PRIVACY POLICY

In accordance with [REPUBLIC ACT NO. 10173] AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND COMMUNICATIONS SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER PURPOSES,  shall protect information of owners information.

In order to promptly and smoothly handle this difficulties, the following personal information processing policies shall be established and disclosed.

• This privacy statement shall take effect on November 1, 2021.

PROCESSING OF PERSONAL INFORMATION (Chapter III)

SEC. 11. General Data Privacy Principles - The processing of personal information shall be allowed, subject to compliance with the requirements of this Act and other laws allowing disclosure of information to the public and adherence to the principles of transparency, legitimate purpose and proportionality. 

Personal information must, be:,

(a) Collected for specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection, and later processed in a way compatible with such declared, specified and legitimate purposes only;

(b) Processed fairly and lawfully;

(c) Accurate, relevant and, where necessary for purposes for which it is to be used the processing of personal information, kept up to date; inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted;

(d) Adequate and not excessive in relation to the purposes for which they are collected and processed;

(e) Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law; and

(f) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed: Provided, That personal information collected for other purposes may lie processed for historical, statistical or scientific purposes, and in cases laid down in law may be stored for longer periods: Provided, further, That adequate safeguards are guaranteed by said laws authorizing their processing.

True Vine Watchface will ensure implementation of personal information processing principles set out herein. 

SEC. 12. Criteria for Lawful Processing of Personal Information – The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists: 

(a) The data subject has given his or her consent;

(b) The processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract;

(c) The processing is necessary for compliance with a legal obligation to which the personal information controller is subject;

(d) The processing is necessary to protect vitally important interests of the data subject, including life and health;

(e) The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate; or

(f) The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution.

RIGHTS OF THE DATA SUBJECT (Chapter IV)

SEC. 16. Rights of the Data Subject. – The data subject is entitled to: 

(a) Be informed whether personal information pertaining to him or her shall be, are being or have been processed;

(b) Be furnished the information indicated hereunder before the entry of his or her personal information into the processing system of the personal information controller, or at the next practical opportunity:

(1) Description of the personal information to be entered into the system;

(2) Purposes for which they are being or are to be processed;

(3) Scope and method of the personal information processing;

(4) The recipients or classes of recipients to whom they are or may be disclosed;

(5) Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized;

(6) The identity and contact details of the personal information controller or its representative;

(7) The period for which the information will be stored; and

(8) The existence of their rights, i.e., to access, correction, as well as the right to lodge a complaint before the Commission.

SECURITY OF PERSONAL INFORMATION (Chapter V)

SEC. 20. Security of Personal Information.  

(a) True Vine Watchface must implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing.

(b) True Vine Watchface shall implement reasonable and appropriate measures to protect personal information against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.

(c) The determination of the appropriate level of security under this section must take into account the nature of the personal information to be protected, the risks represented by the processing, the size of the organization and complexity of its operations, current data privacy best practices and the cost of security implementation. 

Subject to guidelines as the Commission may issue from time to time, the measures implemented must include:

(1) Safeguards to protect its computer network against accidental, unlawful or unauthorized usage or interference with or hindering of their functioning or availability;

(2) A security policy with respect to the processing of personal information;

(3) A process for identifying and accessing reasonably foreseeable vulnerabilities in its computer networks, and for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach; and

(4) Regular monitoring for security breaches and a process for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach.

(d) True Vine Watchface must further ensure that third parties processing personal information on its behalf shall implement the security measures required by this provision.

(e) The employees, agents or representatives of True Vine Watchface who are involved in the processing of personal information shall operate and hold personal information under strict confidentiality if the personal information are not intended for public disclosure. This obligation shall continue even after leaving the public service, transfer to another position or upon termination of employment or contractual relations.

(f) True Vine Watchface shall promptly notify the Commission and affected data subjects when sensitive personal information or other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the Commission believes (bat such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject. The notification shall at least describe the nature of the breach, the sensitive personal information possibly involved, and the measures taken by the entity to address the breach. Notification may be delayed only to the extent necessary to determine the scope of the breach, to prevent further disclosures, or to restore reasonable integrity to the information and communications system.

Measures to Ensure Safety of Personal Information

True Vine Watchface has taken the following steps to ensure the safety of personal information:

1. Formulation and implementation of an internal management plan;

We are establishing and implementing an internal management plan for the safe handling of personal information.

2. Encryption of personal information;

User's personal information is encrypted, stored, and managed, and so only you can know it, and important data uses separate security features such as encrypting file and transfer data or using file locking functions. 

3. Using locks for document security;

Documents containing personal information, auxiliary storage media, etc. are kept in a safe place with a lock.

Matters concerning Installation and Operation of Automatic Personal Information Collection Device and Rejection

True Vine Watchface does not use the "cookie" to store and retrieve the owner's information.

Person in-charge of protection of personal information:

True Vine Watchface shall take overall responsibility of the management of personal information protection manager for handling complaints from and remedy for damages, etc., which are related to the management of personal information as follows:

Personal Information Protection Manager:

Full Name: Junalie Gonzales-Delos Santos

Position: Representative

Contact No.: +6588913063 (SG) / +639202271390 (PH)

Email: truevinewatchface@gmail.com

An owner of information may inquire of the personal information protection manager and the department in charge of personal information protection about any inquiries, handling of complaints, remedies for damages, etc., that have occurred while using True Vine Watchface services (or business). True Vine Watchface will promptly respond to and process any inquiries from the owner of the information.

The department in charge of receiving and processing requests for access to personal information: 

Department Name: True Vine Watchface

Contact No.: +6588913063 (SG) / +639202271390 (PH)

Email: truevinewatchface@gmail.com

In order to receive relief form personal information infringement, the information subject can apply for dispute settlement or counselling 

A. In person (hard copy), at the NPC Office;

B. In person (portable electronic data storage device), at the NPC Office; or

C. Electronically, via complaints@privacy.gov.ph