Back
Philippines
Privacy Notice and Consent Form
Last Updated June 8, 2023
- 1. Definitions
- 2. Personal Data Collected, Used, and Shared
- 3. Organizational Security Obligations and Measures
- 4. Technical Security Measures
- 5. Rights of the Data Subject
- 6. Data Breaches and Security Incidents
- 7. Dispute Resolution and Law
- 8. Outsourcing and Subcontracting
- 9. Summary of Processing Activities
- 10. How to Contact Us
Chapter VIII - Outsourcing and Subcontracting
Any Personal Data Processing conducted by an external agent or entity (third-party service provider) on our behalf should be evidenced by a valid written contract with us. The contract should expressly set out the subject matter and duration of the Processing, the nature, and purpose of the Processing, the type of Personal Data and categories of Data Subjects, our obligations and rights, and the geographic location of the Processing under the contract.
The fact that we entered into such an arrangement does not give the said external agent or entity the authority to subcontract to another entity the whole or part of the subject matter of said arrangement unless expressly stipulated in writing. The subcontracting agreement will also comply with the criteria prescribed by the preceding paragraph.
In addition, both foregoing contracts described will include express stipulations requiring the external agent or entity (including the subcontractor) to:
- Process the Personal Data only upon our documented instructions, including transfers of Personal Data to another country or an international organization, unless such transfer is required by law;
- Ensure that an obligation of confidentiality is imposed on persons and employees authorized by the external agent/entity and subcontractor to process the Personal Data;
- Implement appropriate security measures;
- Comply with applicable laws and regulations, in addition to the obligations provided in the contract, or other legal act with the external party;
- Not engage another processor without our prior instruction, and any such arrangement will ensure that the same obligations for data protection under the contract or legal act are implemented, taking into account the nature of the Processing;
- Assist us, by appropriate technical and organizational measures, and to the extent possible, fulfill the obligation to respond to requests by Data Subjects relative to the exercise of their rights;
- Assist us in ensuring compliance with the law, taking into account the nature of Processing and the information available to the external party;
- At our discretion, delete or return all Personal Data to us after the end of the provision of services relating to the Processing, including the deletion of existing copies unless storage is authorized by law;
- Make available to us all information necessary to demonstrate compliance with the law, and allow for and contribute to audits, including inspections, conducted by another auditor mandated by us or us; and
- Immediately inform us if, in its opinion, an instruction violates the law.
