This Policy sets out the commitment of Netplates Corporation (“Netplates”) to collect and process personal information and sensitive personal information (collectively, "personal data") in accordance with the applicable laws and regulations on data privacy, including the Philippine Data Privacy Act of 2012 ("DPA") and its implementing rules and regulations ("DPA IRR"). In processing personal data, we seek to adhere to the general privacy principles of transparency, legitimate purpose, and proportionality, and such other relevant principles in the collection, processing, and retention of personal data as required by applicable law.
The Policy describes the types of personal information we collect, how we use the information, with whom we share it, and the rights of and choices available to individuals regarding our use of their information. We also describe the measures we take to protect the security of the information and how you can contact us about our privacy practices and to exercise your rights
Wizard uses personal data to process transactions with you for purposes, such as 1) order fulfillment per transaction; 2) processing of order delivery; 3) analytics of data/ order behavior; 4) government reporting; 5) marketing communication of promotional items, updates and subscriptions; and 6) other legal and expected business related purposes.
III. Definition of Terms
Whenever used in this Policy, the following terms shall have the respective meanings as set forth below:
“Data Controller” shall mean the company or person that determines the purposes, content, use and means of the processing of Personal Data.
“Data Processor” shall mean the company or person that processes Personal Data on behalf of the Data Controller.
“Personal Data” means any information relating to an identified or identifiable natural person (each a ”Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity
"Person" means any natural or juridical person.
"personal data" means personal information and sensitive personal information.
"personal information" refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an individual;
"processing" refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating, or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system.
"sensitive personal information" refers to personal information: (1) about an individual’s marital status, age, color and affiliations; (2) issued by government agencies peculiar to an individual which includes, but is not limited to, Senior Citizen Card Number and TIN Number; or (3) specifically established by an executive order or an act of Congress to be kept classified.
IV. Scope and Limitations
The privacy protection standards and requirements contained in this Policy shall apply to all Stakeholders of the Company that deal with the processing, collection, storing, or transfer of personal data, acting as a Data Controller or as a Data Processor.
V. Processing of Data
V.1 Information We Collect
We collect personal information about you in various ways, such as through our Website and Social Media Channels; at our Events; through Delivery Phone Calls and in connection order placement; and in connection with our interactions with Clients and Vendors. We may collect the following types of personal information (as permitted under local law):
- First and last names,
- Postal/billing addresses and/or email addresses,
- Mobile and/or landline telephone numbers,
- Marital status,
- Supporting details of your identification (ID) such as senior citizen/persons with disability/student IDs,
- Online Services account access information e.g. username and password, transaction information e.g., products you buy and payment preferences, and
- Marketing Communication Subscription Status (Opted in for Email, SMS, Social Media or all)
- Other details provided in your public profiles, if applicable, as well as other metadata e.g,. frequency of usage, product preferences, preferred delivery times, and other log-in data when voluntarily submitted by you.
- Bank account information;
- Tax-related information;
Navigation through and interact with the Website, depending on your settings, We may use automatic data collection technologies (e.g., cookies, web beacons, small data text files or similar technologies) to obtain certain information about your equipment, browsing actions, and patterns, such as:
- Details of your visits to the Website (e.g., traffic data, location data, logs, and other communication data and the resources that you access and use on the Website).
- Information about your computer/device and internet connection, as well as IP address, operating system, and browser type (collectively, "Collected Data").
The Collected Data are mostly statistical data but may include other Personal Data, and We may maintain or associate them with the Personal Data that We ask you to provide to us in connection with your orders/concerns, or which you may provide filled up customer/visitor form in the website.
V.2 How We Use the Information We Collect
We use the information described above to perform the following activities (as permitted under local law):
- For carrying out your requests, fulfilling orders, processing payments, and providing delivery services;
- Allow you access and use our online Services, where without them, our online Services may not work properly;
- Provide you with information or Services that you have requested or agreed to receive, including to send you electronic newsletters, or to provide you with special offers or promotional materials on behalf of Netplates Corporation (if you consent). By opting in to receive promotional email, and marketing materials, you hereby give permission to Netplates Corporation to send you direct and indirect marketing materials and advertising information to you, such as discount coupons and information about new product offerings based on your customer profile and behavior. If you wish to change your preference in this regard, you can contact us through the Contact information provided below;
- Inform you about the products and services of our business partners (if you consent). If you elect not to receive direct or indirect marketing materials from Netplates’ business partners, Netplates Corporation will send a mailing or e-mail messages on behalf of the partners. You can contact us through the Contact information provided below should you opt not to receive such marketing materials from Netplates’ business partners, whether from them directly or through Netplates Corporation;
- Process your registration with the Services, including verifying if your information is active and valid;
- Enable you to participate in a variety of the online Services’ features such as promotions;
- Improve our Services, to customize your experience on the Services, or to serve you specific content that is most relevant to you;
- Contact you with regard to your use of the Services or any of your requests, questions, complaints, and comments and, in our discretion, make changes to any of our privacy policies;
- Remember you, for your convenience, when you visit our online Services;
- Market to you through targeted advertising (if you consent);
- Maintain, manage, and improve our offers, promotions, and Services and for the development of other technology;
- Protect against, identify, and prevent fraud and other crime, claims, and other liabilities;
- Provide, transfer and/or store any data that it collects from you to Netplates Corporation, subsidiary, associated and affiliated companies, or to any agent, contractor or third party service provider located in or outside of Philippines which provides administrative, data processing, computer or other services to Netplates Corporation, to enable us to carry out the purposes permitted under this Policy;
- Internal analysis purposes, such as for research and development of products and services (including research on trends or analytics);
- Any other purposes for which you have consented, such as those that may be set out in this Policy, and other purposes as permitted or required by any applicable law; and
- Comply with any applicable laws or rules and regulations or investigative proceedings.
We will seek your consent in any event where we may use the information that we collect about you in other ways at the time that we collect the information.
If you no longer want to receive any further communications from McDonald’s, please contact us via our Contact information set out below.
V.3 Information We Share
In addition, we may disclose information about you (i) if we are required to do so by law or legal process; (ii) to law enforcement authorities or other government officials based on a lawful disclosure request; and (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).
V.4 Website Visitor Under the Age of 18
We are especially committed to protecting the privacy of children who visit our Sites or use our Services. This Children’s Privacy Notice is designed to answer your questions regarding our practices with respect to Personal Data we collect through our Services from children under the age of eighteen (18) (subject always to applicable law).
What Personal Information Does Netplates Collect?
We will not collect more detailed information from a Child, without the consent of a parent or guardian. If parent or guardian consent is required we will collect the email address of the parent or guardian so we can provide notice of our information practices and/or seek the parent’s or guardian’s consent. Netplates Corporation will not condition a Child's participation in any child-appropriate online activity on the Child's disclosure of more Personal Data than is reasonably necessary to participate in that activity.
How Does Netplates Use the Personal Data It Collects?
We use email addresses submitted by a Child in order to respond to the Child’s request or to notify the Child if he or she has won or lost a contest or promotion they entered or participated in. We use the email address of a parent or guardian, in order to provide the parent notice of our information practices or to seek the parent’s or guardian’s consent.
Personal Data collected from the Child is used solely by Netplates Corporation and its service providers.
How Does Netplates Share Personal Information?
We may share the Child's Personal Data with third parties to the extent reasonably necessary to protect the security or integrity of our Services, take precautions against liability, or respond to judicial process or requests from other governmental authorities; or when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity.
We may also share Personal Data collected from the Child with vendors that perform services for Netplates Corporation. These services may include hosting our online Services, providing technical, marketing, advertising fulfilment or other services to the Netplate's system. Such vendors are obligated to protect the confidentiality of the Personal Data that we share with them.
Requests from Parents / Guardians Regarding Our Children’s Privacy Practices
Parents / Guardians may review the Personal Data we have collected from their Child that has not been deleted, and can request that the Personal Data be deleted from our records if it has not been already. Parents / Guardians also may refuse to permit further collection or use of their Child’s Personal Data, when the parent / guardian has previously provided consent. To do so, please contact us through the Contact information provided below.
Who Should I Contact with Questions?
We urge parents / guardians to regularly monitor and supervise their Child’s on-line activities. If you have any questions about our Children’s Privacy Notice, please contact us through the Contact information provided below.
We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
VII. Security Measures
We have taken appropriate security measures to protect your personal data against unauthorized access or unauthorized alteration, disclosure, or destruction. These measures include internal reviews of our data collection, storage, and processing practices, as well as physical security measures to protect your information against unauthorized access. As part of our efforts to ensure your information is protected, we restrict access to personal data to personnel who would need that information to perform their functions.
Lastly, to ensure the security of the Personal Data you submit, Netplates always uses industry standard encryption software and technologies when transferring and receiving customer data. We have appropriate security measures that protect against the loss, misuse, or alteration of Personal Data that you have submitted.
We also put in effect safeguards such as:
- We keep and protect your information using a secured server behind a firewall, encryption and security controls;
2. We restrict access to your information only to qualified and authorized personnel who hold your information with strict confidentiality;
3. We undergo regular audit and rigorous testing of our infrastructure’s security protocols to ensure your data is always protected; and
4. We let you update your information securely to keep our records accurate.
We will retain your personal data throughout the subscription of our products and services, and for a maximum period of five (5) years afterward.
Your choices, including how you can check and update any personal information we have about you.
You are afforded certain rights in relation to your personal data under the Data Privacy Act of 2012, which includes the right to object to processing, the right to access your data, the right to modify of inaccurate data, and the right to erasure or blocking of data.
If you wish to have access to your personal information in our records; or you think that such personal information we have of you is incomplete, not up-to-date, or otherwise inaccurate, you may get in touch with our Data Privacy Officer through the contact details Section IX.
VIII. Data Breaches
We will comply with the relevant provisions of rules and circulars on handling personal data security breaches, including notification to you or to the National Privacy Commission, where an unauthorized acquisition of sensitive personal information or information that may be used to enable identity fraud has been acquired by an unauthorized person, and is likely to give rise to a real risk of serious harm to the affected data subject. Please note that under applicable law, not all personal data breaches are notifiable.
IX. Amendments and Supplements
We may amend or update this Policy. You agree to be bound by the prevailing terms of this Policy as updated from time to time, upon the amendment or supplement being published on our website or otherwise advised to you.
X. Data Protection Officer
The Data Protection Officer (DPO) is the individual principally responsible for ensuring Netplates compliance with applicable laws and regulations for the protection of data privacy and security. The DPO is responsible for the supervision and enforcement of this Policy, and the relevant contact details are as follows:
Data Protection Officer
Ground Floor, Kalayaan Center, V. Luna Avenue corner Kalayaan Avenue, Quezon City. [email protected]
T: (028) 920-2710 / (028) 920-2554
For any inquiry related to this Policy, please contact our Data Protection Officer through the contact details indicated above.