Terms and conditions of website use
Issue date: February 01, 2023
-
These terms of use tell you the terms on which you may make use of our website PSbD.tech whether as a guest or a registered user. Use of our site includes accessing, browsing, or registering to use our site.
-
Please read these terms of use carefully before you start to use our site, as these will apply to your use of the site. We recommend that you print a copy of this for future reference.
-
By using our site, you confirm that you accept these terms of use and that you agree to comply with them.
-
If you do not agree to these terms of use, you must not use our site.
-
The following additional terms, which can be accessed from the home page of our site, will also apply to your use of our site:
-
Our Privacy Notice, which sets out the terms on which we process any personal data we collect from you or that you provide to us. By using our site, you consent to such processing and warrant that all data you provide is accurate.
-
Our Acceptable Use Policy sets out our site's permitted uses and prohibited uses. When using our site, you must comply with this Acceptable Use Policy.
-
Our Cookie Policy sets out information about the cookies on our site.
-
-
If you purchase goods or services from our site, the transaction will be covered by a separate contract or agreement between us.
​
Information about us
​
-
This website is operated by: Privacy and Security by Design Inc. (the Company) with address at ​Unit 408 Verawood Building, Magnolia Place, Tandang Sora Ave., Talipapa, Quezon City, Metro Manila, 1116 and telephone no. +63 2 8232 7821 or email info@psbd.tech.
Changes to these terms and our site, and access to our site
​
-
We may revise these terms of use at any time by amending this page. Please check this page from time to time to take notice of any changes we make as they are binding on you.
-
We may update our site from time to time and change the content at any time. However, please note that any of the content on our site may be out of date at any given time, and we are under no obligation to update it.
-
We do not guarantee that our site or any content on it will be free from errors or omissions.
-
We do not guarantee that our site or any content on it will always be available or be uninterrupted. Access to our site is permitted on a temporary basis. We may suspend, withdraw, discontinue or change all or any part of our site without notice. We will not be liable to you if for any reason our site is unavailable at any time or for any period. You are responsible for making all arrangements necessary for you to have access to our site.
Security
​
-
In order to ensure that this website remains available to all users, we may monitor network traffic to identify unauthorized attempts to upload or change information, or to otherwise cause damage to the site. Anyone using this site expressly consents to such monitoring.
-
Unauthorized attempts to modify, alter, deface, destroy or corrupt any information stored on this site or this system, to defeat or circumvent any security features, to probe, scan or test for vulnerabilities, to breach security or authentication measures, to forge TCP/IP headers, to install or attempt to install unauthorized software, to mount denial-of-service attacks, or to utilise this system for other than its intended purposes are expressly prohibited and may result in criminal prosecution.
-
Any possible criminal activity will be reported, together with any evidence that may be gathered, to the appropriate authorities.
-
If you choose or are provided with a user identification code, password or any other piece of information as part of our security procedures, you must treat such information as confidential. You must not disclose it to any third party. We have the right to disable any user identification code or password whether chosen by you or allocated by us at any time if in our reasonable opinion you have failed to comply with any of the provisions of these terms of use.
Disclaimer of endorsement
​
-
This site, and documents posted on it, may contain hypertext links or pointers to information created and maintained by other public and private organizations. We do not guarantee the accuracy, relevance, usefulness, timeliness or completeness of any linked information.
-
The inclusion of links or pointers to other sites is not intended to assign importance to those sites and the information contained in them, nor is it intended to endorse, recommend or favor any views expressed, or commercial products or services offered on those sites, or the organizations sponsoring the sites, by trade name, trademark, manufacture or otherwise.
-
Reference on this site to any specific commercial products, processes or services, or the use of any trade, firm or corporation name is for the information and convenience of the site's visitors, and does not constitute endorsement, recommendation or favoring by the Company.
-
The views expressed by any individual within any web forum are the views of that individual only and do not reflect or represent in any way the views of the Company.
Copyright
​
-
All content on this site, and all content of any documents provided to visitors or clients (in, for instance, newsletters) is our property, or that of another original copyright holder, unless stated otherwise.
-
No user may copy, modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, display, or in any way exploit any of the content, in whole or in part, except with our express written agreement or that of the original copyright holder. These copyright terms apply to all products purchased from this site, or acquired in any format by accessing our site.
Free services
​
-
The Company may provide a number of free services from its site, such as newsletters, etc. There is no contract with the Company for any free service, so no user can become a client by using any free service, and we are not liable to any user in any way resulting from the use of any free service.
Limitation of liability
​
-
Nothing in these terms of use excludes or limits our liability for death or personal injury arising from our negligence, or our fraud or fraudulent misrepresentation.
-
To the extent permitted by law, we exclude all conditions, warranties, representations or other terms that may apply to our site or any content on it, whether express or implied.
-
We will not be liable to any user for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with:
-
use of, or inability to use, our site; or
-
use of or reliance on any content displayed on our site.
-
-
If you are a business user, please note that, in particular, we will not be liable for:
-
loss of profits, sales, business or revenue;
-
business interruption;
-
loss of anticipated savings;
-
loss of business opportunity, goodwill or reputation; or
-
any indirect or consequential loss or damage.
-
-
We will not be liable for any loss or damage caused by a virus, distributed denial-of-service attack, or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of our site or to your downloading of any content on it, or on any website linked to it.
-
We assume no responsibility for the content of websites linked on our site. Such links should not be interpreted as endorsement by us of those linked websites. We will not be liable for any loss or damage that may arise from your use of them.
-
Different limitations and exclusions of liability will apply to liability arising as a result of the supply of any goods by use to you, which are set out in a separate contract or agreement between us.
Acceptable Use Policy
Issue date: February 01, 2023
-
This acceptable use policy sets out the terms between you and us under which you may access: PSbD.tech. This acceptable use policy applies to all users and visitors to our site.
Prohibited uses
​
-
You may use our site only for lawful purposes. You may not use our site:
-
In any way that breaches any applicable local, national, or international law or regulation.
-
In any way that is unlawful or fraudulent or has any unlawful or fraudulent purpose or effect.
-
For the purpose of harming or attempting to harm minors in any way.
-
To transmit or procure the sending of any unsolicited or unauthorized advertising or promotional material or any other form of similar solicitation (spam).
-
To knowingly transmit any data or send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware, or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware
-
​
-
You also agree:
-
Not to reproduce, duplicate, copy, or resell any part of our site in contravention of our terms of website use provisions.
-
Not to access without authority, interfere with, damage, or disrupt:
-
any part of our site;
-
any equipment or network on which our site is stored;
-
any software used in the provision of our site; or
-
any equipment, network, or software owned or used by any third party.
-
-
Suspension and termination
​
-
We will determine, at our discretion, whether there has been a breach of this acceptable use policy through your use of our site. When a breach of this policy has occurred, we may take such action as we deem appropriate.
​
-
Failure to comply with this acceptable use policy constitutes a material breach of the terms of use upon which you are permitted to use our site and may result in our taking all or any of the following actions:
-
Immediate temporary or permanent withdrawal of your right to use our site.
-
Immediate temporary or permanent removal of any posting or material uploaded by you to our site.
-
Issue a warning to you.
-
Legal proceedings against you for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach.
-
Further legal action against you.
-
Disclosure of such information to law enforcement authorities as we reasonably feel is necessary.
-
​
-
We exclude liability for actions taken in response to breaches of this acceptable use policy. The responses described in this policy are not limited, and we may take any other action we reasonably deem appropriate.
Changes to the acceptable use policy
​
-
We may revise this acceptable use policy at any time by amending this page. You are expected to check this page from time to time to take notice of any changes we make, as they are legally binding on you. Some of the provisions contained in this acceptable use policy may also be superseded by provisions or notices published elsewhere on our site.
Privacy Notice
Issue date: January 2023
Privacy Statement
Privacy and Security by Design (PSBD), its managed services, PRIVAAS-As-A-Service, and its software PRIVAAS-As-A-Software are committed to protecting your personal information in accordance with the Data Privacy Act of 2012 or Republic Act No. 10173 (DPA), its Implementing Rules and Regulations (IRR), pertinent issuances of the National Privacy Commission (NPC), and other relevant laws.
​
This Privacy Policy will provide information on the collection, use and processing, sharing, storage, and protection of your personal data, your rights under the DPA, changes in this Policy, and how to contact us.
​
PRIVAAS-As-A-Software
​
PRIVAAS-As-A-Software is a web-based software tool to guide Personal Information Controllers (PIC), Processors (PIP), and Data Protection Officers (DPO) in their privacy journey. Following the recommendation of the NPC and in compliance with other privacy laws, PRIVAAS follows the international standards for privacy (ISO 27701) and provides software services in the conduct of Privacy Impact Assessments (PIA), Consent and Preference Management, the conception of Breach Management Protocols (BMP), Third-party Management, construction of a Privacy Management Program (PMP) and the drafting of a Privacy Manual (PM), and Data Subject Requests Management. In addition, PRIVAAS can be tailored to fit the needs of its user, providing a complete approach to ensure the personal information within the systems or programs is safeguarded and secured.
​
PRIVAAS-As-A-Service
Along with the software, users may also avail of the fully managed service of PRIVAAS. The DPA Compliance Program includes the conduct of Privacy Risk Assessments, the Creation of a Data Breach Management and Incident Response Program, the Crafting of a Privacy Manual, Vulnerability Assessment, and Penetration Testing. In addition, the service also provides Data Privacy Consultancy, Advisory, Training, Breach Management and Response, and other consultancy services associated with Data Privacy.
Furthermore, PSbD introduced the PRIVAAS Privacy Seal Program. The comprehensive PRIVAAS Privacy Seal Program (PSP), supervised by privacy professionals, covers all pertinent aspects of compliance with the Data Privacy Act of 2012. The Program includes the Five Pillars of Compliance and uses the 32 pt. Accountability and Compliance Framework,
​
Collection and Use of Personal Data
​
When you use the website and fill out our digital form for inquiry and registration, the following personal information will be collected for the purpose of communication and in creating our tailored proposal for your company.
​
-
Salutation
-
First Name
-
Last Name
-
Email Address
-
Mobile Number
-
Designation
-
Company Name
-
Industry
-
Country of Location
-
Number of Employees
Personal Information or Sensitive Personal Information may also be collected and encountered by the PSBD employees (team), depending on the needs of the data privacy consultancy service.
​
Most of the personal information we process is provided to us directly by you for any of the following reasons:
​
-
You contacted us to inquire and ask for a demo of our service.
-
You engaged our consultancy service.
-
You contacted us for a possible partnership/collaboration.
-
You register and attend our seminars, training, or workshops.
-
You subscribe to our e-newsletter and promotional materials.
We also receive personal data indirectly in the following cases:
​
-
Our service was engaged, and in the course of the service agreement, our client shared personal data; or
-
When you visit our website, which uses cookies to analyze traffic and optimize your website experience.
All personal data we collect shall only be used for the following purposes:
​
-
For a complete understanding of the team, provide comprehensive recommendations to comply with the DPA or other relevant privacy laws.
-
To answer your queries;
-
To register for the event/conference/summit
-
To execute the terms and conditions of the contracts made for purposes of the service we provide;
-
To collect fees and or charges as applicable;
-
To market our service;
-
To document our seminars, training, workshops, and/or other activities;
-
To improve our website and social media pages and the delivery of our services;
-
To conduct internal statistical analysis and meet our reporting requirements;
-
To comply with the requirements of all applicable laws, rules, and regulations; and/or
-
To protect lawful rights and interests in court proceedings and to establish exercise or as a defense from legal claims.
Included in the contract will be a Non-disclosure Agreement to ensure that the privacy of all data encountered by the team is preserved.
​
Please note that you are responsible for the accuracy and correctness of any personal data you provide and for the consequences of providing inaccurate, incorrect, or out-of-date personal data.
​
Basis for Processing
​
We only collect your personal data to facilitate your subscription to our e-newsletters on data privacy if you provide your consent. You may withdraw your consent to processing your personal data for this purpose by sending your request to: dpo@psbd.tech.
​
We collect your personal data based on the needs of the contract, the existence of legitimate business interest, compliance with a legal obligation, or protect lawful rights and interests in court proceedings and to establish exercise or as a defense from legal claims in any of the following circumstances:
​
-
You contacted us to inquire about our services;
-
You contacted us to join or register for an organized event of PSbD;
-
You engaged our consultancy service and PRIVAAS;
-
You registered and/or attended any of our seminars, training or workshops; or
-
You contacted us for a possible partnership/collaboration.
​
Sharing of Personal data
Personal data collected, used, or processed during the engagement will not be shared outside except with those providing service to us. These services are covered by contracts, meaning they only process, share, retain and secure your data under our control and instructions.
​
We may also share your personal information in the following circumstances:
​
-
If we are legally obliged to do so, for example, we may share personal information with law enforcement agencies or other government regulatory bodies, if required by law or upon court order (for example, to assist with the investigation of a criminal offense);
-
To comply with the requirements of all applicable laws, rules, and regulations; or
-
To protect lawful rights and interests in court proceedings and to establish exercise or as a defense from legal claims.
In any scenario, we will ensure that we have a lawful basis for sharing your personal data. If data sharing is needed, your consent will be asked, as required, before any data transfer is performed.
​​
Storage and protection of personal data
All personal data collected by us shall be secured through the implementation of reasonable and appropriate organizational, physical, and technical security measures intended for the protection of personal information against any accidental or unlawful destruction, alteration, and disclosure, as well as against any other illegal processing by the DPA and its related issuances.
All data, including personal information in the PRIVAAS software, are accessed and stored in the Microsoft Azure SQL database.
Data Security is implemented through the following:
Azure SQL Database firewall
Azure SQL Database includes a firewall functionality, which by default prevents all access to SQL Database. The gateway firewall limits addresses, which allows customers granular control to specify ranges of acceptable IP addresses. The firewall grants access based on the originating IP address of each request.
Customers achieve firewall configuration by using a management portal or programmatically using the Azure SQL Database Management REST API. The default Azure SQL Database gateway firewall prevents all customer TDS access to Azure SQL Database. Customers must configure access using access-control lists (ACLs) to permit Azure SQL Database connections by source and destination internet addresses, protocols, and port numbers.
DoSGuard
Denial of service (DoS) attacks are reduced by a SQL Database gateway service called DoSGuard. DoSGuard actively tracks failed logins from IP addresses. For example, suppose there are multiple failed logins from a specific IP address within a period. In that case, the IP address is blocked from accessing any resources in the service for a pre-defined period.
In addition, the Azure SQL Database gateway performs the following:
​
-
Secure channel capability negotiations to implement TDS FIPS 140-2 validated encrypted connections when it connects to the database servers.
-
Stateful TDS packet inspection while it accepts connections from clients. The gateway validates the connection information and passes the TDS packets to the appropriate physical server based on the database name specified in the connection string.
The overarching principle for network security of the Azure SQL Database offering is to allow only the connection and communication that is necessary to enable the service to operate. All other ports, protocols, and links are blocked by default. In addition, virtual local area networks (VLANs) and ACLs restrict network communications by source and destination networks, protocols, and port numbers.
Mechanisms approved to implement network-based ACLs include ACLs on routers and load balancers. These mechanisms are managed by Azure networking, guest VM firewall, and Azure SQL Database gateway firewall rules.
Retention of Personal Data
​
Your data are retained only for a period necessary for us to fulfill the purposes for which they were collected, such as to execute the terms and conditions of our contracts or to conduct legitimate business interests.
We also retain your data for as long as applicable laws, rules, or regulations are required.
​
We will then securely dispose of your information after the required retention period.
Your rights under the Data Privacy Act
The DPA (Section 16. Rights of the Data Subject) covers the following Data Subject Rights, and PSBD assures that these rights may be invoked during the subscription of PRIVAAS:
​
1. Right to be Informed
PSBD will ensure the user of PRIVAAS will fully understand why and how your personal information is used, processed, stored, shared, retained, and disposed of.
2. Right to Object
The user may object to providing personal information unless pertinent to the subscription contract's purpose with PRIVAAS.
3. Right to Access
Users can access their data within PRIVAAS during its retention period.
4. Right to Correct / Rectify
In PRIVAAS, all users provided with login credentials will have the capacity to edit the personal information encoded in the software.
​
5. Right to Block / Remove
In PRIVAAS, all users provided with login credentials will have the capacity to delete the personal information encoded in the software.
6. Right to Data Portability
All data encoded or uploaded in the software may be downloaded by the user with log-in credentials.
7. Right to File a Complaint
If you find the PRIVAAS software violated the DPA, you may file a complaint to the NPC via https://www.privacy.gov.ph/complaints-assisted/
8. Right to be Indemnified
If PRIVAAS or PSBD is guilty of inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal information, you have the right to damages deemed appropriate by NPC or the appropriate court or tribunal.
Changes to the Privacy Policy
To be well informed about how PSBD and PRIVAAS collect, store, use, retain, and delete your personal information, we will regularly update this Privacy Policy thru this microsite. This Privacy Policy version was updated on January 2023.
​
Contacting us
For inquiries regarding the processing of personal information stated in this Privacy Policy, as well as any concerns or complaints regarding data privacy, or the exercise of your rights as a Data Subject under the DPA, you may contact the DPO as follows, provided that any complaint should be in writing, clearly state the material facts, specify your contact information, including supporting evidence and be submitted to the following office address or email address:
​Data Protection Officer
Privacy and Security by Design Inc.
​Unit 408 Verawood Building, Magnolia Place,
Tandang Sora Ave., Talipapa, Quezon City, Metro Manila, 1116
Email address: dpo@psbd.tech