Privacy Policy

This Privacy Policy sets out the commitment of “Order.PH” and is hereby adopted in compliance with Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and other relevant policies, including issuances of the National Privacy Commission. This organization respects and values your data privacy rights, and makes sure that all personal data collected from you, our clients and customers, are processed in adherence to the general principles of transparency, legitimate purpose, and proportionality.

This Privacy Policy shall inform you of our data protection and security measures, and may serve as your guide in exercising your rights under the DPA.

Definition of Terms

  • “Data Subject” – refers to an individual whose personal, sensitive personal or privileged information is processed by the organization. It may refer to officers, employees, consultants, and clients of this organization.
  • “Personal Information” – refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
  • “Processing” - refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.

Processing of Personal Data

  • Collection (e.g. type of data collected, mode of collection, person collecting information, etc.) - This company collects the basic contact information of clients and customers, including their full name, address, email address, contact number, together with the products that they would like to purchase. The sales representative attending to customers will collect such information through accomplished order forms. Use - Personal data collected shall be used by the company for documentation purposes, for warranty tracking vis-à-vis purchased items, and for the inventory of products.
  • Storage, Retention and Destruction (e.g. means of storage, security measures, form of information stored, retention period, disposal procedure, etc.) - This company will ensure that personal data under its custody are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. The company will implement appropriate security measures in storing collected personal information, depending on the nature of the information. All information gathered shall not be retained for a period longer than one (1) year after the client has ceased to use the service. After one (1) year, all hard and soft copies of personal information shall be disposed and destroyed, through secured means.
  • Access (e.g. personnel authorized to access personal data, purpose of access, mode of access, request for amendment of personal data, etc.) - Due to the sensitive and confidential nature of the personal data under the custody of the company, only the client and the authorized representative of the company shall be allowed to access such personal data, for any purpose, except for those contrary to law, public policy, public order or morals.
  • Disclosure and Sharing (e.g. individuals to whom personal data is shared, disclosure of policy and processes, outsourcing and subcontracting, etc.) - All employees and personnel of the company shall maintain the confidentiality and secrecy of all personal data that come to their knowledge and possession, even after resignation, termination of contract, or other contractual relations. Personal data under the custody of the company shall be disclosed only pursuant to a lawful purpose, and to authorized recipients of such data.

Security Measures


Every personal information controller and personal information processor must also consider the human aspect of data protection. The provisions under this section shall include the following:

  • 1. Data Protection Officer (DPO) The designated Data Protection Officer is the individual principally responsible for ensuring compliance with applicable laws and regulations for the protection of data privacy and security. The DPO is responsible for the supervision and enforcement of this Policy, the concerned person may send an email to the DPO via [email protected].

    The Data Protection Officer shall oversee the compliance of the organization with the DPA, its IRR, and other related policies, including the conduct of a Privacy Impact Assessment, implementation of security measures, security incident and data breach protocol, and the inquiry and complaints procedure.
  • 2. Duty of Confidentiality Information that we receive from clients, whether or not constituting personal data, are generally protected as privileged communications, and covered by our responsibility to our clients to keep that information confidential. We diligently observe this professional obligation. We note that local law, regulations, and authorities permit disclosure of such information under certain conditions, as when the information has become public.

Effectivity


The provisions of this Manual are effective this August 1, 2020, until revoked or amended by this company, through a Board Resolution.
Order.PH

Now anyone can sell online (fast)

© 2020 Order.PH - All rights reserved. Proudly made in the Philippines.