Terms of Use and Service

These Terms of Use and Service (referred to as “Terms”) govern your access to and use of FilPass platform and services. Before you proceed to use our services, we kindly request you to carefully read and understand these Terms, as they form a legally binding agreement between you (the “Customer,” “User,” or “You”) and FilPass.

By accessing or using FilPass platform and services, you acknowledge that you have read, understood, and agreed to be bound by these Terms. If you do not agree with any part of these Terms or our Privacy Policy, please refrain from using our services.

FilPass is committed to providing a secure and efficient platform for the management and verification of credentials and certificates. Our services are designed to streamline and simplify the process of issuing, sharing, and verifying digital credentials, ensuring a seamless experience for both individuals and issuing authorities.

These Terms cover essential aspects of your relationship with FilPass, including the use of our services, account registration, data protection, intellectual property rights, confidentiality, and other important provisions. We encourage you to review the entire document to gain a comprehensive understanding of your rights and obligations while using FilPass.

These terms may be updated from time to time, and we will notify you of any changes. Continued use of FilPass after any modifications to the Terms indicates your acceptance of the updated agreement.

We prioritize the security and privacy of our customers, and we are dedicated to maintaining the confidentiality and integrity of your data. If you have any questions or concerns regarding these Terms or our services, please do not hesitate to contact our support team at helpdesk@filpass.ph.

Thank you for choosing FilPass. We are excited to embark on this journey together, providing you with cutting-edge technology to manage your credentials efficiently and securely. Let’s unlock endless possibilities with FilPass!

1. General Prohibition

You agree by using this Website you will NOT:

o use the Website for, or to encourage, any unlawful purpose;

o engage in any actions that violate local, state, provincial, or federal rules, regulations, and statutes, including but not limited to laws related to Philippines export, anti-discrimination, or equal opportunity employment;

o infringe upon the intellectual property and privacy rights of any third party, including but not limited to patents, copyrights, trademarks, or trade secrets.

upload, post, transmit, or store any content that falls within the following categories:

• content that is unlawful, offensive, defamatory, fraudulent, deceptive, misleading, harmful, threatening, harassing, obscene, or objectionable;

• content that breaches your contractual or confidentiality obligations;

• content that disrupts or interferes with the standard functioning of the Website, such as sharing viruses, repeatedly posting the same content, or uploading abnormally large files;

• content that contains unauthorized advertising materials, unsolicited promotional content, “junk mail,” “spam mail,” “chain letters,” pyramid schemes, franchises, distributorship, club memberships, sales arrangements, or any other materials that are deemed unacceptable;

o attempt to breach any of the Website’s security measures;

o utilize any device, process, or mechanism like spiders or robots to access the Website’s content without prior written consent from FilPass;

o try to access the accounts or logins of any third party listed on the Website;

o unless expressly permitted in these terms and unless prevented by applicable laws, copy, modify, delete, reproduce, distribute, download, store, transmit, sell, publish, reverse engineer, or create derivative works from any materials, excluding content that you’ve submitted and own;

o submit inaccurate, false, or incomplete information, such as incorrect resumes, biographical data, or employment details;

o assume the identity of any individual or entity;

o falsify any header information in electronic postings or emails;

o present yourself falsely, claim an affiliation with any third party that doesn’t exist, or misrepresent your identity or entity.

FilPass retains the exclusive right to determine whether you are in compliance with the above provisions. The platform also reserves the authority to prevent your access to the Website and to promptly remove any content that is deemed non-compliant or objectionable without prior notice. Please note that the services provided by the Website are accessible immediately, thereby negating any cancellation or “cooling-off” rights related to these terms of use.

2. License Grants

2.1. Service

Under this license grant, FilPass provides you with a non-exclusive, non-transferable, and worldwide license to access and utilize the services available on the platform. These services are designed to facilitate your interactions and operations within FilPass, enabling you to efficiently manage tasks, processes, and communications related to your account.

As part of this license grant, you are allowed to input and process your own content and data (referred to as “User Data”) on FilPass for your internal business purposes. You must ensure that only authorized users, including your employees, agents, and independent contractors, are allowed access to the services, and they must adhere to the terms and conditions laid out in this agreement.

It is essential to understand that this license does not grant you any ownership rights over the FilPass platform, its underlying technologies, or its content. All intellectual property rights, including patents, copyrights, trademarks, trade secrets, and other proprietary rights, associated with FilPass and its services remain the exclusive property of FilPass and its licensors.

2.2. Restrictions

While you are granted access to FilPass and its services, there are certain restrictions on how you can use and interact with the platform. You must not engage in activities that would undermine the integrity and security.

Specifically, you are prohibited from sublicensing, selling, reselling, transferring, assigning, distributing, or commercially exploiting the services or any related content to any third party without the prior written consent of FilPass. Additionally, you must not modify, create derivative works from, or attempt to reverse engineer the platform or any of its components.

Furthermore, you should not attempt to access portions of the platform that you have not been authorized to use by FilPass. Unauthorized access or attempts to gain access to restricted areas of the platform are strictly prohibited.

2.3. User Data

As a user of FilPass, you may be required to provide certain content, information, and data (referred to as “User Data”) to facilitate your use of the services. By doing so, you grant FilPass a non-exclusive, worldwide license to use, reproduce, create derivative works, display, store, and perform your User Data as necessary to provide the services.

It is essential to ensure that the User Data you provide to FilPass complies with all applicable laws, regulations, and terms of service. If you share any personal data with FilPass, you must have the necessary rights and consents to do so, and you must maintain a privacy policy consistent with industry best practices.

By following these license grants and adhering to the associated restrictions, you can make the most of FilPass services while respecting the intellectual property rights and security measures in place to protect the platform and its users.

3. Ownership

FilPass, the dynamic platform that empowers users with seamless digital experiences, offers a comprehensive Ownership model that ensures transparency, protection, and a vibrant user-driven ecosystem. We elaborate on the principles that govern your ownership rights and responsibilities while utilizing FilPass and its array of empowering services.

4. Operation of the Services

4.1. Implementation of Services

Upon joining the FilPass community, we endeavor to swiftly set you up for success. The implementation of our services is carefully curated to ensure a smooth onboarding experience. From the Agreement Start Date, you gain access to FilPass and its array of empowering features. With personalized email and passwords, you and your authorized users can start leveraging FilPass capabilities to enhance your business processes.

To maintain the utmost security, we require you to report any unauthorized use of your account promptly. Rest assured, our team is ever ready to assist you and address any concerns that may arise during the implementation process.

4.2. Services Operation

At FilPass, our priority is to maintain a well-functioning and accessible platform. We are committed to providing reliable services to meet your business needs and exceed your expectations. Our team diligently hosts, maintains, and operates FilPass, ensuring it remains available for you and your authorized users.

Employing industry-standard security measures, such as firewalls and SSL technology, we continuously monitor and track the availability of our services. Our goal is to offer you uninterrupted access to FilPass, allowing you to focus on maximizing its benefits without concern.

4.3. Compliance with Laws

User shall use the Services in compliance with all Applicable Laws, statutes, rules, regulations and terms of service. If necessary to comply with any of the foregoing, FilPass may modify or suspend access to the Service. This remedy shall be in addition to and shall not limit FilPass ability to terminate this Agreement based on material breach or pursue damages or other remedies available under law and equity.

4.4. Upgrades

FilPass is continuously evolving to meet your evolving needs. We pride ourselves on regularly upgrading and improving the platform’s features and functionalities. As we innovate, we ensure that the improvements we make enhance your overall experience with FilPass.

Our dedicated team works tirelessly to keep you at the forefront of technology, introducing upgrades that make your digital journey even more efficient and rewarding. Rest assured that any changes we make aim to optimize your usage of FilPass.

4.5. Protection of User Data

FilPass will maintain administrative, and technical safeguards designed for the protection of User Data. Those safeguards will include measures designed for preventing unauthorized access, use, modification or disclosure of User Data by FilPass personnel except. (a) to provide Services and prevent or address service or technical problems; (b) to comply with all Applicable Laws; or (c) as expressly permitted in writing by User.

As part of our commitment to data protection, we provide a data processing addendum to ensure our handling of personal data aligns with applicable data protection laws. Our partnership in safeguarding your data is essential to maintaining a secure and trustworthy FilPass community.

5. User Responsibilities

5.1 User Obligations Regarding Data

FilPass places utmost importance on the accuracy, quality, and integrity of User Data. As our valued client, you bear full responsibility for ensuring that all User Data, including Credentials, is authentic, valid, legitimate, and complies with relevant laws. FilPass, in turn, assumes no liability for any User Data used in conjunction with our Services. For instance, if your User Data contains outdated or inaccurate information, FilPass cannot be held responsible for such discrepancies. It is essential to understand that FilPass is not associated with the issuers of Credentials, and your selection and usage of Credentials are entirely at your own risk.

5.2 Authorized Access and Compliance

To ensure the secure use of our Service, you must grant access only to authorized individuals, known as “Authorized Users.” It is your responsibility to ensure that these Authorized Users review and adhere to the terms and conditions outlined in our Agreement. Additionally, you must ensure that both you and your Authorized Users comply with any terms of use pertaining to Third-Party Applications integrated with FilPass.

5.3 Prohibited Activities

To maintain the integrity and performance of our Certificate Cloud Services, certain activities are strictly prohibited. Sending spam or unsolicited messages, storing infringing or unlawful material, interfering with system integrity, attempting unauthorized access, or disrupting other users’ accounts are examples of activities that are not allowed. It is important to respect these guidelines to avoid any adverse consequences, including account suspension or termination.

5.4 Personal Data Sharing and Privacy Compliance

If you choose to share Personal Data with FilPass for the purpose of utilizing our Services, you must ensure compliance with all Applicable Laws. It is your responsibility to maintain a privacy policy consistent with industry best practices. You must also confirm that any Personal Data transferred to FilPass does not violate any prohibitions or restrictions allowing for the proper processing of data. Furthermore, you must have obtained all necessary consents, and have not withdrawn such consents, or have a lawful basis for disclosing or transferring Personal Data to FilPass for processing.

At FilPass, we value transparency and adherence to regulations. By fulfilling these responsibilities, you contribute to a secure and trustworthy environment for all users of our services. We are committed to providing exceptional service, safeguarding your data, and maintaining the highest standards of privacy protection. Together, we can achieve a successful and compliant partnership that ensures your satisfaction with FilPass.

6. Indemnity

FilPass shall undertake the responsibility to defend any claim, lawsuit, or legal proceeding brought against the User, insofar as the claim is based on an allegation that the User’s authorized use of the FilPass services infringes any copyright, trade secret right. To ensure such a defense, the User is required to promptly provide FilPass with written notice of the claim and grant FilPass the authority to control the defense, settlement, adjustment, or compromise of the said claim. The User is not authorized to settle any such claim on behalf of FilPass. The above-stated provision represents the sole and exclusive recourse available to the User in the event of any infringement or misappropriation of third-party intellectual property rights by FilPass.

7. Limitation of Liability

FilPass shall not be liable for any special, incidental, or consequential damages. This includes damages arising from breach of contract or warranty, tort (including negligence), or strict liability. FilPass shall also not be liable for interrupted communications, lost data, or lost profits resulting from the use of its services. It is important to note that the limitations specified in this section shall apply despite any failure of the essential purpose of this agreement or any limited remedy provided herein.

8. Confidential Information

8.1. Definition of Confidential Information

Confidential Information, as referred to in this agreement, pertains to any information transmitted by one party (the “Disclosing Party”) to the other party (the “Receiving Party”) and is designated as “confidential” in writing before being furnished or is disclosed orally or visually and identified as confidential before disclosure and subsequently summarized in writing within thirty (30) days. Such information shall be deemed the exclusive property of the Disclosing Party for the purposes of this agreement.

As the Receiving Party, FilPass expressly undertakes to maintain the utmost confidentiality and refrain from disclosing any such Confidential Information to any third party. FilPass agrees to utilize such Confidential Information solely for the purpose of exercising the rights and fulfilling the obligations set forth in this agreement.

FilPass shall take reasonable measures to prevent unauthorized disclosure or use of the Disclosing Party’s Confidential Information and prevent such information from falling into the public domain or the possession of unauthorized individuals. Confidential Information shall not be disclosed to any person or entity other than FilPass employees, and legal or accounting advisors who require access for the purposes of this agreement and have entered into written confidentiality agreements to protect such information.

In the event that the Receiving Party becomes aware of any unauthorized use or disclosure of the Disclosing Party’s Confidential Information, FilPass shall promptly notify the Disclosing Party and cooperate to remedy the situation.

8.2. Exclusions from Confidential Information

Not all information shared between the parties falls under the definition of Confidential Information. Exclusions from Confidential Information include:

(a) Information that was already in the public domain at or subsequent to the time it was communicated to FilPass by the Disclosing Party through no fault of FilPass. (b) Information that was rightfully in FilPass possession, free of any confidentiality obligations, at or subsequent to the time such information was communicated to FilPass by the Disclosing Party. (c) Information developed independently by FilPass employees without reference to any information communicated by the Disclosing Party. (d) Information disclosed by the Disclosing Party to an unaffiliated third party without any obligation of confidence.

These exclusions ensure that only truly confidential information is subject to the strict confidentiality obligations under this agreement.

9. Modification of Terms

9.1. FilPass reserves the right to modify these Terms at its sole discretion. Any changes will be effective upon posting the revised Terms on FilPass or by notifying the User through their registered email address. It is the responsibility of the User to review the Terms periodically for any updates. Continued use of FilPass after the modifications constitutes acceptance of the updated Terms.

10. Governing Law

10.1. These Terms and any disputes arising out of or relating to them shall be governed by and construed in accordance with the laws. Any legal actions or proceedings concerning these Terms shall be brought exclusively in the courts located within [Jurisdiction], and the parties hereby consent to the personal jurisdiction of such courts.

11. Severability

11.1. If any provision of these Terms is deemed invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be severed from these Terms, and the remaining provisions shall remain in full force and effect. The invalidity or unenforceability of any provision shall not affect the validity or enforceability of any other provision of these Terms.

12. Entire Agreement

12.1. These Terms constitute the entire agreement between FilPass and the User regarding the subject matter herein and supersede all prior or contemporaneous agreements, understandings, representations, and discussions, whether oral or written, between the parties. Any additional or different terms proposed by the User are expressly rejected and shall not be binding unless agreed to in writing by FilPass.

1. INTRODUCTION

This section provides a brief overview of the purpose of the privacy policy and the types of data that will be collected and used by FilPass.

The purpose of this privacy policy is to explain how we collect, use, disclose, and protect personal information that we obtain from our clients and users of our FilPass system. We recognize the importance of data privacy and are committed to protecting the personal information entrusted to us. This policy will help our clients and users understand how we handle their personal data, and how we ensure its confidentiality, integrity, and availability.

We understand that our clients and users have the right to know what personal data we collect, how we use it, and who we share it with. Our goal is to be transparent about our data practices and ensure that our clients and users are in control of their personal information. We believe that by being transparent about our data practices, we can build trust with our clients and users, and strengthen our commitment to data privacy and security.

This privacy policy applies to all personal information that we collect, process, and store, regardless of the source or medium. We adhere to all applicable data protection laws and regulations and implement appropriate technical and organizational measures to ensure the security and protection of personal data.

FilPass values the privacy and security of personal data and has implemented security policies to ensure the confidentiality, integrity, and availability of personal data. We have also implemented technical and organizational measures to prevent unauthorized access, disclosure, alteration, or destruction of personal data. Our security policy with respect to the processing of personal data includes regular data backups, encryption of sensitive data, access controls, and data breach response plan.

FilPass recognizes the importance of transparency and accountability in the processing of personal data. We are committed to complying with applicable data protection laws and regulations and to continuously improving our privacy and security practices.

I. PROCESSING OF PERSONAL INFORMATION

1. General Data Privacy Principles – FilPass adhere to the principles of transparency, legitimate purpose, and proportionality in the processing of personal information, in compliance with the requirements of applicable laws and regulations.

Personal information collected by FilPass shall be:

a) Collected for specified and legitimate purposes, declared before, or as soon as reasonably practicable after collection, and processed in a manner compatible with such declared, specific, and legitimate purposes, and in accordance with the law.

b) Processed fairly and lawfully.

c) Kept accurate, relevant, and up-to-date, where necessary for the purposes for which it is to be used; inaccurate or incomplete data must be rectified, supplemented, destroyed, or their further processing restricted.

d) Adequate and not excessive in relation to the purposes for which it is collected and processed.

e) Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained, or for the establishment, exercise, or defense of legal claims, or for legitimate business purposes, or as provided by law.

f) Processed in compliance with the general data privacy principles of transparency, legitimate purpose, and proportionality, as set forth in the Data Privacy Act and other applicable laws and regulations.

2. Criteria for Lawful Processing of Personal Information. – The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists:

a) The data subject has given his or her consent;

b) The processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or to take steps at the request of the data subject prior to entering a contract.

3. Sensitive personal information and privileged information shall not be processed by FilPass, except in the following cases:

a) Consent has been given by the data subject, specific to the purpose, prior to the processing. In the case of privileged information, consent must be given by all parties involved in the exchange prior to processing.

b) The processing is allowed by existing laws and regulations, provided that such regulatory enactments guarantee the protection of sensitive personal information and privileged information. Consent of the data subject may not be required by law or regulation for processing such information.

II. Information We Collect

1. What personal information do we collect from our users?

As a part of our commitment to protect the privacy of our users, we collect and process personal information in accordance with applicable data privacy and protection laws. As a data-driven platform, FilPass collects a variety of personal information from our users that is necessary for the operation and delivery of our system.

We collect personal information necessary to provide and improve our services, as well as to comply with legal and regulatory requirements. We take appropriate measures to ensure the confidentiality, integrity, and availability of the personal information we collect and process, and we only retain such information for as long as necessary to fulfill the purposes for which it was collected. The types of personal information we collect are the following:

Type of Personal information in FilPass	Sensitive Personal Information in FilPass
Personal Full Name Address Birthday Gender Phone Number School Details Education Details Job Details	Civil Status Citizenship Government Issued Number

 

2. Why do we collect this information?

We collect personal information from our users for several reasons. Firstly, we need to collect this information to verify the identity of our users and ensure that they are eligible to use the services offered by FilPass. We also collect personal data for the purpose of issuing verifiable credentials, which is the main feature of the FilPass system. These verifiable credentials contain personal information that has been verified and approved by the issuer, which are necessary for users to access certain services or to prove their identity or qualifications in various settings.

The personal information we collect from users is essential to provide our services and ensure the effective functioning of the FilPass system. We take the privacy and security of this data very seriously, and we adhere to strict privacy policies and data protection regulations to protect the personal data of our users.

· Identity verification – We collect personal information to verify the identity of our users and to ensure that only authorized individuals can access the system.

· Service delivery – We collect personal information to provide our users with the services they have requested, such as issuing and verifying verifiable credentials.

· Customization and personalization – We collect personal information to personalize our users’ experience with the system, such as by recommending relevant features or content based on their preferences.

· Communication and support: We collect personal information to communicate with our users and to provide customer support, such as to answer questions or resolve issues.

3. How do we use this information?

In FilPass, we use the personal information we collect from our users to facilitate the issuance, verification, and storage of verifiable credentials. This includes using the information to verify the identity of both credential holder and credential issuer, and to ensure that the information contained in the verifiable credential is accurate and up to date. The data collection and use policies are specifically tailored to the issuance and management of verifiable credentials.

· User verification – We use personal data to verify the identity of our users and ensure that only legitimate users have access to the system. This may include collecting government-issued IDs, biometric data, and other forms of identification that help us verify a user’s identity.

· Service delivery – We use personal data to deliver our services to users. For example, we may use an individual’s contact information to send important notifications about their account or to communicate with them about their data.

· Marketing and advertising – We may use personal data to market and promote our services to potential users. This may include using demographic or behavioral data to target advertising or other promotional materials to specific individuals or groups.

· Security – We use personal data to help ensure the security and integrity of our platform. This may include using user data to authenticate and authorize access to our services, monitor for suspicious activity, or detect and prevent fraud.

It’s important to note that we only use the personal information that is necessary to carry out the above purposes and that we do not sell or disclose this information to third parties. We take data privacy and protection very seriously, and we are committed to using personal information in a transparent and responsible manner.

4. Will we share this information with any third parties?

At Filpass, we take the privacy and security of our users’ personal information very seriously. We understand that you trust us with your sensitive data, and we want to assure you that we will never share this information with any third parties.

All the personal data we collect from our users is used solely for the purpose of providing our services to you. This includes verifying your identity, creating and managing your digital credentials, and enabling you to share these credentials with authorized parties.

We do not and will not sell or rent any of our users’ personal information to any third party for any purpose, including marketing or advertising. We also do not share your personal information with any third parties for their own marketing or advertising purposes.

III. How We Collect Information

When a user registers in Filpass, we collect information through the registration forms. The user is asked to provide personal information such as their name, email address, contact number, any other necessary information. These pieces of information are necessary for creating an account and verifying the user’s identity.

In addition, we may also collect information through cookies and other tracking technologies. These technologies allow us to monitor the user’s activity on the website and gather information on their preferences and interests. This information is used to enhance the user experience and provide personalized content and services.

We take the collection of information seriously and are committed to ensuring the security and privacy of our users. We only collect data that is necessary for the proper functioning of the system and for providing our services to the users.

IV. Data Retention

1. How long will the data be retained for?

In FilPass, the retention of data is an important aspect governed by our data retention policy. We recognize the significance of maintaining personal data

only for as long as necessary to fulfill the purposes for which it was collected. As part of our commitment to data privacy and compliance, we have established a retention period of 3 years from the date of data collection.

During this retention period, we ensure that the data remains securely stored and protected, adhering to industry best practices and applicable data protection regulations. This allows us to fulfill the intended purposes of the data, such as document issuance and verification, while maintaining the highest standards of data security and privacy.

Upon the expiration of the retention period, we have implemented appropriate procedures for the disposal of the data. This includes secure and irreversible data destruction methods, such as permanent deletion or destruction of the data, to ensure that it cannot be accessed or recovered. FilPass continually review and update our policies and practices to align with evolving legal requirements and industry standards, ensuring the responsible management of data throughout its lifecycle.

2. Who will have access to the data?

The privacy and protection of our users’ personal data is of utmost importance to us. Only the user and our technical team responsible for managing the database for database management will have access to the data. We understand the sensitivity of personal data, which is why all data collected will be encrypted to ensure that no unauthorized third parties can access it. Rest assured that we take all necessary measures to ensure the confidentiality and security of our users’ information.

3. Is there any possibility for data deletion?

Yes, there is a possibility for data deletion in FilPass. As per the GDPR regulations, users have the right to request the deletion of their personal data in certain situations. FilPass has a process in place to comply with such requests for data deletion. There may come a time when user data is no longer necessary, or when a user decides to withdraw their consent and delete their account. In such cases, FilPass has established a procedure for data destruction, which involves permanently deleting the data from its systems and ensuring that no backups or copies of the data remain.

The procedure for data deletion is carried out in a secure and systematic manner, in compliance with data protection regulations and best practices. The process involves identifying and categorizing the data to be deleted, reviewing any legal or contractual obligations that may require the data to be retained, and verifying the identity of the user requesting the deletion.

Once these steps have been completed, the data is securely deleted from all systems and any backups or copies are destroyed.

FilPass understands that data deletion is a sensitive issue and is committed to ensuring that the process is transparent, secure, and in line with the user’s wishes. By implementing a robust data deletion procedure, FilPass aims to provide its users with the peace of mind that their data will not be retained longer than necessary, and that they have control over their personal information.

V. Data Security

1. What are the procedures for investigating and reporting any suspected breaches or incidents?

FilPass has implemented strict security measures and protocols to ensure that any suspected breaches or incidents are thoroughly investigated and reported. In the event of a data breach or security incident, FilPass will take immediate action to investigate and mitigate the incident to prevent any further harm to our users.

Incident detection – FilPass will detect any potential security incidents or data breaches. For example, the system may monitor access logs, network traffic, or user activity for suspicious patterns or anomalies. If the user detects any suspicious activities within their account, they can also report it to us through a form or by contacting the FilPass Data Protection Officer (DPO)

Incident response – If an incident is detected, FilPass should follow a predetermined incident response plan to investigate and contain the incident. This may involve actions such as blocking the attacker’s access, removing any malicious code, or restoring data from backups.

Notification and reporting – If the incident involves a data breach that may have exposed personal information, FilPass is legally required to notify affected individuals, authorities, or other stakeholders. FilPass should have procedures in place to determine who needs to be notified, what information should be included in the notification, and how the notification should be delivered.

Investigation and analysis – After the incident are contained and any necessary notifications have been made, FilPass should conduct a

thorough investigation to determine the cause of the incident, the scope of the impact, and any lessons learned that can help prevent future incidents.

Record keeping – FilPass keeps records of any incidents, investigations, and responses for future reference or for compliance purposes. These records should include information such as the date and time of the incident, the types of data involved, the scope of the impact, and the steps taken to contain the incident and prevent future incidents.

2. What are the steps taken to ensure all collected data are secured?

FilPass places a high priority on security and has implemented a comprehensive set of security controls to safeguard the platform and the data it handles. One of the key security controls in place is a multi-layered user authentication system. This system ensures that only authorized users with valid credentials can access the platform, providing an additional layer of protection against unauthorized access.

Transport Layer Security (TLS) encryption – To protect the confidentiality and privacy of data during transit, FilPass employs Transport Layer Security (TLS) encryption. This encryption technology ensures that all communication within the platform is securely encrypted, preventing eavesdropping or unauthorized interception of sensitive information. By implementing TLS encryption, FilPass ensures that data remains protected and secure during transmission.

Advanced Encryption Standard (AES) encryption – Data at rest within FilPass is also subject to stringent security controls. Advanced Encryption Standard (AES) encryption with a 256-bit key is utilized to encrypt the stored data. AES is a widely recognized and highly secure encryption algorithm, providing robust protection against unauthorized access to data. By implementing AES encryption, FilPass ensures that even in the event of a data breach or unauthorized access to the underlying storage infrastructure, the data remains securely encrypted and inaccessible.

Fault-tolerant Storage – In addition to encryption, FilPass has implemented fault-tolerant and self-healing storage for the database. This means that database storage is designed to withstand failures and automatically recover from any disruptions or data corruption. By employing fault-tolerant storage, FilPass ensures that data integrity is maintained even in the face of hardware failures or other unforeseen issues. This ensures that the data stored within FilPass remains accurate, reliable, and available to authorized users when needed.

JSON Web Tokens (JWTs) – FilPass systems also use JSON Web Tokens (JWTs) which offer several security benefits when used in web applications. Benefits include Stateless and Scalable, Authentication and Authorization, Data Integrity, Secure Transmission, Reduced Server-Side Storage, Granular Access Control, Cross-Domain and Microservices Compatibility, Single Sing On(SSO).

3. What are the policies and procedures taken to monitor and limit access to this project/system?

· Information Security Management – FilPass adhere to ISO/IEC 27001 -2013, which provides a framework for our information security management system. Our security management program is designed to identify, assess, and mitigate risks to the confidentiality, integrity, and availability of information assets.

· Access Control – We employ a multi-layered user authentication system to ensure that only authorized individuals have access to our platform. User access is granted based on the principle of least privilege, ensuring that individuals have access to only the resources necessary for their roles and responsibilities.

· Data Protection and Encryption – We employ strong encryption mechanisms, such as 256-bit Advanced Encryption Standard (AES), to protect data at rest. Encryption keys are stored in a separate Key Management Service to enhance the security of the encryption process. During transit, all communication within our platform is safeguarded using Transport Level Security (TLS) encryption, ensuring the privacy and integrity of data.

· Physical Security – Our data centers will comply with industry standards, including SOC 1, SOC 2, SOC 3, ISO/IEC 27001 -2013, 27017 -2015, 27018 -2019, 27701 -2019, 22301 -2019, 9001 -2015, and CSA STAR CCM v4.0. These certifications validate the physical security measures implemented at our data centers, including access controls, surveillance systems, and environmental controls to protect the physical infrastructure.

· Security Awareness and Training – We provide regular security awareness and training programs to our employees, contractors, and users. These programs ensure that individuals are aware of security best practices, understand their roles and responsibilities, and are equipped with the knowledge to safeguard sensitive information.

· Continuous Improvement – We continuously review and enhance our security practices to adapt to emerging threats and vulnerabilities. We conduct regular risk assessments, vulnerability assessments, and penetration testing to identify potential weaknesses and address them promptly.

4. What are the steps taken to protect the personal data it holds from misuse and loss and from unauthorized access?

To protect the personal data it holds, FilPass has implemented a range of technical and organizational security measures to prevent unauthorized access, accidental loss or damage, and misuse of personal data. The company strictly adheres to industry-standard security protocols and uses the latest security technologies to protect the data of its users:

· FilPass implements a layered approach to security to ensure that personal data is protected from misuse, loss, and unauthorized access.

· The database where personal data is stored is encrypted to prevent unauthorized access.

· Access to personal data is restricted to authorized personnel who have a legitimate need to access it, such as the technical team responsible for managing the database.

· FilPass implements various technical and organizational measures, such as firewalls and access control mechanisms, to protect personal data from unauthorized access and hacking attempts.

· FilPass regularly conducts security audits and vulnerability assessments to identify potential security weaknesses and to address them promptly.

· Personal data is retained only for as long as necessary and is securely deleted once it is no longer needed.

· FilPass implements user authentication and authorization controls to ensure that only authorized users are able to access their personal data.

· FilPass uses web3 for more secure and reliable sharing and managing than traditional web technologies because it is built on the decentralized architecture of blockchain networks.

· FilPass requires its employees to adhere to strict security and data protection policies and procedures.

· FilPass complies with applicable data protection laws and regulations, such as the Data Privacy Act of 2012, and regularly reviews and updates its policies and procedures to ensure compliance.

VI. CONTACT INFORMATION

1.How can users FilPass DPO with questions or concerns about the information you collect?

Users who have any questions or concerns regarding the information collected by FilPass can contact the Data Protection Officer (DPO) through the provided contact form or directly through the DPO’s email at dpo@filpass.ph FilPass values the privacy and security of its users, and the DPO is readily available to respond to any queries or feedback regarding the handling of personal data. Whether users need clarification on the types of data collected, how their information is being used, or how to delete their data from the system, the DPO is there to provide the necessary assistance and support.

VII. Data Privacy Regulations

1. What laws and regulations apply to the collection, use, and protection of personal data?

In the Philippines, the collection, use, and protection of personal data are governed by the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (IRR). The DPA sets out the general principles of data protection, including the rights of data subjects, the obligations of data controllers and processors, and the requirements for the processing of personal data. The National Privacy Commission (NPC) is the regulatory body responsible for enforcing the provisions of the DPA.

Under the DPA, personal data must be processed fairly and lawfully and only for specified and legitimate purposes. The data subject must be informed of the nature, purpose, and extent of the processing of personal data, and their consent must be obtained prior to the collection, use, or disclosure of such data. Data controllers are required to implement organizational, physical, and technical security measures to protect personal data against any accidental or unlawful destruction, alteration, and disclosure, as well as any other unlawful processing.

Furthermore, the DPA provides for the rights of data subjects, including the right to be informed, right to object, right to access, right to correct, right to erase or block, and right to data portability. Data subjects also have the right to file a complaint and seek damages for any violation of their rights under the DPA. FilPass, as a platform that collects, uses, and protects personal data, is subject to the provisions of the DPA. It is the responsibility of FilPass to ensure compliance with these laws and regulations and to implement appropriate security measures to protect the personal data of its users.

2. Who is responsible for compliance with these laws and regulations within FilPass?

Compliance with the laws and regulations for the collection, use, and protection of personal data within FilPass is the responsibility of the Data Protection Officer (DPO) or the designated representative. The DPO is responsible for ensuring that the company complies with relevant data protection laws and regulations, and for ensuring that employees are aware of their obligations in relation to data protection. Additionally, the DPO is responsible for monitoring compliance with data protection policies and procedures, investigating any complaints, and taking appropriate action in response to any breaches or non-compliance.

3. What are the steps we take to ensure that personal data is collected and processed in accordance with applicable laws and regulations?

To ensure that personal data is collected and processed in accordance with applicable laws and regulations, FilPass takes the following steps:

⚫ Consent – FilPass obtains the consent of the user before collecting and processing their personal data.

⚫ Transparency – FilPass is transparent about the purpose of data collection, the types of data collected, and the methods of data processing.

⚫ Data Minimization – FilPass only collects the minimum amount of data necessary to provide our services and does not retain it for longer than necessary.

⚫ Security Measures – FilPass implements security measures to protect personal data, including encryption and access controls.

⚫ Staff Training – FilPass provide regular training to our staff on data privacy and security to ensure they understand the importance of protecting personal data.

⚫ Compliance – FilPass regularly review and update our policies and procedures to ensure compliance with applicable laws and regulations.