PRIVACY POLICY
Your Privacy Matters: Emapta’s Commitment to Protecting Your Data
At Emapta, we believe that good privacy management stems from putting the rights and interests of data subjects at the core and centre of what we do. We value personal identifiable information (PII) entrusted to us, and we recognize that it is a valuable business asset to be respected, managed, and protected. We always commit to responsible corporate governance and compliant business practices. This Privacy Policy describes how your personal information is collected, used, and shared when you visit www.emapta.com (the “Site”).
DATA SUBJECTS AND RIGHTS
We always ensure that you, our data subjects, will feel secure that we are taking diligent care of the information you entrust to us. We implement privacy controls that are designed in compliance with various privacy regulations. We ensure that we will always uphold your rights and secure all personal information collected, used, and stored in our data processing systems. We also have mapped the different privacy regulations to cover as much as we could and isolate any unique requirements and formulate solutions to address them.
You have the right to be informed.
We will treat your personal data almost literally in the same way as your own personal property. Thus, it should never be collected, processed, or stored by anyone without your explicit and informed consent unless otherwise provided by law. We will solicit your consent through a consent form or through privacy notices and acknowledgment pages in our data collection tools and portals.
You have the right to access information.
This is your right to find out whether we hold any personal data about you and if so, gain “reasonable access” to them. Through this right, you may also ask us to provide you with a written description of the kind of information we have about you as well as our purpose for holding it. You have a right to obtain from us a copy of any information relating to you, provided in an easy-to-access format.
You have the right to object processing.
You can assert your right to object if the personal data processing involved is based on consent or on legitimate interest. When you object or withhold your consent, we will no longer process your personal data unless the processing is pursuant to a subpoena, for obvious purposes (contract, employer-employee relationship, etc.) or a result of a legal obligation.
In cases when there may be any change or amendment to the information previously given to you, you will be notified and will be given an opportunity to withhold consent.
You have the right to erasure or blocking. You have the right to suspend, withdraw or order the blocking, removal, or destruction of your personal data. You may exercise this right upon discovery and substantial proof of the following:
a) that your personal data is incomplete, outdated, false and unlawfully obtained.
b) your data is used for purposes you did not authorize, your data is kept longer than necessary.
c) processing your data is unlawful and you have decided to withdraw your consent.
You have the right to damages.
You may claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, considering any violation of your rights and freedoms as data subject.
You have the right to data portability.
This right assures that you remain in full control of your data. Data portability allows you to obtain and electronically move, copy, or transfer your data in a secure manner, for further use. This will allow you to manage your personal data in your private device, and to transmit your data from one location to another.
You have the right to rectify errors or inaccuracies to your PII.
You have the right to dispute and have corrected any inaccuracy or error in the data a may hold about you. We will act on it immediately and accordingly unless the request is vexatious or unreasonable. Once corrected, we will ensure that your access and receipt of both new and retracted information. We will also furnish third parties with said information, should you request it.
INFORMATION WE COLLECT, USE AND WHY
Information, specifically personal identifiable information (PII) is an integral and critical part of our business. Moreover, this is protected in the highest regard as this is valuable not just to us but for the clients we service. As it is a necessity to collect and process PII to be able to deliver services in a timely manner, we exercise due caution on how we treat this set of information.
In our business, personal identifiable information (PII) may exist in two domains. One is collected and utilized by our support services team (Core Team) which is needed to fulfill our contractual obligations to our employees and the other is within client systems and portals, acquired as part of their business process as part of their obligations to their customers.
PII utilized by the Core Team may be used to provide compensation and benefits to employees hired and assigned to perform work for our clients (Client Talents), assign credentials including, but not limited to logical and physical access to our system applications and delivery sites, create project proposals and develop business strategies for prospective clients and provide solutions as required.
Customer PII collected and processed by our clients is exclusively used by them to deliver goods or services, hence they have total control of how these are managed within their own customer portals and applications. Our clients are also responsible for enforcing and designing controls to manage this set effectively, in compliance with the privacy regulations where they operate and as deemed appropriate.
What specific Information we collect?
a) Identifiers and Contacts
We will collect primary identifiers to include names, contact numbers and email addresses which we will use in multiple ways. Predominantly, Our Core Team will use this set to identify who we are dealing with, reach out to and provide responses to correct contacts. We may also share this to clients upon request, or when processing activities and transaction would require it necessary.
b) Biometric Information (Fingerprints)
This may be required to provide physical access to our delivery sites.
c) Basic Health Information
Basic Health Information may include basic health status and wellness information which is part of our pre-employment requirements. This may also come from results posted on our annual physical and wellness examination.
d) Location and Addresses
We may collect and use mailing addresses to send correspondence. We may also ask for information about location and physical addresses to deploy and deliver company-issued assets and peripherals.
e) Government ID Numbers
We may collect government-issued ID numbers to be able to file applications on behalf of our employees for government-mandated benefits or to assist with other transactions, such as visa applications.
f) Work History, Background and Credentials
To effectively profile a candidate and match requirements for their requested manpower, we collect and verify through a background check an applicant’s educational background, work history and experience and other credentials like technical certifications, accreditations, and professional licenses.
What do we do with customer PII (client information)?
We do not store customer information of our clients; rather this is managed entirely by them. This allows total flexibility and control of their business, which forms part of our brand. This sets us apart from other businesses because we recognize what is good for our clients will also be good for us.
How do we manage information in client systems?
Customer information of our clients is housed in their processing portals and is classified as personal identifiable information. These are managed by the clients entirely. This may include identifiers, payment information (credit card details, bank details and other similar data), location and addresses, contact details and other pertinent information that may be used to identify a customer.
What information do we collect on our website?
When you visit our website (www.emapta.com), we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse this domain, we collect information about the individual web pages or products that you view, what websites or search terms referred to us, and information about how you interact with our public domain. We refer to this automatically collected information as “device information”.
We collect device information using the following technologies: Cookies, Log Files, and Web Beacons
Additionally, when you complete a contact form through our website, we collect certain information from you, including your name, address, email address, and phone number. We refer to this information as “Contact Information”.
DATA PRIVACY PRINCIPLES AND LEGISLATIVE REQUIREMENTS
Subject to compliance with various regulatory requirements, we process PII following the principles of transparency, legitimate purpose, and proportionality. Specified and legitimate purpose is determined and declared before, or as soon as reasonably practicable, the collection and processing of PII. We process personal information fairly and lawfully. We process personal information necessary and related to the fulfilment of our contractual obligation, responding to requests, and delivering services in a timely manner. We only keep information following specified retention periods and dispose of it properly afterwards.
Principle of Transparency
We obtain consent prior to the collection and processing of PII, subject to exemptions provided by laws and regulations. In the exercise of transparency, we will inform you of the nature purpose and extent of the processing of PII, including risks and safeguards involved, your rights and how these may be exercised.
Principle of Legitimate Purpose
We always ensure that the processing of PII is compatible with our declared and specified purpose and not contrary to law, morals, or public policy.
Principle of Proportionality
We will always ensure that the processing of personal information is relevant to and does not exceed the declared purpose or beyond the bounds of the consent we sought for. We will only collect what is needed and necessary to carry out processing activities and achieve desired outputs within the bounds of what you consented to.
PROCESSING
We always ensure that PII we process are adequate, relevant, and not excessive. We always consider the purpose that the information is being collected and processed for.
Consent
Prior to collection of personal information, or as soon as practicable, we will obtain informed and active consent. The consent form will be used whenever possible. We may also obtain consent through other means (e.g., Privacy Notices incorporated in our data processing systems and data collection portals)
Privacy Impact and Risks
To ensure that we will be able to identify gaps and risks in how we manage data privacy, we complete and run Privacy Impact Assessments and Risk Analysis on a periodic basis. We make it a point to also run assessments before we implement a new process, acquire, and deploy new data processing systems and adopt new strategies that may use PII. The Data Protection Officer spearheads this practice for us.
RETENTION
We would only retain information as long as needed, following a defined retention schedule which may be driven by regulatory requirements or if we have identified the need to do so. We will not keep information longer.
We also honour and respect your right to have your personal information purged or deleted. You may reach out to our DPO through privacy@emapta.com to request this.
DISPOSAL
All records and documents will always be disposed of properly, following the retention schedule for these records.
For customer information of our clients that may contain PII, they would have full control over disposal methods as these are housed entirely in client portals and applications.
OUR DATA PROTECTION OFFICER
Acting as the Single Point of Contact (SPOC) for all matters about Data Privacy, the Data Protection Officer (DPO), is responsible for managing the entire Data Privacy Program and responding to requests and inquiries, identifying and managing risks, developing policies and procedures to secure PII, and ensure we comply to reporting requirements driven by privacy regulations.
To reach out to our DPO, you may send your inquiries, requests, and queries to privacy@emapta.com
NCP CERTIFICATE OF REGISTRATION AND SEAL OF REGISTRATION
This is to certify that EMAPTA PHILIPPINES, INC with business address at U-ABCD 4F Equitable Tower 8751 Paseo de Roxas Bel Air, Makati City, Metro Manila, has duly complied with the registration requirements of the Data Privacy Act of 2012, its Implementing Rules and Regulations, and all related issuances. This certificate was issued under the seal of the Commission and serves only as proof of registration and not a verification of the contents of any document submitted in relation thereto.
The information on this certificate has been made part of the records of the Commission.