Privacy Policy

Christdanrey Construction — SecureEye v

Republic Act No. 10173 · Data Privacy Act of 2012 · Effective January 1, 2025
This policy describes how Christdanrey Construction collects, uses, and protects your personal data when you use SecureEye. By accessing the system, you agree to the collection and use of information in accordance with this policy.

1. Data Controller

Christdanrey Construction is the Personal Information Controller (PIC). SecureEye is operated exclusively by authorized personnel of the organization.

2. Personal Data Collected

  • Identity data: full name, username, job title, role, phone, email address
  • Technical data: IP addresses, session identifiers, browser user agent
  • Activity data: login timestamps, system actions, audit log entries
  • Evidence files: site photos, videos, documents (AES-256 encrypted at rest)
  • Security data: failed logins, account lockout events, OTP records

3. Purpose of Data Collection

SecureEye collects personal data only for the specific, declared purposes listed below.

1 — User Authentication & Access Control
Data collectedFull name, username, email, hashed password, role, IP address, session ID, OTP records, login timestamps WhyTo verify identity, enforce role-based permissions, and prevent unauthorized access to the system Legal basisLegitimate interest in securing organizational systems (RA 10173, Sec. 12(b)) Applies toAll system users (Head Engineer, Project Engineer, Site Supervisor/Foreman)
2 — Site Surveillance & Evidence Collection
Data collectedCCTV footage, site photographs, video recordings, timestamps, camera location metadata WhyTo monitor construction site safety, record deliveries and incidents, and maintain a verifiable chain of custody for all evidence Legal basisLegitimate interest in site security and contractual obligation for evidence documentation (RA 10173, Sec. 12(b) & (e)) Applies toPersonnel physically present on monitored construction sites
3 — Incident Reporting & Documentation
Data collectedIncident descriptions, reporter identity, site location, attached evidence files, submission timestamps WhyTo create an accurate, tamper-evident record of site incidents for safety compliance and legal accountability Legal basisCompliance with occupational safety regulations and contractual obligations (RA 10173, Sec. 12(c)) Applies toUsers who submit or are named in incident reports
4 — Inventory, Delivery & Resource Management
Data collectedRecorder name, delivery details, allocated personnel names, project site, equipment assignment records WhyTo maintain accurate records of materials, deliveries, and resource allocation for operational accountability Legal basisLegitimate interest in operational management and contractual record-keeping (RA 10173, Sec. 12(b)) Applies toPersonnel who record or are assigned to deliveries and allocations
5 — Security Monitoring & Audit Trail
Data collectedAll system actions with timestamp, actor identity, IP address, and affected record — stored in immutable audit log WhyTo detect unauthorized access, ensure two-person integrity on sensitive operations, and maintain a complete accountability trail for regulatory audits Legal basisLegitimate interest in organizational security and legal compliance (RA 10173, Sec. 12(b) & (f)) Applies toAll authenticated users — every action is logged
6 — DPA Consent Management
Data collectedConsent timestamp, IP address, browser user agent, policy version accepted, withdrawal timestamp if applicable WhyTo maintain a verifiable record that each user gave informed consent before accessing the system, as required by RA 10173 Legal basisConsent of the data subject (RA 10173, Sec. 12(a)) and compliance with data privacy law (Sec. 12(c)) Applies toAll registered system users

Your personal data will not be used for any purpose not listed above without your prior consent or a lawful order from a competent authority.

4. Access and Data Sharing

Access is strictly role-based. The Head Engineer has administrative access; other roles have limited, function-specific access. Personal data is not shared with third parties unless required by applicable law (e.g., a lawful court order or regulatory authority directive).

5. Retention Periods

Data Type Retention Period
Audit Logs Minimum 365 days
Evidence Records (deliveries, incidents, site documents) Minimum 730 days from creation
Account Data Retained while active + compliance period after deactivation

6. Your Rights Under RA 10173

Right Description
Right to Access Request a copy of your personal data held in SecureEye by contacting the system administrator.
Right to Correction Update inaccurate personal data via Settings or by requesting the Head Engineer.
Right to Deletion Submit a written deletion request to the administrator. Subject to legal hold and retention requirements.
Right to Object Object to processing activities not strictly necessary for system operation. Contact the administrator.
Right to Portability Request a structured, machine-readable copy of personal data you have provided to the system.
Right to Withdraw Consent Withdraw at any time. Does not affect prior lawful processing; triggers an account review.

7. Data Protection Contact

To exercise any of your rights, contact the Data Protection Officer through the Head Engineer or the organization's official communication channels.

SecureEye — Secure Surveillance & Evidence System
Christdanrey Construction  ·  All access is logged and monitored.
Back to Login