Right to be Informed
Article III · RA 10173
Receive clear information about how personal data is collected, processed, stored, shared, and used by the Company.
Cornersteel Systems Corporation · Data Privacy
Terms of
Use.
Cornersteel's commitments, rights, and procedures for the lawful processing of personal data — grounded in Republic Act No. 10173 (the Data Privacy Act of 2012) and the rules issued by the National Privacy Commission.
RA 10173DPA 2012NPC IRRArticle III
Aligned to the Republic Act No. 10173 — Data Privacy Act of 2012.
Overview of Data Privacy Policy
Privacy by design — by default.
This Terms of Use document codifies how Cornersteel collects, processes, stores, and protects personal data across every interaction — public website, customer service, supplier onboarding, and internal employee records. It is anchored in Republic Act No. 10173, its Implementing Rules and Regulations, and the enforcement guidance of the National Privacy Commission.
Cornersteel commits to
01
A brief introduction explaining the importance of data privacy to Cornersteel — covering how we handle, process, and protect personal information across every touchpoint.
02
Compliance with the Data Privacy Act of 2012 (DPA) and its related Implementing Rules and Regulations issued by the National Privacy Commission.
03
Clarification of scope — this policy applies to all users, clients, suppliers, and employees who interact with Cornersteel systems, services, or premises.
Article III — Rights of the Data Subject
Seven rights, written into every workflow.
In compliance with Republic Act No. 10173, the Data Privacy Act of 2012, every Data Subject is guaranteed the following rights. Cornersteel honors each through documented, auditable processes.
Right to Access
Article III · RA 10173
Use established mechanisms to view and retrieve stored personal data on request, subject to verification.
Right to Rectification
Article III · RA 10173
Request corrections and amendments to inaccuracies, outdated entries, or incomplete records in personal data.
Right to Erasure or Blocking
Article III · RA 10173
Request the removal, deletion, or restriction of personal data under specific conditions defined by the DPA.
Right to Data Portability
Article III · RA 10173
Request the transfer of personal data in a structured, commonly used, and machine-readable electronic format.
Right to Object
Article III · RA 10173
Refuse the processing of personal data for certain purposes, including direct marketing and automated profiling.
Right to Damages
Article III · RA 10173
Seek remedies and indemnification for unauthorized, inaccurate, or otherwise unlawful processing of personal data.
Relevant Links to the Law
Read it at the source.
For a complete reference to the Data Privacy Act of 2012 and its implementing framework, consult the official statutory text published by the Official Gazette of the Republic of the Philippines.
Steps for Requesting Updates
Four forms, one workflow.
Depending on the request, users can access, modify, or report incidents through the appropriate intake form. Each is reviewed by the DPO and the Response Team.
Form 01
DPA Access Request Form
For any person, including an employee who is not an Authorized Personnel but wishes to access Personal Data of Data Subjects pursuant to his/her function in the Company.
Form 02
DPA Data Privacy Right Form
For a Data Subject who seeks to access and/or modify his/her Personal Data held by the Company.
Form 03
Processing of Personal Data Consent Form
Completed by people whose data we process — collected before Cornersteel can serve or transact with them.
Form 04
DPA Security Incident Report Form
To be filed by the Response Team within 24 hours of learning of any actual or suspected incident.
Processing Timeline
Clear windows. Named contacts.
Each incident or request category has a defined response window. Direct all correspondence to the Data Protection Officer (DPO) with the subject line indicated below.
| SLA | Purpose | DPO Contact | Subject |
|---|---|---|---|
| 24 hours | Security Incidents | dpo@cornersteel.com | Security |
| 48 hours | General DPO Inquiries | dpo@cornersteel.com | Security |
| Per request | Access Request — Authorized Personnel reviewing Data Subject information | dpo@cornersteel.com | Access Request |
| Per request | Data Subject Request — modification or access of personal data | dpo@cornersteel.com | Data Subject Request |
Security Measures & Policy
Confidentiality, integrity, and availability.
Cornersteel Systems Corporation is committed to ensuring the confidentiality, integrity, and availability of personal data in compliance with the Data Privacy Act and its implementing rules. Below are the measures we implement at every layer of our control.
Roles & Responsibilities
Personal Information Controller (PIC)
Ensures personal data is processed in compliance with the law, policies, and procedures established under the DPA.
Personal Information Processor (PIP)
Handles data-processing tasks under the strict written instructions of the PIC and within the scope of its mandate.
Compliance Officer for Privacy (COP)
Oversees data privacy compliance efforts, including risk assessments, training, and privacy impact assessments.
External Compliance Office
Managed by Batuhan and Blando Law Firm — reachable at bblaw@batuhanblandolaw.com for independent counsel.
Technical Security Measures
01
Antivirus Protection
Regularly updated antivirus software protects all systems from malware and cyber threats.
02
Perimeter Firewall
A firewall protects our network from unauthorized access and cyberattacks at the boundary.
03
Network Segmentation
Critical data is secured by segmenting the network to minimize risks from lateral movement.
04
Proxy Systems
Proxy systems are in place to control and monitor internet traffic, enhancing security and visibility.
05
Two-Factor Authentication (2FA)
Ensures secure access to sensitive systems and data by requiring a second level of authentication.
Physical Security Measures
Security Personnel
Trained personnel are stationed to monitor and protect our premises against unauthorized physical access.
Access Control
Strict protocols ensure that only authorized personnel have access to secure areas of our facilities.
Compliance & Audits
External Compliance Office
Batuhan and Blando Law Firm oversees compliance to ensure adherence to DPA standards and legal requirements.
Periodic Audits
Regular internal and external audits are conducted to assess security and compliance levels.
Cookie Policy
Cookies are used to enhance the user experience on our website. Users have the option to manage their cookie preferences through their browser settings or site-level controls to align with their privacy choices.
How to File Complaints
From report to resolution.
1 · Reporting Violations
Any suspected or actual violation of the Data Privacy Manual, the Data Privacy Act, or related government issuances — including breaches, losses, or unauthorized access/disclosure of personal data — must be reported immediately to the Data Privacy Response Team. The Response Team will acknowledge receipt of the complaint within 24 hours.
2 · Investigation Process
The Data Protection Officer (DPO) or any two members of the Data Privacy Response Team will:
1
Verify the Allegations
Confirm the validity of the complaint and gather initial facts from the complainant and witnesses.
2
Conduct an Investigation
If warranted, launch an official investigation for serious breaches as per the Data Privacy Act and its Implementing Rules and Regulations (IRR).
3
Report to the Commission
Submit a report on the incident or breach to the National Privacy Commission (NPC) as outlined in the manual.
3 · Committee Recommendations
The Data Privacy Response Team may form an investigation committee for serious violations or those with potential material damage to the company or affected individuals.
The committee's recommendations are forwarded to the company's management for approval and execution.
Filing Complaints
Contact the Data Protection Officer
For filing complaints, the Data Protection Officer can be contacted directly through any of the following channels:
Postal Address
18F World Centre Building, #330 Sen. Gil Puyat Avenue, Barangay Bel-Air, Makati City, Philippines.
Telephone Number
+63 9209221092
Email Address
dpa@cornersteel.com
Contact Information
For everything else.
General inquiries, escalations, and cross-entity coordination between Comfac-IT and Cornersteel Systems Corporation route through the following addresses.
Cornersteel & Comfac-IT — Privacy Channels
- IT Support
- it@cornersteel.com
- DPA — Cornersteel Systems Corporation
- dpa@cornersteel.com
- DPA — Comfac-IT
- dpa@comfac-it.com
- External Counsel
- bblaw@batuhanblandolaw.com
Version 1.0 — Data Privacy Compliance. Aligned to the Republic Act No. 10173 — Data Privacy Act of 2012.