- PRIVACY STATEMENT
- Data Subject – is defined under Section 3(c) of the Data Privacy Act as any individual whose personal information is processed.
- Data Sharing Agreement – is defined as the disclosure or transfer to a third party of personal data under the control or custody of a personal information controller. The term excludes outsourcing, or the disclosure or transfer of personal data by a personal information controller to a personal information processor.
- Processing – is defined as any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
- Personal Information – is defined as any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
- Personal Information Controller – is defined as a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal data on his or her behalf.
- Personal Information Processor – is defined as any natural or juridical person qualified to act as such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.
- Sensitive Personal Information – is defined as personal information (a) About an individual’s race, ethnic origin, marital status, age, color, religious, philosophical or political affiliations, beliefs or opinions, and trade union membership; (b) About an individual’s health, education, genetic and/or biometric data, sexual life and/or orientation., or any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; (c) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; (d) Specifically established by applicable local and/or foreign laws as classified;
- Personal Data – shall refer to all types of personal information, including those pertaining to agency personnel
- COLLECTION AND USE OF PERSONAL DATA
Customer Personal Data
We collect personal data from customers/clients for whom we provide petroleum, liquid cargo transport, and fuel facilities management services for the following purposes:
- Compliance with applicable laws, rules and regulations;
- Customer assessment and eligibility;
- Contract preparation and execution;
- Customer billing and collection;
- Financial services, accounting and reconciliation;
- To perform functions vital and necessary to the provision of our services, including, among others, internal security, incident management, quality assurance, and customer feedback;
- Business development, including, among others, the conduct of marketing/information campaigns relating to our complimentary services, promotions, loyalty and rewards offers/programs, and service discounts, and business analysis and research; and
- The achievement of corporate objectives and business endeavors and compliance to applicable laws, rules and regulations.
Applicant and Employee Personal Data
We collect and process personal data from our applicants and employees for Administrative and Human Resource Development purposes as well as in compliance to applicable labor laws, rules and regulations, including, but not limited to:
- Identity verification;
- Pre-qualification and post-qualification assessment;
- Performance evaluation and career development;
- Processing of employment compensation and benefits, including health and life insurance coverage;
- Internal Security;
- Compliance to labor and other regulatory requirements;
- For the protection of lawful rights and interests of the organization in internal administrative and court proceedings, or the establishment, exercise or defense of legal claims against prospectively malfeasant employees.
Partners and Service Providers
We collect and process personal data from our partners and service providers for the following purposes:
- Preparation and execution of contracts covering asset and property management, fuel supply hauling operations, and vehicle lease arrangements; and
- Interview and evaluation of Customer Service Representative provided by 3rd-Party Agencies.
- Customer Personal Data
- THE RIGHTS OF DATA SUBJECTS
NSEC fully recognizes that our employees, as data subjects, are accorded the following privacy rights:
Right to be informed
Our customers, employees, partners and service providers have the right to demand and be informed of the details about how and why we collect and process their personal data including its sources, recipients, methods, disclosures to third parties and their identities, automated processes, manner of storage, period of retention, manner of disposal and any changes to such processing activities before the same is undertaken.
Right to Object
They have the right to object to the sharing of their data. Should there be any changes in the information provided to them under this policy, they shall be informed of such changes and their consent thereto, where applicable, obtained before such changes are implemented.
Right to withdraw consent anytime
They have the right to withdraw their consent to the processing of their personal data anytime subject to any lawful basis for which such data is processed other than by consent.
Right to access
They have the right to have reasonable access to their personal data, upon demand and in a machine-readable and/or data portable format.
Right to dispute/rectify
They have the right to review and amend their personal data as processed by the organization should there be any inaccuracies.
Right to object/block/erase
They have the right to reject further processing of their personal data, including the right to suspend, withdraw, and remove their personal data in our control which are falsely collected or unlawfully processed.
- Right to be informed
- POLICY ON THE COLLECTION AND USE OF PERSONAL DATA
It is the policy of NSEC to:
- Adequately inform our customers, employees, partners and service providers of their rights as data subjects;
- Ensure that our customers, employees, partners and service providers are fully and adequately informed of all processing activities performed by the organization with respect to their personal data including the scope, purpose and means used by NSEC for such processing, its sources, recipients, methods, disclosures to third parties and their identities, automated processes, manner of storage, period of retention, manner of disposal and any changes thereto before the same is implemented;
- Obtain the express, informed and properly documented consent of our customers, employees, partners and service providers, where applicable, to our data processing activities. Where the processing does not require consent from our customers and employees, we endeavor, nonetheless, to fully inform our customers and employees of the bases of such processing other than consent;
- Ensure that our customers, employees, partners and service providers have the facility to reasonably exercise their rights as data subjects and that the organization can respond to such requests within reasonable time, including the provision of personal data in a machine-readable or data portable format in response to a request for information;
- Ensure that our customers, employees, partners and service providers have the facility to dispute any inaccuracy or error in their personal data, to object to any changes in the manner and purpose by which their personal data is being processed, to withdraw consent where applicable, and to suspend, withdraw, block, destroy, or remove any unnecessary, falsely collected or unlawfully processed personal data;
- Ensure that the personal data obtained from our customers, employees, partners and service providers are proportional, necessary and limited to the declared, specified and legitimate purpose of the processing;
- Ensure that the personal data of our customers, employees, partners and service providers are retained for only a limited period or until the lawful purpose of the processing has been achieved;
- Ensure that the personal data of our customers, employees, partners and service providers are destroyed or disposed of in a secure manner;
- Ensure that our customers, employees, partners and service providers have the facility to lodge complaints to NSEC relating to any violations to the rights of our customers and employees as data subjects and that such complaints are adequately and timely addressed.
- With respect to personal data collected and processed from foreign sources, we ensure that their personal data, is collected and processed in accordance with the applicable foreign law, if any.
- PRIVACY GOVERNANCE
DATA PROTECTION OFFICER
NSEC takes data protection seriously and has appointed a Data Protection Officers (“DPO”) tasked to monitor compliance with any and all applicable foreign and/or local data privacy laws, rules, and regulations.
Our DPO is fully committed to protecting our customers’ and employees’ privacy rights. Should you have any concerns regarding NSEC’s privacy practices and policies, including requests for exercise of data subjects’ rights, you may reach the DPO through the following contact information:
Data Privacy Officer email@example.com Office Address 3rd Floor, 126 Amorsolo St., Legaspi Village, Makati City
- DATA PROTECTION OFFICER
- PERSONAL DATA SECURITY POLICY
STORAGE OF AND ACCESS TO PERSONAL DATA
It is our policy to store both paper-based and electronic personal data in a secure data center covered by appropriate data security standards. Transfers of personal data within and without the organization shall only be made in accordance with strict security protocols
- STORAGE OF AND ACCESS TO PERSONAL DATA