Privacy Notice
The “Company,” “We”, is committed to protecting the privacy and security of all personal and/or sensitive information (the “Personal Data”) related to its employees, customers, business partners, suppliers, contractors, and other parties that the Company will and is engaged into. For this reason, uniform practice and procedure for collecting, recording, consolidating, updating, disclosing, storing, accessing, transferring, retaining, destroying, and disposing of Personal Data by the Company is hereby adopted in order to process Personal Data fairly, appropriately, and lawfully.
As your potential employer, it is necessary for the Company to collect and process your personal data for the purposes stated in this notice. This Data Privacy Notice will inform you on how we process and protect your personal information. This Privacy Notice sets out how the Company uses, protects, and controls any Personal Data that you will provide on the Company’s Google application form. This notice may change from time to time by updating it in accordance with subsequent Laws and Implementing Rules and Regulations.
I. What personal information do we collect?
With your informed consent, we collect the following personal data in the link provided: We use your personal data only where required for specific purposes. The list of purposes for the collection of your personal data are outlined in the table below.
| Category of Personal Data | Specific Personal Data Collected | Purpose |
|---|---|---|
| 1. Personal Details | First Name, Last Name and Address. | For proper identification. |
| 2. Contact Details | E-mail Address and Contact Number. | Facilitating communication. |
| 3. Qualification History (credentials) | In addition to the personal details listed above, the organization also collects personal details for recruitment/employment purposes and as applicable, such as educational information, professional or employment-related information, memberships and certifications. | To assess suitability on the position applied or to other positions that could be satisfied by the qualifications submitted. |
| 4. Personal Data captured in the CV or resume submitted | Such as name, contact number of character references, signature, nationality and photographs. | For further verification of qualifications. |
| 5. Documentation required under immigration laws. | The organization may collect data on citizenship and details of residency or work permit (a physical copy and/or an electronic copy). | To assess the requirements based on current immigration status and/or work permits of the applicant. |
| 6. Talent management information. | Information generated by your participation in psychological, technical or behavioral assessments. Sample works such as but not limited to writings, modules, artworks. | To assess suitability on the position applied or to other positions that could be satisfied by the qualifications submitted. |
| 7. Information generated by us during recruitment | Information generated by interviewers and recruiters related to you, based on their interactions with you or basic Internet searches allowed under applicable law. | To assess suitability on the position applied or to other positions that could be satisfied by the qualifications submitted. |
| 8. Log-in and log-out records | As may be applicable, records of entry and exit in our facilities such as parking and building offices in paper or electronic format. | To monitor the ingress and egress within company premises to maintain and ensure security. The retention is subject to the declared need of our security and facilities group. |
II. What about sensitive personal data?
We rely on your prior express consent for any processing which is voluntary (e.g., for marketing purposes). If we process your sensitive personal data for other purposes, we rely on the following legal bases: (i) detection and prevention of crime (including the prevention of fraud); (ii) establishment, exercise, or defense of legal claims; and (iii) compliance with applicable law.
III. How do we collect your personal data? (“Manner of Collection of Personal Data”)
We shall directly collect your personal data through any communications and documents submitted to us including the accomplished google form and submitted CV/resume. We may also confirm information provided to us from your references such as previous employers, educational institutions, associations, family members.
IV. Do we share your information with third parties? (“Disclosure of Personal Data to Third Parties”)
As a global organization, we may share your information with employees of ADEC INNOVATIONS and third party-stakeholders of our company, but only to the extent necessary to address your inquiry or concerns. Such third party-stakeholders may be located in other countries.
Before we do so, we shall take the necessary steps to secure your prior consent and ensure that your personal data will be given adequate protection as required by relevant data privacy laws in the Philippines and in the territory of the third party, as well as in accordance with ADEC INNOVATIONS’s internal policies.
We also share your information through our third-party cloud service provider, where your personal data are stored in accordance with our instructions as Personal Information Controller (PIC) and within the retention limits set by our company. (see Part V- Storage and Transmission of Personal Data and Part VI – Retention of Personal Data of this Privacy Policy)
V. How do you store and transmit personal information? (“Storage and Transmission of Personal Data”)
A. Storage
- We use a third-party cloud-based platform to store the personal data collected.
- A unique account is registered through the platform, which is administered by our designated authorized officers. This unique account is secured through a username and password known only to the authorized officers.
- In addition to the storage in the third-party cloud-based platform, we store in an encrypted back up in our company secure local server.
B. Transmission
- Any personal data we collected are automatically transmitted to our third-party cloud-based platform.
VI. How long do we keep the collected personal information? (“Retention of Personal Data”)
We shall retain your personal information for as long as the recruitment process is on-going or active.
After that period, all of your Personal information collected in either digital or hard copies will be shredded, disposed or erased according to the Company’s personal data disposal or deletion policy, where it is irretrievable or unreadable.
If not hired, we may retain your data in the cloud platform for a maximum of one (1) year and maximum of two (2) years (niche position) after which we delete or dispose of the same in accordance with our personal data disposal or deletion policy.
VII. Disposal of Personal Data Collected.
Disposal of Personal Data Collected through our third-party storage platform and our back-up stored in the server is done as prescribed in Part VI. or upon request of the data subject. Should we need to retain your data for a longer period, you will be notified accordingly.
(a) Our authorized talent acquisition officers are the people mainly responsible to delete personal data upon its maturity or request of the data subject. As a policy, all personal data collected in our website are in digital format. These are deleted through the third-party cloud-based Platform. A written report of deletion of personal data (with details of the deletion, such as date, time and place of deletion, persons present, manner of deletion and description of the personal data deleted), shall be accomplished for submission to the DPO.
(b) As to the back-up copy of the personal data collected stored in the server or laptop/computer of the officer, the same are deleted in the same manner as letter (a) hereof.
VIII. Security Measures to Protect your Personal Data.
We take appropriate steps to maintain the security of your data.
We are implementing organizational, physical and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake.
We adopt organizational and market leading security measures and technology, and maintain annual certifications by leading authorities in compliance, in order to protect your personal data, including but not limited to:
A. Organizational Measures. Our company has appointed a Data Protection Officer (DPO) and Compliance Office (COP) to ensure compliance with DPA. We also ensure that all our employees are equipped with knowledge on DPA, through internal and external trainings and seminars. Our company conducts Privacy Impact Assessment (PIA), especially for our teams who handle the company’s website, to ensure that personal data is protected at all times.
Access to personal data collected through our 3rd party providers are granted only to authorized personnel.
We ensure that a data sharing agreement, with specific provisions on security measures to protect your data is executed with our service providers, including our third-party cloud-based service storage provider.
B. Physical and Technical Security Measures. The personal data collected through our 3rd party providers are all in digital format. As applicable and necessary documents will be printed and will be secured accordingly.
- We review and evaluate software applications before its installation in computers and devices owned by the organization to ensure compatibility of security features with the overall operations, including the third-party cloud-service storage we use to store the personal data collected through our website.
- We review security policies, conduct vulnerability assessments and perform penetration testing within the company on regular schedule to be prescribed by our BTS & InfoSec department.
- Encryption, authentication process, and other technical security measures that control and limit access to personal data are implemented. All files with personal data collected are password-protected, and may only be accessed by authorized personnel.
A full and comprehensive procedure of these Security Measures are available upon request.
- We also subscribe to the globally recognized Quality Management Standards (ISO/IEC 9001) and Information Security Management Standards (ISO/IEC 27001) and conform to globally accepted best practices, to ensure personal data remain safe and secured while it is processed with transparency, legitimacy and proportionality to preserve its confidentiality, integrity and availability, thereby upholding the data privacy rights of our employees, customers and business stakeholders.
- While we use reasonable technical and administrative measures within our means to protect your data against unauthorized or unlawful use, processing, accidental loss, alteration, disclosure or access, accidental or unlawful destruction or damage thereto, you must understand that the open nature of the Internet is such that data may flow over networks without security measures and may be accessed and used by people other than those for whom the data is intended. Thus, please remember that no method of transmission over the Internet, or method of electronic storage is 100% secure and while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
IX. What are your rights in relation to the processing of your personal data?
The following are your rights subject to limitations under the Data Privacy Act of 2012 and its implementing rules and regulations:
- RIGHT TO INFORMATION. This right entitles you to know the specific personal data being collected, the purposes for its processing.
- RIGHT OF ACCESS. This right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data.
- RIGHT TO RECTIFICATION. This right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
- RIGHT TO OBJECT. This right entitles you to object the processing of your personal data.
- RIGHT TO ERASURE. This right entitles you to request the erasure of your personal data, especially when no longer necessary to achieve the purposes.
- THE RIGHT TO BE INFORMED OF THE EXISTENCE OF PROCESSING OF PERSONAL INFORMATION
- RIGHT TO RESTRICTION OF PROCESSING: This right entitles you to limit the personal data to be processed.
- RIGHT TO DATA PORTABILITY. This right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to us, or request us to transmit such personal data to another data controller.
- THE RIGHT TO DAMAGES
- THE RIGHT TO LODGE A COMPLAINT BEFORE THE NPC
X. WITHDRAWAL OF CONSENT. RIGHT TO COMPLAINT and DAMAGES.
To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting ADEC INNOVATIONS’s Data Protection Officer. Please note that this will not affect ADEC INNOVATIONS’s right to process personal data obtained prior to the withdrawal of your consent..
If, despite our commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome you to first to seek resolution of any complaint. You have the right, at all times, to register or file a complaint directly with the relevant supervisory authority (the National Privacy Commission) or to make a claim against us with a competent court (either in the country where you live, the country where you work or the country where you deem that data privacy law has been infringed), with a right to seek damages.
For any concerns and request to exercise the foregoing rights, except those which are within the jurisdiction of the NPC or a competent court, you may contact us at:
Data Protection Office
ADEC Innovations
Alabang Corporate Center, KM 25 West Service Road, Cupang, Muntinlupa City