CHG GLOBAL, INC.
A. PRIVACY STATEMENT
CHG Global, Inc. (“CHG”) recognizes and respects the individual right to privacy. Considering this, we protect and safeguard all personal data collected and processed by our company in relation to our customers, vendors, partners, employees, agents and other stakeholders. Likewise, we make it a point to inform individuals from and about whom we collect such data of our processing activities and of their rights as data subjects.
This document enumerates our company’s policy in relation to the collection, use, storage, sharing and disposal of all personal data we process.
We may amend and/or modify this policy from time to time to comply with any developments in local and/or foreign data privacy regulations where applicable and to reflect any changes in our privacy policies and/or practices.
This policy applies to all our personal data processing activities including, but not limited to, the collection, use, storage, sharing and disposal of such data.
C. DEFINITION OF TERMS
- Data Subject refers to any individual whose personal data is processed.
- Data Sharing refers to the disclosure or transfer to a third party of personal data under the control or custody of a personal information controller. The term excludes outsourcing, or the disclosure or transfer of personal data by a personal information controller to a personal information processor.
- Processing refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
- Personal Information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
- Personal Information Controller refers to any person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.
- Personal Information Processor refers to any natural or juridical person qualified to act as such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.
- Sensitive Personal Information refers to personal information (a) About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; (b) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; (c) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and (d) Specifically established by an executive order or an act of Congress to be kept classified.
- Personal Data collectively refers to all categories of personal information.
D. SCOPE, PURPOSE AND METHOD OF PERSONAL DATA AND PROCESSING
1. What We Collect and Why
We collect and process the following types of personal data, among others:
Contact information and employment and/or business affiliation of our customers and individuals representing or affiliated with our vendors, dealers, partners, and other business contacts;
Names, addresses, contact information, government issued identification, credit card details and bank account numbers of our customers;
Names, addresses, contact information and personal details of our social media influencers, brand ambassadors, other brand/product promoters/marketers, sponsors, models, event guests and individual suppliers including date of birth, civil status, government issued identifying information (such as Pag-IBIG, SSS, TIN, and PhilHealth);
Names, addresses, and contact information of our social media followers and supporters; and
Names, addresses, contact information, employment history, educational background, gender, date of birth, place of birth, religion, filial relations, biometric information, civil status, EQ/Aptitude test results, training records and test results, physical medical history and government issued identifying information (such as Pag-IBIG, SSS, TIN, PhilHealth, and Professional IDs).
In general, we collect and process personal data for purposes of service fulfilment and customer assistance, marketing and promotion, the achievement of strategic corporate objectives and development, internal operations, communications and administration, human resource and financial management, and compliance with applicable laws, rules and regulations.
We collect, process personal data about our customers for the following purposes:
i. To correctly process payments made by customers and to fulfill our commercial obligations to them in accordance with highest standards;
ii. To comply with applicable laws, rules and regulations governing our transactions with our customers; and
iii. To market to our customers our products and services as well as to effectively respond to their queries, requests and complaints.
b. Vendors, dealers, partners, and other business contacts
i. To conduct the necessary due diligence;
ii. To verify their identities and standing for purposes of assessment and accreditation;
iii. To maintain healthy channels of communications for fostering continued business relations; and
iv. To protect the lawful rights and claims of the organization including the enforcement any contractual terms and obligations we may have with them.
We collect, process personal data from and about our employees for administrative and human resource development purposes as well as in compliance to applicable regulations and/or laws, including, but not limited to: identity verification; pre-qualification and post-qualification assessment; processing of employment compensation and benefits; internal security; compliance to regulatory requirements; for the protection of lawful rights and interests of the company in internal administrative and court proceedings, or the establishment, exercise or defense of legal claims of the organization.
2. How We Collect and Process Personal Data
We collect both electronic and physical personal data from the following sources:
- Directly from customers when they avail of any of our products and/or services, respond to our surveys, participate in marketing events, send us queries and/or complaints, our social media sites and our online website.
- When individuals representing or affiliated with our vendors, partners, investors and other business contacts voluntarily provide us with their contact information in order to develop business relations and/or complete legitimate transactions with them.
- Directly from our employees and job applicants through their curriculum vitae, personal information sheets, submitted medical records and government documents, and interview and training assessment results conducted by authorized personnel and indirectly from third-party headhunters and job placement service providers, job search sites and/or other social media sites and references from previous employers and other third parties.
E. DISCLOSURES OF INFORMATION
It is our policy not to sell or disclose the personal data we process to third parties without proper notification to and consent of data subjects unless we have a legal obligation to do so; it is necessary for the purposes mentioned above; or it is necessary to protect the lawful rights and claims of the company and the safety of our employees and other data subjects.
We allow access to human resource personal data to authorized third-party service providers/suppliers/ subcontractors/consultants who provide outsourced functions including, among others:
- EQ/aptitude/performance testing services for employees through third-party website/portal;
- Partner agencies who provide personnel services;
- Concessionaires, malls and other establishments that require us to share the personal data of our sales representatives who will be marketing, selling and promoting our products there;
- Financial institutions that provide loan and contribution services to our employees;
- Cloud storage systems to meet the company’s storage management requirements;
- Mobile communications services;
- Payroll processing
- Health Maintenance Organization (HMO) services;
- External professional advice and consultation including audits, legal assessments, comparative compensation studies and evaluations; and
10. Other financial, technical, architectural and administrative services such as human resource information systems, payroll, accounting, sales administration, procurement, training and other services.
We also disclose employee information to government regulatory agencies including, but not limited to the SSS, PhilHealth, Pag-IBIG, DOLE, and the BIR in accordance with reportorial requirements established by law
The Company remains responsible over the personal data disclosed to such third parties. As such, we ensure that such third parties are contractually obligated to comply with the requirements of the Data Privacy Act and shall process your data strictly in accordance with the purposes enumerated above. You may request for additional information on the identities of these parties from the Office of the Data Protection Officer.
F. THE RIGHTS OF DATA SUBJECTS
We fully acknowledge the following rights of our individual customers, employees, vendors, partners, and other business contacts:
- Right to be informed
The right to demand and be informed of the scope and purpose of our personal data processing.
- Right to access
The right to have reasonable access, review and their personal data upon demand, subject to the appropriate proof necessitating such changes.
- Right to dispute
The right to dispute inaccuracy or error in the personal data we process about them.
- Right to object
The right to object to the further processing of their personal data, including the right to suspend, withdraw, and remove their personal data in our possession which are falsely collected or unlawfully processed.
G. POLICY ON THE COLLECTION AND USE OF PERSONAL DATA
In relation to the rights of Data Subjects, it is our policy to:
- Ensure that data subjects are fully and adequately informed of their rights;
- Ensure that they are fully and adequately informed of our processing activities;
- Ensure that proper notice and consent, where appropriate, is obtained in accordance with the requirements set forth in the Data Privacy Act;
- Ensure that they can access, review and amend their personal data and to request for readable copies thereof;
- Ensure that they can dispute any inaccuracy or error in their personal data, object to any changes in the manner and purpose by which they are processed, withdraw consent where applicable, and to suspend, withdraw, block, destroy, or remove any unnecessary, falsely collected or unlawfully processed personal data;
- Ensure that such collection and use of personal data are proportional, necessary and limited to the declared, specified and legitimate purpose thereof;
- Ensure that such personal data are retained for only a limited period or until the lawful purpose of the processing has been achieved;
- Ensure that such personal data are destroyed or disposed of in a secure manner;
- Ensure that they have the facility to lodge complaints to AC relating to any violations to their rights as data subjects and that such complaints are adequately and timely addressed.
H. DATA PROTECTION OFFICER
We have appointed a Data Privacy Officer (“DPO”) to ensure our commitment to data privacy.
You may reach the DPO through the following contact information:
Data Privacy Officer
19 V Mapa St. Caloocan City
I. PERSONAL DATA SECURITY POLICY
1. STORAGE OF AND ACCESS TO PERSONAL DATA
We make sure that all personal data we process are kept in secure facilities with appropriate physical, technical and organizational security measures.
We adopt appropriate measures to protect against unauthorized access, alteration, disclosure or destruction of the personal data we process using encryption tools, firewalls and security incident management procedures.
Transfers of personal data internally and externally shall only be made in accordance with strict procedures in accordance with the Data Privacy Act, its Internal Rules and Regulations, and the relevant issuances of the NPC
Only authorized individuals can process personal data.
2. RETENTION AND DISPOSAL OF PERSONAL DATA
We retain personal data only for a limited period or until the lawful and legitimate purpose of the processing is achieved. Thereafter, we securely dispose of them in accordance with proper methods and procedures.
3. THIRD-PARTY DISCLOSURES
Third-party access shall always be compliant to our security standards and enforced through proper contractual documents and due diligence procedures.
4. HUMAN RESOURCE POLICY
We ensure that our personnel are trained on privacy and data protection in general and in areas reflecting job-specific content. Likewise, they shall be bound under strict confidentiality.