Stellar Philippines Privacy Notice
Last updated 8 October 2019
This Privacy Notice (the “Notice”) sets out the commitment of Stellar Philippines, Inc. to collect and process personal information and sensitive personal information (collectively, “personal data”) in accordance with the applicable laws and regulations on data privacy, including the Philippine Data Privacy Act of 2012 (“DPA”), its implementing rules and regulations (“DPA IRR”), and other issuances by the National Privacy Commission (collectively, “Philippine data privacy laws”). It explains how Stellar Philippines, Inc. implements that commitment, and the terms and conditions under which we collect and process personal data. In processing personal data, we seek to adhere to the general privacy principles of transparency, legitimate purpose, and proportionality, and such other relevant principles in the collection, processing, and retention of personal data as required by applicable law.
2. Confidentiality under Philippine Law
Information that we receive from data subjects, whether or not constituting personal data, are generally protected as privileged communications, and covered by our responsibility to our data subjects to keep that information confidential. We diligently observe this professional obligation. We note that local law, regulations, and authorities permit disclosure of such information under certain conditions, as when the information has become public.
3. How we collect and process personal data
We may be able to obtain personal data in various ways. These include where a natural or juridical person (a “Person”) –
- enters into an agreement with us, whether or not written, including an employment contract, retainer agreement or other contract to avail of our legal services, or supply or service contract;
- submits to us any application, form, request, notice, or some other document;
- inquires after or applies for employment;
- becomes an employee, officer, consultant, agent, supplier or service provider of the Stellar Philippines, Inc.;
- accesses, browses, visits, or uses any of our websites, platforms, social media presence, and other online presence; or
- Otherwise, provides us with personal data, whether directly or through another Person.
Where personal data is publicly available, we may be able to collect the data from such public sources, including any online presence you may have.
On the categories of personal data we collect and process, this would be the data that you or other data subjects provide to us, which includes but not limited to, address, email address, telephone number, age, marital status, information issued by government agencies, and other information that may be used to enter into or help perform our contractual obligations.
Insofar as you disclose personal data when accessing or visiting the Website, we may process such personal data as well. Further, we may collect and process information that is normally collected as a standard part of your browsing activity. This may include your IP-address, access times, system activity, cookies, device identifier and hardware information, and other log information that is collected when you browse or visit our sites and accounts.
4. Purposes of collection and processing; recipients of personal data
We collect and process personal data for the purposes
- for which you have provided the data or made it otherwise available to us or to the public, and to enable us to fully and efficiently achieve those purposes,
- as allowed by applicable law, and
- Those purposes specified in the employee contract, to fulfill obligations to Stellar clients.
Recipients of personal data that we collect include persons within Stellar Philippines, Inc. (including any affiliates or related companies), and third parties to whom we have outsourced or may outsource certain business or operating activities, advisers, suppliers, and service providers, in order to achieve the Purposes. Some of these entities may be outside the Philippines, so that transfer of data will be cross-border. We may also disclose information, whether intended to be kept confidential or not, upon lawful request by a governmental authority, in response to a court order, or when required by applicable law.
5. Consent and other lawful criteria for collection and processing
5.1 Where you have provided us with your personal data through any of the interactions mentioned in Clause 3, in providing or making available the personal data, you agree and consent to our collecting, using, disclosing, sharing and otherwise processing the personal data for the Purposes, and in the manner and under the terms and conditions, in this Notice.
This supplements but does not supersede nor replace any other consents you may have previously provided or will provide to us in respect of your personal data, or the existence of a lawful basis or bases for the collection and processing of your personal data.
5.2 Applicable law allows us to process your personal data in accordance with other criteria or where the data is not covered by Philippine data privacy laws.
6. Scope and method of collection and processing
6.1 We utilize standard manual and computerized methods and systems to file, store and process personal data. Collection and processing of personal data will be undertaken in accordance with the principles set out in this Notice and as required by law.
6.2 We will store and retain personal data for such period as may be required by applicable law or as may be needed to enable us to fully and efficiently achieve the Purposes.
7. Amendments and supplements
Stellar Philippines Inc. reserves the right to amend this Notice from time to time. Any changes or amendments to this Notice, as well as its latest version, shall be published in the Website. Please check the Website regularly for updated information about, or amendments or supplements to, this Notice.
8. Rights of data subjects
Under the Philippine data privacy laws, data subjects have the following rights:
8.1 Right to object
As a data subject, you have the right to indicate your refusal to the collection and processing of your personal data, including processing for direct marketing, automated processing, or profiling. You also have the right to be informed and to withhold your consent to further processing in case there are any changes or amendment to information given to you. Once you have notified us of the withholding of your consent, further processing of your personal data will no longer be allowed, unless:
- The processing is required pursuant to a subpoena, lawful order, or as required by law; or
- The collection and processing is undertaken pursuant to any lawful basis or criteria indicated under the DPA IRR, Rule VIII, and Section 34(b).
8.2 Right to access
Upon your request, you may be given access to your personal data that we collect and process, as described in the DPA IRR, Rule VIII, Section 34(c). You also have the right to request access to the circumstances relating to the processing and collection of your personal data, insofar as allowed by law.
8.3 Right to rectification
You have the right to dispute any inaccuracy or error in your personal data and may request us to immediately correct it. Upon your request, and after correction has been made, we will inform any recipient of your personal data of its inaccuracy and the subsequent rectification that was made.
8.4 Right to erasure or blocking
In the absence of any other legal ground or overriding legitimate interest for the lawful processing of your personal data, or when there is substantial proof that your personal data is incomplete, outdated, false, or has been unlawfully obtained, you may request us to suspend, withdraw, or order the blocking, removal, or destruction of your personal data from our filing system. We may also notify those who have previously received your processed personal data.
8.5 Right to damages
You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your rights and freedoms as a data subject, as provided by law.
8.6 Right to data portability
In case your personal data was processed through electronic means and in a structured and commonly used format, you have the right to obtain a copy of your personal data in such electronic or structured format for your further use, subject to the guidelines of the National Privacy Commission with regard to the exercise of such right.
8.7 Transmissibility of rights of the data subject
We wish to advise you that upon the passing of a data subject, or in case of a data subject’s incapacity or incapability to exercise legal rights, the data subject’s lawful heirs and assigns may invoke the data subject’s rights in place of the data subject.
8.8 Limitation on rights; manner of exercising
The rights mentioned under this item are not applicable if personal data are processed only for scientific and statistical research purposes, and without being used as basis for carrying out any activity or taking any decision regarding you as the data subject. Your rights as a data subject are also subject to other limitations provided by law.
The law requires you to exercise your rights as described in this Notice in a reasonable and non-arbitrary manner, and with regard to rights of other parties.
All requests, demands or notices which you may make under this Notice or applicable law may be addressed to the Data Protection Officer though the details available on Section 11 of this notice.
9. Security Measures
We have taken appropriate security measures to protect your personal data against unauthorized access or unauthorized alteration, disclosure, or destruction. These measures include internal reviews of our data collection, storage, and processing practices, as well as physical security measures to protect your information against unauthorized access. As part of our efforts to ensure your information is protected, we restrict access to personal data to personnel who would need that information to perform their functions.
10. Data breaches
We will comply with the relevant provisions of rules and circulars on handling personal data security breaches, including notification to you or to the National Privacy Commission, where an unauthorized acquisition of sensitive personal information or information that may be used to enable identity fraud has been acquired by an unauthorized person, and is likely to give rise to a real risk of serious harm to the affected data subject. Please note that under applicable law, not all personal data breaches are notifiable.
11. Data Protection Officer
The Data Protection Officer (DPO) is the individual principally responsible for ensuring Stellar Philippines, Inc.’s compliance with applicable laws and regulations for the protection of data privacy and security. The DPO is responsible for the supervision and enforcement of this Notice, and the relevant contact details are as follows:
Data Protection Officer
Stellar Philippines, Inc.
MDC 100 Building, J. Garcia (C5 RD.) Cor. Eastwood Ave,
Bagumbayan Quezon City, Philippines 1110
For any inquiry related to this Notice, please contact our Data Protection Officer through the contact details indicated above.
All requests, demands or notices which a data subject may send or submit to us under this Notice must be in writing, should be addressed to the Data Protection Officer using the contact details above, and will be deemed duly given within 24hrs to 72hrs on the date of receipt – whether delivered personally, or delivered by a nationally recognized next-day courier service with confirmed delivery details, or through electronic mail that is transmitted to the email address specified above and the appropriate confirmation has been received by the sender via email.