ONLINE PRIVACY STATEMENT
Trends Group, Inc. and its Affiliates
We commit to upholding your right to privacy. This commitment reflects the value we place on the trust and confidence reposed in us. To this end, we make every effort to comply with the relevant laws of the Philippines, particularly the Data Privacy Act of 2012 (“DPA”), its Implementing Rules and Regulations, and the circulars, memoranda, advisories, and opinions issued by the National Privacy Commission (“NPC Issuances”), as well as current international and local industry standards.
This Privacy Notice explains, among other things, how we implement our commitment and the terms and conditions under which we process (i.e., collect, use, retain, access, disclose, dispose, and/or secure) Personal Data. It likewise explains the steps you can take if you want to exercise any of your privacy rights as indicated below.
General Processing Principles
In processing Personal Data, we adhere to the general processing principles of transparency, legitimate purpose, and proportionality by:
1. providing an appropriate and separate Privacy Notice to you as the situation demands;
2. processing your Personal Data only for and consistent with a declared, specified, and legitimate purpose;
3. ensuring that only Personal Data relevant to and adequate for the declared, specified, and legitimate purpose/s will be processed;
4. maintaining the accuracy and quality of your Personal Data; and
5. implementing reasonable and appropriate organizational, physical, and technical measures to provide adequate protection to your Personal Data.
Processing of Personal Data and Purpose of Processing
We process your Personal Data only under the circumstances provided for under and in accordance with the DPA and NPC Issuances, as well as current international and local industry standards. We may process your Personal Data such as your name, contact information, address, credit history, and billing information, which may be shared among our authorized employees, affiliates, and service providers, for the following purposes and legal bases:
1. Performance of a Contract / Contractual Necessity – We process your Personal Data for us to fulfill our obligations under our contract with you. For example, to comply with the agreed warranty, we may collect your purchase history, contact information, and payment details.
3. Legal Requirement – We process your Personal Data to comply with a legal requirement. For example, to grant you access to our premises, we may collect your health information as part of our safety and health protocols the purpose of which is to assist public authorities in implementing laws on healthcare. We may also be obligated to process Personal Data to comply with regulatory requirements.
4. Consent – Where necessary, we process based on obtained consent.
We transfer Personal Data across country borders in accordance with this Privacy Notice. For example, the tools or applications we use for business operations may be hosted in another country.
We may use your Personal Data for statistical, analytical, and research purposes to create anonymous and aggregated reports.
If you provide us with Personal Data of other data subjects, you represent and warrant that you have given them access to this Privacy Notice and that you have their permission to do so. They may unsubscribe from any future communication following the link provided in the initial message or by contacting firstname.lastname@example.org
Kindly note that our websites may contain links to sites of third parties who are not affiliated with us. If you access such third-party websites by clicking on such links, we are not responsible for the way through which they will Process your Personal Data.
Method of Processing
We process your Personal Data, either by ourselves or through authorized third parties such as agents, suppliers, service providers, consultants, or business partners. Collection may be done in person, electronically, over the phone, or through e-mail.
Disclosure of Personal Data (If applicable)
We may disclose your Personal Data to third parties such as agents, suppliers, service providers, consultants, affiliates, law enforcement and government agencies, business partners, or other persons with whom you have given consent for us to disclose your Personal Data. We might disclose your Personal Data for the following purposes:
1. Service Providers, Suppliers, or Consultants – We may disclose your Personal Dara based on our and our service providers, suppliers, or consultants’ legitimate business operations. In this case, the role of the third party is to process Personal Data on our behalf.
2. Affiliates – We may disclose your Personal Data to one of our affiliates for the enhancement of our and/or our affiliate’s business operations or where such affiliate acts on our behalf or behalf of another of our affiliates. We ensure that the purpose for which the Personal Data is to be disclosed or shared is consistent with this Privacy Notice or the Privacy Notice provided to you when your Personal Data was collected at the first instance.
3. Government Authorities – We disclose your Personal Data to government authorities where such disclosure is required by applicable laws, rules, regulations, and lawful government orders.
If necessary, a separate privacy notice informing you of the identity of the third party that will be given access to your Personal Data, purpose of data sharing, categories of Personal Data concerned, and the nature, extent, and manner of processing involved shall be provided prior to the disclosure. Rest assured that we will never disclose your Personal Data to third parties unless you have given your consent or processing is under circumstances allowed by law or mandated by a valid order from a court of competent jurisdiction or government agency.
Security of Personal Data
We implement reasonable and appropriate organizational, physical, and technical security measures and processes for safeguarding and protecting your Personal Data against any accidental or unlawful destruction, alteration, and disclosure, as well as against any other unlawful processing with the aim to maintain the availability, integrity, and confidentiality of your Personal Data. These include:
Organizational Security Measures
Among others, we have appointed compliance officers for privacy who help ensure our compliance with the DPA and NPC Issuances and adopted privacy policies that are reviewed accordingly. We also conduct Privacy Impact Assessments to ensure that we continually improve.
Physical Security Measures
Among others, we have adopted measures that limit the access to Personal Data to certain individuals, policies designating specific locations for storing Personal Data, and protocols to minimize risks of security incidents.
Technical Security Measures
Among others, we have a team that monitors incidents round-the-clock, adopted policies on incident management, breach monitoring, and regular vulnerability scanning, and utilized firewalls, masking, and cryptographic controls.
We regularly review and enhance our security policies and measures to consistently maintain a high level of security.
We retain your Personal Data as long as they are:
1. necessary for the fulfillment of the declared, specified, and legitimate purpose/s.
2. needed to establish, exercise, or defend legal claims; and
3. allowed by law or by a government issuance to be kept within a period.
We shall dispose of your Personal Data and prevent further processing upon the cessation or expiration of the foregoing.
Update of Personal Data
To keep your Personal Data up-to-date, you are requested to immediately inform us of any relevant change/s.
Under the DPA, you have the right to be informed of the details of processing, right to reasonable access, right to object to the processing of your Personal Data, right to rectification of errors and inaccuracies, right to erasure or blocking of your Personal Data from our system, right to file a complaint and damages, and right to data portability. To know the full text of your rights under the DPA, you may refer to this: https://www.privacy.gov.ph/data-privacy-act/#16.
Notification of Changes
We reserve the right to amend this Privacy Notice at any time with or without notice. Any amendment to this Privacy Notice shall be communicated via posting on our website or, where appropriate under the circumstances, via e-mail.
Inquiries, Requests or Complaints
Data Protection Officer:
23rd Floor Trafalgar Plaza
105 H.V. Dela Costa Street
Salcedo Village, Makati
We shall exercise reasonable efforts to respond to your inquiries, requests, or complaints from receipt of the written request. Accordingly, we may impose such measures as may be necessary to authenticate and assure ourselves of your identity to avoid the risk of inappropriate disclosures.