top of page

TDI's Data Privacy

Introduction

 

Top Dynamics, Inc. (TDI) complies with the Data Privacy Act of 2012, its Implementing Rules and Regulations and other applicable laws and regulations.  TDI is committed in safeguarding our employees’ & clients’ privacy and ensuring that personal and account information is protected. This Data Privacy Policy applies to all personal information that we collect from our employees/clients/partners  for the purpose of providing efficient and effective service. By giving us the necessary personal information,  we acknowledge and agree to the processing of the personal information following statutory and regulatory standards for data protection as well as the practices set out in this Data Privacy Policy.

 

 

Collection of Information


All identifiable information that has been  provided to TDI  will only be used within the bounds of applicable Philippine laws and other rules and regulations that may be issued by relevant government institutions.  Non-identifiable data collected will only be used to track and serve relevant content users and address their concerns, if any.

 

In availing of any of TDI’s services or when our clients interact with our employees or authorized representatives, we collect our client’s and its client personal information so that we may provide valuable and useful content and services and to offer additional services that  will be relevant to our client’s business.

 

As defined under the Data Privacy Act of 2012, personal information is any information, from which the identify of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify the individual. In other words, is 

refers to any data that can be used to identify a person. This may include, among others:

 

• Personal contact information such as name, residential or office address, email address, 

birthdate, telephone/mobile phone number, nationality
• Proof of identification (government-issued identification cards or document) such as driver’s license, passport, etc.
• Profession, job, occupation, business or trade
• Latest account and financial information (including source of funds)
• Employment details
• Specimen signature/s

 

 

Use of Information


We use the information collected to deliver and provide the services that our clients have availed in order to: 

 

•           approve, facilitate, administer and process applications and transactions

•           daily operation or provision of services, managing or carrying out any transactions, requests or queries in connection with our client’s Service Agreement;

•           send your statements, notices and other such documents necessary for continued use of our products and services;

•            enhance or upgrade TDI’s  system infrastructure, operational, technical and other internal systems and processes maintained by or on behalf of TDI.

•           comply with/implement internal credit risk and control management, administration, audit, administrative processes, compliance functions/programs/policies; the terms and conditions governing our products and services pursuant to the rules and regulations of the Securities and Exchange Commission and Bangko Sentral ng Pilipinas; legal and regulatory requirements of government regulators, judicial, supervisory bodies, tax authorities or courts of competent jurisdiction

•           comply with applicable laws of the Philippines and those of other jurisdictions;

•           perform other such activities permitted by law or with your consent

 

We ensure that the handling of information adheres to the established security standards and procedures. Further, up-to-date and continuous improvement of our system/technology shall be put in place to prevent unauthorized access which undergoes continuous assessment designed to improve means in securing your privacy.

 

Sharing of Information
 

We assure you that we do not, and will not, share, sell personal information to third parties outside our company without our client’s consent. All our engagements shall be fully compliant with our obligation of confidentiality imposed on us under the applicable agreements and/or terms and conditions or any applicable laws that govern our relationship with our clients.

 

In some instances, we may share the  personal information as part of business operations, under an obligation of confidentiality. This means that we might share information with government agencies when required by law or regulation or by competent order of the court.
 

 

Protection of Information


The integrity, confidentiality and availability of information are important to us. We strictly enforce our privacy policy by implementing stringent process/system, organizational and physical security measures that are intended to protect our client and its client’s information from unauthorized access, use, alteration and disclosure. In addition, we train our employees to properly handle our client and its client’s information. Whenever we engage other companies to provide services for us, we require them to protect personal information aligned with our own security standards.

 

 

Retention of Information


TDI takes reasonable steps to ensure that our employees, clients and its client’s personal information shall be retained for the period necessary to fulfill the purpose/s for which it was collected and such other purposes that our clients’ may have consented to from time to time or until such time as it is no longer required nor necessary to keep your information for any other legal, regulatory or business purposes.

 

Minimum of six ( 6 ) months to one (1)  year subject to our Client’s SLA. 

 

Organizational Security Measures

 

Where appropriate, personal information controllers and personal information processors shall comply with the following guidelines:

 

  • GM/Compliance Officer shall designate an individual or individuals who shall function as data protection officer, or otherwise be accountable for ensuring compliance with applicable laws and regulations for the protection of data privacy and security.

  • Data Protection Policies – all employees (regular, commission based and outsourced) involved in the processing of personal data shall implement appropriate data protection policies that provide for organization, physical and technical security measures and for such purpose, take into account the nature, scope and context and purposes of the processing of the processing as well as the risk posed to the rights and freedoms of the data subjects.

  1. The policies shall implement data protection principles both at the time of the determination of the means for processing and at the time of the processing itself. 

  2. The policies shall implement appropriate security measures that, by default, ensure only personal data which is necessary for the specified purpose of the processing are processed. They shall determine the amount of personal data collected, including the extent of processing involved, the period of their storage, and their accessibility. 

  3. The policies shall provide for documentation, regular review, evaluation, and updating of the privacy and security policies and practices. 

  • Records of Processing Activities. All employees involved in the processing of personal data shall maintain records that sufficiently describe its data processing system, and identify the duties and responsibilities of those individuals who will have access to personal data. Records should include: 

    1. Information about the purpose of the processing of personal data, including any intended future processing or data sharing; 

    2. A description of all categories of data subjects, personal data, and recipients of such personal data that will be involved in the processing; 

    3. General information about the data flow within the organization, from the time of collection, processing, and retention, including the time limits for disposal or erasure of personal data; 

    4. A general description of the organizational, physical, and technical security measures in place; 

    5. The name and contact details of the personal information controller and, where applicable, the joint controller, the its representative, and the compliance officer or Data Protection Officer, or any other individual or individuals accountable for ensuring compliance with the applicable laws and regulations for the protection of data privacy and security. 

  • Human Resources shall be responsible responsible for selecting and supervising its employees, agents, or representatives, particularly those who will have access to personal data.  The said employees, or representatives shall operate and hold personal data under strict confidentiality if the personal data are not intended for public disclosure. This obligation shall continue even after leaving the public service, transferring to another position, or upon terminating their employment or contractual relations. There shall be capacity building, orientation or training programs for such employees, agents or representatives, regarding privacy or security policies. 

  • Processing of Personal Data – employees  involved in the processing of personal data shall develop, implement and review: 

  1. A procedure for the collection of personal data, including procedures for obtaining consent, when applicable; 

  2. Procedures that limit the processing of data, to ensure that it is only to the extent necessary for the declared, specified, and legitimate purpose; 

  3. Policies for access management, system monitoring, and protocols to follow during security incidents or technical problems; 

  4. Policies and procedures for data subjects to exercise their rights under the Act; 

  5. Data retention schedule, including timeline or conditions for erasure or disposal of records. 

 

 

Physical Security Measures

​

Where appropriate, personal information controllers and personal information processors shall comply with the following guidelines for physical security: 

  • Policies and procedures shall be implemented to monitor and limit access to and activities in the room, workstation or facility, including guidelines that specify the proper use of and access to electronic media; 

  • Design of office space and work stations, including the physical arrangement of furniture and euipment, shall provide privacy to anyone processing personal data, taking into consideration the environment and accessibility to the public; 

  • The duties, responsibilities and schedule of individuals involved in the processing of personal data shall be clearly defined to ensure that only the individuals actually performing official duties shall be in the room or work station, at any given time; 

  • Policies and procedures that prevent the mechanical destruction of files and equipment shall be established. The room and workstation used in the processing of personal data shall, as far as practicable, be secured against natural disasters, power disturbances, external access, and other similar threats. 

 

Technical Security Measures

​

Where appropriate, personal information controllers and personal information processors shall adopt and establish the following technical security measures: 

  • A security policy with respect to the processing of personal data; 

  • Safeguards to protect their computer network against accidental, unlawful or unauthorized usage, any interference which will affect data integrity or hinder the functioning or availability of the system, and unauthorized access through an electronic network; 

  • The ability to ensure and maintain the confidentiality, integrity, availability, and resilience of their processing systems and services; 

  • Regular monitoring for security breaches, and a process both for identifying and accessing reasonably foreseeable vulnerabilities in their computer networks, and for taking preventive, corrective, and mitigating action against security incidents that can lead to a personal data breach; 

  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; 

  • A process for regularly testing, assessing, and evaluating the effectiveness of security measures; 

  • Encryption of personal data during storage and while in transit, authentication process, and other technical security measures that control and limit access. 

 

 

Rights of Clients 


The Data Privacy Act of 2012 and its Implementing Rules and Regulations afford our clients certain rights. In exercising these rights, you may: 

 

1.                Object to the processing of our clients and it client’s personal information.

2.                Opt not to share information with other companies that we have business with provided that such information is not critical nor required by applicable laws and regulations in maintaining the services that you have availed with us.

3.                Unauthorized Access of data.

4.                Modify inaccurate data or update information.

5.                Update any information,

6.                Request for deletion or suppression of data.

 

Risk Management

 

Any potential or risk that our  employees shall be encountering,  concerned team/group or employee shall be reported immediately to TDI Management the moment it has been discovered.  Due process and investigation shall be conducted to address the issue.  Subject to the agreed TAT with our Client , all incidents shall be assessed/investigated/reported accordingly. 

​

 

Escalation Standard

​

1.     Employees to raise immediately  (Max. of four (4) hours)  to Management.

2.     TDI Management to conduct immediate investigation to classify and determine if there is a breach upon receipt of the escalation (Max. of  four (4) hours).

3.     If there is a breach,   the issue shall be raised to TDI’s concerned account/client immediately (Within 4 hours upon discovery). 

4.     Complete investigation with resolution max of twenty (24) hours upon discovery of the  breach.

 

Corrective Measures

 

Subject to the result of the investigation, the necessary administrative action shall be dealt with accordingly.  Criminal action may be instigated based on the result of the final investigation.

 

 

Changes to Our Data Privacy Policy


From time to time, TDI  may modify or amend this Data Privacy Policy to comply with any changes in government and regulatory requirements; align with industry practices, or for other legitimate purposes. We assure you that we shall give sufficient notice if there are material changes, and we shall secure your consent, if required by law.

​

For any possible breach,  please contact our Data Privacy Officer: 

 

Leilani Gaspar

Email Address:  dpo@topdynamics.org

Tel. No.        :   +63-2-87085620

​

​

​

​

​

​

​

​

​

​

​

​

 

​

Screenshot (645).png
bottom of page