Are you having a hard time selling insurance? Perhaps due to fierce competition?Maybe the clients are just not that interested? Or maybe it’s hard to build trust withthem? One of these questions may have popped up in your mind, or maybe you’re anupcoming insurance provider that wants to overcome these challenges. Don’t worry!These questions will […]
This Data Processing Agreement (“Agreement”) is entered into by and between ROC.PH Digital Marketing Services (“Data Processor”), with its principal place of business in the Philippines, and the Client (“Data Controller”). This Agreement is part of the Terms of Service and Privacy Policy of ROC.PH and governs the processing of personal data in accordance with applicable data protection laws.
1. Definitions
1.1 “Personal Data” means any information relating to an identified or identifiable natural person processed under this Agreement. 1.2 “Processing” means any operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, or destruction. 1.3 “Data Controller” refers to the Client, who determines the purposes and means of processing Personal Data. 1.4 “Data Processor” refers to ROC.PH Digital Marketing Services, which processes Personal Data on behalf of the Data Controller. 1.5 “Applicable Laws” include the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines, the General Data Protection Regulation (GDPR) (EU Regulation 2016/679), the California Consumer Privacy Act (CCPA), and other relevant data protection regulations.
2. Scope and Responsibilities
2.1 The Data Processor shall process Personal Data only as necessary for the performance of services outlined in the agreement with the Data Controller. 2.2 The Data Processor shall process Personal Data in accordance with the Data Controller’s written instructions unless required by law. 2.3 The Data Controller confirms that it has obtained the necessary consent or legal basis for processing the Personal Data and is solely responsible for ensuring compliance with applicable data protection laws. 2.4 The Data Processor shall comply with applicable international data protection laws when processing data from clients based in different jurisdictions.
3. Confidentiality
3.1 The Data Processor shall ensure that all personnel involved in processing Personal Data are bound by confidentiality obligations. 3.2 The Data Processor shall not disclose or share Personal Data with third parties unless explicitly authorized by the Data Controller or required by law.
4. Security Measures
4.1 The Data Processor shall implement appropriate technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction, including encryption, access controls, and secure storage. 4.2 In the event of a data breach, the Data Processor shall notify the Data Controller without undue delay and provide necessary details regarding the breach, in accordance with GDPR, RA 10173, and other relevant regulations.
5. Subprocessing
5.1 The Data Processor may engage subcontractors (“Sub-processors”) to process Personal Data, provided that they comply with the same obligations under this Agreement. 5.2 The Data Processor remains fully responsible for the actions of its Sub-processors and shall ensure they adhere to data protection laws.
6. Data Subject Rights
6.1 The Data Processor shall assist the Data Controller in responding to requests from data subjects regarding their rights under applicable laws, including access, rectification, erasure, portability, and objection to processing. 6.2 If required under GDPR, the Data Processor shall implement mechanisms to enable data subjects to exercise their rights directly.
7. International Data Transfers
7.1 If Personal Data is transferred outside the Philippines, the Data Processor shall ensure compliance with GDPR, CCPA, and other applicable data transfer regulations. 7.2 The Data Processor shall use appropriate safeguards, such as Standard Contractual Clauses (SCCs) for EU clients, to ensure lawful international data transfers.
8. Data Retention and Deletion
8.1 The Data Processor shall retain Personal Data only for the duration necessary to fulfill the agreed services or as required by law. 8.2 Upon termination of the Agreement, the Data Processor shall delete or return all Personal Data to the Data Controller, unless retention is legally required. The Data Controller is responsible for ensuring compliance with data minimization principles.
9. Liability and Indemnification
9.1 The Data Processor shall not be liable for any processing of Personal Data done in accordance with the Data Controller’s instructions. 9.2 The Data Controller shall indemnify and hold harmless the Data Processor against claims, damages, liabilities, or expenses arising from non-compliance with data protection laws by the Data Controller. 9.3 The Data Processor shall be liable for breaches of its obligations under this Agreement only to the extent required by applicable laws. 9.4 The Data Controller agrees that they bear full responsibility for obtaining lawful consent from data subjects and ensuring the legality of their data collection practices.
10. Governing Law and Dispute Resolution
10.1 This Agreement shall be governed by the laws of the Philippines. 10.2 If the Data Controller is based in the EU, disputes shall be resolved in accordance with GDPR compliance mechanisms. 10.3 Any disputes arising from this Agreement shall be resolved amicably through negotiation. If unresolved, disputes shall be submitted to arbitration in the Philippines.
11. Data Protection Officer (DPO) Contact
11.1 The Data Processor has appointed a Data Protection Officer (DPO) to oversee compliance with this Agreement and applicable laws. 11.2 For inquiries or data protection concerns, the Data Controller may contact the Data Processor’s DPO at:
📧 Email: dpo@roc.ph
📞 Phone: +63 (046) 433 7590
12. Miscellaneous
12.1 This Agreement shall remain in effect as long as the Data Processor processes Personal Data for the Data Controller. 12.2 Amendments to this Agreement shall be made in writing and agreed upon by both parties. 12.3 If any provision of this Agreement is found to be invalid, the remainder of the Agreement shall remain in effect.
13. Acknowledgment & Acceptance
By using ROC.PH Digital Marketing Services, the Client (Data Controller) agrees to the terms outlined in this Data Processing Agreement. No physical signature is required, as acceptance is implied upon availing of our services.
For ROC.PH Digital Marketing Services, this agreement is officially executed as part of our Terms of Condition and Privacy Policy.
Additionally, Clients shall be required to check an “I Accept” checkbox confirming their agreement to this Data Processing Agreement before accessing our services.
