GOVPH
MENU

Privacy Statement 

The Department of Foreign Affairs (DFA) is committed to fully protect your personal data privacy in compliance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA).

The Legal Basis of the DFA’s mandate are the following:

  • The 1987 Philippine Constitution
  • Executive Order No. 292 or the Administrative Code of 1987
  • Republic Act No. 7157 or the Philippine Foreign Service Act of 1991
  • Republic Act No. 11983 or the New Philippine Passport Act, superseding Republic Act No. 8239
  • Republic Act No. 9189, as amended by Republic Act No. 10590

These provide the lawful basis for the processing of data related to consular services.

We shall detail our personal data processing methods and issue a separate privacy notice, in an appropriate format and manner, whenever personal data is collected via alternative channels. Such instances include data collected through publicly accessible processing systems, notices displayed at the DFA's reception area during events that utilize attendance sheets or registration forms, and personal data collected pursuant to the DFA's mandate.

In all instances, we assure you that processing your personal data will strictly follow the provisions of the DPA, especially the general data privacy principles of Transparency, Legitimate Purpose, and Proportionality.

DFA Website Privacy Notice

Our official website is dfa.gov.ph

This Privacy Notice is for the DFA website. These functionalities enable the DFA to collect and process your personal information.

Personal Data Collected and Manner of Collection

We collect the following personal data from you when you manually or electronically submit to us your inquiries or requests:

  • Name
  • Email Address

Our consular services will require the submission of personal information necessary to process applications as related to DFA’s mandate.

The following data may be collected as appropriate through the relevant paper or electronic application forms for consular services:

  • Name
  • Age
  • Sex
  • Home Address
  • Email Address
  • Date and Place of Birth
  • Civil Status
  • Citizenship
  • Contact Number
  • Photograph
  • Biometric Data
  • Supporting Documents
  • Data Collected in Civil Registry Forms
  • Data Collected in Passports Issued By Other States

Basis, Use, and Purpose for Processing of Personal Data

While your consent may be solicited to process your personal data, we may also process personal data without your consent, such as when processing is according to our mandate or when processing is allowed under Section 12 or Section 13 of the DPA.

In these instances, your personal data is utilized for the following purposes:

  • For documentation and processing of inquiries and requests within the DFA, enable the DFA to properly address them and forward them to the appropriate internal units for action and response.
  • To solicit feedback for the services we provide.
  • To provide you with the appropriate updates and advisories in an appropriate format and orderly and timely manner.
  • To comply with a legal obligation to which the DFA is subject.
  • To comply with the requirements of public order and safety or to fulfill the functions of public authority, including processing personal data to fulfill the DFA’s mandate.
  • To be able to provide the appropriate action that a data subject may require concerning their data privacy rights.

Moreover, we may collect other personal data that are relevant and necessary to perform our mandate of advancing the national interest, conducting independent foreign policy, and providing consular and assistance-to-nationals services to Filipinos at home and abroad.

Methods utilized for automated access

This website is hosted by the Government Web Hosting Service (GWHS) of the Department of Information and Communications Technology, and as such may collect web traffic data for their purposes such as:

  • Your IP address
  • The pages and internal links accessed on our site
  • The date and time you visited the site
  • Geolocation
  • The referring site or platform (if any) through which you accessed this site
  • Your operating system
  • Web browser type

Disclosure of Personal Data

Personal data processed by the DFA is not shared with any other party unless such disclosure is allowed under Section 12 or 13 of the DPA.

Risks Involved

Risk refers to the potential of an incident to result in harm or danger to a data subject or organization. Risks may lead to the unauthorized collection, use, disclosure, or access to personal data. It includes risks involving the confidentiality, integrity, and availability of personal data or the risk that processing will violate the general data privacy principles and the rights of data subjects.

The DFA ensures that adequate physical, technical, and organizational security measures are in place to protect personal information's confidentiality, integrity, and availability. However, this does not guarantee absolute protection against certain risks involving the processing of personal data, such as when systems are exposed to targeted cyberattacks, malware, ransomware, and computer viruses or when manual records are accessed without authority.

However, adequate policies are in place to ensure appropriate security incident management in line with existing NPC policies, circulars, and other issuances.

Data Protection and Security Measures

We safeguard the confidentiality, integrity, and availability of your personal information by maintaining a combination of organizational, physical, and technical security measures based on generally accepted data privacy and information security standards. Among the measures we implement are the following:

  • Policies on access control in both digital and physical infrastructure to prevent unauthorized access to personal information.
  • Acceptable use policies
  • End-to-end encryption and data classification whenever suitable.
  • Security measures against natural disasters, power disturbances, external access, and similar threats.
  • Technical measures to protect our computers and databases against accidental, unlawful, or unauthorized usage, interference, or access.

Storage and Retention

We store files containing personal information on our computers and servers, which are maintained in a secure environment. We may also utilize cloud-based third-party data storage providers. In all cases, we ensure that proper measures are adopted to protect your information.

For data collected via this website, personal data will be stored in accordance with GWHS regulations. Specifically, emails will be retained for two (2) years after inquiries and requests have been acted upon, after which these records will be securely disposed of.

Other categories of data may be kept for longer than two (2) years if their retention period is mandated by other relevant laws and regulations.

Disposal

Physical records will be shredded, and digital files will be anonymized. In all instances, our disposal methods will ensure personal information cannot be retrieved, processed, or accessed by unauthorized persons.

Rights of a Data Subject

Under the DPA, you have the right to be informed regarding processing the personal information we hold about you.

Further, you may be entitled to request

  • Access to your personal data: You have the right to confirm if your data is being processed.
  • Rectification of your personal data: You can have your personal data corrected if it's inaccurate or incomplete.
  • Erasure or blocking of your personal data: This applies when warranted.
  • The right to object: You can object if the processing of your personal data is based on consent or legitimate interest.
  • The right to data portability: You can securely obtain, electronically move, copy, or transfer your data for further use.

You may also claim compensation if you believe you've suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, or if your rights and freedoms as a data subject have been violated.

If you believe your personal information has been misused, maliciously disclosed, improperly disposed of, or that your data privacy rights have been violated, you have the right to file a complaint with the National Privacy Commission (NPC).

Changes to the Privacy Notice

The DFA reserves the right to update or amend this privacy notice as needed. A new privacy notice will be issued to reflect any significant revisions. Prior versions of this notice will be kept by the DFA and made available to data subjects upon request.

Feedback on our Privacy Notice

For any suggestions, comments, or issues concerning the DFA’s data privacy practices, please contact our Data Protection Officer, Assistant Secretary Patrick John U. Hilado. You can reach him at the following address: DoubleDragon Tower, DD Meridian Ave. cor. EDSA Extension, Bay Area, Pasay City, or via email at This email address is being protected from spambots. You need JavaScript enabled to view it..