The Family Registry System is committed to protecting the privacy and personal information of its users and data subjects in compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012, and its Implementing Rules and Regulations (IRR).

1. Data We Collect

We collect and process the following categories of personal information:

  • Account Information: Full name, email address, and password (stored in hashed form)
  • Location Assignment: Province, municipality, and barangay of the registered user
  • Family Member Information: Full name, sex, birthday, relationship to family head, address
  • Demographic Data: Occupation, religion, marital status, national ID status
  • Health Data: Weight and height (for children's nutrition monitoring)
  • Benefit Records: Program/service enrollment, benefit type, amounts received, agency, date received
  • Status Information: Year of death (if applicable)
  • Geolocation: Latitude and longitude of family residence (if provided)
  • System Logs: Login activity, IP address, browser information, and session data for security purposes

2. Purpose of Collection

Personal information is collected and processed for the following legitimate purposes in accordance with Section 12 of RA 10173:

  • Administration and delivery of government social welfare programs (e.g., 4Ps, AICS, SLP, MCCT)
  • Maintenance of the barangay-level family registry and population records
  • Children's nutrition monitoring and senior citizen welfare tracking
  • Generation of demographic statistics for community development planning
  • Tracking and verification of government benefit distribution
  • User authentication, account security, and access control

3. How We Store and Protect Your Data

We implement appropriate organizational, physical, and technical security measures to protect your personal information:

  • Passwords are encrypted using industry-standard hashing algorithms and are never stored in plaintext
  • All sessions are secured with HTTP-only cookies, idle timeout enforcement, and session fixation prevention
  • Access is restricted by role (Admin, Employee, Client) with location-based data filtering
  • All security events (logins, data modifications, unauthorized access attempts) are logged and audited
  • Protection against brute-force attacks through automatic account lockout mechanisms
  • CSRF (Cross-Site Request Forgery) protection on all data-modifying operations

4. Data Sharing

Your personal information may be shared with authorized government agencies (such as DSWD, DOH, LGU offices) solely for the purpose of program administration and benefit delivery.

  • Data is not sold, rented, or shared with private third parties for commercial purposes
  • Sharing is limited to what is necessary and proportionate for government program delivery
  • Any data sharing follows the requirements set forth by the National Privacy Commission (NPC)

5. Data Retention

Personal information is retained for as long as it is necessary to fulfill the purposes for which it was collected, or as required by applicable laws and government retention policies.

  • Active family records are maintained for the duration of program eligibility and administration
  • Inactive user accounts may be deactivated and archived in accordance with retention schedules
  • Security logs and login records are retained for audit and compliance purposes

6. Your Rights Under RA 10173

As a data subject, you have the following rights:

  • Right to Be Informed — You have the right to be informed of the collection and processing of your personal data (this notice)
  • Right to Access — You may request access to your personal data held by the system
  • Right to Object — You may object to the processing of your personal data
  • Right to Erasure or Blocking — You may request the removal or blocking of your personal data under certain conditions
  • Right to Rectification — You may request correction of any inaccurate or incomplete personal data
  • Right to Data Portability — You may request a copy of your personal data in a structured, commonly used format
  • Right to File a Complaint — You may file a complaint with the National Privacy Commission if you believe your data privacy rights have been violated

7. Contact Information

For questions, concerns, or requests regarding your personal data, you may contact the designated Data Protection Officer (DPO) of the implementing Local Government Unit (LGU):

  • Office: [LGU Office Name]
  • Address: [Office Address]
  • Email: [dpo@lgu-email.gov.ph]
  • Phone: [Contact Number]

You may also reach the National Privacy Commission at:

  • Website: https://www.privacy.gov.ph
  • Email: complaints@privacy.gov.ph
Effective Date: February 2026