Privacy Policy

LGTON Law (“LGTON” or the “Firm”), for the purpose of protecting its clients, employees and other partners, hereby gives notice of our commitment to implement safeguards to protect privacy and keep personal data safe and secure, in accordance with the provisions of the Data Privacy Act of 2012, by implementing the following Data Protection Terms and Conditions.

The Firm undertakes to implement reasonable and appropriate organizational, physical, and technical security measures for the protection of personal data which we collect in connection with our business. These security measures aim to maintain the availability, integrity, and confidentiality of personal data and are intended for the protection of personal data against any accidental or unlawful destruction, alteration, and disclosure, as well as against any other unlawful processing.

1. Personal Information
The Firm may collect personal information of its clients, suppliers and/or providers, and employees (“Data Subjects”) which includes, but is not limited to, the following: (1) full name; (2) residential/business address; (3) contact number; (4) civil status; (5) full name of spouse, if any; (6) children and other family members; (7) Tax Identification Number; (8) occupation; and (9) electronic mail address (“Personal Information”).

2. Use of Personal Information
The Firm, together with its duly-authorized personal information processors (“Processors”), shall collect, record, store, update, organize, modify, interpret, retrieve, use, or consolidate Personal Information of its Data Subjects.

Personal Information collected may be disclosed and outsourced to third parties by virtue of a Data Processing Agreement for the purpose of processing, in accordance with the strict requirements of the Data Privacy Act. The said Data Processing Agreement duly consented to by the parties ensures that adequate security measures are in place to secure the Personal Information subject of the Data Processing Agreement. Further, the Information of the Data Subject will be processed only upon our specific written instruction.

Further, the Firm may also transfer collected Personal Information to third parties, as required by law or any legal instrument, pursuant to the provisions of the Data Privacy Act, for whatever legal purpose it may serve, and in order to protect our rights or assets, and in emergencies where the health or safety of a person is endangered.

The Firm will not disclose, share, trade, sell, or lease any Personal Information to any other party without the Data Subjects’ prior written consent, with the exception of third-party service providers, such as IT consultants and website developers, accountants and auditors engaged by the Firm whose services necessarily require the processing of Personal Information. The Firm shall ensure, using contractual and other reasonable means, that said third-party service providers implement proper safeguards to ensure the confidentiality, integrity, and availability of the Personal Information processed, prevent its use for unauthorized purposes, and comply with the requirements of the Data Privacy Act, its Implementing Rules and Regulations, and other applicable laws for processing of personal data, and other issuances of the National Privacy Commission.


The digitized Personal Information of the Data Subjects shall be stored in a secure storage platform, and on the local drives of the Firm’s duly authorized lawyers, employees and/or officers. On the other hand, physical files containing collected Personal information shall be kept on the Firm premises in secure cabinets within a locked room, to which only authorized employees have access. The collected Personal Information will be retained or stored for as long as the purposes for which they are being processed have not yet been met or satisfied. The Firm shall safely retain and use collected the Personal Information as necessary to comply with its contractual and legal obligations, address disputes arising therefrom, and strictly enforce the terms thereof.


Our employees shall operate and hold the Information under strict confidentiality, pursuant to non-disclosure agreements executed. All employees of the Firm have received training on the Firm’s privacy and security policies to ensure confidentiality and security of personal data.


All Data Subjects whose Personal Information are processed by the Firm shall have the following rights:

1. Be informed on whether the Personal Information shall be, are being, or have been processed;

2. Be advised about the following before the entry of Personal Information into the processing system of the Controller, or at the next practical opportunity:
a. Description of Personal Information to be entered into the system;
b. Purposes for which they are being or are to be processed;
c. Scope and method of the processing;
d. The recipients or classes of recipients to whom they are or may be disclosed;
e. Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized;
f. The identity and contact details of the Controller or its representative;
g. The period for which Personal Information will be stored; and
h. The existence of their rights, i.e., to access, correction, as well as the right to lodge a complaint before the National Privacy Commission.
Any information supplied or declaration made to Data Subjects on these matters shall not be amended without prior notification: Provided, That the notification under subsection (b) shall not apply should the Personal Information be needed pursuant to a subpoena or when the collection and processing are for obvious purposes, including when it is necessary for the performance of or in relation to a contract or service or when necessary or desirable in the context of an employer- employee relationship, or when the information is being collected and processed as a result of legal obligation;

3. Reasonable access to, upon demand, the following:
Contents of Personal Information that were processed;
Sources from which Personal Information were obtained;
Names and addresses of recipients of the Personal Information;
Manner by which such data were processed;
Reasons for the disclosure of the Personal Information to recipients;
Information on automated processes where the data will or are likely to be made as the sole basis for any decision significantly affecting or will affect Data Subjects; Date when Personal Information was last accessed and modified; and The designation, or name or identity and address of the Controller.

Dispute any inaccuracy or error in the Personal Information and have the Controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. Upon such correction, the Controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by recipients thereof: Provided, That the third parties who have previously received such processed Personal Information shall be informed of its inaccuracy and its rectification upon request of the Data Subjects; Suspend, withdraw, or order the blocking, removal, or destruction of Personal Information from the Controller’s filing system upon discovery and substantial proof that the Personal Information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected; and Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of Personal Information. Where Personal Information is processed by electronic means and in a structured and commonly used format, Data Subjects shall have the right to obtain from the Controller a copy of data undergoing processing in an electronic or structured format, which is commonly used and allows for further use (Right to Data Portability).


1. This site does not solicit clients nor does it provide legal advice. Any information available on this site may not be the most current or most comprehensive, and as such, should not be relied upon as legal advice. No attorney-client relationship is formed by the use of this site, and any visitor should always seek the advice of competent counsel for any legal concerns. LGTON Law disclaims any liability for actions or omissions based on any information found on this site.

2. Visitors are not required to provide Personal Information when using this site, except in case where said visitor intends to contact the Firm via the “Contact Us” page of this site. Any information communicated to the Firm through the “Contact Us” page shall only be used to communicate with and provide the visitor with the information requested. Any Personal Information communicated to the Firm through the “Contact Us” page shall not be shared with any third party, except as specifically required by law.

3. Visitors who wish to correct, update or remove any Personal Information
provided to the Firm or have any questions or concerns regarding this Data Terms and Conditions, may contact our Data Protection Officer at lgton@lgtonlaw.com

Last Update: November 24, 2020