1.1The Zulueta Law Office is a Philippine law office founded in June 1983 by Atty. Gilbert P. Zulueta (+) and continued and expanded by Atty. Alysha Grace M. Zulueta. Our principal office is located at MER Jorge Bocobo St., Ermita, Manila.
1.2For purposes of the DPA, the Firm is a Personal Information Controller (“PIC”) over personal data collected through our website, booking page, Legal Clarity Session, and other client-facing channels.
2.1This Privacy Policy applies to personal data we collect when you (a) visit our website, (b) book or attend a Legal Clarity Session, (c) engage the Firm for legal services, (d) communicate with us through email, phone, or messaging platforms, or (e) interact with us in any other capacity related to our services.
2.2This Policy does not apply to third-party websites or services linked from our website. Their privacy practices are governed by their own privacy notices.
We collect only the personal data necessary to provide our services and comply with our legal and regulatory obligations. The categories of personal data we may collect include:
| Category | Examples |
|---|---|
| Identity Data | Full name, date of birth, government-issued ID details (when required for engagement or KYC). |
| Contact Data | Email address, mobile or landline number, postal address. |
| Business Data | Company name, position, industry, business address, and business background relevant to your inquiry. |
| Booking Data | Session schedule, intake form responses, and the subject matter of your inquiry. |
| Payment Data | Billing name, billing address, transaction reference, and payment confirmation. Full card or e-wallet credentials are processed by our payment processor and are not stored by the Firm. |
| Case Data | Documents, facts, and information you share with us in connection with a legal matter, including data that may be considered sensitive personal information under the DPA (e.g., health, financial, or legal proceedings information). |
| Technical Data | IP address, browser type, device identifiers, pages visited, and cookies (see Section 8). |
| Communications Data | Emails, chat messages, call records, and meeting notes. |
4.1Directly from you — when you fill out our booking form, submit an intake form, contact us by email or phone, or share documents during a Session or engagement.
4.2Automatically — through cookies and similar technologies when you visit our website (see Section 8).
4.3From third parties — from our booking platform, payment processor, and CRM provider, all of whom act as our Personal Information Processors (“PIPs”) bound by data-sharing or processing agreements.
We process your personal data for the following purposes and on the lawful bases indicated:
6.1We do not sell your personal data. We share it only with the following recipients, and only to the extent necessary:
| Recipient | Purpose |
|---|---|
| Booking platform provider | To schedule, confirm, and manage Legal Clarity Sessions and to send appointment notifications. |
| Video conferencing platform (Zoho Meeting) | To host the online Session. |
| Payment processor | To process Session fees and other payments. Card and e-wallet credentials are handled by the processor and not by the Firm. |
| Email service provider | To send booking confirmations, transactional emails, and (with consent) marketing emails. |
| CRM provider | To maintain client records, manage client communications, and document the engagement lifecycle. |
| Analytics provider | To measure website performance and audience interactions in aggregated and, where possible, pseudonymized form. |
| Affiliated brands | Legally Clicked and the Family Legacy Maker Academy, where your inquiry is best served by these arms of the legal ecosystem and only with your knowledge. |
| Government authorities, courts, and regulators | When required by law, court order, subpoena, or lawful request from a competent authority. |
| Professional advisors | Auditors, accountants, and external legal counsel of the Firm, where necessary. |
6.2All third-party service providers acting as our Personal Information Processors are bound by written agreements requiring them to (a) process personal data only on our documented instructions, (b) implement appropriate security measures, and (c) assist us in complying with our obligations under the DPA.
6.3Some of our service providers may store or process data on servers located outside the Philippines. Where this occurs, we ensure that the cross-border transfer is subject to adequate safeguards consistent with the DPA and NPC issuances.
7.1We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, tax, accounting, or regulatory requirements.
7.2Our default retention rule is as follows:
| Category | Retention Period |
|---|---|
| General inquiries and unconverted leads | One (1) year from the last interaction. |
| Legal Clarity Session records | One (1) year from the date of the Session, unless the Client subsequently engages the Firm. |
| Engagement and case files | Ten (10) years from termination of the engagement, in line with the prescriptive periods under Philippine law and the Firm’s professional duty to keep records of legal services rendered. |
| Accounting, tax, and billing records | Ten (10) years, in compliance with the National Internal Revenue Code and BIR regulations. |
| KYC / AMLA records (where applicable) | Five (5) years from the end of the business relationship, in compliance with the Anti-Money Laundering Act. |
| Marketing data | Until you withdraw consent or for two (2) years from the last engagement, whichever is earlier. |
7.3After the applicable retention period, personal data is securely deleted, anonymized, or, where required, archived under strict access controls.
8.1Our website uses cookies and similar technologies to (a) ensure proper functioning of the site, (b) remember your preferences, (c) measure traffic and engagement through analytics tools, and (d) measure the effectiveness of our marketing.
8.2You may control cookies through your browser settings. Disabling certain cookies may affect site functionality. Where required, we will request your consent for non-essential cookies through a cookie banner on first visit.
9.1We implement reasonable and appropriate organizational, physical, and technical security measures consistent with the DPA and NPC issuances. These include:
9.2While we take data security seriously, no system is completely secure. In the event of a personal data breach that is likely to give rise to a real risk of serious harm, we will notify the NPC and affected data subjects in accordance with the DPA.
Under the DPA, you have the following rights with respect to your personal data:
To exercise any of these rights, please contact our Data Protection Officer (see Section 12). We will respond within a reasonable period, generally not exceeding fifteen (15) working days, subject to verification of your identity.
11.1Our services are intended for individuals who are at least eighteen (18) years of age. We do not knowingly collect personal data from minors without the consent of a parent or legal guardian. If you believe we have inadvertently collected such data, please contact our Data Protection Officer so we can take appropriate action.
For questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact our Data Protection Officer:
You also have the right to lodge a complaint with the National Privacy Commission. You may visit privacy.gov.ph for more information.
13.1We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on our website with a revised “Effective Date.” Material changes will be communicated through prominent notice on our website or by email where appropriate.
13.2We encourage you to review this Privacy Policy periodically.