Personal Data Protection

DEPBRPH is committed to maintaining the confidentiality, integrity, and availability of all information we manage. Whether it involves the registration of a new business, verification of an existing company, or access to legal and financial data, we ensure that every step adheres to strict security protocols.

We believe that trust begins with transparency, which is why we openly communicate our privacy principles. All users of our website, including Filipino citizens, residents, and international investors, can rest assured that their data is processed lawfully, fairly, and for legitimate purposes only.

Legal Framework and Compliance

DEPBRPH operates in full compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) — the main law governing personal data protection in the Philippines. This law requires all entities, public or private, to protect personal information collected from individuals and organizations.

In addition, our data handling practices align with international standards such as:

  • General Data Protection Regulation (GDPR) (EU)

  • ISO/IEC 27001 Information Security Management

  • OECD Guidelines on Privacy and Transborder Data Flows

Through this compliance, DEPBRPH ensures that both local and foreign stakeholders receive the same level of data protection when interacting with our services.

What Personal Data We Collect

DEPBRPH collects personal and business-related data only as necessary for the purpose of business registration, verification, and compliance. The types of data we may collect include:

  1. Basic Personal Information: Full name, date of birth, gender, nationality, and contact details.

  2. Identification Information: Government-issued ID numbers (e.g., TIN, SEC registration number, business permit number).

  3. Business Data: Company name, registration type, address, capital, ownership structure, and directors’ information.

  4. Transaction Data: Records of online applications, verification requests, and communications with DEPBRPH.

  5. Financial Information: Data submitted as part of legal or financial statement filing.

  6. Technical Data: IP addresses, device information, browser type, and access logs for website activity monitoring.

We collect this information directly from users during registration or verification processes, and indirectly through authorized government databases, partner agencies, or legal public sources.

Purpose of Data Collection

DEPBRPH uses personal and business data solely for lawful and operational purposes, including:

  • Processing business registration applications and renewals.

  • Verifying the authenticity of business entities and licenses.

  • Issuing certification documents and official records.

  • Managing communications and providing customer support.

  • Generating statistical reports and economic analyses (using aggregated, non-identifiable data).

  • Ensuring compliance with Philippine business laws and anti-fraud regulations.

We never sell, trade, or disclose personal information to unauthorized third parties. Data sharing occurs only when required by law or when the user grants explicit consent.

Data Storage and Retention

All personal and business data collected by DEPBRPH are securely stored within government-approved data centers equipped with advanced encryption, firewall, and intrusion detection systems.

Data retention follows a strict policy based on the type of information collected:

  • Active Business Records: Retained indefinitely while the entity remains registered.

  • Archived Records: Retained for at least 10 years after deactivation or dissolution.

  • User Data for Verification: Retained for 3 years unless extended for legal reasons.

After the retention period, all records are permanently and securely destroyed using certified data erasure methods.

Data Access and User Rights

DEPBRPH values the rights of every data subject. Under the Philippine Data Privacy Act, all individuals and businesses whose information is held in our system have the following rights:

  1. Right to Be Informed – You have the right to know how your data is collected, processed, and stored.

  2. Right to Access – You may request access to the information we hold about you.

  3. Right to Rectification – You may request correction of inaccurate or outdated data.

  4. Right to Erasure – You may request deletion of personal data that is no longer necessary for business or legal use.

  5. Right to Object – You may refuse data processing for secondary or non-essential purposes.

  6. Right to Data Portability – You can request a copy of your data for transfer to another entity.

All requests are handled by our Data Privacy Officer (DPO) within the legally prescribed timeframe.

Data Sharing and Third-Party Disclosure

DEPBRPH may share data with other government agencies, law enforcement units, and authorized business regulators when necessary to fulfill legal obligations or public interest. These include:

  • Securities and Exchange Commission (SEC)

  • Bureau of Internal Revenue (BIR)

  • Department of Trade and Industry (DTI)

  • Anti-Money Laundering Council (AMLC)

All such data exchanges are governed by formal data-sharing agreements, ensuring that recipients follow the same strict data protection standards as DEPBRPH.

We do not disclose any confidential information to private entities or foreign parties without proper legal authorization.

Information Security Measures

DEPBRPH uses advanced technological and organizational safeguards to protect all personal and business data from unauthorized access, alteration, loss, or misuse. These include:

  • Data Encryption: Sensitive data are encrypted both in storage and transmission.

  • Secure Access Controls: Only authorized personnel can access classified databases.

  • Multi-Factor Authentication: Enhances security for internal systems and administrator access.

  • Audit Trails: Records all user and administrator activities for transparency and traceability.

  • Regular Security Audits: Conducted to identify and address potential vulnerabilities.

Our cybersecurity protocols are continuously reviewed and updated in line with international standards and evolving digital threats.

International Data Transfers

In some cases, DEPBRPH may need to transfer data to or from foreign entities, such as for international business verification or cross-border compliance. All international data transfers strictly comply with applicable data privacy laws, ensuring that information is protected at all stages of transmission.

Public Access and Transparency

While DEPBRPH provides public access to certain non-confidential business information (such as company names, registration numbers, and business status), sensitive personal details of business owners and representatives remain confidential.

This balance between transparency and privacy ensures that while the public can verify the legitimacy of registered businesses, individuals’ private data remain fully protected.

Our Data Privacy Officer

To ensure accountability and compliance, DEPBRPH has appointed a Data Privacy Officer (DPO) responsible for overseeing our data protection program, responding to public inquiries, and coordinating with the National Privacy Commission (NPC).

You can contact the DPO through:
📧 Email: privacy@depbrph.gov.ph
🌐 Website: https://gov.depbrph.biz

Continuous Improvement

DEPBRPH is committed to continuous improvement in its privacy management systems. We regularly train our staff, conduct risk assessments, and adopt new security technologies to ensure the highest standard of data protection.

As technology evolves, so do our policies. We update this Personal Data Protection Policy periodically to reflect legal, technological, and procedural changes, ensuring that we always meet or exceed global privacy standards.

At the Department of Business Registry Philippines, personal data protection is not just a legal obligation—it is a core value that defines how we operate. We believe that protecting information means protecting trust, and that trust is the foundation of every legitimate business transaction.

Through our unwavering commitment to privacy, transparency, and security, DEPBRPH continues to empower millions of businesses and individuals — locally and internationally — with confidence that their information is safe, their rights are respected, and their future is protected.