SolarFlow complies with Republic Act No. 10173, the Philippine Data Privacy Act of 2012, its Implementing Rules and Regulations, and issuances of the National Privacy Commission (NPC).
1. Data Controller
SolarFlow acts as the Personal Information Controller for account data, and as a Personal Information Processor for the operational data uploaded by your company.
2. Lawful Basis for Processing
- Contract: processing necessary to provide the service.
- Legitimate interest: security, fraud prevention, product analytics.
- Consent: for marketing communications and optional integrations.
- Legal obligation: tax, accounting, and regulatory compliance.
3. Categories of Personal Data
- Identifiers: name, email, phone, employer.
- Customer records uploaded by your company (lead contacts, site addresses, electricity bill data).
- Authentication data and access logs.
4. Data Subject Rights
Under the Data Privacy Act, you have the right to be informed, to object, to access, to rectification, to erasure or blocking, to damages, to data portability, and to file a complaint with the NPC.
5. Data Sharing and Transfers
Personal data may be transferred to sub-processors outside the Philippines (e.g., cloud hosting). We ensure such transfers are protected by contractual safeguards equivalent to RA 10173 standards.
6. Security Measures
- Organizational: RBAC, mandatory training, confidentiality undertakings.
- Physical: hosted in ISO/IEC 27001-certified data centers.
- Technical: TLS 1.2+, encryption at rest, audit logging, vulnerability scanning.
7. Retention
Personal data is retained only for as long as necessary for the declared purpose, or as required by law. Deletion requests are processed within 30 days.
8. Data Protection Officer
You may exercise your rights or raise concerns with our Data Protection Officer at dpo@solarflow.ph.
9. Filing a Complaint
You may also file a complaint with the National Privacy Commission via privacy.gov.ph.