- Purpose of the Privacy Policy
- The purpose of this Privacy Policy is to outline how Microgenesis Business Systems (hereinafter referred to as “Microgenesis,” “we,” “us,” or “our”) collects, uses, shares, and protects personal data in compliance with applicable data protection laws, including the Data Privacy Act of 2012, ISO 27000, and the General Data Protection Regulation (GDPR). This policy applies to all personal data processed by us, regardless of the medium or method of collection. By implementing this Privacy Policy, we aim to ensure transparency and accountability in our data processing activities, safeguarding the privacy and rights of individuals whose data we handle.
- Company Information
- Microgenesis Business Systems is a leading provider of IT solutions and services. Our registered office is located at [Insert Address], and we are registered in the Philippines under company number [Insert Company Number]. For more information about our services, please visit our website at [Insert Website URL]. Our commitment to protecting personal data is integral to our operations, reflecting our dedication to ethical business practices and compliance with legal standards.
- Scope of the Policy
- This Privacy Policy applies to all personal data collected, stored, and processed by Microgenesis, including data collected through our website, mobile applications, social media channels, customer service interactions, and any other means of communication or interaction with us. The policy encompasses all aspects of data handling, from collection and storage to usage and sharing, ensuring comprehensive protection across all our operations and touchpoints.
- Definitions
- For clarity and consistency, the following definitions apply to this Privacy Policy:
- Personal Data: Any information that relates to an identified or identifiable individual, such as names, addresses, email addresses, phone numbers, and other contact information.
- Processing: Any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
- Data Subject: The individual whose personal data is being collected, held, or processed.
- Data Controller: The entity that determines the purposes and means of processing personal data, in this case, Microgenesis Business Systems.
- For clarity and consistency, the following definitions apply to this Privacy Policy:
- Data Protection Officer (DPO) Details
- Microgenesis has appointed a Data Protection Officer (DPO) responsible for overseeing data protection matters and ensuring compliance with applicable data protection laws. The DPO serves as the point of contact for all data protection inquiries and concerns. You can contact our DPO at:
- Email: [Insert DPO Email Address]
- Phone: [Insert DPO Phone Number]
- Postal Address: [Insert DPO Postal Address]
- Our DPO is tasked with monitoring compliance with data protection laws, providing guidance on data protection issues, and liaising with regulatory authorities. The DPO also oversees data protection impact assessments and ensures that any data protection queries or complaints are addressed promptly and effectively.
- Microgenesis has appointed a Data Protection Officer (DPO) responsible for overseeing data protection matters and ensuring compliance with applicable data protection laws. The DPO serves as the point of contact for all data protection inquiries and concerns. You can contact our DPO at:
- Roles and Responsibilities
- Microgenesis Business Systems is committed to ensuring that all staff understand their roles and responsibilities in relation to data protection. These roles include:
- Management: Responsible for integrating data protection into our business strategy and ensuring that adequate resources are allocated for compliance.
- Employees: Required to understand and comply with data protection policies and procedures, and to participate in training and awareness programs.
- Data Protection Officer (DPO): Monitors compliance, provides guidance on data protection issues, and serves as the primary point of contact for data subjects and supervisory authorities.
- Microgenesis Business Systems is committed to ensuring that all staff understand their roles and responsibilities in relation to data protection. These roles include:
- Compliance with Data Protection Laws
- Microgenesis is dedicated to complying with all applicable data protection laws, including the Data Privacy Act of 2012, ISO 27000 standards, and the General Data Protection Regulation (GDPR). We regularly review and update our data protection practices to ensure compliance. Our commitment includes:
- Regular audits and assessments of our data protection measures.
- Implementation of best practices for data security and privacy.
- Ensuring that all staff are trained on data protection requirements.
- Microgenesis is dedicated to complying with all applicable data protection laws, including the Data Privacy Act of 2012, ISO 27000 standards, and the General Data Protection Regulation (GDPR). We regularly review and update our data protection practices to ensure compliance. Our commitment includes:
- Types of Data Collected
- We collect various types of personal data to provide and improve our services. These types include:
- Identification Data: Such as name, date of birth, gender, and nationality.
- Contact Data: Including address, email address, and phone numbers.
- Professional Data: Such as job title, company name, industry, and professional experience.
- Technical Data: Including IP address, browser type and version, operating system, and platform.
- Usage Data: Information about how you use our website, products, and services.
- Marketing and Communications Data: Preferences in receiving marketing from us and communication preferences.
- Financial Data: Bank account details, payment card details, and other financial information.
- We collect various types of personal data to provide and improve our services. These types include:
- Methods of Data Collection
- We collect personal data through various methods, including:
- Direct Interactions: You may provide personal data directly to us by filling out forms, communicating with us via phone, email, or other means, or through interactions at events or meetings.
- Automated Technologies: As you interact with our website, we may automatically collect Technical Data and Usage Data using cookies, server logs, and other similar technologies.
- Third Parties and Publicly Available Sources: We may receive personal data about you from various third parties and public sources, such as business partners, service providers, and publicly available websites.
- Purposes of Data Processing
- We process your personal data for the following purposes:
- Service Provision: To process inquiries, fulfill requests, and provide and improve our services.
- Relationship Management: To communicate with you, provide customer support, and manage our contractual obligations.
- Marketing: To send marketing communications, newsletters, and promotional offers that may be of interest to you.
- Analytics and Research: To analyze usage trends, measure the effectiveness of our marketing, and improve our website and services.
- Legal Compliance: To fulfill legal and regulatory requirements, including data protection laws, and to respond to legal requests or protect our legal rights.
- Legal Basis for Processing
- We process your personal data based on the following legal grounds:
- Consent: Where you have provided your consent for specific processing activities, such as receiving marketing communications.
- Contractual Necessity: Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
- Legal Obligation: Where we are required to process personal data to comply with a legal obligation.
- Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided that your interests and fundamental rights do not override those interests.
- We process your personal data based on the following legal grounds:
- Data Subject Rights
- As a data subject, you have the following rights regarding your personal data:
- Right to Access: You can request access to your personal data and obtain information about how we process it.
- Right to Rectification: You can request the correction of inaccurate or incomplete personal data.
- Right to Erasure: You can request the deletion of your personal data under certain conditions.
- Right to Restriction of Processing: You can request the restriction of processing your personal data under certain conditions.
- Right to Data Portability: You can request the transfer of your personal data to another organization or to you.
- Right to Object: You can object to the processing of your personal data under certain conditions.
- Right to Withdraw Consent: You can withdraw your consent at any time, where processing is based on consent.
- Procedures for Exercising Rights
- To exercise your data subject rights, please contact our Data Protection Officer (DPO) using the contact details provided in this policy. We will respond to your request within the timeframes required by applicable data protection laws. Please provide sufficient information to verify your identity and specify the details of your request.
- Response Timeframes
- We aim to respond to all legitimate requests within one month. If your request is complex or you have made multiple requests, it may take us longer to respond. In such cases, we will notify you and keep you updated on the progress of your request.
- Data Sharing and Transfers
- We may share your personal data with third-party service providers who perform services on our behalf, such as:
- IT and Cloud Service Providers: To host and manage our data.
- Marketing and Advertising Agencies: To manage our marketing campaigns.
- Payment Processors: To process payments on our behalf.
- Professional Advisors: Such as lawyers and auditors.
- Internal Data Sharing
- We may share your personal data within Microgenesis to facilitate our operations and provide you with the best possible service. This includes sharing data with our departments and affiliated entities.
- External Data Sharing
- We may share your personal data with external entities in the following circumstances:
- With Your Consent: When you have provided explicit consent for data sharing.
- For Legal Reasons: When required by law or in response to valid requests by public authorities.
- For Business Transfers: In connection with a merger, acquisition, or sale of assets.
- International Data Transfers
- If we transfer your personal data to countries outside the Philippines or the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data. This includes:
- Adequacy Decisions: Transferring data to countries deemed by relevant authorities to provide an adequate level of protection.
- Standard Contractual Clauses: Using contractual clauses approved by relevant authorities to ensure data protection.
- Binding Corporate Rules: Implementing binding corporate rules that require all group companies to protect personal data in accordance with applicable data protection laws.
- Data Processing Agreements
- We enter into data processing agreements with all third parties who process personal data on our behalf. These agreements ensure that third parties protect your personal data in accordance with applicable data protection laws and our policies.
- Data Security
- Microgenesis Business Systems takes the security of your personal data seriously. We implement a variety of technical and organizational measures to protect your personal data from unauthorized access, use, or disclosure. These measures include:
- Encryption: We use encryption to protect sensitive personal data during transmission and storage.
- Access Controls: Access to your personal data is restricted to authorized personnel who need it for their job duties.
- Firewalls and Anti-Malware: We deploy firewalls and anti-malware software to prevent unauthorized access and malicious attacks on our systems.
- Regular Audits: We conduct regular security audits and assessments to identify and address potential vulnerabilities in our systems.
- Data Breach Notification
- In the unlikely event of a data breach that may compromise your personal data, we have procedures in place to detect, respond to, and mitigate the impact of the breach. We will notify you and relevant authorities as required by law and provide you with information about the nature of the breach and the steps we are taking to address it.
- Retention of Personal Data
- We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period may vary depending on the type of data and the specific legal or regulatory requirements.
- Criteria for Determining Retention Periods
- To determine the appropriate retention period for personal data, we consider the following factors:
- The nature and sensitivity of the data
- The potential risk of harm from unauthorized use or disclosure
- The purposes for which we process the data and whether we can achieve those purposes through other means
- The applicable legal, regulatory, tax, accounting, or other requirements
- Data Disposal
- When we no longer need your personal data, we will securely delete or anonymize it in accordance with our data retention and disposal policies. We use industry-standard methods to ensure that your data is safely and completely disposed of.
- Monitoring and Auditing
- We regularly monitor and audit our data protection practices to ensure compliance with this Privacy Policy and applicable data protection laws. These activities include:
- Conducting internal audits and assessments
- Reviewing and updating our data protection policies and procedures
- Implementing corrective actions as necessary
- Continuous Improvement
- We are committed to continually improving our data protection practices. This includes staying informed about new developments in data protection laws and best practices and updating our policies and procedures accordingly.
- Training and Awareness
- We provide regular training and awareness programs for our employees to ensure they understand their responsibilities under this Privacy Policy and applicable data protection laws. These programs cover topics such as:
- Data protection principles and practices
- How to handle personal data securely
- Recognizing and responding to data breaches
- Employee Obligations
- All employees of Microgenesis are required to comply with this Privacy Policy and our data protection policies and procedures. Failure to do so may result in disciplinary action, up to and including termination of employment.
- Policy Review and Updates
- We review and update this Privacy Policy regularly to ensure it remains relevant and compliant with applicable data protection laws. We will notify you of any significant changes to this policy through our website or other appropriate means.
- Contact Information
- If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact our Data Protection Officer (DPO) using the contact details provided in this policy:
- Email: dpo@mgenesis.com
- Phone: +632 8658-7000
- Postal Address: 1202 Paragon Plaza, EDSA cor Reliance St. Mandaluyong City
- Our DPO is responsible for overseeing data protection matters at Microgenesis and ensuring compliance with applicable data protection laws and best practices.
- If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact our Data Protection Officer (DPO) using the contact details provided in this policy:
- Data Protection Impact Assessments (DPIAs)
- We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of individuals. DPIAs help us identify and mitigate potential data protection risks associated with our processing activities. The steps involved in a DPIA include:
- Identifying the nature, scope, context, and purposes of the processing
- Assessing the necessity and proportionality of the processing in relation to its purposes
- Identifying and assessing risks to the rights and freedoms of data subjects
- Identifying measures to mitigate those risks
- Data Protection by Design and by Default
- We implement data protection by design and by default principles in our processing activities. This means that we:
- Integrate data protection into the design of our processing activities and systems from the outset
- Implement appropriate technical and organizational measures to ensure data protection principles are met
- Ensure that, by default, only personal data necessary for each specific purpose is processed
- Third-Party Processors
- We ensure that any third-party processors we engage with are compliant with applicable data protection laws and have appropriate data protection measures in place. We enter into data processing agreements with third-party processors that outline their data protection obligations and responsibilities.
- Data Subject Requests
- We have procedures in place to handle data subject requests efficiently and in compliance with applicable data protection laws. This includes requests for access, rectification, erasure, restriction of processing, data portability, and objections to processing.
- Complaints Handling
- If you have a complaint about how we handle your personal data, please contact our Data Protection Officer (DPO) using the contact details provided in this policy. We take all complaints seriously and will respond to your complaint promptly and in accordance with applicable data protection laws.
- Cooperation with Supervisory Authorities
- We cooperate with supervisory authorities in relation to our data protection practices and compliance with applicable data protection laws. This includes responding to inquiries, investigations, and audits conducted by supervisory authorities.
- Data Transfers Outside of the EEA
- When transferring personal data outside of the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect the data. These safeguards include:
- Transfers to countries that have been deemed to provide an adequate level of protection by the European Commission
- Using Standard Contractual Clauses approved by the European Commission
- Implementing Binding Corporate Rules that require all group companies to protect personal data in accordance with applicable data protection laws
- Children’s Privacy
- We do not knowingly collect or process personal data from children under the age of 16 without parental consent. If we become aware that we have collected personal data from a child under the age of 16 without parental consent, we will take steps to delete that data as soon as possible.
- Marketing Communications
- We only send marketing communications to individuals who have provided their consent to receive such communications. You can withdraw your consent to receive marketing communications at any time by following the unsubscribe instructions in the communications or by contacting us using the contact details provided in this policy.
- Automated Decision-Making
- We do not engage in automated decision-making, including profiling, that produces legal effects concerning individuals or similarly significantly affects individuals, unless it is necessary for entering into or performing a contract, authorized by law, or based on the individual’s explicit consent.
- Use of Cookies and Similar Technologies
- Our website uses cookies and similar technologies to enhance your user experience and analyze website traffic. You can manage your cookie preferences through your browser settings. For more information, please refer to our Cookie Policy.
- External Links
- Our website may contain links to external websites. We are not responsible for the privacy practices or the content of these external websites. We encourage you to read the privacy policies of any external websites you visit.