Data PrivacyManual
Credit Solutions & Business Alliances, Inc.
BACKGROUND
Republic Act No. 10173 entitled, "An Act Protecting Individual Personal Information in Information and Communications Systems in the Government and the Private Sector, Creating for this Purpose a National Privacy Commission, and for Other Purposes", or simply, Data Privacy Act of 2012 (DPA), is the law that gives form to the declared policy of the State to protect the fundamental human right of privacy and communication.
The Manual will serve as a guide in order to ensure compliance of the organization with the Data Privacy Act and its Implementing Rules and Regulations. This document will apply to everyone at Credit Solutions and Business Alliances, Inc. – all employees, managers, directors, executive officers and members of the board of directors.
INTRODUCTION
Credit Solutions and Business Alliances, Inc., in its commitment to uphold, respect, and value data privacy rights, hereby adopts this Data Privacy Manual in compliance with the DPA, its Implementing Rules and Regulations, and other relevant policies. All personal data collected from all its officials, personnel, and clients shall be processed in adherence to the general principles of transparency, legitimate purpose, and proportionality.
The Manual outlines our data protection and security measures and may guide you in exercising your rights under the DPA.
DEFINITION OF TERMS
Data Subject
refers to an individual whose personal, sensitive personal or privileged information is processed by Credit Solutions and Business Alliances, Inc. It may refer to its officials, employees, partners, and clients.
Personal Data
refers to the personal information or collection of personal information that identifies an individual in an apparent and reasonable ascertain.
Processing
refers the collection and manipulation of items of data to produce meaningful information. It may include, but not limited to collection, validation, sorting, summarization, aggregation, analysis, reporting, classification, storage, transportation, erasure and destruction of data.
Personal Information Processor (PIP)
refers to any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject.
Personal Information Controller
refers to a natural or juridical person, or any other body who controls the processing of personal data, or instructs another to process personal data on his behalf.
Sensitive Personal Information
refers to personal information about an individual's age, marital status, color, religion, race, ethnic origin, philosophical or political affiliation, education, health, genetic or sexual life, criminal history, government issued identifiers, or information established by an Executive Order or Law as classified information.
SCOPE AND LIMITATIONS
This Privacy Manual applies to all Credit Solutions and Business Alliances, Inc. officials and employees including all project and agency-based employees. All entities in the organization must comply with the terms specified in this document.
PROCESSING OF PERSONAL DATA
1. Collection
The collection of both personal information and sensitive personal information is done by lawful means and for a lawful purpose and is directly related and necessary in the achievement of the organization's vision and mission.
2. Use
Personal data collected shall be used by Credit Solutions and Business Alliances, Inc. solely for reportage and documentation purposes.
3. Storage, Retention and Destruction
The organization shall strictly implement reasonable and appropriate organizational, physical, and technical security measures to protect the data against any accidental or unlawful destruction, alteration and disclosure.
4. Access
Access to personal data shall be limited to the DPO, authorized staff, and designated personnel only. At no time should anyone be given access to the personal files of other employees for any purpose, except as required by law.
5. Disclosure and Sharing
All employees and personnel shall maintain the confidentiality and secrecy of all personal data that come to their knowledge and possession, even after resignation or termination of contract.
SECURITY MEASURES
Credit Solutions and Business Alliances, Inc. shall implement reasonable and appropriate physical, technical, and organizational measures for the protection of personal data.
A. Organizational Security Measures
The organization has designated a Data Protection Officer (DPO) who ensures compliance with the Data Privacy Act. Mandatory trainings are conducted at least once a year.
B. Physical Security Measures
Personal data in physical format shall be stored in locked filing cabinets. Digital files shall be stored in computers protected by passwords and servers protected by firewalls.
C. Technical Security Measures
The organization uses commercially reasonable methods and tools to secure personal data. Regular penetration testing and vulnerability assessments are conducted.
BREACH AND SECURITY INCIDENTS
A Data Breach Response Team has been established to ensure immediate action in the event of a security incident or personal data breach. The National Privacy Commission (NPC) and affected data subjects shall be notified within 72 hours from knowledge of the breach.
INQUIRIES AND COMPLAINTS
Every data subject has the right to:
- Be notified and furnished with his or her information before entry into the processing system
- View and recommend corrections to his or her data being processed
- Complain and be indemnified for any damages sustained due to inaccurate, incomplete, outdated or unauthorized use of personal data
For inquiries or complaints, please contact our Data Protection Officer at:
Email: dpo@csba.ph
Phone: (02) 7000-3709
Address: 4th Floor, Unit 407-408, Kawayan Building 1, PARQAL, Aseana City, Brgy. Tambo, Parañaque City 1701, Philippines
EFFECTIVITY
This Manual takes effect on January 1, 2020 until revoked or amended.
For the latest version of this manual, please contact the Data Protection Officer.
Credit Solutions & Business Alliances, Inc. — Data Privacy Manual v1.0