Purpose
This policy outlines the measures our organization takes to protect personal data and uphold the privacy
rights of individual
Scope
This policy applies to all personal data processed by our organization, regardless of the source of the
data or the method of processing.
Definitions
Personal data: Any information that can be used to identify an individual, directly or indirectly.
Data controller: The person or organization that determines the purposes and means of processing personal data.
Data processor: A person or organization that processes personal data on behalf of a data controller.
Data subject: The individual to whom personal data relates.
Data protection principles
Our organization adheres to the following data protection principles:
Lawfulness, fairness and transparency: Personal data must be processed lawfully, fairly and in a
transparent manner.
Purpose limitation: Personal data must be collected for specified, explicit and legitimate purposes, and
not further processed in a manner that is incompatible with those purposes.
Data minimization: Personal data must be adequate, relevant and limited to what is necessary in
relation to the purposes for which it is processed.
Accuracy: Personal data must be accurate and, where necessary, kept up to date.
Storage limitation: Personal data must be kept in a form which permits identification of data subjects for
no longer than is necessary for the purposes for which the personal data is processed.
Integrity and confidentiality: Personal data must be processed in a manner that ensures appropriate
security of the personal data, including protection against unauthorized or unlawful processing and
against accidental loss, destruction or damage.
Data subject rights
Our organization recognizes the following data subject rights:
Right to access:Data subjects have the right to obtain confirmation as to whether or not personal data
concerning them is being processed, and, where that is the case, access to the personal data and certain
information about how it is being processed.
Right to rectification: Data subjects have the right to request that inaccurate or incomplete personal
data be rectified.
Right to erasure: Data subjects have the right to have their personal data erased in certain
circumstances, such as when the personal data is no longer necessary in relation to the purposes for
which it was collected or when the processing is unlawful.
Right to restrict processing: Data subjects have the right to request that the processing of their personal
data be restricted in certain circumstances, such as when the accuracy of the personal data is contested
or when the processing is unlawful.
Right to data portability: Data subjects have the right to receive their personal data in a structured,
commonly used and machine-readable format and to transmit that data to another data controller.
Right to object: Data subjects have the right to object to the processing of their personal data in certain
circumstances, such as when the processing is based on legitimate interests or for direct marketing
purposes.
Data breach notification
Our organization has procedures in place to detect, report and investigate personal data
breaches. In the event of a personal data breach, we will notify affected individuals and the
relevant supervisory authority without undue delay.
Data protection officer
Our organization has appointed a Data Protection Officer (DPO) who is responsible for
overseeing data protection strategy and implementation.
The DPO can be contacted at
+639171169194 or by email at dataprotection@classikocmk.com
Training and Awareness
Our organization provides training to all employees and contractors who handle personal data
to ensure they understand their responsibilities and comply with this policy.
Compliance
Our organization regularly reviews and updates this policy to ensure it remains compliant with
relevant data protection laws and regulations.Our organization takes data protection and privacy very seriously and is committed to ensuring
the confidentiality, integrity and availability of personal data.