COLLECTION OF DATA
Your personal information is collected via the conducting of interviews and filling out of forms. As part of our customer and loan application process, the following information are filled out : Name, Date of Birth, Age, Place of Birth, Civil Status, Spouse’s Name, Spouse’s Date of Birth, Gender, Religion, Educational Attainment, Mother’s Maiden Name, Nationality, Address, Contact Number, Dependent’s Name, Identification Cards and details, Number of Family Members & Businesses. These are then encoded via web and android, and saved in our company’s server.
USE AND PROCESSING OF DATA
We are using your personal data for the following purpose:
- In compliance with law and regulations regarding with “Know Your Customer”/KYC or Client Identification;
- In processing loan applications, savings deposit and withdrawals, and other transactions for business purposes;
- In carrying out legal and regulatory obligations;
- In conducting business analytics and researches (business, legal and management purposes)
SHARING OF DATA
We submit your information for the following reasons:
- In compliance with authorized regulatory agencies such as but not limited to Bureau of Internal Revenue (BIR), Philippine Health Insurance Corporation (PHIC).
- In fulfillment of Republic Act 10693, your personal and other information may be submitted to the Microfinance NGO Regulatory Council (MNRC). We may also share such information with other credit bureaus authorized by the MNRC.
- In providing information for funding and other projects such as but not limited to KIVA, Water.Org, WASH, OIKO and Grameen Bank.
- In offering insurance services to our clients and partnered with an insurance provider wherein we share information pertaining to your insurance enrollments and payments.
- In providing additional payment channels through our payment partners where we share information for validation.
OUTSOURCING AND SUBCONTRACTING AGREEMENTS
We may share with external agents that process information on behalf of the company to improve our delivery of services to you. These may involve aggregated information to help improve our products and services. The company creates a binding contract with the Personal Information Processors (PIP) that stipulates the different standards set by the controller and NPC.
CROSS BORDER DISCLOSURE
Any Personal Information provided to NWTF, Inc may be or disclosed, transported to, kept to an overseas beneficiary. Your Personal Information may also be processed by authorized employees or by PIP’s operating outside of the Philippines.
ACCESS OF DATA
NWTF values your rights as data subjects. We can allow you to see the personal information that we hold about you. If you want to verify, check or review your personal information, please submit an email to firstname.lastname@example.org addressed to the Data Privacy Officer. However, we may refuse to provide some or all information about you if there are law or regulatory requirements which refuses you to access these information. On the occasion that NWTF cannot provide you with access to your personal information, we will inform you of the reasons why.
CORRECTION OF DATA
As part of our core values, we value integrity of data. We want to ensure that all personal information provided to us is updated, accurate and complete If the data subject feels that the information we hold is lacking, incomplete or obsolete, he/she may request for the correction or rectification of his/her personal information. We will exhaust all efforts to revise and update your personal information to ensure you, our data subjects, that Dungganon cares.
SECURITY OF DATA
To ensure that your personal data is protected from any threats (both online and offline), NWTF, Inc. has established the appropriate physical, organizational and technical measures. The following (but not limited to) are the physical, organizational and technical measures that were set to ensure protection from any unauthorized processing, access due to negligence, improper disposal, unauthorized purposes, intentional breaches, malicious and unauthorized disclosures:
The organization has:
- Appointed a data protection officer (DPO) and assigned compliance officer for privacy (COP’s) for the whole company to ensure compliance with Republic Act 10173 and its implementing rules and regulations;
- Maintained data processing systems and records of processing activities;
- Implemented privacy management program and developed a privacy manual;
- Informed data subjects of their rights pertaining to their personal information; and established procedures for complaints and breaches handling;
- Trained employees concerning the Data Privacy Act, as well any other applicable implementing rules and regulations;
- Created Breach Team and procedures regarding breach drills;
- Prepared annual report of summary and documented security incidents;
- Reviewed contracts and data sharing agreements with PIP’s.
The organization has:
- Implemented necessary limits and restricted access to offices that contains; documents with personal information;
- Monitored activities within the head office building and departments where the personal data is processed;
- Set guidelines on proper usage of electronic devices (laptops, computers, tablets, phones, etc.) and portable storage devices (flash drive, external drive, etc.);
- Redesigned layout of the office spaces and work stations to promote confidentiality (which also consists of furniture and fixtures placements);
- Secured personal data that are contained in branches and buildings against natural disasters, power failures, typhoons, earthquakes and similar threats.
The organization has:
- Established electronic security systems (firewalls and data encryption);
- Limited access on onsite, remote and online access;
- Protected company’s computer network and systems;
- Maintained Audit Logs;
- Encrypted Personal Data in storage, in transit and authentication process.
RETENTION AND DISPOSAL OF DATA
Your personal data is physically stored in a place wherein sufficient measures are made to avoid any data loss or breaches. In addition, your personal data is electronically stored with in-house data storage providers.
We will retain your information for as long as it is necessary to fulfill the purpose for which it is collected or for business or legal purposes, or in accordance with applicable laws. In case your personal information is no longer required nor necessary to keep for any purposes (business, regulatory or legal), your personal information shall be disposed of in a secure method to prevent mishandling, disclosure or processing.
DATA BREACH MANAGEMENT
The company has established the breach management team should there be any data breaches are exposed. The employee or client shall report immediately to the DPO within the first twenty-four (24) hours from his or her detection for confirmation as to whether or not a breach requiring notification to National Privacy Commission (NPC) and Data Subjects. The forms and corresponding measures shall be in accordance with the circulars released by NPC.
For any clarifications or concerns, please contact:
- THE DATA PROTECTION OFFICER
Negros Women for Tomorrow Foundation, Inc.
102 San Sebastian-Verbena Streets 6100 Bacolod City, Negros Occidental
Contact Numbers: +63 34 707 3720 / +63 34 432 3720
Last Update: June 22, 2020.