Protecting Your Data with Purpose and Precision
1.
Purpose
Cyberlabs is committed to safeguarding the privacy of individuals and organizations whose personal data we process through our website and Managed Cybersecurity and Network Operations Center (SOC/NOC) services. This Privacy Statement outlines how we collect, use, store, share, and protect personal data in accordance with Republic Act No. 10173 – the Data Privacy Act of 2012, its Implementing Rules and Regulations, and NPC Circular No. 2023-06. As a Personal Information Controller (PIC), Cyberlabs ("we", "our", or "us") ensures that all data processing activities are conducted lawfully, fairly, and transparently. We are committed to upholding the rights of data subjects and maintaining the confidentiality, integrity, and availability of personal data entrusted to us.
2.
Scope
This policy applies to all personal and sensitive personal information processed by Cyberlabs in the delivery of cybersecurity and network operations services to clients across industries.
3.
Definitions
Personal Information (PI): Any data that can identify an individual.
Sensitive Personal Information (SPI): Includes race, health, education, government-issued identifiers, etc.
Data Subject: The individual whose data is being processed.
Personal Information Controller (PIC): Cyberlabs, as the entity determining the purpose and means of processing.
Personal Information Processor (PIP): Any third party contracted by Cyberlabs to process data on its behalf.
4.
Principles of Data Privacy
Transparency: Clear communication of data processing activities.
Legitimate Purpose: Data is processed only for specified, lawful purposes.
Proportionality: Only data necessary for service delivery is collected and retained.
5.
Collection, Use, and Processing of Personal Data
Cyberlabs collects and processes personal data only as necessary to deliver cybersecurity and related services.
This may include:
Full name
Contact information (e.g., email address, phone number)
Company affiliation
IP address and device information
Service usage data
Network logs, threat intelligence, and incident reports
User access records and authentication data
Client contact details for service coordination
Sensitive Personal Information (SPI) only when required for incident response, regulatory compliance, or legal obligations
Deliver, maintain, and improve our services
Personal data is collected through our website, service portals, and other digital platforms. We use this data to:
Deliver, maintain, and improve our services
Respond to inquiries and support requests
Send updates, newsletters, and promotional materials (with your consent)
Fulfill legal and regulatory obligations
6.
Legal Basis for Processing
Cyberlabs processes personal data based on one or more of the following lawful grounds:
Your explicit consent
Performance of a contract
Compliance with legal or regulatory obligations
Legitimate interests, such as enhancing service quality and securing our systems
All processing activities are conducted in accordance with the Data Privacy Act of 2012 and relevant regulations.
7.
Data Sharing and Disclosure
Cyberlabs does not sell or rent personal data to third parties. However, we may share data under the following circumstances:
With authorized third-party service providers who assist in delivering our services, subject to strict confidentiality and data protection agreements
With government agencies when required by law or in response to lawful requests
With affiliates and subsidiaries for internal business operations and service coordination
All third parties are contractually bound to uphold the same level of data protection and confidentiality that Cyberlabs enforces.
8.
Data Protection Measures
Cyberlabs is committed to safeguarding personal data through comprehensive organizational, physical, and technical measures, in accordance with NPC Circular No. 2023-06 and industry best practices.
Secure Infrastructure: Use of secure servers, encrypted data centers, and backup protocols.
Encryption: Protection of data both in transit and at rest using advanced encryption standards.
Access Management: Role-based access controls, multi-factor authentication, and strict user permissions.
Monitoring and Detection: Continuous system monitoring, threat detection, and incident response mechanisms.
Audits and Assessments: Regular security audits, vulnerability evaluations, and privacy impact assessments to ensure ongoing compliance and risk mitigation.
These measures are designed to maintain the confidentiality, integrity, and availability of personal data entrusted to us.
9.
Rights of Data Subjects
Cyberlabs is committed to protecting your personal data and upholding your rights under the Data Privacy Act of 2012. As a data subject, you are entitled to the following rights:
Right to be Informed
Right to Access
Right to Object
Right to Rectification
Right to Erasure or Blocking
Right to Data Portability
Right to Damages
Right to File a Complaint
Right to Withdraw Consent
For any concerns, requests, or inquiries regarding your data privacy rights, you may contact our Data Protection Officer (DPO) through the following channels:
Email Address: dpo_Cyberlabs@Cyberlabs.com.ph
Contact Number: +632 8596 3647
Mailing Address: Level 24, Philippine Stock Exchange Tower, One Bonifacio High Street, 5th Ave. cor. 28th St., Fort Bonifacio, BGC, Taguig City, Fourth District, NCR, 1630
10.
Data Breach Notification
In the event of a breach, Cyberlabs will notify the National Privacy Commission (NPC) and affected data subjects within 72 hours, detailing:
Nature of the breach
Data involved
Mitigation steps taken
11.
Third-Party Processors
Cyberlabs ensures all third-party processors:
Sign a Data Processing Agreement (DPA)
Comply with RA 10173 and Cyberlabs’ standards
Are subject to regular audits and assessments
12.
Data Protection Officer
Cyberlabs has appointed a DPO responsible for:
Ensuring compliance with RA 10173
Handling data subject requests and complaints
Conducting privacy training and audits
13.
Retention and Disposal
Data is retained only for the duration necessary to fulfill service obligations or comply with legal requirements. Secure disposal methods are used to prevent unauthorized access.
14.
Compliance and Enforcement
Cyberlabs complies with all provisions of RA 10173 and its Implementing Rules and Regulations (IRR). Violations may result in disciplinary action, termination of contracts, or legal penalties.
