Effectivity Date: January 1, 2021
Crossworks Training and Consulting Corporation (“us”, “we”, or “our”) operates the http://crossworks.ph website (the “Service”) and is committed to protect and respect your personal data’s privacy in accordance with the Data Privacy Act of 2012 (DPA). We adhere to information security’s principles of confidentiality, integrity and availability and comply with the DPA’s principles of transparency, legitimate purpose and proportionality.
This notice informs you of our policies regarding the processing (collection, use, and disclosure) of your personal data provided to us, when you use our services. It also tells you how you can exercise your rights as Data Subjects within the scope of this notice.
SCOPE OF THIS NOTICE
This notice covers our website data collection activities and applies to individuals who interact with our products and services, and those who interact with us using any of our contact avenues and social media platforms.
We provide various training programs for professionals in the field of management and leadership, as well as various related disciplines either through onsite services or online training delivery. These trainings are either delivered in-house (one organization) or publicly-run (multiple organizations attending a single training event)
We also provide various consulting services to organizations on areas such as but not limited to management, business, information technology, information security, organizational development, risk, and various others.
PERSONAL DATA COLLECTED
In order for us to provide you with your required service, we need you to fill-out the registration form that we will be sending you via e-mail, where we will collect the following personal information:
Company Contact Person’s:
- Email address
- Contact Number
- Name & Nickname
- E-mail address
- Contact number
You may contact us at any time through our e-mail address for any updates to the information you have provided to us.
USE AND DISCLOSURE
We use your personal information to:
- Contact you when we inquire about the details of the service(s) you require;
- Provide and maintain the service;
- To notify you about changes to our service;
- Allow you to participate in interactive features of our service when you choose to do so;
- Provide customer care and support;
- Provide analysis or valuable information so that we can improve the service;
- Monitor the usage of the service, and
- To detect, prevent and address technical issues.
We will only share your Personal Data to our personnel who are in-charged of providing the service you require with our training partners i.e., our certification bodies and trainers. We will also disclose your Personal Data to authorized third parties (1) to comply with a legal obligation ; (2) in response to legal proceedings; (3) to protect and defend the rights or property of our company; (4) to prevent or investigate possible wrongdoing in connection with the service; (5) to protect our rights, privacy, safety or property, or the public; and/or (5) to enforce the terms of any agreement of our service.
*We will share your information when we are under legal obligation to disclose your information even without your consent.
STORAGE, TRANSMISSION AND RETENTION
We use appropriate measures to keep your personal data’s integrity and confidentiality. The collected personal information is stored and retained in our database for a period (24 months) in accordance with organizational measures i.e., Company policies on retention, storage protection and disposal; Physical controls i.e., safeguarding hardcopies and/or hardware containing your personal data through security guard protected facility where only authorized personnel shall have access to your information and Technical controls i.e., use of strong authentication methods, appropriate access control, encryption and other security protocols.
Disposal procedures shall be performed when (1) the information served its purpose and as required by Company’s existing policy, (2) when you exercise your right to erasure/blocking and/or (3) in compliance with applicable laws and regulations.
Access to your personal data. Your Personal Data will be processed by company authorized personnel, on a need to know basis, depending on the specific purpose(s) for which your personal data have been collected e.g. our Accuont Managers contacting you for the details of your service request.
Measures taken in operating environments. The security of your data is important to us, but no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We ensure however, that we store your personal data in operating environments that use reasonable security measures to prevent unauthorized access. We also follow reasonable standards to protect personal data i.e., ISO Standards.
Transfer of your Personal Data. Because of the nature of our business, we may need to transfer your personal data internally within the company, and to third parties as noted in the “USE and DISCLOSURE”, in connection with the purposes set out in this Privacy Notice.
KNOW YOUR RIGHTS
We allow you to exercise your rights in accordance to the DPA Law.
You have the right to access, review and request a physical or electronic copy of information we hold about you. You also have the right to request information through e-mail for justifiable reasons and if there will be no other means to obtain them, considering the nature of the personal data we collect.
We also grant requests carried out by a person other than you, provided there is a justifiable reason and enough evidence that the request is legitimately made on your behalf.
Where provided by law, you can (1) request deletion, a copy, correction or revision/update of your Personal Data; (2) limit the use and disclosure of your Personal Data; (3) revoke consent to any of our data processing activities; and (4) object to the processing of your personal data, (5) you may lodge a complaint with the National Privacy Commission (NPC) if your complaints are not responded to within 15 working days.
Please note that, we may be required to retain some of your personal data after you have requested deletion, to satisfy our business needs and to conform to applicable laws, regulations and/or contractual obligations.
This Privacy Notice intends to satisfy queries you may have about the way we process your personal data. However, if you have unresolved concerns you also have the right to be indemnified if upon unreasonable doubt that we have committed a breach against your personal data and in accordance to what the law would require.
You may send an email to our Data Protection Officer at firstname.lastname@example.org if you wish to exercise any of your rights provided above.
CHANGING THIS POLICY
We may, from time to time, revise this privacy notice according to the needs of the organization. On such occasions, we will let you know through announcement in our website and, when permissible, other means of communication. When we make changes to this notice, we will amend the revision date at the top of this page and shall be effective immediately upon posting on the website.
For any inquiry, objection, complaints, revocation of consent, changes in your personal data, or other concerns related to privacy protection and security, please email our Data Protection Officer at email@example.com.