a. Service Description
The European Training & Competence Centre (ETCC) Inc. respects the privacy of all of its clients, employees and associated parties and is therefore committed to protecting all personal data collected and processed.
We have both a legal and a moral responsibility to ensure that we treat your personal data with the same level of privacy and confidentiality as we expect our own data to be treated and in line with all legal and regulatory requirements.
We know that data protection can often be quite a specialist subject and we make things as simple as possible as part of our obligation to you, to assist you in understanding exactly how and why we process your personal data, furthermore, we must ensure that you are aware of how our group holds and processes your personal data.
We believe that the key for data protection regulation is to adhere to the principles of transparency, legitimate purpose and proportionality and have therefore worked hard to ensure that all of our processing activities adhere to these principles.
For further details on the data processing activities relevant to you, please see related items of this page.
Please kindly note that as a business, we process personal data for numerous purposes in order to service the diverse nature of our clients and therefore the processing, collecting, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
Who we are
Who you are
b. Personal Information that are collected
If you apply for employment and training within the European Training & Competence Centre (ETCC) Inc., we will collect from you only data which is necessary to process this application. We will not supply your name and address without your consent to any third party, which is not a member of our group.
Data Security is of the upmost importance to European Training & Competence Centre (ETCC) Inc. and to that end, we have put in place appropriate security measure to protect and prevent your personal data from being accidentally lost, used or accessed by any unauthorized parties.
c. Collection method
Access to your personal data is limited to authorized employees, insurers, service providers and other third parties who require access for the fulfillment of a contract or agreement or are providing services to you or us.
d. Timing of collection
Timing of collection is as needed by the business and engagement with European Training & Competence Centre (ETCC) Inc. and data subjects are notified with the purpose of collection.
e. Purpose of collected personal information
If you apply for employment and training within the European Training & Competence Centre (ETCC) Inc., we will collect from you only data, which is necessary to process this application. We will not supply your name and address without your consent to any third party.
f. Storage and transmission of personal information
The data being collected is being stored on our secured data center and the backup data into tapes which are placed to our outsourced offsite facility where we have the legal terms of business and engagements in place. Third parties are not allowed to process technically our data and strictly follow our instructions and they are subject to a duty of confidentiality.
g. Method of use
European Training & Competence Centre (ETCC) Inc. had placed policies, procedures and security to protect related personal data.
h. Location of personal information
Personal information is placed on secured environment and is being accessed only by authorized employees, insurers, service providers and other third parties who require access for the fulfillment of a contract or agreement or are providing services to you or us.
i. Third party transfer
Third party transfer is detailed in item “f”, with the instruction of European Training & Competence Centre (ETCC) Inc., have the legal terms of business and engagements in place between the European Training & Competence Centre (ETCC) Inc. and these third parties. Third parties activities strictly follow and process technically our data as with the instruction of European Training & Competence Centre (ETCC) Inc. in relation to business requirement and they are subject to a duty of confidentiality.
j. Retention period
Data will be retained for 10 years maximum.
You have the right to request erasure of the personal data that we hold about you, commonly referred to as “Right to ERASURE or BLOCKING”.
Examples of why you may wish to exercise this right include, but are not limited to;
- The personal data is no longer necessary in relation to the purposes for which it was originally collected and processed by us;
- The legal grounds for us processing your data is through consent, if you withdraw consent then we have no other lawful basis for the processing;
- Our legal grounds for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to our processing and we do not have overriding grounds;
- You object to our processing for direct marketing purposes;
- Your personal data have been unlawfully processed; or
- Your personal data must be erased to comply with a legal obligation to which we are subject.
However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at your request although the most common reasons for this include complying with the local or international regulations and requirements in relation to:
- Preventing financial crime, money laundering and funding terrorism;
- Identifying political or commercially exposed persons, or those with a significant exposure to the media;
- FATCA/CR (“AEOI”) international tax reporting; and
- Employment law in the relevant jurisdiction.
If you wish us to exercise your “Right to ERASURE or BLOCKING” and if you are unsure whether or not we are able to erase your data, please contact the Data Protection Officer (Please see DATA CONTROLLER CONTACT INFORMATION).
k. Participation of data subject
You have the legal rights as set out below:
Right to be INFORMED
As a data subject, you have the right to be informed that your personal data shall be, are being or have been processed.
The right to be informed is a basic right as it empowers you as a data subject to consider other actions to protect you data privacy and assert your other privacy rights.
This right also requires personal information controllers (PICs) to notify you if within a specific period of time if your data has been compromised, i.e. in the case of a personal data breach.
Right to ACCESS
Concomitant to your right to be informed, you also have a right to gain reasonable access to your personal data.
You may request access to the following:
- Contents of your personal data that were processed;
- Sources from which they were obtained;
- Names and addresses of the recipients of your data;
- Manner by which such data were processed;
- Reasons for disclosure to recipients, if there were any;
- Information on automated processes where the data will or likely to be made as the sole basis for any decision which would significantly affect you;
- Date when your data was last accessed and modified; and
- Name and address of the personal information controller.
Right to OBJECT
You have a right to object to the processing of your personal data, including processing for direct marketing, automated processing or profiling.
You likewise have the right to be notified and given an opportunity to withhold consent to the processing in case of changes to the information given to you regarding the processing of your information.
Right to ERASURE or BLOCKING
Under the law, you have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data. You can exercise this right upon discovery and substantial proof of the any of the following:
Your personal data is incomplete, outdated, false or unlawfully obtained;
It is being used for purposes you did not authorize;
The data is no longer necessary for the purposes for which they are collected;
You decided to withdraw consent, or you object to its processing and there is no overriding legal ground for its processing;
The data concerns personal information prejudicial to the data subject – unless justified by freedom of speech, of expression, or of the press; or otherwise authorized;
The processing is unlawful; or
The personal information controller, or the personal information processor, violated you rights as a data subject.
Right to DAMAGES
You may claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, considering any violation of your rights and freedoms as data subject.
Right to FILE A COMPLAINT
If you are the subject of a privacy violation or personal data breach, or who are otherwise personally affected by a violation of the DPA, may file complaints with the company which will then be investigated thoroughly and will be reported to National Privacy Commission.
Right to CORRECT/RECTIFY
You have the right to dispute any in accuracy or error in your personal data and have the personal information controller correct it immediately, unless the request is vexatious or unreasonable. Once corrected, the PIC should ensure that you have access to both new and retracted information and simultaneous receipt of the new and the retracted information by the intended recipients thereof.
Right to DATA PORTABILITY
Where your personal information is processed by electronic means, you have a right to obtain from the personal information controller a copy of your personal data; a copy of such data in an electronic or structured format that is commonly used and allows for further use.
The purpose of this right is to empower you and give you more control over your personal data. This right, which applies subject to certain conditions, supports user choice, user control and consumer empowerment.
It enables the free flow of your personal information across organizations according to your preference. This is importantly especially now that several organizations and services can reuse the same data.
Data portability allows you to manage your personal data, and to transmit your data from one personal information controller to another. As such, it promotes competition that fosters better services for the public.
DATA SUBJECT ACCESS REQUEST
How to make a data subject access request:
To make a data subject access request, in the first instance please contact the Data Protection Officer who can assist you with this process.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if we believe your request is clearly unfounded, repetitive or excessive.
If we believe that your request is clearly unfounded, repetitive or excessive, we may refuse to comply with your request in these circumstances and will report our reasoning, as well as the details of your request, to the National Privacy Commission – Privacy Commissioner.
Information we need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We are required to respond to your request within 30 calendar days of receiving it. We will provide confirmation to you that we have received your request as well as the date we must have to respond by. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and provide you with a reasonable time frame for our response.
If you are not happy with our response to your data subject access request, you have the right to make a complaint and may contact the Data Protection Officer – Please see Data Controller Contact Information.
DATA CONTROLLER CONTACT INFORMATION
The contact details for Data Protection Officer are:
Data Protection Officer
European Training & Competence Centre (ETCC) Inc.
6/F Doehle Haus Manila, 30-38 Sen. Gil Puyat Avenue Barangay San Isidro 1234 Makati City
Email address: email@example.com ; firstname.lastname@example.org
Whilst every effort has been taken to ensure the accuracy of the information on this Website, any and all liability which might arise from your use or reliance on the information or links contained on the Website are excluded.
This Website contains links to other websites. The European Training & Competence Centre (ETCC) Inc. does not endorse, and accepts no responsibility or liability for any material supplied by or contained on any third party website which is linked from or to this Website or any use of personal data by such third party.
If you require any more information, please contact the respective Data Protection Officer.
Whenever used in this European Training & Competence Centre (ETCC) Inc. Privacy Notice, the following terms shall have their respective meanings as hereinafter set forth:
“Act” or “DPA” refers to Republic Act No. 10173, otherwise known as the Data Privacy Act of 2014;
“Commission” or “NPC” refers to the National Privacy Commission;
“National Privacy Commission” Independent body mandated to administer and implement the DPA of 2012, and to monitor and ensure compliance of the country with international standards set for personal data protection (IRR of DPA Section 8,);
“ETCC” refers to European Training & Competence Centre (ETCC) Inc.;
“Data Protection Officer (DPO)” Responsible for the overall management of compliance to the DPA (Refer to NPC Advisory No. 2017-01 Designation of Data Protection Officers);
“Compliance Officer for Privacy” or “COP” refers to an individual or individuals who shall perform some of the functions of a DPO, as provided in this Advisory;
“Processing” any operation of any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. (IRR of DPA Section 3, check paragraph no.);
“Conflict of Interest” refers to a scenario wherein a DPO is charged with performing tasks, duties, and responsibilities that may be opposed to or could affect his performance as DPO. This includes, inter alia, holding a position within the PIC or PIP that leads him to determine the purposes and the means of the processing of personal data. The term shall be liberally construed relative to the provisions of this Advisory;
“Data Sharing Agreement” refers to a contract, joint issuance, or any similar document that contains the terms and conditions of a data sharing arrangement between two or more parties; Provided, that only personal information controllers shall be made parties to a data sharing agreement;
“Data Subject” refers to an individual whose personal, sensitive personal, or privileged information is processed;
“Government Agency” refers to a government branch, body, or entity, including national government agencies, bureaus, or offices, constitutional commissions, local government units, government-owned and controlled corporations, government financial institutions, state colleges and universities;
“Personal data” refers to all types of personal information, including privileged information;
“Personal information” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;
“Personal information controller” or “PIC” refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf. The term excludes:
a person or organization who performs such functions as instructed by another person or organization; or
an individual who collects, holds, processes or uses personal information in connection with the individual’s personal, family or household affairs.
There is control if the natural or juridical person or any other body decides on what information is collected, or the purpose or extent of its processing;
“Personal information processor” or “PIP” refers to any natural or juridical person or any other body to whom a PIC may outsource or instruct the processing of personal data pertaining to a data subject;
“Privacy by Design” is an approach to the development and implementation of projects, programs, and processes that integrates into the latter’s design or structure safeguards that are necessary to protect and promote privacy, such as appropriate organizational, technical, and policy measures;
“Privacy Impact Assessment” is a process undertaken and used to evaluate and manage the impact on privacy of a particular project, program, process or measure;
“Privileged Information” refers to any and all forms of data which, under the Rules of Court and other pertinent laws, constitute privileged communication;
“Processing” refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data;
“Personal Information” refers to any information whether recorded in a material form or not from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;
“Sensitive Personal Information” refers to personal information:
About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
Specifically established by an executive order or an act of Congress to be kept classified.
“Privileged Personal Information” refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication. – Husband or wife cannot testify against one another without consent on any communication received by either in confidence marital privilege – Attorney-client relationship – Physician-patient relationship – Minister or priest-penitent (person making a confessional privilege) – Public officer given information in official confidence;
“Consent” refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged information. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of a data subject by a lawful representative or an agent specifically authorized by the data subject to do so.