Customer or Data Subject refers to business and individuals whose Personal Information, including Sensitive Personal Information or Privileged Information is processed by STRATEGY X.
Data Privacy Act of 2012 refers to Republic Act No. 10173 and its implementing rules and regulations.
Data Protection Officer refers to an individual assigned by STRATEGY X who shall oversee the compliance of STRATEGY X with the Data Privacy Act, its Implementing Rules and Regulations, and other related policies, including the conduct of a privacy impact assessment, implementation of security measures, security incident and data breach protocol, and the inquiry and complaints procedure.
Personal Data refers to all types of Personal Information, including Privileged Information in the custody of STRATEGY X.
Personal Data Breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise process.
Personal Information refers to any information, whether recorded in a material form or not from which the identity of an individual is apparent, from which identity can be reasonably or directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
Privileged Information refers to any and all forms of data which, under the Rules of Court and other pertinent laws, constitute privileged communication.
Processing refers to any operation or any set of operations performed upon Personal Information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation use, consolidation, blocking, erasure or destruction of data
STRATEGY X refers to StrategyX and all subsidiaries of Outsourced Global Limited including but not limited to StrategyX. When reading this Privacy Policy in the context of a subsidiary company, "STRATEGY X" should be substituted with the name of the relevant subsidiary.
Sensitive Personal Information refers to Personal Information:
Security Incident refers to an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity, and confidentiality of Personal Data.
STRATEGY X needs to collect, and hold Personal Information of Customers in order to provide services. We treat this information with care, and in order to protect it from unauthorized disclosure, we take the following data security measures:
Data Protection Officer
A Data Protection Officer (DPO) shall be appointed by STRATEGY X at such time that this becomes a requirement of the Data Privacy Act. Until a DPO is appointed a Compliance Officer will fulfill the duties of the DPO.
Data Privacy Principles
The Processing of Personal Data within STRATEGY X will be conducted in compliance with the following data privacy principles as indicated in the Data Privacy Act:
Transparency
The Customer must be aware of the nature, purpose, and extent of the Processing of his or her Personal Data by the Company, including the risks and safeguards involved, the identity of persons and entities involved in Processing his or her Personal Data, his or her rights as a Data Subject, and how these can be exercised. Any information and communication relating to the Processing of Personal Data should be easy to access and understand, using clear and plain language.
Legitimate Purpose
The Processing of Personal Data by the Company shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy.
Proportionality
The Processing of Personal Data shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose. Personal Data shall be processed by the Company only if the purpose of the Processing could not reasonably be fulfilled by other means.
PHYSICAL SECURITY MEASURES
STRATEGY X has developed and implemented policy and procedures to monitor electronic storage and/or filing cabinets which contain Personal Data and ensure that these facilities are accessible only by authorized personnel of STRATEGY X.
TECHNICAL SECURITY MEASURES
STRATEGY X shall continuously develop and evaluate our security policy with respect to the Processing of Personal Data to make sure that the Personal Information is secured or processed in accordance with the Data Privacy Act.
The kinds of Personal Information that STRATEGY X collects and holds
In order for STRATEGY X to provide services, we need to collect and hold Personal Information. That information may include Customer names, addresses, telephone numbers, including mobile numbers, email addresses, copies of government-issued identification, bank account or credit card details, password details for accessing STRATEGY X services. Details of your authorized representative may also be required in which case you must ensure that you have obtained their consent to STRATEGY X collecting and holding their Personal Information.
How STRATEGY X collects and holds Personal Information
STRATEGY X collects Personal Information from Customers when they apply for services, request technical assistance or request that their details be updated. This can occur over the telephone, through an online process, or through completion of a form.
Personal Information will be held in secure electronic databases and/or secure filing cabinets. STRATEGY X will use all reasonable endeavors to ensure that Personal Information is accessible only to appropriately authorized employees.
The purposes for which STRATEGY X collects, holds, uses and discloses Personal Information
STRATEGY X uses Personal Information for the following purposes:
The aforementioned uses may require disclosure of the Personal Information to third parties including:
Disclosure of Personal Information to overseas recipients
STRATEGY X operates both in Philippines and overseas.
STRATEGY X may need to disclose Personal Information that we hold to organizations located outside Philippines in countries which do not have the same or substantially similar privacy laws, but only to the extent necessary for STRATEGY X to meet underlying business requirements such as legal and compliance in order to provide telecommunications services as requested by Customers in a written Service Agreement.
STRATEGY X may also store Personal Information in cloud storage or other types of networked or electronic storage. It is not always practicable to know in which country this information may be held, for example, when the Personal Information is stored in cloud storage infrastructure.
Overseas organizations will be subject to their own laws and may be legally required to disclose information that we share with them. In those instances, STRATEGY X will not be responsible for that disclosure.
STRATEGY X use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Storage, Retention and Destruction of Personal Information
STRATEGY X will ensure that Personal Data in the custody of STRATEGY X is protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful Processing. STRATEGY X will implement appropriate security measures in storing collected Personal Information, depending on the nature of the information. All information gathered shall not be retained for a period longer than necessary and/proportionate, subject to applicable requirements of the Data Privacy Act and other relevant laws and regulations. All hard and soft copies of Personal Information shall be disposed and destroyed, through secured means.
STRATEGY X will provide Customers access to their own Personal Information and Customers may request that such information be updated or corrected.
STRATEGY X will take all reasonable steps to ensure that Personal Information which we collect, use or disclose is accurate, complete and up-to-date. Customers may access and correct some of the Personal Information (such as contact details) that we hold by securely logging in to our website. Customers may also request that incorrect information be corrected or deleted by contacting Support.
Right to Be Informed
The Customer has a right to be informed whether Personal Data pertaining to him or her shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
The Customer shall be notified and furnished with information indicated hereunder before the entry of his or her Personal Data into the processing system of the STRATEGY X, or at the next practical opportunity:
Right to Object
The Data Subject shall have the right to object to the Processing of his or her Personal Data, including Processing for direct marketing, automated Processing or profiling. The Data Subject shall also be notified and given an opportunity to withhold consent to the Processing in case of changes or any amendment to the information supplied or declared to the Data Subject in the preceding paragraph.
When a Data Subject objects or withholds consent, the Personal Information Controller shall no longer Process the Personal Data, unless:
Right to Access
The Data Subject has the right to reasonable access to, upon demand, the following:
Right to Rectification
The Data Subject has the right to dispute the inaccuracy or error in the Personal Data and have the Personal Information Controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the Personal Data has been corrected, the Personal Information Controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by the intended recipients thereof: Provided, that recipients or third parties who have previously received such processed Personal Data shall be informed of its inaccuracy and its rectification, upon reasonable request of the Data Subject.
Right to Erasure
The Data Subject shall have the right to suspend, withdraw or order the blocking, removal or destruction of his or her Personal Data from the Personal Information Controller’s filing system.
Right to Damages
The Data Subject shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Data, taking into account any violation of his or her rights and freedoms as Data Subject.
Transmissibility of Rights of the Data Subjects
The lawful heirs and assigns of the Data Subject may invoke the rights of the Data Subject to which he or she is an heir or an assignee, at any time after the death of the Data Subject, or when the Data Subject is incapacitated or incapable of exercising the rights as enumerated in the immediately preceding section.
Right to Data Portability
Where his or her Personal Data is processed by STRATEGY X through electronic means and in a structured and commonly used format, the Data Subject shall have the right to obtain a copy of such data in an electronic or structured format that is commonly used and allows for further use by the Data Subject. The exercise of this right shall primarily take into account the right of Data Subject to have control over his or her Personal Data being processed based on consent or contract, for commercial purpose, or through automated means. The DPO shall ensure that it regularly monitor and implement the NPC’s guidelines specifying electronic format referred to above, as well as the technical standards, modalities, procedures and other rules for their transfer.
Data Breach Notification
All employees of STRATEGY X involved in the Processing of Personal Data are tasked with regularly monitoring for signs of a possible Personal Data Breach or Security Incident. In the event of Personal Data Breach or Security Incident or such signs are discovered, the employee shall immediately report the facts and circumstances to the DPO within twenty-four (24) hours from discovery to determine whether or not such breach requires notification under the Data Privacy Act. If it has been determined that such breach requires notification, the DPO shall notify the Commission and the affected Data Subject(s) pursuant to the requirements and procedures prescribed under the Data Privacy Act.
The notification to the NPC and the affected Data Subject(s) shall at least describe the nature of the breach, the Personal Data possibly involved, and the measures taken by STRATEGY X to address the breach. The notification shall also include measures taken to reduce the harm or negative consequences of the breach, and the name and contact details of the DPO from whom the affected Data Subject(s) can obtain additional information about the breach, and any assistance to be provided to the affected Data Subjects.
Breach Reports
All Personal Data Breaches and Security Incidents shall be documented through written reports including those not covered by the notification requirements. In the case of Personal Data Breaches, a report shall include the facts surrounding an incident, the effects of such incident, and the remedial action taken by STRATEGY X. In other Security Incidents not involving Personal Data, a report containing aggregated data shall constitute sufficient documentation. These reports shall be made available when requested by the NPC. A general summary of the reports shall be submitted to the NPC annually.
Questions or making a complaint related to Privacy
If Customers have questions, concerns, or would like further information regarding their Personal Information, or if they wish to make a complaint about our privacy practices, they can contact the STRATEGY X Legal Department.
Legal Department
Email: [email protected]
Policy Updates
STRATEGY X is continuously improving and enhancing its products and services to our clients and we may update this Privacy Policy from time to time. Any changes to this policy will be updated on this page on the STRATEGY X website.
By continuing to use STRATEGY X products and services, you signify that you have read, understood, and consented to the collection and use of your Personal Information, in accordance with this Privacy Policy.
This STRATEGY X Privacy Policy shall be effective from the 1st of January 2021
The kinds of Personal Information that STRATEGY X collects and holds
In order for STRATEGY X to provide you services, we will need to collect, and hold, some of your Personal Information. That information may include your name, your address, your telephone numbers, including your mobile number, email addresses, copies of government-issued identification, bank account or credit card details, password details for accessing STRATEGY X services. You may also choose to provide similar details of your authorized StrategyX representative. You must ensure that you have obtained the consent of such persons to STRATEGY X collecting and holding their Personal Information.
If you are unwilling to provide STRATEGY X with some details, we may not be able to supply you with services that you wish to acquire. It is not possible to acquire services from STRATEGY X under a pseudonym.
How STRATEGY X collects and holds Personal Information
STRATEGY X collects Personal Information when you apply for a service, request technical assistance, or provide us with updated information. This can occur either over the telephone, email, through an online process, through completion of a form or in writing. STRATEGY X may also collect Personal Information about you in accordance with its obligations to adopt and observe appropriate standards for Personal Data protection in compliance with Republic Act No. 10173 or the Data Privacy Act.
Personal Information will be held in secure electronic databases or secure filing cabinets. STRATEGY X will use all reasonable endeavors to ensure that Personal Information is accessible only to appropriately authorize StrategyX employees.
The purposes for which STRATEGY X collects, holds, uses and discloses Personal Information
STRATEGY X will only use your Personal Information for the following purposes:
The above uses may require disclosure of the Personal Information to third parties including:
If you do not wish to receive marketing material from STRATEGY X about STRATEGY X events, products and services, you may email such a request to STRATEGY X and STRATEGY X will cease communications about such products and services within fourteen (14) days. Please include your full name and customer ID. If you have more than one Customer ID, you must provide all of them.
Disclosure of Personal Information to overseas recipients
STRATEGY X operates both in Philippines and overseas. Therefore, we may need to share some of your Personal Information with organizations outside Philippines.
STRATEGY X may disclose some of your Personal Information that we hold to organizations located outside Philippines in countries which do not have the same or substantially similar privacy laws, but only to the extent necessary for STRATEGY X to meet underlying business requirements such as legal and compliance in order to provide you with telecommunications services as requested by you in a written Service Agreement. Overseas organizations will be subject to their own laws and may be required to disclose information that we share with them. In those instances, STRATEGY X will not be responsible for that disclosure.
STRATEGY X may also store your information in cloud or other types of networked or electronic storage. It is not always practicable to know in which country your information may be held, for example, when your Personal Information is stored in cloud infrastructure.
Storage, Retention and Destruction of Personal Information
STRATEGY X will ensure that Personal Data in the custody of STRATEGY X is protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful Processing. STRATEGY X will implement appropriate security measures in storing collected Personal Information, depending on the nature of the information. All information gathered shall not be retained for a period longer than necessary and/proportionate, subject to applicable requirements of the Data Privacy Act and other relevant laws and regulations. All hard and soft copies of Personal Information shall be disposed and destroyed, through secured means.
How you may access Personal Information and seek the correction of such information
STRATEGY X will take all reasonable steps to ensure that your Personal Information which we collect, use or disclose is accurate, complete and up-to-date. You can access and correct some of the Personal Information (such as contact details) that we hold about you by securely logging in to our website. You can also request that incorrect information about you be corrected or deleted.
Questions or Complaints about your privacy.
If you have any questions or concerns regarding your Personal Information with us or if you have any complaints about our privacy practices or would like further information, please contact the STRATEGY X Legal Department.
Legal Department
STRATEGY X