ISELCO-I Data Privacy Policy

 

  1. Policy Statement

 

The Isabela I Electric Cooperative, Inc. (ISELCO-I) is fully committed to protecting the privacy and security of all personal information it collects and processes.


In compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012, ISELCO-I upholds the right to privacy of every individual and entity it deals with — such as, but not limited to its Member-Consumer-Owners (MCOs), Board of Directors, Officers, Employees, Job Applicants, Contractors, Partners, Suppliers, Guests, Visitors, and other persons or organizations with a legal or official business or relationship with the Cooperative.

 

ISELCO-I ensures that all personal, sensitive, and privileged information is processed and handled pursuant to the general privacy principles of transparency, legitimate purpose, and proportionality, and such other relevant principles in the collection, processing, and retention of personal data as required by applicable law.

  1. Objectives

 

This policy aims to:

 

  1. Protect all forms of information—personal, sensitive, or privileged—from unauthorized access, disclosure, or misuse;
  2. Ensure proper handling, storage, and disposal of personal data;
  3. Identify which information may be publicly shared and which is protected under the Data Privacy Act;
  4. Maintain the confidentiality, integrity, and availability of all personal data collected;
  5. Ensure that no personal data is disclosed or processed without the consent or authority of the data subject;
  6. Protect the Cooperative from liability arising from improper data handling by any of its personnel, processors, or affiliates.
  1. Definition of Terms

 

  • Data Protection Officer (DPO) – An individual officially designated and approved by the Board to oversee compliance with data privacy laws.
  • Data Subject – an individual whose personal, sensitive personal, or privileged information is processed.
  • Personal Information – any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual (e.g., name, contact details, ID numbers).
  • Sensitive Personal Information – refers to personal information:

 

  1. About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
  2. About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
  3. Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
  4. Specifically established by an executive order or an act of Congress to be kept classified.

 

  • Privileged Information – any and all forms of Personal Data, which, under the Rules of Court and other pertinent laws constitute privileged communication.  (e.g., lawyer-client or doctor-patient communications).
  • Processing – any operation or set of operations performed upon Personal Data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
  • Personal Information Controller (PIC) – a natural or juridical person, or any other body who controls the processing of personal data, or instructs another to process personal data on its behalf.
  • Personal Information Processor (PIP) – any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject.
  • Data Sharing – the disclosure or transfer to a third party of personal data under the custody of a personal information controller or personal information processor.
  1. Scope and Coverage

 

This policy applies to all persons whose data are collected and processed by ISELCO-I, such as, but not limited to:

 

  • Member-Consumer-Owners (MCOs)
  • Board of Directors, Officers, and Employees
  • Job Applicants and Retirees
  • Contractors, Partners, Subcontractors, Suppliers, Outsourcees
  • Licensors, Licensees, Donors, Donees
  • Visitors, Guests, and any other persons or entities with a juridical or official link to the Cooperative
  1. Purpose of Data Collection and Processing

 

ISELCO-I collects and processes personal data to:

 

  • Fulfill its duties and obligations as a distribution utility in accordance with PD 269, RA 10531, and RA 9136.
  • Maintain and update records of members-consumer-owners, employees, and partners.
  • Ensure efficient service delivery and compliance with legal, regulatory, and auditing requirements.
  • Promote security, safety, and order in ISELCO-I offices and facilities.
  • Manage employee relations, benefits, performance evaluation, and career development.
  • Evaluate applicants and verify credentials.
  • Manage donations, partnerships, contracts, and procurement activities.
  • Conduct research, reporting, and such other activities consistent with ISELCO-I’s legal mandates.
  1. Types of Personal Data Collected

 

ISELCO-I may collect and process the following types of information:

 

  • Personal Details – name, date of birth, gender, civil status, affiliations
  • Contact Information – address, phone number, email
  1. Data Processing and Retention

 

Personal data is processed and retained only as long as necessary for legitimate business, legal, or regulatory purposes.


ISELCO-I adheres to:

 

  • The Data Privacy Act of 2012, its Implementing Rules and Regulations, and other relevant policies, including various issuances of the National Privacy Commission (NPC)
  • RA 9136 (Electric Power Industry Reform Act of 2001)
  • PD 269 (National Electrification Administration Decree)
  • RA 10531 (National Electrification Administration Reform Act of 2013)
  • The Magna Carta for Residential Electricity Consumers
  • ISELCO-I’s internal data management policies

 

Data retention follows established standards and is comparable to practices of similar entities in the electric distribution industry.

  1. Storage and Transmission

 

Personal data is stored securely in both physical and electronic systems, consistent with National Privacy Commission Circular No. 17-01.
Transmission of data follows the requirements of the Data Privacy Act to ensure protection during transfer or sharing.

  1. Rights of Data Subjects

 

Individuals whose personal data are processed by ISELCO-I have the following rights:

 

  • Right to be Informed. You have the right to be informed whether your personal data shall be, is being, or has been processed, including the existence of automated decision-making and profiling.
  • Right to Access. You have the right to reasonable access, upon written request, the contents of your personal data that were processed and the manner by which these were processed; the sources from which these were obtained; the recipients and reasons for disclosure, if any; date when your information was last modified; and information on automated processes where your information will or is likely to be made as the sole basis for any decision that significantly affects or will affect you.
  • Right to Object. You have the right to object to the processing of your personal data, including processing for direct marketing, automated processing or profiling. You shall also be notified and given an opportunity to withhold consent to the processing if there is any significant change or amendment to the information provided to you in a consent form, privacy notice, or similar communication. In case of the exercise of this right, ISELCO I shall no longer process the data unless the processing of the same falls under the exceptions enumerated by the law.
  • Right to Rectify. You have the right to dispute the inaccuracy or error in your personal data and have the same rectified or corrected within a reasonable period of time.
  • Right to Erasure or Blocking. You have the right to request the suspension, withdrawal, blocking, removal, or destruction of your personal data from ISELCO I’s filing system upon discovery and substantial proof that the personal information is/are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or is/are no longer necessary for the purposes for which they were collected.
  • Right to Data Portability. Where your personal data is processed by electronic means and in a structured and commonly used format, you have the right to obtain a copy of it from ISELCO I for your further use.
  • Right to Damages. You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your rights and freedoms as a data subject.
  • Right to File a Complaint. You have the right to file a complaint in the event your personal information has been misused, maliciously disclosed, or improperly disposed of, or if any of your data privacy rights have been violated.
  1. Data Breach

 

ISELCO-I complies with the relevant provisions of rules and circulars on handling personal data security breaches, including notification to the  affected data subject or to the National Privacy Commission, where an unauthorized acquisition of sensitive personal information or information that may be used to enable identity fraud has been acquired by an unauthorized person, and is likely to give rise to a real risk of serious harm to the affected data subject. 

  1. Security Measures

 

ISELCO-I has implemented reasonable and appropriate technical, physical, and organizational security measures to protect personal data from:

 

  • Accidental Loss or Destruction
  • Unlawful or Unauthorized Access
  • Unauthorized Disclosure
  • Fraudulent Misuse
  • Unlawful Destruction, Alteration, and Contamination
  • Other Unlawful or Unauthorized Processing
  1. The Data Protection Officer (DPO)

 

The ISELCO-I Data Protection Officer, reporting directly to the General Manager, is responsible for:

 

  • Monitoring the Cooperative’s compliance with the Data Privacy Act, its implementing rules and regulations, issuances of the National Privacy Commission and other applicable laws and policies.
  • Ensuring proper data breach and security incident management by the Cooperative, including the preparation and submission to the National Privacy Commission of reports and other documentation concerning security incidents or data breaches within the prescribed period.
  • Informing and cultivating awareness on privacy and data protection within the Cooperative, including all laws, rules, regulations, and issuances of the National Privacy Commission.
  • Advising the Cooperative regarding complaints and/or exercise by data subjects of their rights (e.g., requests for information, clarifications, rectification or deletion of personal data or information).
  • Serving as the contact person of the Cooperative vis-à-vis data subjects, the National Privacy Commission, and other authorities in all matters concerning data privacy or security issues and/or concerns.
  • Cooperating, coordinating, and seeking advice from the National Privacy Commission concerning data privacy and security.
  1. Policy Review and Updates

 

ISELCO-I reserves the right to update this Privacy Policy at any time and without prior notice. 

 

Any revisions or updates to this policy shall be publicly announced through official postings on the ISELCO-I website and office bulletin boards.

  1. Effectivity Clause

 

This Policy shall take effect immediately upon approval.

 

If any provision of this policy is declared invalid or contrary to law, the remaining provisions shall remain valid and enforceable.

  1. Contact Information

 

For queries, please contact:

 

 

ISELCO-I Data Protection Officer

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Mobile No. +63917-180-0800

Address: Maharlika Highway, Victoria, Alicia, Isabela