CONSENT

1. Description of the personal data to be entered into the system

2. Purposes for which they are being or will be processed, including processing for
direct marketing, profiling or historical, statistical or scientific purpose;
3. Basis of processing, when processing is not based on the consent of the data
subject;
4. Scope and method of the personal data processing;
5. The recipients or classes of recipients to whom the personal data are or may be
disclosed;
6. Methods utilized for automated access, if the same is allowed by the data subject,
and the extent to which such access is authorized, including meaningful
information about the logic involved, as well as the significance and the envisaged
consequences of such processing for the data subject;
7. Identity and contact details of the personal data controller or its representative;
8. The period for which the information will be stored; and
9. The existence of their rights as data subjects, including the right to access,
correction, and object to the processing, as well as the right to lodge a complaint
before the Commission

DATA SHARING

1. Identity of the personal information controllers or personal information processors

that will be given access to the personal data;
2. Purpose of data sharing;
3. Categories of personal data concerned;
4. Intended recipients or categories of recipients of the personal data;
5. Existence of the rights of data subjects, including the right to access and
correction, and the right to object;
6. Other information that would sufficiently notify the data subject of the nature and
extent of data sharing and the manner of processing

DATA OUTSOURCING

1. Subject Matter
2. Duration
3. Nature and purpose of the processing
4. Type of Personal Data
5. Categories of Data Subjects
6. Obligations and Rights of the Personal Information Controller
7. Geographic location of the processing under the subcontracting agreement
8. Required provisions. That the personal information processor shall:
a. Process the personal data only upon the documented instructions of the
personal information controller, including transfers of personal data to
another country or an international organization, unless such transfer is
authorized by law;
b. Ensure that an obligation of confidentiality is imposed on persons
authorized to process the personal data;
c. Implement appropriate security measures and comply with the Act, these
Rules, and other issuances of the Commission;
d. Not engage another processor without prior instruction from the personal
information controller; Provided, that any such arrangement shall ensure
that the same obligations for data protection under the contract or legal act
are implemented, taking into account the nature of the processing;
e. Assist the personal information controller, by appropriate technical and
organizational measures and to the extent possible, fulfill the obligation to
respond to requests by data subjects relative to the exercise of their rights;
f. Assist the personal information controller in ensuring compliance with the
Act, these Rules, other relevant laws, and other issuances of the
Commission, taking into account the nature of processing and the
information available to the personal information processor;
g. At the choice of the personal information controller, delete or return all
personal data to the personal information controller after the end of the
provision of services relating to the processing: Provided, that this includes
deleting existing copies unless storage is authorized by the Act or another
law;
h. Make available to the personal information controller all information
necessary to demonstrate compliance with the obligations laid down in the
Act, and allow for and contribute to audits, including inspections, conducted
by the personal information controller or another auditor mandated by the
latter;
i. Immediately inform the personal information controller if, in its opinion, an
instruction infringes the Act, these Rules, or any other issuance of the
Commission.