Data Privacy and Confidentiality Policy

Policy Statement

In compliance with RA 10173 or the Data Privacy Act of 2012 and in line with CPCPA Accounting and Bookkeeping Services’ commitment to safeguarding sensitive information, this memorandum establishes strict policies regarding the confidentiality of private data belonging to employees, clients, and the company. Any breach of this policy will result in immediate disciplinary action, including but not limited to termination and legal consequences.

1. Confidential Information Covered

All regular, probationary, or part-time employees, including on-the-job trainees, interns, and immersion students, shall be required to sign a separate Non-Disclosure Agreement (NDA) upon onboarding or after, which includes Non-Solicitation and Non-Competition clauses. The Employment Contracts as well have non-disclosure, non-solicitation, and non-competition clauses.

This policy applies to all employees and covers the following types of confidential data:

• Employee Information – Personal details, payslips or salary records, health records, disciplinary actions, and other sensitive HR-related data.
• Client Information – Personal and financial data, contact numbers, valid identification cards, business dealings, contracts, and proprietary agreements.
• Company Information – Internal reports, financial records, business strategies, loans and legal obligations, trade secrets, and any data classified as confidential by management.

2. Rules and Regulations

To ensure compliance with the Data Privacy Act and company standards, all employees must adhere to the following:

• Non-Disclosure – Employees must not disclose, share, or discuss confidential information with unauthorized individuals, including colleagues, family members, or third parties.
• Access Control – Only employees with explicit authorization may access confidential data. Any unauthorized attempt to retrieve or use such data is strictly prohibited.
• Secure Handling – Employees must ensure that confidential information is stored, transmitted, and disposed of securely. Printed documents must be kept in locked storage, and digital data must be password-protected and encrypted.
• Prohibited Use – Confidential information must not be used for personal gain, external business dealings, or any activity that could harm the company or its stakeholders.
• Reporting Violations – Any employee aware of a potential data breach or misuse must report it immediately to HR or the General Manager.

3. Non-Negotiable Sanctions for Violations

Strict disciplinary actions will be imposed on any person of interest found violating this policy, including:

• First Offense — A formal written reprimand and 31 days of preventive suspension or until the issue is cured and managed, whichever comes later. If the NDA is breached, the first offense shall already warrant the filing of a lawsuit with damages stated in the agreement.
• Second Offense – Immediate termination of employment.
• Severe Violations – If the breach involves intentional misuse, external leaks, or financial harm to the company, the violator will face legal action under the Data Privacy Act and other applicable laws.

Any unclaimed salary and benefits shall be subject to the clearance stage, including audit of their accountabilities, functions, and roles, or shall be used for legal damages. Any excess after all deductions shall be disbursed to them not later than 365 days or after completing the clearance procedures, whichever comes first.

Review and Amendments

This policy will be reviewed annually or whenever necessary and may be amended to ensure its effectiveness and compliance with applicable laws and industry standards.

Acknowledgment

All employees must acknowledge that they have read and understood this policy by fulfilling the Google Form: Company Memo & Policies Database.

Effective immediately.