LEFLEGIS LEGAL SERVICES
Unit 403 FSS Building I, 20 Scout Tuazon Street Cor. Scout Castor, Brgy. Laging Handa, Diliman, Quezon City, Metro Manila 1103
Who We Are and What We Do
We are a full-service law firm that provides the entire gamut of legal services which includes but is not limited to litigation, corporate services, taxation, technology and the law, data privacy, and strategic business planning.
Our lawyers have handled all manners of cases in all stages before various courts, government agencies, as well as international tribunals; commercial transactions that range from simple sales to multi-billion dollar contractual disputes involving complex multi-variate financial models; employment and labor relations; immigration; taxation; and, most importantly, human rights advocacy. (“Services”)
Give us a problem and we will solve it.
What types of Information does the Firm collect?
Furthermore, depending on the requirements of your engagement, please note that you may be disclosing sensitive personal information to the Firm, such as:
By engaging our services, you are in effect giving your unqualified consent for us to use, process, and control these information, in any manner we deem fit to successfully represent you, subject to the generally accepted principles of legality, necessity, and proportionality.
Why does the Firm collect your Information?
We collect, use and process your personal information for the following purposes:
2. Administrative Services
3. Messengerial Service
4. To establish, exercise, or defend legal claims;
5. Fulfill any other purpose directly related to the purposes above.
For purposes outside of those identified above, we will ask for your specific consent.
Who is the Personal Information Controller?
The Firm is the Personal Information Controller under the Data Privacy Act of 2012 (hereafter referred to as “DPA”), which means that it determines what purposes personal information held will be used for.
It may also be that your personal information is disclosed to third parties under a data sharing agreement, in which case, such third parties are also the personal information controllers.
What does the Firm do with your Information?
We collect, record, organize, store, update/modify, retrieve, consult, use, or consolidate your Information when you engage the Firm’s services pursuant to the purposes stated above.
Will the Firm share your Information?
The attorney-claimant relationship is one reposed with the highest trust and confidence. We will maintain our fiduciary duty to keep your Information with utmost secrecy.
We will not disclose your Information to third parties and governmental entities unless, with your consent, it is necessary to achieve legitimate purposes set out above, including but not limited to the following:
To carry out lawful business activities;
When the processing of Information is outsourced to a third party, the processing will be subject to written agreements between us and the third parties processing the data, in accordance with the requirements of the DPA. These written agreements specify the rights and obligations of each party and will provide that the third party to have adequate security measures in place and to process your Information on our specific written instructions.
We may also transfer your Information to third parties when required by law or legal instrument, to protect our rights or assets, and in emergencies where the health or safety of a person is endangered.
We will never sell, rent, share, trade, or disclose any of your Information to any other party without your prior written consent.
How does the Firm store your data?
Hardcopies of the forms the claimant has submitted, as well as all records that shall be relevant to your tenure as a claimant of the Firm, may be stored in the offices of the Firm or in an off-site warehouse managed by a third-party service provider.
Forms and documents which contain the Information of the claimant will be digitized and stored in the Firm’s information management system hosted by the Firm on-site or in the premises of an authorized third-party service provider. The Firm is currently using a cloud storage service provider, online drive, NAS server, and the local drives of its lawyers and employees.
The Firm shall ensure, using contractual and other reasonable means, that the third-party service provider implements proper safeguards to ensure the confidentiality, integrity and availability of the personal data processed, prevent its use for unauthorized purposes, and comply with the requirements of the DPA, its Implementing Rules and Regulations, and other applicable laws for processing of personal data, and other issuances of the National Privacy Commission.
How does the Firm protect your Information?
We have put in place physical, electronic, and managerial procedures designed to help prevent unauthorized access, to maintain data security, and to use correctly the Information we collect online. These safeguards vary based on the sensitivity of the Information that we collect and store.
Hardcopies of the files and forms may be stored physically in a secured filing cabinet in a locked room which is only accessible by RFID. Only employees of the Firm who possess the RFIDs can access the files upon physical entry into the office.
Digitized copies of the files and forms, as well as other Information are stored electronically in a NAS server and local drives which are password protected. Aside from this, your files are scanned and uploaded in a cloud storage, online drive and an online collaboration hub. The digitized copies of your files are only accessible to Firm employees assigned for your account, each with their own respective usernames and passwords. Furthermore, the Firm has implemented a two-factor authentication policy before one can have access to the files stored electronically. This means that after an employee submits his or her password, the person still needs to enter a security code, which will be sent by a third-party service provider. The managing partner also makes sure that access is limited, as he himself controls and manages the access given to Firm employees. These policies ensure that only Firm employees will have access to your Information. Aside from these policies, the Firm has also employed standard security measures to ensure that your Information is secure. Emails are encrypted by a Transport Layer Security (TLS) security protocol to protect your privacy. A firewall is also set up to track internet activity and block and filter data to prevent other people to gain unauthorized access to your Information. We also use encrypted instant messaging to safeguard our discussions when we confer about how we should serve you better.
How long will the Firm retain your Information?
The above-mentioned Information will be retained or stored for as long as the purposes for which they are being process have not been satisfied. The Firm will retain and use your Information as necessary to comply with its legal obligations, resolve disputes, and enforce its agreements. The personal data will not be retained by the Foundation and Leflegis for longer than is necessary for the purposes for which it is collected. If possible, personal data will be pseudonymized.
Inter alia the following retention terms apply:
Personal data in active files
Until the legal procedure and the archiving period (please see below) have ended.
Personal data in archived files
20 years from the date the file has been archived. If a procedure becomes active again, the retention term will start over.
Personal data in the financial administration
7 years from the fiscal year
Are you allowed to access and update your Information?
The Firm encourages all its claimants to keep their Information current and updated. You may email us to request your Information updated. When you request for access to your Information, we will take reasonable steps to confirm your identity before granting you access and updating your Information.
What are your rights as a data subject?
You, as the data subject, have rights under the DPA, which include the following:
If you have any concerns, complaints, requests, or questions regarding the processing of your Information, please contact:
Arvhie S. Santos
Data Protection Officer-In-Charge