SquareFish, Inc. (SFI) values the confidentiality of personal data and in its commitment to uphold and respect data privacy rights in compliance with the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and other relevant policies. All personal data collected from all its employees, customers, and suppliers shall be processed in adherence to the general principles of transparency, legitimate purpose, and proportionality.
As prospect client / vendor to SFI, you are considered a data subject. Please take time to read this document carefully to ensure informed permission.
What is Personal Data?
Personal data refers to all types of:
Personal information – “any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;”
Sensitive personal information refers to personal information:
About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations, health, education, genetic, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
Privileged information – any and all forms of information which, under the Rules of Court and other pertinent laws, constitute privileged communication, such as, but not limited to, information which a person authorized to practice medicine, surgery or obstetrics may have acquired in attending to a patient in a professional capacity.
Why does SFI collect personal data?
We only collect and use Personal Data for purposes which you have consented to and for which we have been authorized. If we need to use your Personal Data for any purpose which you have not previously consented to, we would seek your consent prior to using your Personal Data for the new purpose.
We collect and use Personal Data that you provide to us arising from your business relationship as a Vendor / Service Provider / Clients for the following purposes:
To conduct due diligence / background checks that are mandated by legislation or SFI practices
For the purposes of the supply of the products and services and support by vendors / service providers / clients TO SFI
To keep vendors / service providers / clients updated on changes to SFI’s policies
To evaluate to improve SFI’s products and services
To evaluate the products and services provided by vendors / service providers to SFI
Security clearance / entry access into SFI’s events and premises
To facilitate attendance at events/functions organized or supported by SFI
For purposes that are supplementary to the above purposes like facilitating attendance at events/functions organized or supported by SFI, we will use your Personal Data to communicate with you concerning the invitation to the events/functions and inform you of updates on the events/functions and to seek your feedback or comments on your attendance of the events/functions
What type of personal data does SFI collect and generate?
Personal Data that we collect
The types of Personal Data that we collect about individuals include:
Personal Information (Name, Birthday, Age, Marital Status)
Contact Information (Mobile Number, Telephone Number, Email Address, Address)
Business Registration Documents
You may have provided your Personal Data to us personally or authorized individuals with consent on your behalf. These individuals could be your superiors, employees, subordinates, colleagues and your family members.
When you give us Personal Data about other persons, you confirm that you are authorized to disclose and consent, on their behalf, to the processing of such Personal Data for the purposes described in the section “Purposes for which we collect and use Personal Data”, or other purposes for which your consent has been sought and obtained.
How does SFI ensure that personal data is accurate and up-to-date?
Data subjects are primarily responsible for ensuring that all personal data submitted are accurate, complete and up-to-date. SFI may requests updated personal data if needed; it is important that data subjects cooperate and provide the updated personal data.
SFI implements practical ways in order to ensure accuracy, completeness, and up-to-date personal data it collects, generates, uses, and discloses.
With whom may SFI share personal data?
SFI does not and will not share / disclose personal data with third parties except as necessary for the proper execution of processes related to a declared purpose, or the use or disclosure is reasonable necessary, required or authorized by or under law.
SFI also requires that the recipient of transferred Personal Data implement adequate level of protection in order to protect Personal Data. We also require that the parties only process Personal Data strictly for purposes for which we engage them for and consistent with the intended purpose.
How does SFI protect personal data?
SFI implements reasonable and appropriate physical, technical, and organizational measures for the protection of personal data. These security measures aim to maintain the availability, integrity, and confidentiality of personal data and protect them against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.
SFI uses safeguards such as the following:
Use of secured servers and firewalls, encryption on computing devices;
Restricted access only for qualified and authorized personnel; and
Strict implementation of information security policies.
How long SFI keeps personal data?
SFI implements appropriate security measures in storing collected personal information, depending on the nature of the information. The retention period of personal information gathered shall be as follows:
SFI employees 201 files – Permanent
Applicant’s information – Outright disposal
Finance Division Records – 10 yrs but subject for approval by the Comptroller
(Clients and Suppliers Data)
After said period, all hard and soft copies of personal information shall be disposed and destroyed, through secured means.
What are the rights of data subjects under the Data Privacy Act?
Data subjects have the following rights:
Right to be informed, to object, to access, to rectify or correct erroneous data, to erase or block, to secure data portability, to indemnified for damages; and to file a complaint.
SFI’s decisions to provide access, consider requests for correction or erasure, and address objection to process personal data as it appears in SFI’s official records, are always subject to applicable and relevant laws and/or the DPA, its IRR and other issuances of the NPC.
The site may use “cookies” where a small data file is sent to your browser to store and track information about you when you enter our website. Usage of cookies is not linked to any personally identifiable information on our website. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Some internet browsers allow you to refuse to accept cookies. However, blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.
How to implement amendments?
We may update this policy from time to time by publishing a new version on our website. It is recommended that you check this page occasionally to ensure that you are amenable to any changes made in this policy. We may also notify you of changes to this policy by email on our website.
Who should you contact in case of inquiry, feedback or complaints?
Should you have any inquiries, feedback, and/or complaints, you may reach the Data Protection Officer (DPO) through the following contact details:
Data Protection Officer
SquareFish. Inc., LLC.