Data Privacy Statement

REBAP Makati, Inc. (hereinafter referred to as “RMC”, the “Organization”, “Us”, “Our”, and “We”) have a strong commitment to provide protection of our data subjects’ (buyers, brokers, applicants/employees, contractors, suppliers and website users) personal data from any breaches or unauthorized use of personal data in compliance with the Data Privacy Act of 2012 or otherwise known as Republic Act (R.A.) 10173 as governed by the National Privacy Commission (NPC).

To ensure you can make informed decisions and feel confident about supplying your personal data with us, we are providing you this Data Privacy Statement outlining our data collection, usage, retention, disclosure and disposal practices and your rights as “Data Subjects”, as defined by the Act.

The term “personal data” refers to any personal information that can be used to identify you as an individual, such as your name, contact details, age, gender, government-issued identification, financial information, and other personal information as defined by the Act.

This statement applies to all data subjects whose personal data are collected and processed by RMC. It explains:

 

    1.  How do we collect your Personal Data?
    2.  How do we use information about you?
    3.  How do we transfer information about you?
    4.  How do we store and dispose information about you?
    5.  Your rights as a data subject
    6.  Notifications in case of breach of information
    7.  Compliance with data privacy clauses on contracts
    8.  Updates to our Privacy Policy
    9.  Where do you go for further information?

1.  HOW DO WE COLLECT YOUR PERSONAL DATA?

1.1  The Organization gathers different personal data from you. The amount and type of personal data collected varies with the purpose of such data. It may include, but is not limited to, the following:

            • Personal characteristics such as name, age, gender (sex), birth date, birth place, citizenship, nationality, height, weight, marital status, photographs, signature and biometric information;
            • White page information such as addresses (permanent, present and provincial), telephone and mobile number, email address, sketch of residence, and business contact information (business address, number, email and personal assistant contact information);
            • Educational background including schools attended and years graduated, licenses, professional memberships, honors or awards received, and trainings attended;
            • Professional and employment information such as occupation/title, job description/roles, income or other compensation, employer name, employment status, character/professional references, real estate affiliation and experience;
            • Health related information like medical results, family history, allergies, and medications taken among others;
            • Financial information, specifically bank account number, card number and cardholder name;
            • Family related information or information about your parents, spouse and children;
            • Sensitive personal information like government-issued identification, religious beliefs, administrative offenses, criminal records and background checks;
            • Information obtained through cookies when you visit and use our website; and,
            • Other information such as types of services provided and product types purchased, leased or returned.

Please note that when you share with us the personal data of another person—like your character references, spouse and dependents—you guarantee that their consent has been obtained for the processing of their personal information in line with this Statement.

Depending on the urgency for fulfillment of such purpose, the Organization may employ different means to gather your personal data including but not limited to:

            • Email
            • Web-based platforms (e.g. Organization’s website, social networking sites, etc.)
            • Telephone calls
            • Fax
            • Forms (both for internal and external purposes)
            • Logbooks
            • CCTV cameras

 

The ways stated above are the general means that the Organization uses to collect your personal data. We may seek for your data via other means as necessary for processing and for as long as it does not breach the principles set by the Data Privacy Act of 2012.

1.2 You have the option to choose which personal information you are comfortable to share with us. However, if you choose not to provide the personal information that we need or that are mandatory, we may not be able to process the requested services or complete your transaction.

2.  HOW DO WE USE INFORMATION ABOUT YOU?

2.1  Purpose of data collection includes, but not limited to, the following:

(For members)

            • To facilitate an applicant’s initial screening process including examination, interview and
              background checks;
            • To facilitate preparation contracts and notification of new members;
            • To facilitate new member orientation activities, government reporting (e.g., TIN, SSS, PhilHealth, and HDMF), payroll processing, Organization ID preparation, site orientation, and update of member information;
            • To manage member benefits and entitlements;

            • To arrange travel, visa and transit booking for official business travel

            • To monitor and evaluate performance and conduct;
            • To facilitate time-keeping activities such as attendance on seminars and trainings for brokers and sales persons, overtime, leaves, and official business trips, and verification of Daily Time Record (DTR);
            • To facilitate the deployment and use of IT resources and communication tools within RMC; To employ security and membership authentication;
            • To facilitate and monitor participation in employee programs such as membership meeting, birthday greetings and monthly reporting;
            • To manage Organization library and telephone directory;
            • To process computer operations activities such as managing user accounts/access, processing program change and troubleshooting requests;
            • To process in connection with your roles and responsibilities as an employee, member or trustee;
            • To conduct human resources research, planning, statistical analysis, policy development and reporting across RMC; and,
            • To process member separation activities.
            • To conduct financing activities (e.g., payment of membership dues, insurance and the likes);

(For clients)

            • To process and provide customer-related support services;
            • To identify profitable market segment through statistical analysis.

(For suppliers)

            • To facilitate vendor accreditation;

            • To maintain a master file of suppliers which is used as a reference for purchase order details;

            • To process RMC’s materials/supply requirements;

            • To record receipt, movement, and usage of inventory; and,

            • To facilitate billing and preparation of required tax forms.

(Other general purposes of data collection)

            • To help provide safety and security in our premises; and,
            • To conduct operational, compliance and financial audits.

3.  HOW DO WE TRANSFER DATA ABOUT YOU?

3.1  Your information may be shared through email or by any other means available to any of our authorized personnel across all properties of REBAP Makati Chapter, Inc. , and to third parties, if deemed necessary to complete your transaction/s with us. A data sharing agreement shall cover any transfer of data between and among RMC and/or those third parties.

3.2  We may disclose your information to law enforcement, regulatory and other government agencies and to professional bodies and other third parties, as required by and/or in accordance with applicable laws or regulations. This may include disclosures outside the country, if necessary. As part of our commitment to protect your personal data, we will review and use your information to determine whether disclosure is required or permitted.

3.3  The Organization ensures that Personal Data shared through email or by any other means available are protected based on the standards set by the law in order to mitigate the risk of data breaches. We ensure you that our employees are properly trained and informed on their responsibilities, particularly in sharing your personal information.

4.  HOW DO WE STORE AND DISPOSE INFORMATION ABOUT YOU?

4.1  We may retain your personal data in various forms such as paper file or electronic file. Only authorized personnel and yourself are allowed to access your personal data for privacy and security purposes. All of your personal data collected and documented in various official REBAP Makati Chapter, Inc. Forms/Templates will be filed by the designated custodians in a secured location for the protection of your personal information. On the other hand, personal information in electronic forms will be retained in our computer systems which we have employed with information security controls.

4.2  We will keep your personal information for as long as required by laws or regulations, and/or as it is needed for a relevant purpose as described in this Statement. Personal data shall not be retained in perpetuity in contemplation of a possible future use yet to be determined.

4.3  After such, the Organization is no longer responsible to keep and provide you with your personal data/documents. As authorized, our designated custodian will purge your personal information through shredding of paper files and/or deletion of electronic files in our computer system, or in any other manner which would prevent further processing of your personal data.

5.  YOUR RIGHTS AS A DATA SUBJECT

The Organization acknowledges your rights as data subjects. Thus, you are entitled to perform any of the following:

a) Request a copy of or access to your information. The Organization will provide your request in a commonly portable format (e.g., printed copy of any soft copy files you have requested, or a photocopy of the document).

However, the Organization is not generally required to undertake endless and disproportionate searches for information in order to respond to a request and the Organization may refuse to your request if:

− The relevant personal data is not in the Organization’s possession or control;
− The request is identical or very similar to the one you have recently requested;
− The request is obviously unfounded; and
− Harm would arise or likely to arise from disclosure, for example, if disclosure would be likely to
prejudice a criminal investigation or someone’s commercial interests.

In case your request is declined, we will provide you a formal notification indicating its grounds.

b) Request for the correction/rectification or deletion of your information, provided that the information is/are not necessary for compliance with a regulatory obligation and it is not necessary to establish, exercise or defend legal claims.

c) Object/Restrict processing of your information, provided that personal data requested for restriction is not necessary for compliance with a regulatory obligation and it is not necessary to establish, exercise or defend legal claims. This right may be exercised upon discovery and substantial proof that personal data was obtained or processed unlawfully.

d) File a complaint with the National Privacy Commission (NPC) and be indemnified for damages if any of the DPA provisions regarding security of your personal data, including your rights as data subjects, are violated.

For further knowledge and reference about your rights as data subjects and how can you exercise them, you may visit NPC’s official website at https://privacy.gov.ph/.

6.  NOTIFICATION IN CASE OF BREACH

In the event your Personal Data is breached, we are prepared to follow any laws and regulations which would require us to notify you of such breach including the quality of information affected.

7.  COMPLIANCE WITH DATA PRIVACY CLAUSES ON CONTRACTS

You are expected to comply with security related and privacy clauses that need to be executed as part of our standard terms of business and/or contract(s).

8.  UPDATES TO OUR PRIVACY POLICY

We may amend our Privacy Policy including this statement from time to time and the updated version shall apply and supersede any and all previous versions. We will inform you through our standard means of communication to keep you up to-date of the changes in our Privacy Policy.

9.  WHERE DO YOU GO FOR FURTHER INFORMATION?

If you have other questions or clarifications further to this statement, you may contact our Data Protection Officer at info@uhl.dcf.myftpupload.com or at (0917) 142-0080.