Grand Placement & General Services Corp. (the “Company”) values the confidentiality of personal data. This document details how the Company uses and protects personal data for the purpose of obtaining the consent of data subjects, in accordance with the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), other issuances of the National Privacy Commission (NPC) and other relevant laws of the Philippines.
Please read this document carefully to ensure informed consent.
A. What is Personal Data?
Personal data refers to all types of:
1. Personal information – “any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;”
2. Sensitive personal information – “personal information about an individual’s race, ethnic origin, marital status, age, color, religious/philosophical/political affiliations, health, education genetic or sexual life, legal proceedings, government issued identifiers and other information specifically established by an executive order or an act of congress to be kept classified;” and
3.Privileged information – “any and all forms of information which, under the Rules of Court and other pertinent laws, constitute privileged communication, such as, but not limited to, information which a person authorized to practice medicine, surgery or obstetrics may have acquired in attending to a patient in a professional capacity.”
B. Why does the Company collect personal data?
The Company collects, uses, processes, stores and retains personal data when reasonable and necessary to perform its business processes effectively, safely and efficiently and in accordance with corporate policies.
C. What type of personal data does the Company collect and generate?
The Company will collect personal data included in the resume and website forms such as name, location, contact details, and career background.
D. How does the Company collect, acquire, or generate personal data?
The Company will collect the personal data via the website.
E. How does the Company ensure that personal data is accurate and up-to-date?
Data subjects are primarily responsible for ensuring that all personal data submitted are accurate, complete and up-to-date. From time to time, the Company requests updated data; it is important that subjects cooperate and provide the same. The Company takes reasonable steps to make sure that the personal data it collects, generates, uses or discloses are accurate, complete, and up-to-date.
F. With whom may the Company share personal data?
As a general rule, the Company does not and will not share personal data with third parties except as necessary for the proper execution of processes related to a declared purpose, or the use or disclosure is reasonable necessary, required or authorized by or under law.
G. How does the Company protect personal data?
▪ Use of secured servers and firewalls, encryption on computing devices;
▪ Restricted access only for qualified and authorized personnel; and
▪ Strict implementation of information security policies.
H. Where and how long does the Company keep personal data?
The Company stores personal data in both local and off-shore facilities, such as data centers (on premise and cloud) and physical document storage facilities. Subject to applicable laws, rules and regulations, the data subject may request personal data to be deleted from the Company’s systems, databases and hard copies within a reasonable requested date.
I. What are the rights of data subjects under the Data Privacy Act?
Data subjects have the following rights:
▪ Right to be informed;
▪ Right to object;
▪ Right to access;
▪ Right to rectify or correct erroneous data;
▪ Right to erase or block;
▪ Right to secure data portability;
▪ Right to indemnified for damages; and
▪ Right to file a complaint.
The Company’s decisions to provide access, consider requests for correction or erasure, and address objection to process personal data as it appears in the Company’s official records, are always subject to applicable and relevant laws and/or the DPA, its IRR and other issuances of the NPC.