Privacy Policy

Last updated: April 2026

Overview

Laza Remote Business Management Consultancy Services ("Laza Remote," "I," "me") is committed to protecting the privacy of individuals who visit the website, submit inquiries, or engage in services. This policy explains what information is collected, how it is used, the legal basis for processing, how it is protected, and the rights available to you.

This policy is issued in compliance with Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines ("DPA") and its Implementing Rules and Regulations. Where applicable to individuals located in the European Union, European Economic Area, or United Kingdom, this policy is also issued in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) and the UK General Data Protection Regulation ("GDPR"). Where applicable to individuals located in Australia, this policy is also issued in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Where applicable to individuals located in New Zealand, this policy is also issued in accordance with the Privacy Act 2020 and the Information Privacy Principles. Where applicable to individuals located in Canada, this policy is also issued in accordance with the Personal Information Protection and Electronic Documents Act ("PIPEDA") and applicable provincial privacy laws. Where this policy does not specifically reference the privacy laws of your jurisdiction, your personal information is still processed in accordance with applicable local privacy laws to the extent they apply. Where local law in your jurisdiction provides additional protections beyond those described in this policy, those protections apply to the extent required by law.

Laza Remote operates as a Personal Information Controller under the DPA and as a Data Controller under the GDPR.

Data Controller

Patricia Adrienne Laza

Founder, Laza Remote Business Management Consultancy Services

Contact me at this email

Patricia Adrienne Laza also serves as the Data Protection Officer for Laza Remote.

Information I Collect

When you submit the pre-discovery intake form on the Contact page, I collect your contact information (name, company name, email address, and website if provided), basic business information (industry, business description, how long the business has been operating, team size, and your role), your current operational priority, your responses to questions about your business operations relevant to the service path you select, what prompted your inquiry, any additional context you choose to provide, and how you heard about us.

When you book a discovery call through Calendly, Calendly collects your name, email address, and scheduling preferences on my behalf.

When you send an email to any address at lazaremote.com, I receive your name, email address, and any information you include in your message.

When client engagements include recorded meetings, Fathom processes audio, video, and transcript data. Recording occurs only with your knowledge and consent during the call.

When you visit the website, standard analytics data may be collected, including pages visited, time on site, referring source, browser type, and general geographic location. This data is aggregated and does not personally identify you.

Legal Basis for Processing

Under the DPA, GDPR, and other applicable privacy laws, processing of personal data must be justified under a lawful basis.

Consent: Processing of intake form submissions, discovery call bookings, and email correspondence is based on your consent, provided when you submit information, book a call, or send a message. You may withdraw consent at any time by contacting me. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

Contract: Processing of client data during active engagements is based on the necessity of performing the engagement contract between Laza Remote and the client.

Legal obligation: Processing and retention of financial records and client engagement data is based on legal obligations under Philippine tax law, including Bureau of Internal Revenue (BIR) record-keeping requirements, and equivalent obligations in other applicable jurisdictions.

Legitimate interest: Analytics data and essential cookies are processed on the basis of legitimate interest — specifically, to maintain Site functionality, ensure security, and understand how visitors engage with the content. This processing is limited in scope and does not override your fundamental rights.

How I Use Your Information

Information submitted through the intake form is used to prepare for discovery calls and assess whether an engagement is a fit. Your operational responses help me understand the structural complexity of your business before we speak.

Contact information is used to communicate with you about your inquiry, schedule calls, and follow up on potential or active engagements.

Meeting recordings and transcripts, where applicable, are used to capture accurate records of client conversations, support follow-through on decisions made during the call, and inform ongoing work within the engagement.

Analytics data is used to understand how the website is performing and to improve the experience for visitors.

I do not sell, rent, or share your personal information with third parties for marketing purposes.

Third-Party Tools

Laza Remote uses the following third-party tools in the course of operating the website and managing client communications. Each of these tools has its own privacy policy governing how data is handled.

HighLevel — website hosting, form submissions, CRM, and email communications. Form responses submitted through the website are stored in HighLevel. HighLevel Privacy Policy

Calendly — scheduling discovery calls. When you book a call, Calendly processes your name, email, and scheduling data. Calendly Privacy Policy

Fathom — meeting recording and transcription for client calls. Fathom processes audio, video, and transcript data when recording is active. Fathom Privacy Policy

Wise — international payment processing for client engagements. Payment data is handled by Wise and is not stored by Laza Remote. Wise Privacy Policy

Google Workspace — email (Gmail), client communications (Google Chat), document collaboration, and file storage. Client information shared through these tools is governed by Google's privacy practices. Google Privacy Policy

Meta (Facebook, Instagram, and WhatsApp) — Laza Remote maintains Facebook and Instagram business pages. If you visit the website through Facebook or Instagram, or communicate via WhatsApp, Meta may collect data related to that interaction. Meta Privacy Policy

LinkedIn — Laza Remote maintains a LinkedIn profile. If you visit the website through LinkedIn, LinkedIn may collect data related to that referral. LinkedIn Privacy Policy

Google Analytics or equivalent analytics tools may be used to collect aggregated website usage data. No personally identifiable information is collected through analytics.

International Data Transfers

Your personal information may be processed and stored using tools and services that operate outside the Philippines and outside the European Economic Area, including HighLevel (United States), Calendly (United States), Fathom (United States), Wise (United Kingdom and European Union), and Google Workspace (global infrastructure).

For transfers from the EU, EEA, or UK to jurisdictions without an adequacy decision, these transfers are conducted using Standard Contractual Clauses or equivalent safeguards as required under the GDPR. For transfers from the Philippines, these transfers are conducted in accordance with Section 21 of the DPA and its Implementing Rules on cross-border processing. For transfers involving individuals in Australia, New Zealand, or Canada, these transfers are conducted with reasonable safeguards as required under the Privacy Act 1988 (Cth), the Privacy Act 2020, and PIPEDA respectively.

By submitting your information, you consent to the transfer and processing of your data in these jurisdictions, subject to the safeguards above.

How Your Data Is Protected

All form submissions and client communications are handled through encrypted, industry-standard platforms. I do not store payment card information. Access to client data within the CRM is limited to me as the sole operator of the business.

While I take reasonable measures to protect your information, no method of transmission over the internet or electronic storage is completely secure. I cannot guarantee absolute security.

Breach Notification

In the event of a personal data breach that is likely to affect your rights, I will notify you and the National Privacy Commission within the timeframe required under the Data Privacy Act of 2012 and its Implementing Rules and Regulations.

Where the breach affects individuals in the EU, EEA, or UK, I will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible, in accordance with Article 33 of the GDPR.

Where the breach affects individuals in Australia and meets the threshold for a notifiable data breach under the Privacy Act 1988 (Cth), I will notify the Office of the Australian Information Commissioner and affected individuals as soon as practicable after becoming aware of the breach.

Where the breach affects individuals in New Zealand and meets the threshold for a notifiable privacy breach under the Privacy Act 2020, I will notify the Office of the Privacy Commissioner and affected individuals as soon as practicable after becoming aware of the breach.

Where the breach creates a real risk of significant harm to individuals in Canada, I will notify the Office of the Privacy Commissioner of Canada and affected individuals as soon as feasible, in accordance with PIPEDA's breach notification requirements.

Data Retention

Intake form responses and contact information for inquiries that do not result in an engagement are retained in the CRM for up to twelve months from the date of submission, after which they are deleted.

For active client engagements, personal data is retained for the duration of the engagement.

After an engagement concludes, client data related to financial records, contracts, and tax documentation is retained for ten years, as required under Bureau of Internal Revenue (BIR) regulations in the Philippines and equivalent financial record-keeping laws in other applicable jurisdictions.

Operational client data not subject to legal retention requirements is deleted or anonymized within twelve months of engagement conclusion unless retention is necessary for legitimate business purposes such as dispute resolution or enforcement of agreements.

If you request deletion of your data, I will honor the request to the extent permitted by law. Data subject to legal retention obligations will not be deleted before the required retention period expires, but access to it will be restricted.

Cookies

The Site uses essential cookies required for basic functionality, including bot detection, session management, and security. These cookies do not track you across sites or build a profile about you. They are necessary for the Site to operate and cannot be declined without affecting functionality.

The Site does not use advertising, marketing, or third-party tracking cookies.

Some third-party tools embedded in the Site — including HighLevel for form submissions — may set their own cookies when you interact with them. These cookies are governed by each third party's privacy policy.

You can disable cookies in your browser settings at any time. Disabling essential cookies may prevent parts of the Site from functioning correctly.

Your Rights

Under the DPA, GDPR, and other applicable privacy laws in your jurisdiction, you have the following rights regarding your personal information:

Right to be informed — You have the right to know that your data is being collected and how it is being processed.

Right of access — You have the right to obtain a copy of your personal data and information about how it has been processed.

Right to rectification — You have the right to correct inaccurate or outdated information.

Right to erasure — You have the right to request deletion of your data when it is incomplete, outdated, falsely obtained, or no longer necessary for the purpose it was collected, subject to any overriding legal obligations that may require continued retention.

Right to restrict processing — You have the right to request that processing of your data be limited in certain circumstances.

Right to object — You have the right to object to the processing of your personal data based on legitimate interest or for direct marketing purposes.

Right to data portability — You have the right to obtain your data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to withdraw consent — Where processing is based on consent, you have the right to withdraw that consent at any time.

Right not to be subject to automated decision-making — You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

Right to damages or compensation — You may have the right to damages or compensation for violations of your privacy rights, as provided under applicable law in your jurisdiction.

Right to lodge a complaint — You have the right to file a complaint with the National Privacy Commission (Philippines), your local data protection supervisory authority (EU/EEA/UK), the Office of the Australian Information Commissioner (Australia), the Office of the Privacy Commissioner (New Zealand), or the Office of the Privacy Commissioner of Canada (Canada), as applicable to your jurisdiction.

Where the privacy laws of your jurisdiction provide rights not specifically listed above, those rights apply to the extent required by local law. To understand the full scope of rights available to you, consult your local data protection authority or applicable privacy legislation.

To exercise any of these rights, contact me using the information below. I will respond within thirty days, in accordance with applicable law.

Automated Decision-Making

Laza Remote does not engage in automated decision-making or profiling that produces legal or similarly significant effects on data subjects.

Children's Privacy

The Site is not intended for individuals under 18 years old. I do not knowingly collect personal information from minors. If you believe a minor has submitted information, contact me and I will delete it promptly.

Supervisory Authority

For concerns about your data privacy rights under Philippine law, you may file a complaint with the National Privacy Commission at https://privacy.gov.ph or [email protected].

For concerns about your data privacy rights under EU, EEA, or UK law, you may file a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at https://edpb.europa.eu. The UK Information Commissioner's Office is available at https://ico.org.uk.

For concerns about your data privacy rights under Australian law, you may file a complaint with the Office of the Australian Information Commissioner at https://www.oaic.gov.au.

For concerns about your data privacy rights under New Zealand law, you may file a complaint with the Office of the Privacy Commissioner at https://www.privacy.org.nz.

For concerns about your data privacy rights under Canadian law, you may file a complaint with the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca.

If you are located in a jurisdiction not listed above, you may file a complaint with your local data protection or privacy authority as provided under applicable law in your jurisdiction.

Contact

If you have questions about this privacy policy or how your information is handled, contact me at this email.

Patricia Adrienne Laza
Founder, Laza Remote Business Management Consultancy Services

Changes to This Policy

This privacy policy may be updated from time to time. Changes will be reflected on this page with an updated date. Where changes are material, I will make reasonable efforts to notify you directly before the changes take effect. Continued use of the website after changes are posted constitutes acceptance of the updated policy.