COMMITMENT TO PRIVACY AND SECURITY
Respecting Individual Rights
Philippines RA 10173, or the Data Privacy Act was enacted to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. It aims to protect individuals from unauthorized processing of personal information that is (1) private, not publicly available; and (2) identifiable, where the identity of the individual is apparent either through direct attribution or when put together with other available information. The Data Privacy Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors.
We are TECHSTATIC CORP (“TECHSTATIC ”), we assure you that TECHSTATIC builds its business on the trust its clients, partners, personnel, and other investors place in our ability to provide quality products and services. This assurance includes a high level of protection and security regarding the personal data that our stakeholders entrust to us. As a controller and processor of personal data, TECHSTATIC confirms that we have the required policies, processes and procedures in place to comply with the Data Privacy Act.
TECHSTATIC has worked to ensure that every part of our organization that comes into contact with personal data, from both internal and external sources, has implemented privacy practices that align with the Data Privacy Act. This work was driven by an executive-led the Data Privacy Act steering group.
We have also taken compliance a step further by fortifying data protection and privacy as a core component of TECHSTATIC’s composition. We have achieved this by applying the same the Data Privacy Act-compliant standards across our organization internationally, which allows us to provide our investors with the same level of transparency and consistency.
Our commitment to this end is enshrined in our policies and Code of Conduct. In our work, we apply the following principles:
- We are accountable for ensuring our fair and lawful collection and processing, if any, of personal data, meaning we collect and process data honestly, ethically, with integrity and in a manner that is consistent with applicable laws and our values. We maintain evidence of compliance so we can demonstrate our commitment to these principles to interested parties, including data subjects, competent data protection supervisory authorities, internal stakeholders and regulators.
- We use a “privacy by design and by default” approach, meaning that privacy is a key consideration in the creation, delivery and support of our products and services.
- We focus on transparency, choice and individual participation, meaning that we provide appropriate privacy notices and information about our collection and use of personal data. We provide fair and reasonable choices for the collection and use of personal data, and we allow individuals to access, update and delete their personal data.
- We abide by collection and purpose limitation practices, meaning that we only collects and processes personal data that is adequate and relevant to the specified, explicit and legitimate purposes for which it was collected.
- We apply responsible data management practices to govern the processing of personal data. We classify and catalogue information accordingly and in a systematic, holistic manner. We take measures to avoid extracting or copying personal data to non-managed environments.
- We do not disclose personal data to law enforcement, governmental agencies or third parties unless required by law. We limit disclosures of personal data to our partners to what is described in our privacy notices, or to what has been authorized by our clients or end users.
- We implement appropriate security safeguards, including technical and organizational measures, to protect personal data against unauthorized access, use, modification or loss. We also require our partners to apply appropriate security and privacy safeguards.
FAQ
DATA PRIVACY
At TECHSTATIC , we welcome the Data Privacy Act as an opportunity to strengthen our commitment to data protection and privacy. Since the application of the Data Privacy Act to a global business can be quite complex, we have provided answers to some common questions below:
Is TECHSTATIC compliant with the Data Privacy Act?
TECHSTATIC has implemented the required policies, processes and procedures to comply with the Data Privacy Act. As a controller and processor of personal data, TECHSTATIC builds its success on the trust its clients, partners, employees and other stakeholders place in our ability to provide premier location products and services. This includes ensuring a high level of protection and security regarding the personal data that is entrusted to us.
Has TECHSTATIC complied with ‘the letter of the law’ or the ‘spirit of the law’?
Both. TECHSTATIC has taken compliance a step further by fortifying data protection and privacy as a core component of our composition. We have achieved this by applying the same the Data Privacy Act-compliant standards across our organization internationally (unless otherwise required by applicable local law), which allows us to provide our investors with the same level of transparency and consistency. Our commitment to this end is enshrined in our Privacy Policy and Code of Conduct.
How is TECHSTATIC accountable for ensuring fair and lawful practices in the collection and processing of personal data?
TECHSTATIC’s software programs such as BEGIN, collect and process data honestly, ethically, with integrity and in a manner that is always consistent with applicable laws and TECHSTATIC’s values. We maintain evidence of compliance, so we can demonstrate our commitment to these principles to competent data protection supervisory authorities and regulators.
How does TECHSTATIC reassure clients that their privacy is protected?
TECHSTATIC follows a “privacy by design and by default” methodology, making privacy a key consideration in the creation, delivery and support of our products and services. This also means that our default approach to collection and use of personal data is to focus on transparency, choice and individual participation.
How does TECHSTATIC ensure that data is only used for the purpose it was intended?
At TECHSTATIC, we abide by the principle of collection and purpose limitation, meaning that we only collect and process personal data that is adequate and relevant to the specified, explicit and legitimate purposes for which it was collected. We apply responsible data management practices to govern the processing of personal data. We classify and catalogue information accordingly and in a systematic, holistic manner. We take measures to avoid extracting or copying personal data to unmanaged environments.
What is TECHSTATIC’s policy on disclosure to authorities or third parties?
TECHSTATIC does not disclose personal data to law enforcement, or governmental agencies unless required by law, government regulation/policy, or by a final court order. We limit disclosures of personal data to our business partners/investors to what is described in our privacy notices, or to what has been authorized by our clients or end users.
What safeguards does TECHSTATIC have in place to protect personal data?
TECHSTATIC implements appropriate security safeguards, including technical and organizational measures, to protect personal data against unauthorized access, use, modification or loss. We also require our partners to apply appropriate security and privacy safeguards. TECHSTATIC maintains strict non-disclosure clauses in all of its contracts and dealings as proof of its commitment to ensuring the security of the data it collects and maintains.
Under the Data Privacy Act, is TECHSTATIC considered a data controller and/or a data processor and what are the implications?
TECHSTATIC can be either a controller or a processor, depending on the product or service concerned. Where TECHSTATIC acts as a controller, we will only process personal data for the limited purposes as described in our privacy policies or relevant notices or consents. Depending on the product or service concerned, TECHSTATIC either establishes its legal basis for processing personal data as a controller independently, or we flow this requirement down to our clients through a requirement to provide our applicable terms to relevant data subjects. If TECHSTATIC is a processor, we only process the data via the use of the software such as BEGIN, and all the data processed and recorded through BEGIN are solely and exclusively accessible only to the client. TECHSTATIC does not access the contents of the files processed via BEGIN, and no intervention is made with our client’s use, except for resetting the log-in keys (password) or when technical assistance is needed—in all instances, TECHSTATIC shall intervene only upon and limited to the instructions of the relevant controller (i.e. the client), or as required by law. As a processor, we are legally required to enter into data processing agreements with our clients and we have created agreements for all cases where this is required.
How will TECHSTATIC secure valid consent in future and how does this differ from past practice?
Securing valid consent has been changed to an affirmative action as required by the Data Privacy Act. Where TECHSTATIC processes personal data based on consent:
- A user is required to perform positive acts prior to accessing BEGIN, such as requiring the user to use a personal email account, send a signed Non-Disclosure Undertaking and a valid I.D., and input a password previously enrolled before said client can access our proprietary software.
- When needed, ‘opt-out’ consents will not be implemented. Instead, TECHSTATIC will strictly adhere to the ‘opt-in’ system.
- Where required, TECHSTATIC workflows and technical implementations have been changed accordingly.
What has TECHSTATIC done to ensure partners comply with the Data Privacy Act regulations?
In general, TECHSTATIC does not share personal data with third parties except to assist TECHSTATIC in providing services, or to comply with relevant laws. Where TECHSTATIC needs to engage data processors, TECHSTATIC has engaged the services of Louie S. Austria, who, among others, is a contracts and privacy lawyer– he would ensure that relevant safeguards are placed into all of TECHSTATIC’s contracts with the data processors and other third party contractors. TECHSTATIC also conducts diligence in the vendor selection phase to ensure its data processors provide sufficient privacy and security protections. TECHSTATIC monitors compliance of its vendors on an ongoing basis e.g. by conducting relevant audits or compliance evaluations.
We hope you find this statement informative and insightful!
For further questions, or if you believe any of our partners have violated or contradicted any or part of our privacy statement, please send a message to privacy@techstatic.asia. We will be more than happy to be of assistance.