This Privacy Notice sets out how Pointwest Technologies Corporation and Pointwest Innovations Corporation, (hereinafter collectively referred to as “Pointwest”), use and protect your personal information.
Pointwest is committed to ensuring that your privacy is protected. If you are asked to provide certain information by which you can be identified, rest assured that it will only be used in accordance with this Notice.
Pointwest may update this Notice from time to time to reflect changes to how it collects, processes, stores, shares, and disposes of your personal information. A copy of the updated notice will be posted in publicly accessible locations such as our website and a copy may be sent to you via email or other means of communication. Your consent to the terms of the updated Notice will be recorded.
The current version of this Privacy Notice is version 2.0 and is made effective on September 24, 2022.
When We Collect
We (Pointwest) may collect personal information from you when you:
- Visit our website, the website of our partners, and affiliates, or our offices
- Follow our social media pages
- Contact us via our website, phone, email, chat or social media pages
- Sign up for our newsletters and mailing lists or those by our partners and affiliates.
- Attend our seminars and other events or those by our partners and affiliates.
- Use our software applications or those by our partners and affiliates.
- Respond to surveys and questionnaires or those by our partners and affiliates.
- Apply for a job with us
- Become our employee
- Become our customer, partner, affiliate, or vendor
What We Collect and Why We Collect (Purpose and Legal Basis)
We (Pointwest) may collect the following personal information from you:
- Your full name, and designation so we know how we may address you properly in our communications.
- Your username, full name, email address, mobile number, and password when you use our applications and tools so we can record your usage and ensure that you have access to the right services and features.
- Contact information including physical address, email address, social media user name/handle, and contact number so we can record your visits, respond to your queries, conduct business transactions, fulfill legal obligations, ask you to respond to surveys and questionnaires, invite you to attend seminars and other related events, and reach out to you with information that you may find important,
interesting or useful.
- Your biometric data such as photos, videos, voice, handwritten signatures, and fingerprints for authentication and for legal purposes connected to our business transactions and hiring process.
- Your family information, employment and compensation records, academic records, financial and tax details, emergency contact information, and where applicable and allowed by applicable law, credit history, criminal records, and other pertinent information, if you are applying for employment with us.
- Your financial information for payroll/benefits processing.
- Your travel information for business travel purposes.
- Assessment information generated by your participation in psychological, technical, or behavioral assessments and evaluations as well as recommendations-related information provided on your behalf by others. You will receive more information about the nature and purpose of such
assessments and evaluations before your participation.
- Your commercial information when conducting a business transaction with us.
- Information related to your health and those of your chosen beneficiaries so we can administer appropriate healthcare and insurance benefits.
- Information about your religious affiliation so we may invite you to corporate religious events that you may be interested in participating in.
The above-mentioned personal information has been obtained either directly from you or indirectly from certain third parties. Such third parties include our affiliates, public authorities, public websites, social media, suppliers, and vendors. Except where certain information is required by law or by our employment policies, your decision to provide any personal data to us is strictly voluntary on your part.
Please do note that if you choose not to provide certain information, we may not be able to accomplish some or all of the purposes outlined in this Privacy Notice, and you may not be able to use certain tools and systems which require the use of such personal data.
We may also derive inferences about you based on the personal information collected and we may collect other information about you as described in this privacy notice. If you provide us with personal information of another person, such as in the case of a potential employee/referral, you are responsible for ensuring that the person you are referring is made aware of the information contained in this privacy notice and that the person has given you his/her consent for sharing their personal information with us.
Who Do We Share Your Personal Information With?
We (Pointwest) may disclose your personal information to our service providers, trade organizations, regulatory and government authorities, affiliates, and other third parties in connection with our business operations. The operations of such third parties may be located outside of the Philippines.
Business operations may include the outsourcing of activities that form part of our business services to youtube our service providers, joint marketing and business development efforts with our partners and affiliates, and collaboration on events such as conferences and webinars.
Before disclosing your personal information, we ensure that these third parties are able to provide adequate protection to your personal information. We will only disclose the minimum information that is needed by these third parties to perform their tasks and comply with legal and contractual obligations to us.
We will not sell or lease your personal information to third parties.
How Do We Protect Your Personal Information?
We (Pointwest) are committed to ensuring the security of the personal information you share with us.
In order to prevent unauthorized access or disclosure, unauthorized alteration, and loss we have put in place suitable physical, electronic, and procedural controls to safeguard and secure your personal information to the best of our ability given our knowledge of the current threats and risks to your personal information.
Our Information Security practices are aligned with ISO 27001:2013 (Information Security Management System) global best practices. We comply with the Philippines’ Data Protection Act of 2012 (R.A. 10173) and its implementing rules and regulations, circulars, and memoranda. All our employees are trained on how to handle and protect personal information.
We implement physical security controls such as 24/7 security personnel, electronic access control, and alarm systems, and CCTV monitoring at our data center where your personal information is stored and processed.
We employ endpoint, network, and perimeter security software to protect against malware infiltration and unauthorized access to our servers and network and to mitigate the effects of any successful attacks.
We employ strong encryption technology to secure your personal information when it is being transmitted, processed, and when it is stored in our on-premise and cloud databases and repositories.
Since we operate a global IT infrastructure, your data may be transferred and become accessible on cloud platforms where we or our service providers and affiliates maintain instances used for operations. Such transfers will take place in accordance with applicable data privacy laws.
We implement strict authentication, authorization, and role-based access control to ensure that only authorized individuals are able to access your personal information. We keep logs of access to your personal information for security review purposes.
We adhere to Privacy-by-Design principles when building our systems and applications that process, store and transmit your personal information.
We perform regular vulnerability assessments on our network and application to ensure that any new vulnerabilities are found and mitigated.
In the unlikely event that we suffer a data breach, we have a plan for mitigating the effects of a breach, investigating the cause, and reporting our findings to the National Privacy Commission and affected data subjects.
How Long Will We Keep Your Personal Information?
We (Pointwest) will retain a copy of your personal information only for as long as it is necessary. We maintain specific records management and retention policies and procedures so that your personal information is deleted after a reasonable time according to the following retention criteria:
- We will retain your personal information as long as we have an active relationship with you and two (2) years after the termination of the most recent business transaction or service provision.
- After the above prescription period has lapsed, we will only retain personal information that is required in order to comply with the archival record management and retention policies required by our legal, regulatory, and contractual obligations.
What Are Your Rights?
As the owner of your personal information, you are entitled to the following:
- RIGHT TO BE INFORMED – Your consent is required for us to collect, process, store and share your personal information. You also have the right to revoke your consent at any time.
We (Pointwest) will only process your personal information for the purposes mentioned above based on your prior consent, to the extent that such consent is mandatory under applicable laws.
Please note that when you are asked to click on or check “I accept”, “I agree” or similar buttons/checkboxes/functionalities in relation to this privacy notice, doing so will be considered as providing your consent to process your personal information, only where such consent is required by mandatory law.
We will not use your personal information for purposes that are incompatible with the purposes of which you have been informed unless it is required or authorized by law, or it is in your own vital interest to do so (such as if you experience a medical emergency).
- RIGHT TO ACCESS – You may request access to the personal information we have about you. In particular, you have the right to know whether we hold personal information about you and, if we do, you are entitled to obtain information on and a copy of that personal information.
- RIGHT TO RECTIFY – If you find that our copy of your personal information is inaccurate or incomplete, you may request rectification of your personal information.
- RIGHT TO OBJECT – You have the right to object to the processing of your personal information: this right entitles you to request that we no longer process your personal information.
- RIGHT TO ERASURE OR BLOCKING – You may request the permanent erasure of your personal information including where such personal information would no longer be necessary to achieve the purposes. Note that there are exceptions due to the need to fulfill legal and audit requirements.
- RIGHT TO RESTRICT PROCESSING – You may request the restriction of the processing of your personal data: this right entitles you to request that we only process your personal information in limited circumstances, including with your consent.
- RIGHT TO DATA PORTABILITY – You may request to receive a copy of the personal information you provided to us in a structured, commonly used and machine-readable format, or request us to transmit your personal information to another data controller.
Should you have questions or if you want to exercise your rights as a data subject, please email our Data Protection Office at firstname.lastname@example.org for Pointwest Technologies Corporation, or email@example.com for Pointwest Innovations Corporation and provide us with the details of what you need us to do for you. We shall respond to each request within 72 hours.