DATA PRIVACY CONSENT STATEMENT
Introduction:
First Multi-Tech Industrial and Development Corporation, including its affiliates and subsidiaries (the “Company”) values the confidentiality of personal data. This document details how the Company uses and protects personal data for the purpose of obtaining the consent of data subjects, in accordance with the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), other issuances of the National Privacy Commission (NPC) and other relevant laws of the Philippines.
As a valuable clients, suppliers and contractors, you are considered a data subject. Please read this document carefully to ensure informed consent.
What is Personal Data?
Personal data refers to all types of:
1. Personal information – “any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;”
2. Sensitive personal information – “personal information about an individual’s race, ethnic origin, marital status, age, color, religious, philosophical/political affiliations, health, education genetic or sexual life, legal proceedings, government issued identifiers and other information specifically established by an executive order or an act of congress to be kept classified;” and
3. Privileged information – “any and all forms of information which, under the Rules of Court and other pertinent laws, constitute privileged communication, such as, but not limited to, information which a person authorized to practice medicine, surgery or obstetrics may have acquired in attending to a patient in a professional capacity.”
Company Purposes for the collected personal data?
The Company collects, uses, processes, stores and retains personal data when reasonable and necessary to perform its business operations and processes effectively, safely and efficiently and in accordance with corporate policies and for the following reasons:
-
·
Process your transaction(s) whenever you avail our products and services;
-
·
Address your inquiries, concerns or complaints;
-
·
Comply with laws and regulations governing our products and services;
- Inform you about our new product/services offerings and promotions.
Personal Information that the Company collect and process
To process general inquiries, concerns about our product and services we collect:
-
·
Your Full Name
-
·
Your Present Address
-
·
Company Name
-
·
Your E-mail Address
-
·
Your Contact Numbers
To process collections and payment transactions we process and collect;
How does the Company collect, acquire, or generate personal data?
Personal Information will be collected by our company authorized employees or representatives via the forms we required you to fill up and documents you submit to us like (direct payment forms, accreditations application forms and requirements) and, as well as the use of CCTV recording around when you visited our premises.
How does the Company ensure that personal data is accurate and up-to-date?
Data subjects are primarily responsible for ensuring that all personal data submitted are accurate, complete and up-to-date. From time to time, the Company requests updated data; it is important that subjects cooperate and provide the same.
The Company takes reasonable steps to make sure that the personal data it collects, generates, uses or discloses are accurate, complete, and up-to-date.
With whom may the Company share personal data?
We may also share your Personal Information with our accredited third party personal information processor such as clients , contractors or service providers, vendors and financial institutions and to our affiliate companies (for commercial or business purposes including direct marketing or profiling).
Such data sharing shall be done in a manner compliant with the Data Privacy Act 2012. Your Personal Information may also be processed electronically and/or manually.
How does the Company protect personal data?
The Company strictly enforces its Privacy Policy. It has implemented technological, organizational and physical security measures to protect personal data from loss, misuse, unauthorized modification, unauthorized or accidental access or disclosure, alteration or destruction. The Company uses safeguards such as the following:
▪ Use of secured servers and firewalls, encryption on computing devices;
▪ Restricted access only for qualified and authorized personnel; and
▪ Strict implementation of information security policies.
Where and how long does the Company keep personal data?
The Company will retain Personal information related to transactions for a minimum of ten (10) years to comply with applicable laws. Personal Information collected from inquiries, complaints/concerns or during events will be retained for two (2) years.
The data subject can also request personal data to be deleted from the Company’s systems, database and hard copies within a reasonable requested date.
Rights of the Data Subject under the Data Privacy Act.
1.
Right to be informed of the collection and processing of your personal data, the purpose of which they will be processed.
2.
Right to object to the processing of your personal data. You will be given an option or opportunity to withhold your consent to the processing of your personal data.
3.
Right to have reasonable access to your personal data by notifying our DPO.
4.
Right to rectify or correct any inaccuracy or error in your personal data by submitting your request for rectification or correction to our DPO.
5.
Right to suspend, withdraw or order the blocking, removal or destruction of your personal data in accordance with the requirements of the Data Privacy Act and by notifying the DPO.
6.
Right to obtain a copy of your data in an electronic or structured format if the same is processed by electronic means and in structured and commonly used format by submitting your request to our DPO.
7.
Right to be indemnified if you incur damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal data.
The Company’s decisions to provide access, consider requests for correction or erasure, and address objection to process personal data as it appears in the Company’s official records, are always subject to applicable and relevant laws and/or the DPA, its IRR and other issuances of the NPC.
Cookies
FMIDC uses “cookies” to store personal data on your computer. We may also link information stored on your computer in cookies with personal data about specific individuals stored on our servers. If you set up your Web browser (for example, Internet Explorer or Firefox) so that cookies are not allowed, you might not be able to use some or all of the features of our website.
Contacting Us.
If there are any questions regarding our privacy policy, you may contact our Data Protection Officer (DPO) with the following Contact Details:
Data Protection Officer
FMIDC Building, 837 Maria Clara Street, Plainview, Mandaluyong City
1550 Philippines
Tel. 063 02 635-50-41 loc. 117
Email Add: dpo@fmidc.com
Consent
You have the right to object or withhold consent to the processing of your Personal Information. However, if you choose not to provide us with the required Personal Information, we may be unable to provide you with the service requested or provided appropriate service.
Please ensure that you have completely read and understood the terms and above statement before signing in.
From time to time, it may be necessary for the Company to revise this document. Any revision made to this document shall be communicated via posting in the Company website or via email. Any changes will not be applied or will not alter how the Company handles previously collected Personal Information without obtaining your consent, unless required by law.