Privacy Policy

Introduction

SudoTech+ ("we," "us"), a Philippines-based freelance software agency, serves clients in North America, Europe, Southeast Asia, and Emerging Markets, including regions subject to U.S. sanctions. We protect client data under laws like the Republic Act No. 10173, known as the Data Privacy Act of 2012 (DPA), while prioritizing efficiency. This Policy explains client data collection, processing by region, and our rights to manage it. Key laws include:

• Data Privacy Act of 2012 (DPA) in the Philippines
• General Data Protection Regulation (GDPR) in Europe
• California Consumer Privacy Act (CCPA) in North America
• Personal Information Protection and Electronic Documents Act (PIPEDA) in North America
• Personal Data Protection Laws (PDPA) in Southeast Asia
• Personal Data Protection Laws (PDPL) in Emerging Markets
• U.S. sanctions enforced by the Office of Foreign Assets Control (OFAC)

Contact our Data Protection Officer at sudotechplus@gmail.com.

Client Data We Collect

We collect only necessary data:

• Identifiers like name, email, phone, and IP address from forms or emails
• Professional data like company or job title from contracts
• Financial data like bank details via payment processors
• Technical data like device or browser info via cookies or analytics
• Sensitive data like biometrics for projects, with consent

We do not collect children's data without parental consent.

Data Processing by Region

We process data for services, payments, and legal compliance, minimizing use and retaining business flexibility.

North America (CCPA and PIPEDA)

We collect data via forms, emails, or cookies with opt-out options. We use it for projects and payments, storing it on secure servers and deleting it after six months or seven years for audits. We honor Global Privacy Control (GPC) signals for CCPA, relying on consent, contracts, or business needs, with opt-out for data sharing.

Europe (GDPR)

We collect data via contracts or forms, requiring consent for sensitive data. We use it for services, store it encrypted with Standard Contractual Clauses (SCCs), and delete it post-project unless required. We rely on contracts, consent, or legitimate interests.

Southeast Asia (PDPA)

We collect data via forms, app data, or cookies with consent. We process it for delivery, share with vendors under agreements, and retain it per local laws, like seven years for taxes, using consent, contracts, or legitimate interests.

Emerging Markets (PDPL and OFAC)

We collect data via secure forms, avoiding collection if OFAC-prohibited. We process it for services with encrypted storage, ensuring sanctions compliance and minimal retention, based on consent, contracts, or OFAC rules.

We may refuse processing if it violates laws or sanctions.

Consent

We obtain consent for marketing or sensitive data via forms or emails. Withdraw consent at sudotechplus@gmail.com, but prior processing or necessary data, like for taxes, remains unaffected. We use contracts or legitimate interests where allowed by DPA or GDPR.

Data Sharing

We share data only as needed with vendors like cloud providers under agreements, for legal compliance like tax or OFAC requirements, or in mergers with notice. We do not sell data per CCPA. Sharing in sanctioned regions uses OFAC-compliant contracts.

International Transfers

Data may move outside the Philippines to secure servers. We use SCCs for GDPR and PDPL, contracts for PDPA and PDPL, and OFAC-compliant safeguards for sanctioned regions, minimizing transfers to reduce risk.

Your Rights

You may:

• Access, correct, or delete data
• Object to processing
• Request portability under GDPR or PIPEDA
• Opt-out of sharing under CCPA
• Withdraw consent

Email: sudotechplus@gmail.com. We respond within 30 days, or 72 hours for DPA high-risk cases, subject to exemptions like tax records. Fees may apply for excessive requests.

Security

We use encryption (Insert the security protocol), access controls, and Privacy by Design. We limit liability for unavoidable breaches.

Data Breaches

We notify you and authorities like the National Privacy Commission (NPC) within 72 hours if a breach risks harm, or as required by PDPL. We mitigate but are not liable for unavoidable incidents.

Retention

Data is kept only as needed: client data for six months post-project or three years for taxes per DPA, financial records for seven years, with secure deletion thereafter.

Cookies

Cookies support site functionality and analytics, requiring consent for non-essential use under GDPR and DPA. We honor GPC for CCPA. See Cookie Policy.

Sanctioned Regions

For sanctioned regions, we screen for OFAC compliance, use encrypted processing, and may suspend services if required.

Changes

We update this Policy as needed, notified via email or website. Continued use implies acceptance.