DOLE E-SEnA

Where to file?

SEnA RFAs may be filed onsite and online. For Onsite filing, requesting party may file their request at the Department of Labor and Employment Regional/Provincial Offices; National Conciliation and Mediation Board Central Office and its Regional Conciliation and Mediation Branches and National Labor Relations Commission Central Office and its Regional Arbitration Branches. For Online filing, Requesting Parties may file a request through the respective websites of the implementing offices/agencies.

Who may file?

Request for Assistance (RFA) may be filed by any aggrieved person such as worker, including kasambahay/family driver, group of workers, whether local or overseas, or a union, workers association or federation and employer. In case of absence or incapacity of the aggrieved person, his/her immediate family with Special Power of Attorney (SPA) may file the RFA. In case of death, his/her legitimate heirs may file the RFA.

Requesting Parties are classified into six (6) categories such as Individual Worker, Group of Workers, Union, Overseas Filipino Workers, Kasambahay/Family Driver, and Employer.

Individual Worker

Group of Workers

Union

OFW

Kasambahay/ Family Driver

Employer

The Department of Labor and Employment (DOLE) recognizes and respects your right to data privacy, and is committed to protect your personal data in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA).

Basis
DOLE may lawfully process your personal data pursuant to Sections 12 or Section 13 of the DPA and Rule V of its Implementing Rules and Regulations.
SEC. 12. Criteria for Lawful Processing of Personal Information. – The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists:
1. The data subject has given his or her consent;
2. The processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract;
3. The processing is necessary for compliance with a legal obligation to which the personal information controller is subject;
4. The processing is necessary to protect vitally important interests of the data subject, including life and health;
5. The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate; or
6. The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution.
SEC. 13. Sensitive Personal Information and Privileged Information. – The processing of sensitive personal information and privileged information shall be prohibited, except in the following cases:
1. The data subject has given his or her consent, specific to the purpose prior to the processing, or in the case of privileged information, all parties to exchange have given their consent prior to processing;
2. The processing of the same is provided for by existing laws and regulations: Provided, That such regulatory enactments guarantee the protection of the sensitive personal information and the privileged information: Provided, further, That the consent of the data subjects are not required by law or regulation permitting the processing of the sensitive personal information or the privileged information;
3. The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing;
4. The processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations: Provided, That such processing is only confined and related to the bona fide members of these organizations or their associations: Provided, further, That the sensitive personal information are not transferred to third parties: Provided, finally, That consent of the data subject was obtained prior to processing;
5. The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured; or
6. The processing concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority.
Personal Data Collected and Manner of Collection
DOLE may collect personal data such as name, address, email address and contact details, among others, depending on the transaction made with us.
DOLE may collect personal data directly from you through several means, including but not limited to the following:
- Forms;
- Our website (when you contact us, or when you fill in forms displayed on our website);
- E-mail correspondence;
- Postal mail;
- Cookies, or other similar technologies;
- Telephone call;
- Video conference;
- Personally.
Use and Purpose of Personal Data

Your personal data is utilized for purposes relative to your transaction with DOLE, such as:
- For documentation and processing of inquiries and requests within DOLE to enable us to properly address them and forward them to the appropriate
- To solicit feedback for the services we provide;
- To provide the appropriate updates and advisories in an appropriate format and orderly and timely manner;
- To comply with a legal obligation to which DOLE is subject;
- To comply with the requirements of public order and safety or to fulfill the functions of public authority, including processing personal data to
- To be able to provide the appropriate action that a data subject may require concerning their data privacy rights;
Moreover, we may collect other personal data that are relevant and necessary to perform our mandate of providing a speedy, impartial, inexpensive and accessible settlement of labor issues arising from employer-employee relations.
Disclosure of Personal Data

Personal data processed by DOLE is not shared with any other party except to other regulatory agencies, and unless such disclosure is allowed under Sections 12 or 13 of the DPA.
Risks Involved

Risk refers to the potential of an incident to result in harm or danger to a data subject or organization. Risks may lead to the unauthorized collection, use, disclosure, or access to personal data. It includes risks involving the confidentiality, integrity, and availability of personal data or the risk that processing will violate the general data privacy principles and the rights of data subjects.

DOLE ensures that adequate physical, technical, and organizational security measures are in place to protect personal information's confidentiality, integrity, and availability. However, this does not guarantee absolute protection against certain risks involving the processing of personal data, such as when systems are exposed to targeted cyberattacks, malware, ransomware, and computer viruses or when manual records are accessed without authority.

However, adequate policies are in place to ensure appropriate security incident management in line with existing National Privacy Commission's (NPC's) policies, circulars, and other issuances.
Data Protection and Security Measures

DOLE safeguards the confidentiality, integrity, and availability of your personal data by maintaining a combination of organizational, physical, and technical security measures based on generally accepted data privacy and information security standards. Among the measures the DOLE implements are the following:
- Policies on access control in both digital and physical infrastructures to prevent unauthorized access to personal information;
- Acceptable use policies;
- End-to-end encryption and data classification whenever suitable;
- Security measures against natural disasters, power disturbances, external access, and similar threats; and
- Technical measures implemented to protect computers and databases against accidental, unlawful, or unauthorized access or interference, or access including encryption of data-at-rest and data-in-transit, multi-factor authentication (MFA) for secure access to systems, and role-based access control (RBAC) to restrict data access based on user roles.
Storage and Retention

DOLE stores files containing personal data in our computers and servers, which are kept in a secure environment. We may also store your personal data with cloud-based third-party data storage providers. We shall ensure that proper measures are adopted to protect your information.

Personal data shall be stored in a database for five (5) years after inquiries and requests are acted upon. After which, records shall be disposed of securely.

Other categories of data may be kept longer than seven (7) years when its retention period is determined by other relevant laws and regulations.
Disposal

Physical records are securely disposed of through shredding, while digital files undergo anonymization to ensure that personal information can no longer be retrieved, processed, or accessed by unauthorized individuals. Disposal methods are designed to permanently and securely eliminate data in compliance with applicable regulations.
Rights of a Data Subject

Under the DPA, you have the right to the following:
1. Right to be Informed;
2. Right to Object;
3. Right to Access;
4. Right to Rectification;
5. Right to Erasure or Blocking;
6. Right to Data Portability; and
7. Right to Damages.
The Data Subject may avail of the remedies under the DPA, its IRR and the NPC issuances, in case of breach of his/her rights. Data Subject Rights can be accessed through the link.
Changes to the Privacy Notice
DOLE reserves the right to update, amend or revise this privacy notice at any time and will provide a new privacy notice in case of substantial changes.
Feedback on our Privacy Notice
For any suggestions or comments regarding DOLE's Privacy Notice or Data Privacy Policies, you may reach us through our Data Protection Officer, Assistant Secretary Paul Vincent W. Añover, via this address: 7th Floor, DOLE Central Office Building, Intramuros, Manila, or email us at asec.employment@dole.gov.ph.