Skip to main content
← Back to portal
PPS Data Privacy Act of 2012 · RA 10173

Your rights over your personal data

Every data subject has eight rights under the Data Privacy Act. Every right at PPS is backed by a working, self-service path in the Portal's Privacy Center.

Privacy Notice Privacy Policy Cookie Policy Terms of Service Your Rights
info
1. Right to be informed
§16(a)

Know what personal data we collect, why we collect it, how long we keep it, who we share it with, and where it is stored.

Read our Privacy Notice arrow_forward
block
2. Right to object
§16(b)

Refuse or withdraw consent to any processing based on your consent or our legitimate interest. Withdrawal takes effect immediately.

Manage consent arrow_forward
download
3. Right to access
§16(c)

Get a copy of the personal data we hold about you, delivered as a ZIP of JSON and CSV via a signed link valid for 7 days.

Download my data arrow_forward
edit
4. Right to rectification
§16(d)

Correct inaccurate or outdated information in your record. Most fields you can edit yourself; controlled fields go through the DPO.

Edit my profile arrow_forward
delete_forever
5. Right to erasure or blocking
§16(e)

Ask us to delete your data — subject to legal retention (BIR, PRC, legal holds). Where deletion is not available, we anonymize or block.

Request deletion arrow_forward
gavel
6. Right to damages
§16(f)

Claim damages for violations of the Data Privacy Act. You may also seek redress in court.

Contact the DPO arrow_forward
file_download
7. Right to data portability
§18

Receive your personal data in a structured, machine-readable format (JSON) so you can move it to another provider.

Portable export arrow_forward
campaign
8. Right to file a complaint
§§34–38

Complain first to our DPO. If unresolved, escalate to the National Privacy Commission at complaints@privacy.gov.ph.

Contact the NPC arrow_forward

How we handle your requests

Acknowledgement
3 working days
Every request is confirmed within 3 working days — no exceptions.
Substantive response
15 working days
From the date we receive a complete, verified request.
Extension (with reason)
+15 working days
Only for complex requests, and only with notice to you.

Cost. The first request per calendar year is free. A reasonable, pre-disclosed fee may apply only for excessive or repetitive requests.

verified_user How we verify your identity

The single largest risk in handling a data-subject request is releasing your data to an impostor. We verify identity before we act.

  • On the Portal — your authenticated session verifies you. Critical actions (deletion, portability export) additionally send a confirmation email with a signed link that expires in 7 days.
  • By email, phone, mail, or in person — we verify at least two out-of-band factors: PPS number against records, registered email match, a recent transaction or event reference, callback to your registered mobile, or (only if truly necessary) a government-ID scan collected minimally.
  • By an heir or representative — proof of authority is additionally required.

delete_forever Erasure — what actually happens

Erasure is a right, but it is not absolute. We must keep some records even after you ask us to delete them:

  • Payment and Official Receipt records for 10 years (BIR RR 5-2014).
  • Records under a legal hold for litigation, investigation, or NPC proceedings.
  • Records required by law for public or professional interest.

Where full deletion is not available, we offer:

  • Anonymization — identifiers are replaced with random tokens. Only de-identified aggregates remain.
  • Blocking — the record is flagged "do not process further" while retained for the legally required period.

Every erasure request goes through DPO review. We tell you exactly what has been deleted, what has been anonymized, and what has been retained (and why), within our 15-working-day service level.

rule When a request may be refused

A request may be refused only where the Data Privacy Act or its Implementing Rules expressly permit, where the request is manifestly unfounded or excessive, or where we cannot verify you as the data subject. Every refusal is documented in writing with reasons, and you are informed of your right to complain to the National Privacy Commission.

Non-retaliation. PPS never retaliates against anyone for exercising a right under the Data Privacy Act. If you believe you have been retaliated against for filing a request or a complaint, escalate directly to the DPO or to the NPC.

Contact our Data Protection Officer

mail dpo@pps.org.ph

Jamie Francis Dy — ICT Consultant and Data Protection Officer

National Privacy Commission

gavel complaints@privacy.gov.ph

https://www.privacy.gov.ph

🍪
Data Privacy Act of 2012

Your privacy, your choice

PPS uses cookies to run this portal securely and to remember your preferences. We do not sell your data. Manage your choices below, or read our Cookie Policy and Privacy Notice.

Strictly necessary Always on

Required for sign-in, security, and CSRF protection. The portal will not work without these.

Functional

Remembers your dark-mode and sidebar preferences between visits.

Analytics

Aggregate usage statistics to improve the portal. Currently not active — your choice is recorded for future use.

verified_user Compliant with RA 10173 · Data Protection Officer: dpo@pps.org.ph