Data Privacy Policy

updated 06 July 2021

Privacy Statement

HRDP Group Corporation (“HGC”), its parent company, subsidiaries, and affiliates, together with their employees, agents, or authorized representatives (the “Company’’) highly value the confidentiality of an individual’s Personal Data. Thus, the Company is committed to respecting an individual’s privacy and safeguarding the latter’s personal, sensitive, and privileged information (the “Personal Data”) in compliance with the Data Privacy Act of 2012, its Implementing Rules and Regulations, other issuances of the National Privacy Commission and other relevant laws of the Philippines (collectively, the “DPA”), and the Company’s Data Privacy Policy. The Company highly regards Personal Data such that it will only be used for its intended purpose (or as may be required by existing national and local laws, rules and regulations), kept within the agreed period, and protected against data privacy breach.

This Data Privacy Policy aims to provide information on how the Company collects, processes, uses, stores, manages, and secures Personal Data.

Collection of Personal Data

The Company will be collecting, processing, using, maintaining and/or sharing Personal Data submitted by an individual about one’s self (the “Data Subject”) within the limits provided by Philippine laws. This Data Privacy Policy shall apply to Personal Data the Company collects and processes on all of its available online and offline products or services.

Data Collected

As part of the Company’s dealings with the Data Subject, the Company may collect Personal Data relating to a Data Subject, including, but not limited to, the Data Subject’s:

1. Name, gender, civil status, citizenship, date of birth, address, telephone or mobile numbers, email address, office and mailing address, proof of identification, call and visual recordings, and any other information voluntarily provided as a result of Data Subject’s dealings, transactions, or interaction with the Company, whether online or offline;
2. Credit information relating to the Data Subject’s financial situation and/or creditworthiness, such as, but not limited to his/her employment status, when availing of the Company’s products and services;
3. Employment history, educational background, resume, and income information when applying for a job with the Company;
4. Information about a Data Subject’s visit and/or use of the Company’s digital platform/s, website, mobile application, and those of similar character, including but not limited to traffic data, web logs, social media profile information, IP addresses, or other communication data, resources accessed, browsing behavior within and throughout the Company’s digital assets, and session lengths that are collected by the Company’s website analytics tools and cookies that may be placed on the Data Subject’s computer;
5. Social media behavior when a Data Subject tags, mentions, or posts of any development or project of the Company publicly on any social media platform; and
6. Work-related information of the Data Subject regarding his/her company, i.e. his/her employment, business, ownership, and participation, if s/he applies for vendor accreditation.

Method of Collection

The Company collects, processes, and stores Personal Data relevant to the products and services provided by the Company, when:

1. The Data Subject registers interest or participates in and/or purchases or avails of any of the Company’s products, services, promos, meetings, gatherings, activities, and events;
2. The Data Subject contacts, communicates, transacts or interacts with, any of the Company’s authorized representatives, sales or customer care agents, or reservation officers and specialists through email, phone, video call, conference call, chat services, or face-to-face meetings, which may, where appropriate, also be collected in a call recording;
3. The Data Subject subscribes to any documentation of the Company’s products or services, or otherwise submits information through manual forms, and online forms on the Company’s digital assets (i.e., websites, mobile applications), or contact the Company through any of its social media accounts (i.e., Facebook, Twitter, Instagram, LinkedIn, etc.);
4. The Data Subject registers, maintains, or uses the Company’s digital platforms;
5. The Data Subject provides Personal Data to the Company in relation to inquiries, requests, and complaints or requests information in any form;
6. The Data Subject responds to surveys, promotions, and other marketing and sales initiatives of the Company;
7. The Data Subject visits any of the Company’s premises with CCTV surveillance camera/s which are used for safety and security of persons;
8. The Data Subject submits a job application to the Company;
9. The Data Subject was referred by any third party or business associate of the Company; and
10. The Data Subject submits Personal Data to the Company for any other reason.

Personal Data of Another Person

Should the Data Subject disclose the personal data of another person, the former attests, and it is presumed, that express consent has been obtained from such third person to disclose and transfer his/her personal data to, and be processed by, the Company in accordance with the Company’s Data Privacy Policy.

Cookie Policy

The Company uses cookies to enhance user experience of its website. The web application can customize its operations to the Data Subject’s needs, likes, and dislikes by gathering and remembering information about the Data subject’s preferences. Likewise, the Company collects information about the Data Subject’s electronic gadget or computer, including his/her internet address, operating system, browser type, browsing behavior, and browsing history. The internet address is generally used to help identify and gather statistical or demographic information about a website’s users. Sometimes, it is used for internal system administration to help diagnose problems with servers, to administer a website, and improve customer or user experience. The Company may use the Data Subject’s browsing behavior to develop promotional offers, products, and services that the Company feels are beneficial to the Data Subject.

Most web browsers automatically accept cookies, but the Data Subject may, nonetheless, disable the use of cookies on his/her browser at any time; however, doing so may prevent the Data Subject from taking full advantage of the website, cause some delay in web browsing, or disable features that make the Data Subject’s site experience more efficient.

Use and Processing of Personal Data

The Company shall collect, process, and store the Data Subject’s Personal Data primarily to carry out its obligations under any agreement with the Data Subject for purposes of system registration, client registration, sales, payment and delivery transactions, search of accounts, verification of transactions, assessments, research, sales reports, and other purposes incidental to the Company’s business, including for the purpose of automated processing, profiling, and direct marketing, within the limits provided by laws. It may also be used:

1. To process the products and services that the Data Subject has availed from the Company, prepare the necessary sales documentation and any other documentation as may be requested and perform financial processes related to the sale, such as the set-up of down payment, amortization, and financing, and performing other actions necessary or desirable in the implementation of the contract between the Data Subject and the Company;
2. To enhance client experience by showing or delivering products or services that match the Data Subject’s wants or needs;
3. To provide customer support, better venues for communication, and respond immediately to the Data Subject’s needs, requests, queries and complaints;
4. To communicate the Company’s latest projects, products, services, promos, and events, through direct marketing, by sending promotions, proposals, newsletters, marketing materials, and other commercial and promotional advertisements and notifications through email marketing, calls, or other mobile device marketing push messages; and in each case, the Data Subject may opt-out of such messages at any time;
5. To process Personal Data for the Company’s statistical, analytical, profiling, and research purposes;
6. To process the Data Subject’s application and conduct other due diligence and background checks and pre-employment interviews;
7. To comply with the requirements of the law, rule or regulation, and all legal proceedings, prevent imminent harm to the general public, and ensure public security, safety, and order; and
8. Any other purpose relating to any of the above.

Processing refers to any operation or any set of operations performed upon Personal Data including, but not limited to, the collection, recording, organization, storing, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data, and outsourcing of these activities. Processing may be performed through automated means, or manual processing, if the Personal Data are contained or are intended to be contained in a system.

Profiling refers to any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects containing that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

At all times, the Data Subject’s Personal Data shall not be used or processed for any purpose that is contrary to law, morals, or public policy.

Sharing of Personal Data

As Company policy, the Company does not share or disclose Personal Data to any third party except in limited circumstances as indicated hereunder.

To enable the Company to provide the Data Subject with personalized services and, to such extent necessary, for the purpose of system maintenance, merchant registration, sales, payment and delivery transactions, credit assessment, taxation, appraisals, search of accounts, verification of transactions, performance evaluations, administrative or corporate record-keeping, direct marketing, marketing research, due diligence checks, and/or for the proper execution of processes related to the declared purposes in this Data Privacy Policy, the Company may, depending on the product and service concerned and purpose set out herein, share personal data to:

1. HRDP Group Corporation, its parent company, affiliates, and/or subsidiaries, joint venture and business partners, and their employees, officers, or other personnel handling the Data Subject’s transactions, orders or requests;
2. The Company’s accredited third-party partner companies, organizations, agencies, or business entities that act as the Company’s contractors, including their respective sub-contractors, service providers, or business partners;
3. Banks, insurers, auditors, lawyers, or professional advisers in connection with due diligence, background checks, loan assistance, review, approval, and/or documentation of the Data Subject’s transaction;
4. Any third-party service provider performing financial, administrative, marketing, sales, technical and other ancillary services, including but not limited to, real estate agents, salespersons, vendors, suppliers, consultants, marketing partners, IT and other service providers who need access to such information to carry out work on behalf of the Company;
5. The buyer or prospective buyer of any business or asset that the Company is contemplating to sell;
6. Any person or entity the Company contractually entered with and who ensures the confidentiality standard the Company implements and adheres to the DPA;
7. Government institutions and other competent authorities which by law, rules or regulations require the Company to disclose the Data Subject’s Personal Data; and
8. Any person in order to carry out functions of public authority and for collection and further processing pertaining to law enforcement, taxation or other regulatory function.

Storage and Protection of Personal Data

In the course of collection and processing of Personal Data, the Company may use a server, cloud storage, or database hosted and maintained by the Company’s foreign principal or any of its authorized representatives located in Moscow, Russia. The Company undertakes to take reasonable steps before any Personal Data is shared or transferred to an overseas recipient to ensure that the receiver shall not breach any privacy law in relation to such Personal Data.

To maintain the integrity and confidentiality of the Data Subject’s Personal Data, the Company put in place organizational, physical, technical, administrative, and procedural security measures to protect Personal Data, such as:

1. Use of secured servers, firewalls, encryptions, and other latest security tools;
2. Providing limited access to Personal Data to qualified and duly authorized processors;
3. Ensuring that all transfers are made after complying with the established confidentiality policies and practices in place; and
4. Maintaining a secured server operating environment by performing regular security patch update and server hardening.

Retention and Removal of Personal Data

The Company retains the Data Subject’s personal data and documents containing personal data:

1. To the extent necessary in keeping track of the Data Subject’s account, engagements, transactions, or records;
2. To the extent required by or pursuant to a contract between the Company and the Data Subject and until the time limit for claims arising from the transaction has expired; and
3. For statistical, research, and other purpose specifically authorized by law;

The Company shall retain Personal Data in its system and any other database for up to a period of ten (10) years from the time: a) the Data Subject’s account has become inactive, or b) the Data Subject last used his account or otherwise transacted with, or given information to, the Company, or c) until the expiration of the retention limits set by Applicable Law, whichever comes later.

Data collected will be retained in accordance with the retention limit set by the Company’s standards, industry standards, and existing laws and regulations, unless the Data Subject requests his/her Personal Data to be deleted in the Company’s database subject to limitations of the DPA.

Thereafter, the Data Subject’s Personal Data shall be disposed or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public.

Rights of Data Subject

The Company recognizes and respects that data subject’s right to be informed, right to access, right to object, right to erasure or blocking, right to damages, right to rectify, right to data portability and transmissibility, and right to file a complaint under the Data Privacy Act of 2012.

The Data Subject is encouraged to contact the Company’s Data Protection Officer should the Data Subject feel that his/her privacy rights have been violated.

Data Breach

In case of data breach, the Company shall notify the National Privacy Commission and the Data Subject/s within seventy-two (72) hours from knowledge of the Personal Data breach, based on available information.

A follow-up report to the National Privacy Commission shall be submitted within five (5) days from knowledge of the breach, unless allowed a longer period by the Commission.

Data Protection Officer

For comments, concerns, feedback, or requests relating to this Data Privacy Policy on the use, collection, and processing of Personal Data, the Data Subject may reach the Company’s Data Protection Officer at:

Third Party Websites

The Company’s website may provide links to other websites, which may operate independently from the Company. Linked sites have their own privacy notices or policies. The Company is not responsible for websites that are not owned or operated by the Company, and it is not responsible for the linked sites’ content, any use of the sites, or the privacy practices thereof.

If a Data Subject has accessed the Company’s online services through a link from its advertising or marketing partners, the Personal Data that the Data Subject provides to the Company through these web pages is also collected, used, and processed by the Company in accordance with this Data Privacy Policy.

Amendments to the Privacy Policy

The Company reserves the right to amend or update the Company’s Data Privacy Policy and any of its privacy practices at any time. Any update will be posted on the Company’s official website/s with a date stamp and such changes will be effective immediately and without further notice. Where appropriate, the Company may notify the user and/or Data Subject directly of changes to the Data Privacy Policy either through email or a prominent notice on the Company’s website.

It is highly suggested that the Data Subject visit the web page from time to time to keep himself/herself apprised of any updates on the Company’s Data Privacy Policy.

Consent to the Privacy Policy

By agreeing to this Data Privacy Policy, or entering into a contract or agreement with the Company, or using any of the Company’s websites or online platforms, or communicating, transacting, or interacting with the Company or its authorized representatives through any mode of communication, or otherwise providing the Company with any Personal Data, manually or electronically, the Data Subject confirms that he/she has read the Company’s Data Privacy Policy and explicitly, voluntarily, and unambiguously consents to the collection, processing, storage, use, data sharing, and disclosure of his/her personal, sensitive and privileged information by the Company in the manner and for the purpose(s) described herein.