Privacy Policy
1. Introduction
This Policy sets out the commitment of Sweldomo Softwares, Inc. ("SWELDOMO") to collect and process personal information and sensitive personal information (collectively, "personal data") by the applicable laws and regulations on data privacy, including the Philippine Data Privacy Act of 2012 ("DPA") and its implementing rules and regulations ("DPA IRR"). It explains how SWELDOMO implements that commitment and the terms and conditions under which it collects and processes personal data. In processing personal data, it seeks to adhere to the general privacy principles of transparency, legitimate purpose, proportionality, and other relevant principles in collecting, processing, and retaining personal data as required by applicable law. This Policy and any updates, amendments, or supplements are available at SWELDOMO's Website at www.sweldomo.ph.
2. Definitions and Construction
Definitions of specific terms used in this Policy are in Schedule 1. Schedule 1 also sets out provisions for constructing particular terms and phrases used in this Policy.
3. Confidentiality under Philippine Law
All client information and data while doing business are held and kept strictly confidential. It is responsible of SWELDOMO to keep that information and data confidential and secured, save on instances when local law, regulations, and authorities permit disclosure of such information under certain conditions, as when the information has become public.
4. DPA Exemptions
The DPA exempts from its application or does not apply to specific personal data and their collection and processing. This Policy does not cover these data and activities.
5. How we collect and process personal data
We can obtain personal data in various ways. These include where a natural or juridical person (a "Person") –
(i) agrees with us, whether or not written, including an employment contract, retainer agreement, or other contract to avail of our services, or supply or service contract;
(ii) submits to us any application, form, request, notice, or some other document;
(iii) inquires after or applies for employment;
(iv) becomes an employee, officer, consultant, agent, supplier, or Service provider of the Company;
(v) accesses, browses, visits, or uses any of our websites, platforms, social media presence, and other online presence; or
(vi) otherwise provides us with personal data, whether directly or through another Person.
Where personal data is publicly available, we can collect the data from such public sources, including any online presence.
The categories of personal data we collect, and process would be the data that you or other data subjects provide to us, such as your name, address, email address, telephone number, age, marital status, information issued by government agencies, and other information that may be used to enter into or help perform a contract we have with you, provide you with products and services, communicate with you, or meet any of the lawful purposes.
Insofar as you disclose personal data when accessing or visiting our Website, we may also process such personal data. Further, we may collect and process information generally collected as a standard part of your browsing activity. It may include your IP address, access times, system activity, cookies, device identifier and hardware information, and other log information collected when you browse or visit our sites and accounts.
6. Purposes of collection and processing: recipients of personal data
We collect and process personal data for the purposes (i) for which you have provided the data or made it otherwise available to us or the public and to enable us to fully and efficiently achieve those purposes, (ii) as allowed by applicable law, and (iii) those purposes specified in Schedule 3 (collectively, the "Purposes").
Recipients of personal data that we collect include persons within our Company (including any affiliates or related companies) and third parties to whom we have outsourced or may outsource specific business or operating activities, advisers, suppliers, and service providers to achieve the Purposes. Some entities may be outside the Philippines so that the data transfer will be cross-border. We may also disclose information, whether intended to be kept confidential or not, upon lawful request by a governmental authority in response to a court order or when required by applicable law. Please see Schedule 3 for more information about persons to whom personal data may be transferred or shared.
7. Consent and other lawful criteria for collection and processing
7.1 Where you have provided us with your data through any of the interactions mentioned in Clause 5, in providing or making available the personal data, you agree and consent to our collecting, using, disclosing, sharing, and otherwise processing the personal data for the purposes, and in the manner and under the terms and conditions, in this Policy.
This supplement does not supersede nor replace any other consent you may have previously provided or will provide to us regarding your data or the existence of a lawful basis or basis for collecting and processing your data.
7.2 Applicable law allows us to process your data by other criteria or where the DPA does not cover the data.
8. Scope and method of collection and processing
8.1 We utilize standard manual and computerized methods and systems to file, store, and process personal data. The collection and processing of personal data will be undertaken according to the principles set out in this Policy and as required by law.
8.2 We will store and retain personal data for such period as may be required by applicable law or as may be needed to enable us to fully and efficiently achieve the Purposes.
9. Amendments and supplements
We may amend or update this Policy. You agree to be bound by the prevailing terms of this Policy as updated occasionally upon the amendment or supplement published on our Website or otherwise advised to you. Please check our Website regularly for updated information about, or amendments or supplements to, the Policy.
10. Rights of data subjects
Under the DPA, data subjects have the following rights:
10.1 Right to object
As a data subject, you can indicate your refusal to collect and process your data, including processing for direct marketing, automated processing, or profiling. You also have the right to be informed and to withhold your consent to further processing if any changes or amendments to information are given to you. Once you have notified us of the withholding of your consent, further processing of your data will no longer be allowed unless:
(i) The processing is required under a subpoena, lawful order, or as required by law; or
(ii) The collection and processing are undertaken under any lawful basis or criteria indicated under Clause 7.2.
10.2 Right to access
Upon your request, you may be given access to the data that we collect and process, as described in Clause 5. You also have the right to request access to the circumstances relating to the processing and collecting of your data insofar as allowed by law.
10.3 Right to rectification
You have the right to dispute any inaccuracy or error in your data and may request us to correct it immediately. Upon your request, and after the correction has been made, we will inform any recipient of your data of its inaccuracy and the subsequent rectification.
10.4 Right to erasure or blocking
In the absence of any other legal ground or overriding legitimate interest for the lawful processing of your data, or when there is substantial proof that your data is incomplete, outdated, false, or has been unlawfully obtained, you may request us to suspend, withdraw, or order the blocking, removal, or destruction of your data from our filing system. We may also notify those who have previously received your processed personal data.
10.5 Right to damages
You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your data, taking into account any violation of your rights and freedoms as a data subject, as provided by law.
10.6 Right to data portability
In case your data was processed through electronic means and in a structured and commonly used format, you have the right to obtain a copy of your data in such electronic or structured format for your further use, subject to the guidelines of the National Privacy Commission about the exercise of such right.
10.7 Transmissibility of rights of the data subject
Upon passing a data subject, or in case of a data subject's incapacity or incapability to exercise legal rights, the data subject's lawful heirs and assigns may invoke the data subject's rights in place of the data subject.
10.8 Limitation on rights; manner of exercising
The rights mentioned under this item are not applicable if personal data are processed only for scientific and statistical research purposes and without being used as the basis for carrying out any activity or taking any decision regarding you as the data subject. Your rights as a data subject are also subject to other limitations provided by law.
The law requires you to exercise your rights as described in this Policy in a reasonable and non-arbitrary manner and about the rights of other parties.
All requests, demands, or notices you may make under this Policy or applicable law must be made in writing and will only be considered made and received if sent per Clause 14.2.
11. Security Measures
We have taken appropriate security measures to protect your data against unauthorized access or unauthorized alteration, disclosure, or destruction. These measures include internal reviews of our data collection, storage, processing practices, and physical security measures to protect your information against unauthorized access. To protect your information, we restrict access to personal data to personnel who would need that information to perform their functions.
12. Data breaches
We will comply with the relevant provisions of rules and circulars on handling personal data security breaches, including notification to you or to the National Privacy Commission, where an unauthorized acquisition of sensitive personal information or information that may be used to enable identity fraud has been acquired by an unauthorized person, and is likely to give rise to a real risk of serious harm to the affected data subject. Under applicable law, not all personal data breaches are identifiable.
13. Data Protection Officer
The Data Protection Officer (DPO) ensures SWELDOMO complies with applicable laws and regulations to protect data privacy and security. The DPO is responsible for the supervision and enforcement of this Policy, and the relevant contact details are as follows:
RONNIE A. ANZANO
Data Protection Officer
Sweldomo Software, Inc.
14. Inquiries; notices
14.1 For any inquiry related to this Policy, please get in touch with our Data Protection Officer through the contact details indicated above.
14.2 All requests, demands, or notices that a data subject may send or submit to us under this Policy must be in writing, should be addressed to the Data Protection Officer using the contact details above, and will be deemed duly given (i) on the date of delivery if delivered personally, (ii) on the third Business Day following the date of sending if delivered by a nationally recognized next-day courier service and the Service has confirmed delivery or (iii) if given by electronic mail, when such electronic mail is transmitted to the email address specified above and the sender has received the appropriate confirmation via email.
Schedule 1 - Definition of Terms
1. Definitions
Whenever used in this Policy, the following terms shall have the respective meanings as set forth below:
"Business Day" means any day that Philippine banks are open for business in Makati City,
"DPA" means the Data Privacy Act of 2012 and its implementing rules and regulations, as well as the circulars issued by the National Privacy Commission occasionally.
"Person" means any natural or juridical person.
"personal data" means personal information and sensitive personal information.
"personal information" refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an individual;
"Policy" means this data privacy policy may occasionally be amended, modified, or supplemented.
"Processing" refers to any operation or any set of operations performed upon personal data, including, but not limited to, the collection, recording, organization, storage, updating, modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data. Processing may be performed through automated means or manual processing if the personal data are contained or are intended to be contained in a filing system.
"sensitive personal information" refers to personal information: (1) about an individual's race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations; (2) about an individual's health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings; (3) issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; or (4) established explicitly by executive order or an act of Congress to be kept classified.
2. Construction
Whenever the words "include," "includes," or "including" are used in this Policy, they shall be deemed to be followed by the phrase "without limitation".
The meaning assigned to each term used here will be equally applicable to both the singular and plural forms of such term, and the words denoting any gender shall include all genders.
Schedule 2 - Personal data not covered
This Policy does not apply to the following information:
1. Information processed to allow public access to information that falls within matters of public concern about:
(i) Information about any individual who is or was an officer or employee of government that relates to their position or functions;
(ii) Information about an individual who is or was performing a service under contract for a government institution, but only insofar as it relates to such Service, including his name and the terms of his contract; and
(iii) Information relating to the benefit of a financial nature conferred on an individual upon the discretion of the government, such as the granting of a license or permit, including the name of the individual and the exact nature of the benefit: Provided, that they do not include benefits given in the course of an ordinary transaction or as a matter of right.
2. Personal information that will be processed for research purposes, intended for a public benefit, subject to the requirements of applicable laws, regulations, or ethical standards, and
3. Information necessary to carry out public authority functions by a constitutionally or statutorily mandated function about law enforcement or regulatory function, including the performance of the functions of the independent, central monetary authority, subject to restrictions provided by law.
Schedule 3 - Purposes for collection and processing of personal data
1. General
We use personal data to:
(i) comply with and exercise our rights under contracts and agreements and the law, as may be required by our operations and in pursuit of our legitimate business and commercial objectives;
(ii) perform and improve our services and address concerns or questions about those services;
(iii) implement efficiencies and best practices;
(iv) obtain services and advice for our operations and business;
(v) conduct surveys, research, and data-gathering exercises;
(vi) market, promote and share information about the Company and our services;
(vii) communicate with you; and
(viii) allow audits and diligence for compliance and other reviews by advisers or third parties. In this regard, we will require such advisers or third parties to enter a confidentiality agreement.
2. Employee Data
We may collect and process personal data from current or prospective employees to initiate, carry out, or terminate an employment agreement, including the results of specific medical examinations that are part of the conditions of employment.
For job applicants, we may process the personal data required to initiate the employment application process. The collected personal data of any applicant who may not have been hired may be retained by the Company for the future selection process.
We may share an applicant's or an employee's data when expressly authorized by law or when the applicant or employee concerned has given consent, as when the Company is provided as a reference.
Company files, records (whether or not electronic), computers, devices, and facilities are the property of the Company, and we may examine and review their contents at any time, whether or not an officer, employee, or other staff has personal data, property or other information stored therein.
PRIVACY NOTICE
This privacy notice is being provided to persons who visit our offices or digital sites, meet with our personnel, or visit or participate in events or activities of the firm. This notice complies with the Data Privacy Act of 2012 (DPA) requirements.
When you visit our offices or digital sites, please meet with our personnel or visit or participate in events or activities of our Company; we may collect and process your data, such as your name and contact details. For example, we ask you to sign in to a visitor's log, register for an event, or provide us with your business or identification card. Also, a CCTV system monitors our office premises, and we will record your comings and goings.
We collect and process this data to perform our functions, to be able to comply with requests, to ensure the security of our premises and personnel, and for other legitimate purposes. Generally, we do not share this data with anyone outside our Company but may do so when law permits or when it is needed to protect our interests. In this case, we will take reasonable steps to ensure that those recipients only process your data for the specific purpose for which we collected it and will protect the privacy of your data.
We will retain the data only for as long as necessary to achieve the purposes for which the data was collected. We use standard manual and electronic methods of processing the data.
By providing us with or making available to us your data, visiting our offices or sites, utilizing our services, or visiting or participating in our events and activities, you agree and consent to our collecting, using, disclosing, sharing, and otherwise processing that data for the purposes specified here. This consent supplements and does not supersede or replace any other consent you have provided regarding your data or the existence of a lawful basis for that data collection and processing.
Suppose you provide us with the personal data of other individuals by doing so. In that case, you also represent and warrant to us that you have the right and authority to provide that data and that you had informed the relevant individuals of, and that they consent to, the terms of this Privacy Notice.
To the extent that our Website and other digital presence contain links to sites operated by third parties, including other organizations, those linked websites are not controlled by us, and we are not responsible for the data and privacy practices of the site operators. We encourage you to review the privacy policies posted on these third-party websites.
The DPA specifies the rights of a data subject. These are the right to be informed regarding some issues, the right to object to the processing of data, the right to reasonable access to certain information, the right to rectification of inaccuracy or error in your data, the right to block or remove data under certain circumstances; the right to damages in case you suffer an injury due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of data; transmissibility of your rights as a data subject; the right to data portability; the right to complain with the National Privacy Commission, if circumstances permit this.
Collection and processing of personal data, and your consent to this, are under the terms set out in our data privacy policy, which can be found on our Website. A copy is also available at our reception/registration desk.
Suppose you wish to provide your data outside our requests or the conditions specified herein. In that case, we may not be able to permit entry into our premises, use of our sites, or participation in our events or activities.
From time to time, we may review the terms and conditions in this Privacy Notice. If we change how we use your data, we will notify you by posting a revised statement on our Website and registration desk.