1. Introduction
‍Inventi Intellectual Holdings Corp. ("INVENTI") acknowledges the importance of protecting personal and sensitive personal information. We respect the rights of data subjects under the Republic Act No. 10173 (Data Privacy Act of 2012) and maintain an Information Security Management System (ISMS) aligned with ISO 27001 standards to ensure all data processing is legitimate, transparent, and proportionate.

‍2. Scope
‍This statement applies to all departments within INVENTI, its employees, office trainees, and external organizations or third-party entities whose information is secured by the company.

‍3. Data Collection and Usage by Department
‍The organization may process limited personal and sensitive information only to the extent necessary to support its legitimate business operations, such as client engagement, employment administration, and system security, and financial management. This may include basic contact details, employment-related information, system access data, and financial records required for payroll, compliance, and internal operations.All data is handled in accordance with applicable privacy laws and is not used beyond its intended and lawful purposes.

‍4. Information Security Measures
‍In line with ISO 27001, INVENTI implements the following security controls to protect against unauthorized access or disclosure:
‍
‍Organizational: Appointment of a Data Protection Officer (DPO) and a Compliance Team to monitor adherence to privacy laws and conduct Privacy Impact Assessments for new systems.
‍Physical: Physical documents are stored in locked filing cabinets, and access to data processing areas is recorded via logbooks.
‍Technical: Electronic files are protected by passwords or encryption; company-issued devices and networks are governed by an Acceptable Use Policy.

‍5. Disclosure and Third Parties
‍INVENTI does not sell, trade, or rent personal information to external entities. Data is disclosed only to authorized third parties—such as financial institutions for payroll—under strict Non-Disclosure Agreements (NDAs) and Data Sharing Agreements (DSAs)

‍6. Retention and Disposal
‍Personal data is retained only for as long as necessary to fulfill its declared purpose. Upon expiration of the retention period, physical copies are destroyed using a shredder, and electronic data is wiped clean from all mediums.