pre-qualification and post-qualification assessment
3. Processing of employment compensation and benefits
4. Internal Security
5. Compliance to regulatory requirements
6. For the protection of lawful rights and interests of the organization in internal administrative and
court proceedings, or the establishment, exercise or defense of legal claims against prospectively
malfeasant employees.
4.3. THE RIGHTS OF DATA SUBJECTS
TLDC Group fully recognizes that our employees, as data subjects, are accorded the following
privacy rights:
Right to be informed
Our customers and employees have the right to demand and be informed of the details about how
and why we collect and process their personal data including its sources, recipients, methods, disclosures
to third parties and their identities, automated processes, manner of storage, period of retention, manner
of disposal and any changes to such processing activities before the same is undertaken. Legal 8.29.2018
FAJARDO © 2018 ALL RIGHTS RESERVED
LAW OFFICES
Right to Object
They have the right to object to the sharing of their data. Should there be any changes in the
information provided to them under this policy, they shall be informed of such changes and their consent
thereto, where applicable, obtained before such changes are implemented.
Right to withdraw consent anytime
They have the right to withdraw their consent to the processing of their personal data anytime
subject to any lawful basis for which such data is processed other than by consent.
Right to access
They have the right to have reasonable access to their personal data, upon demand and in a
machine-readable and/or data portable format.
Right to dispute/rectify
They have the right to review and amend their personal data as processed by the organization
should there be any inaccuracies.
Right to object/block/erase
They have the right to reject further processing of their personal data, including the right to suspend,
withdraw, and remove their personal data in our control which are falsely collected or unlawfully processed.
4.4. POLICY ON THE COLLECTION AND USE OF PERSONAL DATA
It is the policy of TLDC Group to:
I. Adequately inform our customers and employees of their rights as data subjects;
II. Ensure that our customers and employees, are fully and adequately informed of all processing
activities performed by the organization with respect to their personal data including the scope,
purpose and means used by TLDC Group for such processing, its sources, recipients,
methods, disclosures to third parties and their identities, automated processes, manner of
storage, period of retention, manner of disposal and any changes thereto before the same is
implemented;
III. Obtain the express, informed and properly documented consent of our customers and
employees, where applicable, to our data processing activities. Where the processing does not
require consent from our customers and employees, we endeavor, nonetheless, to fully inform
our customers and employees of the bases of such processing other than consent;
IV. Ensure that our customers and employees have the facility to reasonably exercise their rights
as data subjects and that the organization can respond to such requests within reasonable
time, including the provision of personal data in a machine-readable or data portable format in
response to a request for information;
V. Ensure that our customers and employees have the facility to dispute any inaccuracy or error
in their personal data, to object to any changes in the manner and purpose by which their
personal data is being processed, to withdraw consent where applicable, and to suspend,
withdraw, block, destroy, or remove any unnecessary, falsely collected or unlawfully processed
personal data;
Legal 8.29.2018
FAJARDO © 2018 ALL RIGHTS RESERVED
LAW OFFICES
VI. Ensure that the personal data obtained from our customers and employees are proportional,
necessary and limited to the declared, specified and legitimate purpose of the processing;
VII. Ensure that the personal data of our customers and employees are retained for only a limited
period or until the lawful purpose of the processing has been achieved;
VIII. Ensure that the personal data of our customers and employees are destroyed or disposed of
in a secure manner;
IX. Ensure that our customers and employees have the facility to lodge complaints to TLDC Group
relating to any violations to the rights of our customers and employees as data subjects and
that such complaints are adequately and timely addressed. With respect to personal data collected and processed from foreign sources, we ensure that
their personal data, is collected and processed in accordance with the applicable foreign law,
if any.
5. PRIVACY GOVERNANCE
5.1. DATA PROTECTION OFFICER
TLDC Group takes data protection seriously and has appointed a Data Protection Officers (“DPO”)
tasked to monitor compliance with any and all applicable foreign and/or local data privacy laws, rules, and
regulations.
5.2. CONTACT INFORMATION
Our DPO is fully committed to protecting our customers’ and employees’ privacy rights. Should you
have any concerns regarding TLDC Group’s privacy practices and policies, including requests for exercise
of data subjects’ rights, you may reach the DPO through the following contact information:
Data Privacy Officer
E-mail [email protected]
Office Address Manila –
2F Lapanday Center
2263 Chino Roces Avenue Extension
Makati City, Philippines 1231
UK –
Ground Floor, 13 Hogarth Place
Earls Court, London SW5 0QT
6. PERSONAL DATA SECURITY POLICY
6.1. STORAGE OF AND ACCESS TO PERSONAL DATA
It is our policy to store both paper-based and electronic personal data in a secure data center
covered by appropriate data security standards. Transfers of personal data within and without the
organization shall only be made in accordance with strict security protocols and under modes of transfer
compliant to the appropriate data security standards.
6.2. RETENTION AND DISPOSAL OF PERSONAL DATA
We only retain personal data for a limited period or until the lawful and legitimate purpose of the
processing is achieved. To that effect, we have established procedures for securely disposing files that
Legal 8.29.2018
FAJARDO © 2018 ALL RIGHTS RESERVED
LAW OFFICES
contain personal data whether the same is stored on paper, film, optical or magnetic media, personal data
stored offsite, and computer equipment, such as disk servers, desktop computers and mobile phones at
end-of-life.
6.3. MANAGEMENT OF THIRD PARTY RISKS
a. PERSONAL INFORMATION PROCESSORS
Where any processing of personal data is outsourced to a third-party processor, TLDC Group will
make sure that such third party shall be covered by the appropriate contracts that will enforce adequate
data security standards under terms and conditions compliant with the requirements of both local and/or
foreign law, where necessary. PERSONAL INFORMATION CONTROLLERS
TLDC Group shall ensure that any disclosures or transfers of personal data to controllers shall be
governed by legally-compliant data sharing agreements and in accordance with the rights of data subjects. Data subjects shall be duly informed and consent from them obtained, where applicable, before such data
sharing activities are performed.
7. PERSONAL DATA BREACH
Personal Data Breach refers to a breach of security leading to the accidental or unlawful
destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or
otherwise processed. Personal Data Breaches shall be subject to notification and remediation
requirements.
8. HUMAN RESOURCE POLICY
TLDC Group requires its employees to undergo periodic and mandatory training privacy and data
protection in general and in areas reflecting job-specific content. Likewise, it will ensure that all employees,
representatives, and agents exposed to personal data pursuant to their function are adequately bound by
strict confidentiality.
