DATA PRIVACY NOTICE

We, the Local Government Unit of Cagayan de Oro City values your privacy and rights. It is our duty to give you assurance and confidence in notifying you on the submitted data most specifically your company’s business information thru the Pre-registration: Business Permit Application Clearance Process on how it is being collected, processed, and kept in the Tourism Management Information System. This is also to inform you on your rights in accordance of the laws and regulations stated and specified in the Republic Act No. 10173 which is also known as the "Data Privacy Act of 2012 (DPA)".

DEFINITION OF TERMS:

  • Tourism Management Information System (TMIS) – an established system to aid the Primary Tourism Enterprises (PTEs) and Tourism Related Establishments (TREs) of the City to conveniently comply with the submission of their monthly statistical reports, but not limited to tourist arrivals, convention utility survey, events management applications and other pertinent documentary requirements, and track the progress of their Pre registration of Business Permit Application and other transactions. It shall likewise serve as a tool for the City Government thru the City Tourism and Cultural Affairs Office to inspect and monitor the compliance of Primary Tourism Enterprises and Tourism Related Establishments with the existing standards, laws and regulations;
  • Data Privacy Act (DPA) – refers to the Republic Act No. 10173 or the Data Privacy Act of 2012 and its implementing rules and regulations;
  • Processing – refers to any operation or set of operations performed upon the registration of proponent including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system;
  • Master Data – about business entities that provide context for business transactions. The most commonly found categories of master data are parties;
  • Sensitive Information refers to following:
    • Details of an entity’s organizations information, such as customers, supplies, employees, products and locational concepts;
  • Personal Information Controller (PIC) – refers to a person or organization who controls the collection, holding, processing or use of personal information; and
  • Primary Tourism Enterprises (PTEs) – refer to facilities, services and attractions involved in tourism, such as, but not limited to: tour and travel services, tourist transport services, whether for land, sea or air transport services; tour guides and tourism trainers; agri tourism farm/sites; eco-tourism and adventure facilities, involving such sports as  mountaineering, spelunking, scuba diving, water rafting and other sports activities of significant tourism potential; meeting, incentive, convention and exhibitions organizers and facilities; accommodation establishments, including but not limited to, hotels, resorts, apartels, tourist inns, motels and pension houses.

WHAT WE COLLECT?

We collect the following business information of the Primary Tourism Enterprises (PTEs) starting in their Tourism Management Information System (TMIS) Registration and during Pre- registration of Business Permit Application Processes for New and Renewal of Permit to Operate within the jurisdiction of Cagayan de Oro City:

The following business information of Primary Tourism Enterprises (PTEs) and its servicesoffered to grant approval of application are as follow:

Basic PTEs Information needed:

  • Previous Business Permit Number
  • Tax Payer’s Name
  • Trade Name
  • Business Address
  • Number of Employees
  • General Manager’ Name (current)
  • Company Contact Number (active)
  • Company Email Address (active)

PTEs Services offered:

  • Type of DOT Accreditation
  • Room (number, classification)
  • Event Venue Facilities (capacity, details and services)
  • Hotel Ancillaries
  • Type of Services
  • Service Vehicle
  • Operator Category
  • Vehicle Type

Documentary requirements and reports during the Pre-Registration Form for New/Renewal of Business Permit Application, to wit:

  • Valid Department of Tourism Accreditation Certificate (Primary Tourism Enterprises)
  • Valid Comprehensive General Liability Insurance (Accommodation Establishments)
  • Valid Contract of Lease or Contract to Lease / Proof of Ownership (Primary Tourism Enterprises)
  • Valid Surety Bond (Travel & Tour Operators/Agencies)
  • Valid LTFRB Certificate of Public Conveyance franchise or authorization (Tourist Transport)
  • Valid Clearance from the National Bureau of Investigation
  • Valid Certificate of Good Health
  • Latest Income Tax Return
  • Statistical Data Report Completion Certificate (Primary Tourism Enterprises)

WHY WE COLLECT DATA?

In pursuance to Republic Act No. 11032 or the Ease of Doing Business and Efficient Government Service Delivery Act of 2018, a Tourism Management Information System shall be established to help the Primary Tourism Enterprises (PTEs) and Tourism Related Establishments (TREs) operating their businesses within Cagayan de Oro City to conveniently comply with the submission of their monthly statistical reports, but not limited to tourist arrivals, convention utility survey, events management applications and other pertinent documentary requirements, and track the progress of their Pre-registration of Business Permit Application and other transactions. It shall likewise serve as a tool for the City Government thru the City Tourism and Cultural Affairs Office to monitor the compliance of Primary Tourism Enterprises and tourism related establishments with the existing standards, laws and regulations.

In accordance with your communication preferences, we will occasionally contact you to provide update status of your registrations, announce new features we developed for you, if any, inform you of the existing standards, laws and regulations related to tourism industry operations, and share advisories and information through this system and in other official webpages of the City Tourism and Cultural Affairs Office.

HOW WE PROCESS YOUR PERSONAL DATA?

After registration, the data provided are kept in the Tourism Management Information System and the data can only be processed through the Tourism Management Information System.

Primary Tourism Enterprises (Ptes) and Tourism Related Establishments Accounts:

Recording:

Your registration is being recorded by the system and only the assigned Standards and Regulatory Division staff will access your data for approval, validation and monitoring of applications. Your company’s transactions will also be recorded and uploaded during accomplishing of reports and in the Pre-registration of Business Permit Applications to our secured database.

Processing:

This Cross-Functional Flowchart contains the processes in using the Pre-registration: Business Permit Application.

diagram

If the need for technical support arises, a consent will be asked from you to further assist you which will be done by the Tourism Management Information System Technical Working Group, the City Tourism and Cultural Affairs Office and the City Management Information System Office.

HOW WE PROTECT YOUR DATA?

The City Government of Cagayan de Oro through the Tourism Management Information System Data Controllers and workforce member enforce data privacy and information security policies. They implement the security measure for the protection of your personal as specified in the Implementing Rules and Regulations of Republic Act No. 10173 (Data Privacy Act of 2012) –organization security, physical security and technical security to protect your personal data against loss, misuse or misprocessed by any data controller, modification, unauthorized or accidental access or disclosure, alteration or destruction. We put safeguards such as the following:

  • We keep and protect data using a secured server behind a firewall, deploying encryption on computing devices and physical security controls
  • We restrict access to your personal data only to qualified and authorized personnel who hold your personal data with strict confidentiality and
  • We train our data controllers to properly handle and process your data

BREACH AND SECURITY INCIDENTS: RISK INVOLVED IN PROCESSING

The server manager/CMISO shall always maintain a backup file for all personal data under its custody. In the event of a security incident or data breach, it shall always compare the backup with the affected file to determine the presence of any inconsistencies or alterations resulting from the incident or breach.

In case of a breach incident, the server manager/CMISO will report to the Data Protection Officer together with the responsible Compliance Officer for Privacy of the City Government of Cagayan de Oro for the notification protocol. The server manager/CMISO detailed documentation of the incident or breach encountered will be forwarded to the management and to the NPC depending on the City Government DPO’s advice.

YOUR ROLE IN ENSURING THE COMPLETENESS, ACCURACY AND PROTECTION OF YOUR PERSONAL DATA

You should ensure that the data submitted to us is complete, accurate, true and correct. Failure on your part to do so may put you to an equivalent administrative penalty as you have agreed and understand and declared in the consent of your true and correct company’s data. We encourage you to be vigilant in protecting your company’s data by practicing the following security protocols:

  • Never let anyone process your company’s data other than the authorized person.
  • When connecting online to the Tourism Management Information System, make sure the authorized person is connected and using a known secure internet connection.
  • Safeguard your company’s account by using complex and secure password of your Tourism Management Information System Account.
  • Do not forget to logout your company’s account especially when using multiple user computers.
  • Input only your company’s contact number and email address as much as possible.
  • We advise your authorized personnel to exercise caution in protecting your company against phishing, skimming and other electronic fraud.

HOW YOU MAY CONTACT US

You as our Data Subjects have the following rights (RIGHTS OF DATA SUBJECTS):

  • Company’s business information will be made available to authorized processors anytime in case there are requests for correction, modification or deletion.
  • It is the right of the company owning the data to inquire or obtain a copy of the personal information provided to us.
  • The right to be informed, thus this Data Privacy Manual on how your company’ business information collected be processed through this Information System.
  • The right to access, thus you have the access of your company’s details and account.
  • The right to object, thus you can have the right not to submit the data so as not the data to be processed.
  • The right to erasure or blocking. Unless otherwise provided by laws, rules, and regulations.
  • The right to damages, thus you can request for assessment of your data that might be mishandled to our Data Privacy Officer.
  • The right to file a complaint, thus you can file a complaint to our Data Privacy Officer to any misused, maliciously disclosed, or improperly disposition of your data.
  • The right to rectify, thus you have the right to correct your submitted through the Tourism Management Information System.

For further inquiries or suggestions, you may report or coordinate with our City Government’s Data Privacy Officer:

Atty. Reymond Q. Villablanca

Asst. City Legal Officer
City Legal Office
Ground Floor, Executive Building, City Hall, Cagayan de Oro City
Email: dpo.cdo@gmail.com
Contact Number: (088) 857-2260 / +63-960-902-1208

Customer Service Hotline:

Standards & Regulatory Division

Telephone Number:(088) 859-3842