Privacy Policy - TOP-TAAS OPC

TOP-TAAS OPC Data Privacy Policy

Effective Date: July 16, 2025

TOP-TAAS OPC (“we,” “us,” or “our”) is a One Person Corporation engaged in providing back-office support services. We are committed to protecting the confidentiality and privacy of all personal data we process in the course of our business operations. This Data Privacy Policy outlines our practices and your rights concerning the collection, use, processing, and protection of your personal data, in compliance with Republic Act No. 10173, the Data Privacy Act of 2012 (DPA).

1. Our Commitment to Privacy

2. Scope of this Policy

This policy applies to all personal data that we process on behalf of our clients, as well as data from our own employees, partners, and website visitors. As a provider of back-office services, TOP-TAAS OPC primarily acts as a Personal Information Processor (PIP) on behalf of our clients, who are the Personal Information Controllers (PIC).

3. What Personal Data We Collect

As part of providing our services, we may process personal data belonging to our clients and their employees. The data is determined by the client and the specific services we are engaged to perform. This may include, but is not limited to:

Personal Identification Information: Full name, address, email, contact numbers, date of birth.
Employment and Payroll Data: Employee numbers, job titles, salary information, attendance records, employment history.
Government-Mandated Data: Taxpayer Identification Number (TIN), SSS, PhilHealth, and Pag-IBIG numbers.
Financial Data: Bank account details for payroll processing and client billing information.
Client Data: Contact information and other business details of our clients' representatives.

4. How and When We Collect Your Data

We collect personal data through the following official methods:

From Our Clients: The majority of personal data we process is provided to us by our clients under a formal service agreement, for the purpose of fulfilling our contractual obligations (e.g., payroll processing, HR management).
Directly from Individuals: When you contact us directly to inquire about our services, apply for a job, or transact with us.
Through our Website: Via contact forms or the use of cookies when you browse our official website.

5. Purpose of Data Collection and Processing

In line with our primary purpose, your personal data is collected and processed for the following legitimate reasons:

To provide back-office support services to our clients, including:
- Administrative support
- Bookkeeping and financial record management
- Payroll processing and remittance
- Human resources management support
- Data processing and IT support
To comply with legal and regulatory obligations for ourselves and our clients, including tax and labor laws.
For client relationship management, billing, and communication.
For our own internal administrative purposes and record-keeping.

The corporation shall not solicit, accept or take investments or placements from the public.

6. Data Sharing and Disclosure

We uphold strict confidentiality. Your personal data may be shared with the following entities only when necessary and under a formal data sharing agreement:

Our Clients: We share processed data with the client who is the rightful owner (Personal Information Controller) of that data.
Government Agencies: We remit data to agencies like the Bureau of Internal Revenue (BIR), Social Security System (SSS), PhilHealth, and Pag-IBIG Fund as required for tax and benefits compliance on behalf of our clients.
Third-Party Service Providers: Partners who provide services on our behalf, such as secure IT infrastructure or payment gateways, bound by confidentiality agreements.
Regulatory Bodies: When required by law, court order, or other legal processes.

7. Data Protection, Storage, and Retention

Security Measures: We implement appropriate organizational, physical, and technical security measures to protect personal data against unauthorized access, disclosure, alteration, and destruction.
Data Retention: We retain personal data only for as long as necessary to fulfill the service agreements with our clients, or for the period required by relevant laws (e.g., labor and tax codes). After this period, data is securely and irreversibly anonymized or destroyed.

8. Your Rights as a Data Subject

In accordance with the Data Privacy Act, you are entitled to the following rights over your personal data:

The Right to be Informed
The Right to Object
The Right to Access
The Right to Rectification
The Right to Erasure or Blocking
The Right to Data Portability
The Right to File a Complaint with the National Privacy Commission (NPC).
The Right to be Indemnified for Damages

As we primarily act as a Personal Information Processor, requests to exercise these rights should generally be directed to the client (the Personal Information Controller) who owns the data. However, we will provide full assistance to our clients in responding to your requests.

9. How to Exercise Your Rights & Contact Information

For any questions about this policy or our data processing practices, please contact our Data Protection Officer (DPO):

Company Name: TOP-TAAS OPC
Data Protection Officer: The Data Protection Officer
Email Address: jhonatan@top-taas.solutions
Mailing Address: NO. 8, SAN ROQUE, BAGUMBAYAN, 1110, QUEZON CITY, SECOND DISTRICT, PHILIPPINES
Contact Number: 09178047566

If you feel your concerns have not been satisfactorily addressed, you may contact the National Privacy Commission (NPC) through their official website: https://www.privacy.gov.ph.

10. Changes to this Policy

We may update this Data Privacy Policy to reflect changes in our processes or regulations. We will make the updated version available through our official channels.