updated 06 July 2021
As part of the Company’s dealings with the Data Subject, the Company may collect Personal Data relating to a Data Subject, including, but not limited to, the Data Subject’s:
The Company collects, processes, and stores Personal Data relevant to the products and services provided by the Company, when:
The Company shall collect, process, and store the Data Subject’s Personal Data primarily to carry out its obligations under any agreement with the Data Subject for purposes of system registration, client registration, sales, payment and delivery transactions, search of accounts, verification of transactions, assessments, research, sales reports, and other purposes incidental to the Company’s business, including for the purpose of automated processing, profiling, and direct marketing, within the limits provided by laws. It may also be used:
Processing refers to any operation or any set of operations performed upon Personal Data including, but not limited to, the collection, recording, organization, storing, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data, and outsourcing of these activities. Processing may be performed through automated means, or manual processing, if the Personal Data are contained or are intended to be contained in a system.
Profiling refers to any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects containing that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
At all times, the Data Subject’s Personal Data shall not be used or processed for any purpose that is contrary to law, morals, or public policy.
As Company policy, the Company does not share or disclose Personal Data to any third party except in limited circumstances as indicated hereunder.
In the course of collection and processing of Personal Data, the Company may use a server, cloud storage, or database hosted and maintained by the Company’s foreign principal or any of its authorized representatives located in Moscow, Russia. The Company undertakes to take reasonable steps before any Personal Data is shared or transferred to an overseas recipient to ensure that the receiver shall not breach any privacy law in relation to such Personal Data.
To maintain the integrity and confidentiality of the Data Subject’s Personal Data, the Company put in place organizational, physical, technical, administrative, and procedural security measures to protect Personal Data, such as:
The Company retains the Data Subject’s personal data and documents containing personal data:
The Company shall retain Personal Data in its system and any other database for up to a period of ten (10) years from the time: a) the Data Subject’s account has become inactive, or b) the Data Subject last used his account or otherwise transacted with, or given information to, the Company, or c) until the expiration of the retention limits set by Applicable Law, whichever comes later.
Data collected will be retained in accordance with the retention limit set by the Company’s standards, industry standards, and existing laws and regulations, unless the Data Subject requests his/her Personal Data to be deleted in the Company’s database subject to limitations of the DPA.
Thereafter, the Data Subject’s Personal Data shall be disposed or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public.
The Company recognizes and respects that data subject’s right to be informed, right to access, right to object, right to erasure or blocking, right to damages, right to rectify, right to data portability and transmissibility, and right to file a complaint under the Data Privacy Act of 2012.
The Data Subject is encouraged to contact the Company’s Data Protection Officer should the Data Subject feel that his/her privacy rights have been violated.
In case of data breach, the Company shall notify the National Privacy Commission and the Data Subject/s within seventy-two (72) hours from knowledge of the Personal Data breach, based on available information.
A follow-up report to the National Privacy Commission shall be submitted within five (5) days from knowledge of the breach, unless allowed a longer period by the Commission.
The Company’s website may provide links to other websites, which may operate independently from the Company. Linked sites have their own privacy notices or policies. The Company is not responsible for websites that are not owned or operated by the Company, and it is not responsible for the linked sites’ content, any use of the sites, or the privacy practices thereof.
DHSUD LS No. 129
Completion: 30 September 2024
DHSUD NCR AA 2021/03-2856