ICTSI respects the privacy of individuals and is fully committed to protecting sensitive and personal information in accordance with its obligations under the Philippine Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and the existing Memorandum Circulars and Advisories issued by the National Privacy Commission (NPC).

 

General Privacy Policy statements:

  1. ICTSI adheres to the general principles of transparency, legitimate purpose and proportionality in the collection, processing, securing, retention and disposal of personal information.

  2. Employees, clients, customers, or third parties whose personal information is being collected shall be considered as data subjects for purposes of these policies.

  3. The data subject shall be informed the reason or purpose of collecting and processing of personal data.

  4. The data subject shall have the right to correct the information especially in cases of erroneous or outdated data, and to object to collection of personal information within the bounds allowed by privacy laws.

  5. The data subject has the right to file a complaint in case of breach or unauthorized access of his personal information.

  6. ICTSI shall secure the personal information of employees and third parties from whom personal information is collected and shall take adequate measures to secure both physical and digital copies of the information.

  7. ICTSI shall ensure that personal information is collected and processed only by authorized personnel for legitimate purposes of the Organization.

  8. Any information that is declared obsolete based on the internal privacy and retention procedures of the Organization shall be disposed of in a secure and legal manner.

  9. Any suspected or actual breach of the ICTSI Data Privacy Policy must be reported to the DPO or any member of the DPA Working Group.

  10. Data subjects may inquire or request for information from the DPA Working Group, regarding any matter relating to the processing of their personal data under the custody of ICTSI, including the data privacy and security policies implemented to ensure the protection of their personal data.

 

ICTSI recognizes the importance of the rights of a Data Subject under the DPA as follows:

  1. Right to be Informed whether personal data pertaining to him shall be, are being, or have been processed

  2. Right to Object to the processing of his personal information given and an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied.

  3. Right to Access, upon demand, the contents of his personal data that were processed, sources from which personal data were obtained, names and addresses of recipients of the personal data, manner by which such data were processed, reasons for the disclosure of the personal data to recipients, if any among others.

  4. Right to Rectification in order to dispute the inaccuracy or error in the personal data and to have it corrected immediately

  5. Right to Erasure or Blocking of his personal data from the filing system

  6. Right to Damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data

  7. Transmissibility of Rights to the lawful heirs and assigns of the data subject

  8. Right to Data Portability or the capability to move data from one platform or service to another

 

Collection of Personal Information

In collecting your personal information, ICTSI ensures that the data subject is aware of the nature, purpose, and extent of the processing of his personal information.  The processing of information shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose.

Personal Information refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

In the performance of our services, or as part of our transactions and dealings, we process and collect the following personal information which may include, but not limited to:

  1. Name, marital status, Tax Identification Number, age, address, education, profession, business experience, business affiliation, family affiliation and any information from which identity of an individual is apparent or can be reasonably and directly ascertained, whether recorded in material form or not, such as CCTV footages and other visual recordings as part of our transactions with you.

  2. Employment history, résumé and pictures sent with it, compensation and benefits, educational background, organizational affiliation, gender, date of birth, religion, ethnicity, civil status citizenship, physical medical history, past criminal and/or administrative records, government issued identifying information such as Pag-IBIG, SSS, TIN, PhilHealth, Professional IDs, Passport, and Birth Certificates, payroll information of job applicants and current employees.

  3. Company information, performance, history, and financial and capital, during vendor accreditation to engage in business transactions with us.

  4. Information you provide us when you visit or use our company website and other mobile and online applications and any information you submit to our sales or customer relations agents for update of your records or information.

 

Use of Personal Information

The Processing of Personal Information is for purposes of: 

  1. Identification in company records and corporate housekeeping;

  2. Corporate transactions and business operations;

  3. Compliance with the requirements, including reportorial obligations to, of the Security and Exchange Commission (SEC), the Philippine Stock Exchange (PSE), Bureau of Internal Revenue (BIR), relevant local government units, and other appropriate government agencies or offices; 

  4. Maintenance of security within and around the premises

  5. Compliance with legal processes or lawful orders of judicial and quasi-judicial bodies, or any other government agencies and instrumentalities; and

  6. Any other legitimate business activities of ICTSI.

 

Sharing of Personal Information

ICTSI may share or disclose Personal Information of Data Subjects to:

  1. The SEC, PSE, BIR, relevant local government units, and other appropriate government agencies or offices and other competent authorities which by law, rules or regulations require us to disclose the personal information;

  2. Any judicial and quasi-judicial bodies or government agencies pursuant to a lawful order;

  3. Any agent, contractor, consultant, adviser, auditor, underwriters or any service provider ICTSI engages to carry out legitimate business activities or services who ensures the confidentiality and adheres to the provisions of the DPA;

  4. Our employees or other personnel handling your transactions and requests.

 

Retention and Security of Personal Information

Personal Information collected shall be retained as long as necessary in order to:

  1. Fulfill the declared, specified, and legitimate purposes provided above, or when the processing relevant to the purpose has been completed or terminated;

  2. Exercise or defend legal claims; 

  3. Comply with laws, regulations, or lawful court order.

Thereafter, your personal data shall be disposed of or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public.

ICTSI ensures the integrity and confidentiality of your personal information by providing suitable and adequate organizational, physical and technical security measures, policies and procedures intended to reduce the risks of accidental destruction or loss, or the unauthorized disclosure or access to such information.  Physical access to the servers and network equipment is highly restricted to authorized personnel only. Various security appliances and devices are employed to safeguard the ICTSI’s network and its systems.

 

Policy Update

The Data Privacy Policy shall be updated periodically to comply with applicable laws, rules, and regulations and to further improve the security procedures in the processing of Personal Information.  

For any report or concern regarding the Data Privacy Policy, you may  contact our Data Protection Officer at:

  • Postal Address: ICTSI 2/F Administration Building MICT Compound, Port Area Manila, Philippines 1012

  • Email address: [email protected]

  • Telephone: +63 (917) PRIVACY