Privacy Policy

CDC HOMES DEVELOPMENT AND VENTURES, INC, (“the Company”), together with its subsidiaries and affiliates companies, special projects, and business units, highly value the confidentiality of information you have entrusted us.  We highly regard your personal, sensitive and privileged information such that it will only be used to intended purpose (or as may be required by existing national and local laws, rules and regulations), kept within the agreed period and protected against data privacy breach. Any personal, sensitive and privileged information that you provide shall be kept safe in accordance with Republic Act No. 10173 or the Data Privacy Act of 2012 (the “Act”), its implementing Rules and Regulations and other issuances of the National Privacy Commission or, applicable laws of the Philippines and the Company’s very own commitment through its Data Privacy Policy.

This Privacy Policy discloses how the CDC Group, through its authorized representatives and employees, will process the Personal Information you submit in connection with your dealings with us.

  1. Type of Data Collected
    • Information relating to your identity, such as but not limited to your name, gender, place and date of birth, nationality, civil status, permanent and present residential address, contact details, and details of government-issued registrations;
    • Information relating to your financial capacity, such as but not limited to credit history and/or credit card information;
    • Information relating to your educational and professional background, such as but not limited to curriculum vitae, employment and medical history; and
    • Information about your visit and use of our websites;

  2. Manner of data collection
    • Cookie-based, upon use or access of our websites; and
    • Consent-based, upon submission of any forms to our employees or duly authorized representatives/agents or subscription to our newsletters;

  3. Consent to data collection
    • By submitting your Personal Information pursuant to any of your dealings with the CDC Group or by accessing this website, you consent to the collection, use, storage and all other forms of processing of your Personal Information in accordance with this Privacy Statement. Any disclosure of Personal Information pertaining to another person (such as spouse, partners, dependents, or emergency contact persons) shall be construed as bearing the consent of such third party;

The Personal Information we collected from you will be used for the following intended purposes:

  1. For buyers of products/services, unit owners and residents of condominium projects, hotels, subdivision, club members, lessees, tenants and hotel guests –
    • Determine the qualification to avail of the Company’s products and/or services;
    • Fulfill and monitor the status of contractual obligations of the buyers and disseminate service and/or product related information and notices;
    • Enable the Company to respond to buyers and potential clients’ queries, requests and/or complaints;
    • Enhance customer experience by delivering products and/or services suited to the specific requirements of the clients; and
    • Process information for statistical, analytical, advertising, and market opinion research purposes;

  2. For employees, job applicants and accredited sellers and brokers –
    • Identify the employees and applicants of the Company;
    • Perform general administrative and personnel management actions such as, but not limited to, recruitment, assessment of suitability, performance appraisal, promotion, training, career development, remuneration, health and safety and discipline;
    • Disseminate information regarding HR updates and company policies; and
    • Process Information for statistical, analytical, advertising, and market opinion research purposes;

  3. For stockholders of CDC Group –
    • Establish identity as a stockholder and/or incorporator-of-record in order to provide you services and facilitate your exercise of rights as such stockholder, such as but not limited to appointment of proxies, payment of dividends, and registration of your shareholdings in the stock and transfer books;
    • Comply with the mandatory and legal reportorial obligations to government agencies and self-regulating organizations; and
    • Conduct statistical and analytical studies as well as advertising, and market opinion researches;

A Data Protection Officer (“DPO”) shall be appointed by the Company;
A DPO is responsible for ensuring the Company’s compliance with applicable laws and regulations for the protection of data privacy and security. The DPO’s functions and responsibilities shall particularly include among others:

  • Monitoring the Company’s Personal Data Processing activities in order to ensure compliance with applicable Personal Data privacy laws and regulations, including the conduct of periodic internal audits and review to ensure that all the Company’s data privacy policies are adequately implemented by its employees and authorized agents;
  • Acting as Liaison between the Company and the regulatory and accrediting bodies, and is in charge of the applicable registration, notification, and reportorial requirements mandated by the Data Privacy Act, as well any other applicable data privacy laws and regulations;
  • Developing, establishing, and reviewing policies and procedures for the exercise by Data Subjects of their rights under the Data Privacy Act and other applicable laws and regulations on Personal Data privacy;
  • Acting as the primary point of contact whom Data Subject may coordinate and consult with for all concerns relating to their Personal Data;
  • Formulating capacity building, orientation, and training programs for employees, agents or representatives of the Company regarding Personal Data privacy and security policies;
  • Preparing and filing the annual report of the summary of documented security incidents and Personal Data breaches, if any, as required under the Data Privacy Act, and of compliance with other requirements that may be provided in other issuances of the National Privacy Commission;

All processing of Personal Data within the Company should be conducted in compliance with the following data privacy principles as espoused in the Data Privacy Act;

  1. Transparency
    • The Data Subject must be aware of the nature, purpose, and extent of the Processing of his or her Personal Data by the Company, including the risks and safeguards involved, the identity of persons and entities involved in Processing his or her Personal Data, his or her rights as a Data subject, and how these can be exercised. Any information and communication relating to the Processing of Personal Data should be easy to access and understand, using clear and plain language;

  2. Legitimate purpose
    • The Processing of Personal Data by the Company shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy;

  3. Proportionality
    • The Processing of Personal Data shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose. Personal Data shall be processed by the Company only if the purpose of the Processing could not reasonably be fulfilled by other means;

Adequate records of the Company’s Personal Data Processing activities shall be maintained at all times. The DPO, with the cooperation and assistance of all the concerned business and service units involved in the Processing of Personal Data, shall be responsible for ensuring that these records are kept-up-to-date. These records shall include, at the minimum:

  • Information about the purpose of the Processing of Personal Data, including any intended future Processing or data sharing;
  • A description of all categories of Data Subjects, Personal Data, and recipients of such Personal Data that will be involved in the Processing;
  • Acting as the primary point of contact whom Data Subject may coordinate and consult with for all concerns relating to their Personal Data;
  • General Information about the data flow within the Company, from the time of collection and retention, including the time limits for disposal or erasure of Personal Data;
  • A general description of the organizational, physical, and technical security measures in place within the Company; and
  • The name and contact details of the DPO, Personal Data processors, as well as any other staff member accountable for ensuring compliance with the applicable laws and regulations for the protection of data privacy and security;

Insofar as you have provided your consent or when we are otherwise legally entitled to do so, we will share your Personal Information with the affiliated entities and subsidiaries of the CDC Group where applicable, for the purposes indicated above.

Your Personal Information possessed by the CDC Group shall be kept confidential. However, it may be necessary for the CDC Group to disclose and transfer your Personal Information to third party companies, entities, or service providers engaged by the CDC Group to perform certain services on its behalf, including the following:

  • Government agencies such as SSS, PhilHealth, HDMF;
  • Banking and financial institutions;
  • Insurance providers;
  • Storage facility providers;
  • External advisors and other professional advisors, such as auditors and legal firms;
  • Contractors or sub-contractors; and
  • Such other service providers that may be appointed by the CDC Group including background investigators;

The CDC Group takes all necessary technical, organizational and physical measures to protect the confidentiality and security of your Personal Information. These efforts include, but are not necessarily limited to:

  • Storing your Personal Information in secure operating environments that are not available to the public and that are only accessible to authorized employees, and our agents and contractors;
  • Disposing of the documents containing your Personal information through shredding or such other similar modes of secure disposal that prevents unauthorized access, further processing or public disclosure;

The CDC Group shall retain your Personal Information as long as you continue to be legally related with the CDC or until any disputes involving the same have been judicially resolved with finality;

Data Breach Notification
All employees and agents of the Company involved in the Processing of Personal Data are tasked with regularly monitoring for signs of a possible Data Breach or Security Incident. In the event that such signs are discovered, the employee or agent shall immediately report the facts and circumstances to the DPO within twenty-four (24) hours from his or her discovery for verification as to whether or not a breach requiring notification under the Data Privacy Act has occurred as well as for the determination of the relevant circumstances surrounding the reported breach and/or Security Incident. The DPO shall notify the National Privacy Commission and the affected Data Subjects pursuant to the requirements prescribed by the DPA;

The notification to the National Privacy Commission and the affected Data Subjects shall at least describe the nature of the breach, the Personal Data possibly involved, and the measures taken by the Company to address the breach. The notification shall also include measures taken to reduce the harm or negative consequences of the breach and the name and contact details of the DPO. The form and procedure for notification shall conform to the regulations and circulars issued by the National Privacy Commission, as may be updated from time to time;

All Security Incidents and Personal Data breaches shall be documented through written reports, including those not covered by the notification requirements. In the case of Personal Data breaches, a report shall include the facts surrounding an incident, the effects of such incident, and the remedial actions taken by the Company. In other security incidents not involving Personal Data, a report containing aggregated data shall constitute sufficient documentation. These reports shall be made available when requested by the National Privacy Commission. A general summary of the reports shall be submitted by the DPO to the National Privacy Commission annually;

The CDC Group undertakes to respond to reasonable requests to review your Personal Information collected by us and to correct any inaccuracies, amend or delete any entry in accordance with your rights under the Data Privacy Act of 2012;

The CDC Group may revise and update this Privacy Policy from time to time. Should you have any questions or comments about how the CDC processes your Personal Information, you may contact:

      24/F 139 Corporate Center, Valero Street
      Salcedo Village, Makati City, Philippines
      Email Address:

The Personal Data will be kept within 10 years from date of engagement (release of transferred title, release of documents related to back-out) as may be required by existing laws, rules and regulations, unless you request your data to be deleted in our systems, databases and hard copies earlier than this date, subject to limitation of applicable laws and/or the Act.  Once deleted, your information will no longer be searchable or included in anonymous searches and will be completed removed from all the storage location.

By agreeing to this policy, you explicitly and unambiguously consent to the collection, processing and storage of your personal, sensitive and privileged data by CDC Group for the purpose(s) described in this Data Privacy Notice.

This policy shall be effective as of August 2, 2018.


24/F 139 Corporate Center

Valero Street, Salcedo Village

Makati City, Philippines

error: Content is protected !!