PRIVACY NOTICE

Who we are

The island of Camiguin is one of the most beautiful islands in the Philippines. The advantage of Camiguin versus other local tourist destinations lies in the “completeness” of its natural environment and the high diversity of the ecosystem. The Provincial Government of Camiguin, together with the Local Government Units work hand in hand in the improvement the delivery of its services and the meticulous sustainable enhancement of the island’s resources to attract more visitors as well as investors.

Our website address is: https://camiguin.gov.ph.

What personal data we collect and why we collect it

While using our Site we may ask you to provide us with certain personally identifiable information which can be used to contact or identify you. Personally identifiable information may include but is not limited to: your name; Personal Information; Log Data. Like many site operators, we collect information that your browser sends whenever you visit our Site.

Contact forms

By default, WordPress does not include a contact form. If you use a contact form plugin, use this subsection to note what personal data is captured when someone submits a contact form, and how long you keep it. For example, you may note that you keep contact form submissions for a certain period for customer service purposes, but you do not use the information submitted through them for marketing purposes.

Cookies

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive.

Like many websites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

Embedded content from other websites

The site has no embedded content from other websites.

Log Data

This Log Data may include information such as your computers Internet Protocol & IP address; browser type; browser version; the pages of our Site that you visit; the time and date of your visit; the time spent on those pages and other statistics. In addition we may use third party services such as Google Analytics that collect, monitor and analyze this. The Log Data section is for businesses that use analytics or tracking services in websites or apps, like Google Analytics.

Who we share your data with

We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

What rights you have over your data

Data Subject have the right to be informed regarding processing the personal information we hold about you.

Further, Data Subject may be entitled to request:

1. Access to personal data we process about you. It is your right to obtain confirmation on whether or not data relating to you are being processed;
2. Rectification of your personal data. This is your right to have your personal data corrected if it is inaccurate or incomplete;
3. Erasure or order blocking of your personal data whenever warranted;
4. The right to object if the personal data processing involved is based on consent or on legitimate interest;
5. The right to data portability through which you may obtain and electronically move, copy, or transfer your data securely for further use.

Security Measures

SECURITY MEASURES

LGU Security Measures

1. Data Protection Officer (DPO), Compliance Officer for Privacy

                     The designated Data Protection Officer is MS. MA. SALOME B. AMORA, who is concurrently serving as the Legal Assistant II, of the Provincial Legal Department. She may be reached thru mobile number +63917713037 or thru email: legal@camiugin.gov.ph or you may visit or write her at the Provincial Legal Department, Provincial Government of Camiguin, Lakas, Poblacion, Mambajao, Camiguin.

2. Functions of the DPO and/or any other responsible personnel with similar functions

                 The Data Protection Officer and designated COP shall oversee the compliance of the LGU with the DPA, its IRR, and other related policies, including the conduct of a Privacy Impact Assessment, implementation of security measures, security incident and data breach protocol, and the inquiry and complaints procedure.

3. Conduct of training or seminars to keep personnel, especially the Data Protection Officer, updated vis-a-vis developments in data privacy and security.

                 The LGU shall sponsor mandatory training on data privacy and security at least once a year for LGU representatives or personnel directly involved in the processing of personal data management. The LGU shall ensure their attendance and participation in relevant training and orientations, as often as necessary.

4. Conduct of Privacy Impact Assessment (PIA)

                 The organization shall conduct a Privacy Impact Assessment (PIA) relative to all activities, projects, and systems involving the processing of personal data. It may choose to outsource the conduct of a PIA to a third party.

5. Recording and documentation of activities carried out by the DPO/COP, or the LGU itself, to ensure compliance with the DPA, its IRR, and other relevant policies.

                 The LGU shall record or document its activities related to the DPA, its IRR, and other relevant policies.

6. Duty of Confidentiality

                 All LGU representatives or employees will be asked to sign a Non-Disclosure Undertaking/Agreement. All employees with access to personal data shall operate and hold personal data under strict confidentiality if the same is not intended for public disclosure.

7. Review of Privacy Manual

This Manual shall be reviewed and evaluated annually. Privacy and security policies and practices within the LGU shall be updated to remain consistent with current data privacy best practices.

Physical Security Measures

1. Format of data to be collected.

                 Personal data in the custody of the LGU may be in digital/electronic format and paper-based/physical format.

                 If data is through an online service, data collected is through a registration or application form which primarily collects the full name of the client, home address, contact number, and birthday. Additional information is stated in the Data Privacy Notice of the online service/information system.

2. Storage type and location (e.g. filing cabinets, electronic storage system, personal data room/separate room or part of an existing room)

                 All personal data being processed by the LGU shall be stored in the cloud server, and a data/record room where paper-based documents are kept in locked filing cabinets while the digital/electronic files are stored in computers, servers, and/or storage devices provided and installed by the company.

                 The database servers of the information system are stored in the cloud hosting server that is protected with a firewall and security protocols. Unrecognized IP Addresses are blocked. Basic Personal information is also encrypted.

3. Access procedure of agency personnel

                 Only authorized LGU representatives or personnel shall be allowed inside the data/record room or to directly access the digital/electronic files stored in computers/devices provided and installed by the LGU. For this purpose, they shall each be given a duplicate key to the room/access code to the computers/devices. Other personnel may be granted access to the data/record room or computers/devices upon filing of an access request form with the Data Protection Officer/COP and the latter’s approval thereof or pursuant to a DSA.

4. Monitoring and limitation of access to room or facility

                  All LGU representatives or personnel authorized to enter and access the data room or facility, or computer must fill out and register with the online registration platform of the LGU, and/or a logbook placed at the entrance of the room. They shall indicate the date, time, duration, and purpose of each access.

                  The CMIS office’s network team is always monitoring the access of the server, hence once detected that certain malicious actions or access has been made, there is technical action will be done.

5. Design of office space/workstation

                  The computers are positioned with considerable spaces between them to maintain privacy and protect the processing of personal data. In case of personal fill-up of application, the LGU representative or personnel shall ensure the privacy of the Data Subject or that the document be away from the prying eyes of third persons.

6. Persons involved in processing, and their duties and responsibilities.

                  Persons involved in processing shall always maintain confidentiality and integrity of personal data. They are not allowed to bring their own gadgets or storage devices of any form when entering the data storage room. They are also not allowed to take out the said data whether stored in a physical document or data storage device without the appropriate authority from the DPO/COP.

7. Modes of transfer of personal data within the LGU or to third parties

                  Personal or physical transfer of documents containing personal data shall be prioritized whenever possible. Transfers of personal data via electronic mail shall use a secure email facility/storage device with encryption of the data, including any or all attachments. Facsimile technology shall not be used for transmitting documents containing personal data.

8. Retention and disposal procedure

                  Depending on the data stored the retention shall be subject to existing laws, rules, and procedures, the LGU shall retain the personal data of a Data Subject for a period of one (1) year from the date of its processing. Upon expiration of such period or whenever the data is no longer necessary to be stored and kept, all physical and electronic copies of the personal data shall be destroyed and disposed of using secure technology or means.

Technical Security Measures

1. Monitoring for security breaches

                  The LGU shall use an intrusion detection system to monitor security breaches and alert it of any attempt to interrupt or disturb the system.

2. Security features of the software/s and application/s used

                   The LGU shall first review and evaluate software applications before the installation thereof in its computers/devices to ensure the compatibility of security features with overall operations.

3. Process for regularly testing assessment and evaluation of the effectiveness of security measures

                   The LGU shall review security policies, conduct vulnerability assessments, and perform penetration testing within the LGU on a regular schedule (quarterly) to be prescribed by the appropriate department or unit.

4. Encryption, authentication process, and other technical security measures that control and limit access to personal data

                   Each LGU representative or personnel with access to personal data shall verify his or her identity using a secure encrypted link and multi-level authentication.

BREACH AND SECURITY INCIDENTS

1. Creation of a Data Breach Response Team

            A Data Breach Response Team (DBRT) shall be headed by the DPO and will be composed of the following as its members:

1. Human Resources Management Officer
2. Provincial Legal Officer
3. Head of the Internal Audit Department
4. Provincial Information and Communications Officer

          The DBRT shall be responsible for ensuring immediate action in the event of a security incident or personal data breach. The team shall conduct an initial assessment of the incident or breach in order to ascertain the nature and extent thereof. It shall also execute measures to mitigate the adverse effects of the incident or breach.

1. Measures to prevent and minimize the occurrence of breach and security incidents.

            The LGU shall regularly conduct a Privacy Impact Assessment to identify risks in the processing system and monitor for security breaches and vulnerability scanning of computer networks. Personnel directly involved in the processing of personal data are mandated to attend training and seminars for capacity building. There must also be a periodic review of policies and procedures being implemented in the LGU.

1. Procedure for recovery and restoration of personal data

            The LGU shall always maintain a backup file for all personal data under its custody. In the event of a security incident or data breach, it shall always compare the backup with the affected file to determine the presence of any inconsistencies or alterations resulting from the incident or breach.

1. Notification protocol

          The DPO, in his/her capacity as the Head of the DBRT, shall inform the Department Head of the concerned Office of the need to notify the NPC and the Data Subjects affected by the incident or breach within the period prescribed by law. Thereafter, the Department Head of the concerned Office shall notify the DPO of the action taken and the response of the recipient of the notice within three (3) days therefrom.

1. Documentation and reporting procedure of security incidents or a personal data breach

          The DBRT shall prepare detailed documentation or report of every incident or breach encountered, as well as an annual report, to be submitted to the undersigned and the NPC, within the prescribed period.

Industry regulatory disclosure requirements

By default, the EWWW Image Optimizer does not store any personal data nor share it with anyone.

If you accept user-submitted images and use the API or ExactDN, those images may be transmitted to third-party servers in foreign countries. If Backup Originals is enabled, images are stored for 30 days. Otherwise, no images are stored on the API for longer than 30 minutes.

User-submitted images may be transmitted to image compression servers in the United States and stored there for up to 30 days.

Really Simple SSL

Really Simple SSL and Really Simple SSL add-ons do not process any personal identifiable information, so the GDPR does not apply to these plugins or usage of these plugins on your website. You can find our privacy policy here.

Slider Revolution

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.

If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our plugin. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

Caldera Forms: Data Collection

Caldera Forms stores a record of all form submissions. Your data may be deleted by the site administrator. You may request a report of saved data related to your email address.

Contact Information

If you have any questions about this Privacy Policy, please contact us through our Official Mobile Number: 0975 – 217 – 5519 or through our Official Email Address: governor@camiguin.gov.ph.

You may also directly contact Ms. Ma. Salome B. Amora, the designated Data Privacy Officer of the Province of Camiguin through her E-mail Address: msbabiaamora@gmail.com.