top of page

Privacy Policy

(In accordance with GDPR, BDSG, TTDSG, and the Philippine Data Privacy Act of 2012)

​

1. Controller (Data Controller)

The controller responsible for data processing on this website is:

 

Jason-Heinen Management Consultancy Services
Kathleen Place 4, Block 7, Lot 38

L.Vuitton Street

Brgy. San Bartolome, Novalices

1116 Quezon City

Philippines
 

Represented by:

​

Mr. Jason Heinen

Contact:
Phone: +63 9171559773
Email: jason.heinen@jhmcservices.com
Website: www.jhmcservices.com

​

​

2. General Information on Data Processing

We process personal data exclusively in accordance with:

European & German Law

  • General Data Protection Regulation (GDPR)

  • German Federal Data Protection Act (BDSG)

  • German Telecommunications Telemedia Data Protection Act (TTDSG)

Philippine Law

  • Republic Act 10173 – Data Privacy Act of 2012 (DPA)

  • Implementing Rules & Regulations (IRR)

  • National Privacy Commission (NPC) Guidelines & Advisories

We operate strictly as a consulting company, not as a recruitment or placement agency.
We do not conduct recruitment, matching, placement, or any activity that requires a DMW license.

 

3. Data We Collect

3.1. Server Log Files

Automatically collected data when accessing our website:

  • IP address

  • Browser type & version

  • Operating system

  • Referrer URL

  • Date and time

  • Accessed pages

Legal bases:

  • GDPR Art. 6(1)(f) (legitimate interest)

  • Philippine DPA Section 12(f) (legitimate interests of the controller)

​

3.2. Contact Forms, Emails, Phone Inquiries

If you contact us, we process:

  • Name

  • Contact details

  • Company information

  • Message content

Purpose: Responding to inquiries, pre-contractual communication.
Legal bases:

  • GDPR Art. 6(1)(b) and Art. 6(1)(f)

  • Philippine DPA Section 12(a) & 12(b)

​

3.3. Data Processed During Consulting Services

Depending on the project, we may process:

  • Contact data of corporate clients

  • Project-related documents

  • Visa & recognition documentation

  • Business planning documentation

  • Process data for AI-assisted workflows

We process NO special-category data unless expressly required, permitted, and authorized.

We NEVER process data for recruitment, matching, or placement.

​

 4. Legal Basis for Processing

Under GDPR

  • Art. 6(1)(a) — Consent

  • Art. 6(1)(b) — Contract / pre-contractual measures

  • Art. 6(1)(c) — Legal obligation

  • Art. 6(1)(f) — Legitimate interest

Under Philippine DPA

  • Sections 12 & 13 — Criteria for lawful processing

  • NPC Circulars for cross-border data transfers

  • Section 20 — Security of personal information

  • Section 18 — Rights of data subjects

 

5. Data Disclosure & Transfer

We disclose data only when:

  • Required for consulting services

  • Required for IT/hosting service providers

  • Required by law

  • You provide explicit consent

  • Required for DE–PH cross-border processing with safeguards

We never forward data to:

  • Recruitment agencies

  • Third parties for marketing

  • The Philippine DMW or POEA without explicit instruction

Cross-border transfers adhere to:

  • GDPR Chapter V (Art. 44–49)

  • Philippine NPC Advisory on Cross-Border Data Transfer (2017-02)

 

6. Cookies & Tracking

If you do not use cookies:

 

We do not use cookies or analytics tools that process personal data.

If you DO use analytics, I can add the relevant GDPR + DPA section.

 

 7. AI-Assisted Processing

Our AI tools are used exclusively for:

  • Document analysis

  • Workflow optimization

  • Administrative quality control

We ensure:

  • No automated decision-making (GDPR Art. 22; DPA Sec. 12)

  • No sensitive data processed without consent

  • No use of AI for recruitment or placement

  • Full compliance with GDPR, Philippine DPA & international ethical standards

  • Security controls per NPC Circular 16-01

 

8. International Data Transfers (Germany ↔ Philippines)

Data may be transferred only:

  • With explicit consent

  • For consulting purposes

  • With encryption and security safeguards

  • Under GDPR Art. 49(1) exceptions

  • In compliance with the NPC Cross-Border Data Transfer Guidelines

We do NOT share data with Philippine authorities without client request.

 

 9. Data Retention

Data is stored:

  • Only as long as necessary for consulting purposes

  • According to EU, German & Philippine retention requirements

  • Until the user withdraws consent, unless legal retention applies

 

10. Your Rights

Under GDPR

  • Right of access (Art. 15)

  • Rectification (Art. 16)

  • Erasure (Art. 17)

  • Restriction (Art. 18)

  • Data portability (Art. 20)

  • Objection (Art. 21)

  • Withdrawal of consent (Art. 7(3))

Under Philippine DPA

  • Right to be informed

  • Right to access

  • Right to object

  • Right to erasure/blocking

  • Right to rectification

  • Right to data portability

  • Right to file a complaint with the National Privacy Commission

 

11. Data Security

We implement:

  • SSL/TLS encryption

  • Encryption-at-rest

  • Access controls

  • NPC-compliant data security measures

  • GDPR Article 32 technical & organizational measures

 

12. Updates to This Policy

We may update this Privacy Policy to reflect:

  • Changes in law (GDPR, BDSG, TTDSG, Philippine DPA)

  • NPC advisories

  • Operational improvements

Data Protection by JHMCS.png
bottom of page