Privacy Policy

At Sourcefit, we prioritize the protection of personal data and uphold the rights and interests of data subjects (owners of Personal Identifiable Information). We recognize the value of Personal Identifiable Information (PII) entrusted to us and are committed to managing and safeguarding it responsibly. This Privacy Policy outlines how we collect, use, and share personal information when you visit our website, (referred to as the “Site”).


We guarantee that you feel secure knowing that we will handle your information with utmost care. Our privacy controls adhere to various applicable data privacy regulations, ensuring the protection of personal data collected, used, and stored in our systems. We have mapped out these regulations to cover extensive areas and have formulated solutions to address any unique requirements.


Your Personal identifiable information (PII) is crucial to our business operations, and we handle it with care to deliver services efficiently. PII may be collected and used by our support services team for various purposes, including employee compensation, access management, and business development.

We may collect the following types of information.

Please note that customer information of our client partners is managed exclusively by them, ensuring control and compliance with privacy regulations. We do not store client information but facilitate its use within client systems as needed.

Website Information Collection

When you visit our website, we collect device information such as browser details, IP addresses, and cookies. Contact information is collected through contact forms for communication purposes.


We ensure PII processed is adequate, relevant, and not excessive, considering the intended purpose.

Data Privacy Principles and Legislative Requirements

We adhere to principles of transparency, legitimate purpose, and proportionality in processing PII, ensuring fair and lawful practices.


Informed and active consent is obtained before data collection, with consent forms utilized whenever possible.


We obtain consent before processing PII and inform data subjects of the purpose, risks, safeguards, and rights associated with data processing.

Privacy Impact and Risks

Privacy Impact Assessments and Risk Analysis are conducted periodically and before implementing new processes or technologies involving PII.

Legitimate Purpose

Our PII processing aligns with declared purposes and legal requirements.


We retain your PII for specified periods based on regulatory requirements and necessity, ensuring proper disposal afterward. In compliance with prevailing regulatory requirements, we may retain PII for up to 5 years, however; retention and disposal o sensitive information may require further consent from data subjects.


We collect only necessary information for specified purposes with consent.


Records and documents are disposed of properly according to retention schedules. Clients have control over the disposal of customer information stored in their portals.

Security Measures

PII is securely stored in databases managed by the Company’s Information Technology department. We maintain appropriate technical, physical, and organizational security measures to safeguard your information. These measures are regularly reviewed and updated to align with regulatory standards and technological advancements. These controls include, and is not limited to:

To learn more about these measures and how PII is secured, please get in touch with our Data Protection Officer

Data Classification

To sustain our efforts of protecting PII, the following data classification is implemented:


Information intended and released for public use


Business Confidential

Information that may be shared only within Sourcefit



High-risk information that requires strict controls



High-risk information that requires strict controls


To The following controls are implemented per category:



Mailing Paper Based-Info

Storing electronic files on work or personal computer (including portable devices)

Sharing files with authorized individuals

Engaging vendors to store/process data

Business Confidential

Do not leave unattended on printer trays or bins

Put in a closed mailing envelope/box

Only store in IT allowed storage (ie., One Drive)

Used approved collaboration tools and share with specific individuals, not anonymous or guest links

Written contracts are strongly recommended


Do not leave unattended on printer trays or bins

Put in a closed mailing envelope/box

Only store in IT allowed storage (ie., One Drive)

Used approved collaboration tools and share with specific individuals, not anonymous or guest links

Written contracts are strongly recommended


Never print unless there is explicit approval

Never mail

Never store out of client systems or portals

Never share

Written contracts are strongly recommended

Note: This applies to internal records and records that are shared with third parties and vendors.

Restriction On Sharing PII And Marketing Use

Sharing PII

We restrict the sharing of PII with third parties unless it is necessary for the fulfillment of contractual obligations or required by law. Any sharing of PII is done with utmost caution, ensuring that appropriate safeguards are in place to protect the data.


We will not use your PII for profiling or marketing purposes unless a legitimate purpose is established, or explicit consent is obtained from you. Legitimate purposes may include providing relevant information about our products or services that are directly related to your interests or needs.

Data Subject Requests And Incident Management

Exercising Data Subject Rights

You may engage our Data Protection Officer (DPO) to exercise your rights data privacy rights. Whether it involves accessing information, rectifying inaccuracies, objecting to processing, or requesting data erasure, our DPO facilitates these requests promptly and transparently. You may fill out the Data Subject Action Request Form ( to send your requests to the DPO.

Reporting Incidents

In the event of a data privacy incident or breach, you may report it directly to our DPO. Our DPO oversees incident response procedures, ensuring timely assessment, mitigation, and reporting in compliance with regulatory requirements.

Our Data Protection Officer

Our Data Protection Officer (DPO) oversees all data privacy matters, managing the Data Privacy Program, responding to inquiries, identifying risks, and ensuring compliance. 

To contact our DPO, email [email protected].

Our Data Privacy Compliance

Sourcefit have successfully complied with the Data Protection Officer and Personal Information Controller Registration Requirements of the National Privacy Commission of the Philippines, in accordance with NPC Circular No. 16-03. Our registration is valid until July 5, 2024. You may scan the QR code to get more information about our registration details.

Terms and Policy Updates

We have updated our Terms of Use and Privacy Policy. This update took effect on February 22, 2024

Privacy Preference Center

Thank You

The form was sent successfully.