Privacy Policy | TFOE-PE Election Portal

Privacy Commitment

The Fraternal Order of Eagles – Philippine Eagles (TFOE-PE Inc.) is committed to protecting the personal data of its members. Personal data is processed only for official election confirmation, proxy selection, security, audit, and compliance purposes.

Member ID, name, chapter, and mobile number may be processed.
OTP and audit records are used for verification and security.
Access is limited to authorized personnel.
Records are retained only as required by policy or law.

Compliance with the Data Privacy Act of 2012 (RA 10173)

This portal processes personal information in accordance with Republic Act No. 10173, the Data Privacy Act of 2012, its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC).

In handling your personal data, TFOE-PE Inc. observes the following principles and rights:

Transparency. You are informed of the nature, purpose, and extent of the processing of your personal data through this policy.
Legitimate purpose. Data is collected and processed only for the declared election, security, audit, and compliance purposes and is not used for unrelated activities.
Proportionality. Only data that is adequate, relevant, and necessary for these purposes is collected.
Your rights as a data subject. Under RA 10173 you have the right to be informed, to access, to object, to rectify or correct, to erasure or blocking, to data portability, to file a complaint, and to be indemnified for damages arising from unlawful processing.
Lawful basis. Processing is based on your consent as a participating member and on the legitimate interests of the organization in conducting a secure and verifiable election.

Requests relating to your data privacy rights, including access and correction, may be coursed through the Helpdesk and will be acted upon by the designated Data Protection Officer (DPO) of TFOE-PE Inc.

Server and Database Policies

Personal data stored within the portal is held on secured servers and databases governed by strict controls:

Encryption. Data is encrypted in transit (HTTPS/TLS) and sensitive records are encrypted at rest within the database.
Access segregation. Database access is restricted to authorized administrators using role-based credentials, and all administrative access is logged.
Backups. Encrypted backups are maintained to protect against data loss, and access to backups is similarly controlled.
Retention and disposal. Records are retained only for the period required by policy or law, after which they are securely deleted or anonymized.
Monitoring. Server and database activity is monitored for unauthorized access, and suspicious activity is reviewed and escalated.
Isolation of environments. Production data is kept separate from testing and development environments to prevent accidental exposure.

Confidentiality and Non-Disclosure (NDA)

All personnel, administrators, contractors, and authorized third parties who are granted access to member data are bound by confidentiality and non-disclosure obligations. By accepting a role that involves access to personal data, such persons agree that they will:

Use member data solely for authorized election, security, audit, and compliance purposes.
Not copy, disclose, transmit, or share member data with any unauthorized person or party.
Maintain the confidentiality of credentials and access granted to them.
Return or securely destroy any data in their custody once their authorized purpose has ended.
Remain bound by these confidentiality obligations even after their involvement with the election has concluded.

A breach of these obligations may result in disciplinary action, termination of access, and legal liability under applicable laws, including RA 10173.

Submission to the Philippine Eagles Authority

The handling, processing, and safeguarding of member data through this portal is conducted under the oversight of the Philippine Eagles Authority. TFOE-PE Inc. submits its data-handling practices, security measures, and relevant records to the Authority for review and compliance verification in accordance with internal governance rules and the Authority's directives.

This submission ensures that the management of member data is accountable, auditable, and consistent with both organizational policy and the requirements of the Data Privacy Act of 2012.

Waiver Regarding Excluded Areas and Third-Party Acts

TFOE-PE Inc. secures personal data within the systems, servers, and digital environment under its direct control. However, certain areas, premises, or circumstances fall outside the scope of the system and cannot be controlled by the portal.

By using this portal, members acknowledge and agree that:

TFOE-PE Inc. is not liable for the unauthorized copying, photographing, recording, or disclosure of a member's information by other members or third parties in physical premises, venues, or areas that are excluded from or not covered by the system.
Members are responsible for protecting their own credentials, devices, screens, and printed materials from observation or copying by others in such excluded areas.
Any act of copying or capturing another member's information without authorization in these areas is the sole responsibility of the person committing the act.

This waiver applies only to acts and areas outside the control of the portal and does not diminish TFOE-PE Inc.'s commitment to securing data within its own systems.

Physical and Digital Security

Security measures are applied across both physical and digital domains to protect member data:

Digital security. HTTPS-secured access, OTP and rate-limited verification, role-based access control, encrypted storage and backups, and continuous security monitoring.
Physical security. Controlled access to facilities and equipment that handle member data, restricted administrative workstations, and secure handling and disposal of any printed records.
Personnel security. Authorized personnel are vetted, granted least-privilege access, and bound by confidentiality obligations.
Incident response. Suspected breaches are contained, assessed, and reported through the defined Incident Response process, with notification to affected members where required.

Security Warning: TFOE-PE Inc. will never ask for money, passwords, bank details, GCash transfers, or confidential documents by text message. Only use the official TFOE-PE Inc. website. Do not click on unofficial links. Report suspicious messages to the helpdesk.

Security Reminder: Always use the official website. Do not share your OTP with any person, officer, candidate, or campaign team.