PRIVACY NOTICE

PLEASE READ THIS PRIVACY NOTICE CAREFULLY.

By accessing our website, engaging our services, or otherwise providing us with personal information, you acknowledge that you have read and understood the terms of this Privacy Notice and consent to the collection, use, disclosure, storage, and processing of your personal information as described herein.

Proseso Consulting ("Proseso", "we", "us", or "our") respects and values your data privacy rights. We are committed to processing all personal information we collect in adherence to the principles of transparency, legitimate purpose, and proportionality under the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission ("NPC").

This Privacy Notice is a summary of how we handle personal information. Our full internal privacy policy is available upon request.

1. Scope of this Notice

This Privacy Notice applies to personal information collected by Proseso through:

• Our website and any online forms, contact channels, or subscription features;
• Our engagement with prospective and existing clients in connection with our support services; and
• Any other interaction in which you voluntarily share information with us.

This Notice does not apply to third-party websites or platforms linked from our site, which are governed by their own privacy policies.

2. The Two Capacities in Which We Process Personal Information

Proseso processes personal information in two distinct capacities:

• As a Personal Information Controller, when we determine the purpose and means of processing — for example, in handling our website visitors, prospects, contact form submissions, and our own client relationship records.
• As a Personal Information Processor, when we process personal information on behalf of our clients in the course of delivering our services. In these cases, our client is the Personal Information Controller and is primarily responsible for how that information is handled. We process it strictly in accordance with our written engagement and our client's instructions.

If you are an employee, customer, or contact of one of our clients, and your personal information was provided to us by that client, please refer to your organization's privacy notice for information on your rights and the purposes of processing. We will assist your organization in addressing any request you direct to them.

3. Personal Information We Collect

Depending on how you interact with us, the personal information we may collect includes:

• Name, position, and employer;
• Business contact details (email address, telephone or mobile number, business address);
• Information you voluntarily share through our website forms, email, or in the course of an engagement; and
• Technical information automatically collected when you visit our website (browser type, device information, IP address, pages visited, and similar information used for website analytics and security).

We collect sensitive personal information only when strictly necessary for a specific purpose (for example, government-issued identification numbers required for compliance filings) and with the appropriate legal basis.

4. How We Collect Personal Information

We collect personal information when you:

• Visit our website;
• Submit a contact, inquiry, or subscription form;
• Engage us for our services or enter into discussions to do so;
• Communicate with us by email, phone, or other channels; and
• Voluntarily provide information to us in any other context.

You may decline to provide personal information, but this may prevent us from responding to your inquiry or providing our services.

5. Why We Process Your Personal Information

We process personal information for the following purposes:

• To respond to inquiries and provide information about our services;
• To enter into and perform service engagements with our clients;
• To comply with our legal, regulatory, and contractual obligations;
• To improve our services and the functionality of our website;
• To send service-related updates and, where you have opted in, marketing or informational communications (which you may unsubscribe from at any time);
• To detect, prevent, and protect against fraud, security incidents, and unauthorized use; and
• To establish, exercise, or defend legal claims.

6. Legal Bases for Processing

We process personal information only when one or more of the following applies:

• You have given your consent;
• Processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract;
• Processing is necessary to comply with a legal obligation;
• Processing is necessary to protect your vitally important interests;
• Processing is necessary for the legitimate interests of Proseso or a third party, where these are not overridden by your rights and interests.

7. Sharing of Personal Information

As a general rule, we do not share personal information with parties unrelated to the services we provide. We may share personal information with:

• Government agencies and regulators where disclosure is required by law or in connection with the services we provide (such as the SEC, BIR, DOLE, SSS, PhilHealth, Pag-IBIG, and LGUs);
• Law enforcement and government authorities pursuant to lawful requests;
• Service providers and professional advisors who assist us in operating our business, under appropriate confidentiality and data protection arrangements; and
• Parties involved in the establishment, exercise, or defense of legal claims.

We do not sell, trade, or rent your personal information to third parties.

8. Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, tax, accounting, and reporting requirements, and for the establishment, exercise, or defense of legal claims. Retention periods are set out in our internal records retention policy and reflect, where applicable, the periods required under Philippine law (for example, accounting and tax records).

9. Security

We adopt reasonable and appropriate organizational, physical, and technical measures to protect personal information against accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing. Our personnel are bound by confidentiality obligations. Where we engage third parties to process personal information on our behalf, we require them to apply security measures consistent with our own.

In the event of a personal data breach that is required to be reported under the Data Privacy Act and NPC issuances, we will comply with the applicable notification requirements to the NPC and to affected data subjects.

10. Your Rights

Under the Data Privacy Act, you have the following rights with respect to your personal information:

• The right to be informed;
• The right to access;
• The right to object;
• The right to rectification;
• The right to erasure or blocking, in the circumstances provided by law;
• The right to data portability;
• The right to damages; and
• The right to file a complaint with the National Privacy Commission.

To exercise any of these rights, please contact our Data Protection Officer using the details below. We may need to verify your identity before responding.

If your personal information was provided to us by a client in the context of services we render to that client, we will refer your request to the client, who is the Personal Information Controller for that data.

11. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. The most current version will always be available on our website and will govern our processing of your personal information from the date of posting. We encourage you to review this Notice periodically.

12. Contact Us

For any questions, concerns, or requests relating to your personal information or this Privacy Notice, please contact our Data Protection Officer:

DPO Proseso Consulting Email: dpo@proseso-consulting.com