Professional Documents
Culture Documents
Privacy Policy
Privacy Policy
I. Introduction
This Privacy Policy document has been created, in compliance with the requirements of
Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, its implementing rules
and regulations, and relevant National Privacy Commission issuances (collectively referred to as
either “DPA laws”). This document its attached annexes and acknowledgment form shall form
part of your employment, partnership, and/or service contract requirements at PH Global Jet
Express, Inc. (“J&T Express”, “Us”, “We”, Our”). You are thus obligated to read, comprehend, and
acknowledge your compliance with this Privacy Policy throughout your employment, partnership,
service contract duration with us.
For purposes of this policy, its annexes, and acknowledgement form, “Personal Data”
shall collectively refer to Personal Information, Sensitive Personal Information, and Privileged
Information. While the terms “Process” and “Processing” shall refer to any operation or any set
of operations performed upon personal data including, but not limited to, the collection,
recording, organization, storage, updating or modification, retrieval, consultation, use,
consolidation, blocking, erasure or destruction of data. Under the DPA, Personal information
refers to any information, whether recorded in a material form or not, from which the identity of
an individual is apparent or can be reasonably and directly ascertained by the entity holding the
information, or when put together with other information would directly and certainly identify an
individual. While Sensitive Personal Information refers to personal information:
•About an individual’s race, ethnic origin, marital status, age, color, and religious,
philosophical, or political affiliations.
Finally, Privileged information are those pieces of information defined under the Rules of Court,
an example of such are Attorney-client privilege, spousal privilege, etc.). The list of personal data
that shall be collected from you are found in the document attached to this policy named as
“Annex A”.
We collect and process your personal data for human resource management and
development as well as for other legitimate purposes essential and necessary for J&T Express’s
continued operations and growth. Our legitimate purposes for the use of your collected personal
data are as follows:
Internal Personnel
Third Parties
We allow limited access to your personal data to authorized third-party service providers
such as vendors, suppliers, subcontractors, and/or consultants who provide outsourced functions
including, among others:
The Company remains responsible over the personal data disclosed to such third parties. As
such, we ensure that such third parties are contractually obligated to comply with the
requirements of DPA Laws and shall process your data strictly in accordance with the purposes
enumerated above. We also disclose necessary employee personal data to government
regulatory agencies and law enforcement agencies including, but not limited to the SSS,
PhilHealth, Pag-IBIG, DOLE, and the BIR in accordance with our obligations and reportorial
requirements established by law and governmental agency circulars.
Finally, we do not sell or disclose your personal data to unauthorized third parties unless we are
legally required to do so or if such action is necessary to protect, defend and/or enforce our rights,
property or the personal safety of our employees and other individuals.
Personal data you submitted to PH Global Jet Express, Inc will only be kept in its custody only
for as long as it is legally allowed and necessary for the fulfilment of the declared, specified, and
legitimate purposes provided. After which, your personal data shall be disposed in a secure
manner that would prevent it from further processing, unauthorized access, or disclosure, access
due to negligence to any other party.
1. You shall only process the Personal data in accordance to your legitimate and
authorized job responsibilities. In the conduct of your personal data processing, you
shall always adhere and follow the General principles of data privacy as provided by
DPA Laws. These principles are:
a. Transparency – at all times, you shall ensure that the Data subject, whom you are
processing their personal data, has been given clear and proper disclosures about
your processing of their personal data and that they have given their express
consent to process the same.
b. Legitimate Purpose –you will guarantee that all Personal data processing
activities you are conducting are in accordance to your legitimate job
responsibilities and is not contrary to law, public morals, and public policy. You
guarantee that in case there is doubt as to the legitimacy of your personal data
processing related tasks, you shall immediately cease any operations and consult
your supervisor, Employee Relations officer, and/or the Data Privacy Officer.
c. Proportionality – at all times you shall ensure that you will only process types of
personal data that is relevant, necessary, and proportionate to the legitimate
RESTRICTED – INTERNAL USE ONLY
3 of 8
tasks you need to accomplish. You shall not collect/process excess personal data,
in the event that you came to a situation that you are processing excess personal
data, you shall immediately seize such activity and seek guidance from your
supervisor, Employee Relations officer and or the Data Privacy Officer on how to
address the same.
2. Manner of processing personal data - you will ensure all of your personal data
processing activities always have the appropriate safeguards applied to it. At the
minimum you shall ensure:
a. You are only using Company-issued assets to process personal data.
b. The file, device, and/or medium you are using to process personal data is
password protected and/or encrypted.
c. Access to the personal data you are processing is limited to you and authorized
personnel.
d. There should be a user access management as to who has access to the personal
data file/medium that you are processing. You or your supervisor must maintain
a documentation that holds: a) the names of the personnel who have access to
the said personal data file/medium, b) what level of access privileges do they have
(i.e. read-only, modify etc.), and c) date stamps on when such personnel started
having access to the file and when access was revoked
3. You shall not create, directly or indirectly, any unauthorized copy of any personal data
that you have processed or had access to - whether incidental to the performance of
your work or by accident. This obligation continues even after your contract relations
with us.
4. You shall not disclose to any person or entity any personal data that you have
processed or had access to - whether incidental to the performance of your work or
by accident. This obligation continues even after your contract relations with us.
5. You shall report immediately to the escalation channel - your supervisor, Employee-
relations, and/or the Privacy Office - any process or personnel who do not comply
with the provisions of this Privacy Policy and any incidents that you perceive or
believe there is a breach of personal data (i.e. unauthorized disclosures,
compromised personal data file/systems, etc.). All reported violations of this Privacy
Policy shall be kept in strict confidence by the escalation channel personnel and they
are duty bound to ensure that there is no unlawful retaliation on the reporting
personnel. Finally, be reminded that any concealment or omission to report violations
of this Privacy Policy are in contravention of the Company’s code of discipline.
6. You shall first communicate to the Privacy Office or employee relations officer any
clarifications or questions you may have concerning this Policy or anything related to
the Data Privacy Act before resorting to any third-party channels.
Under the Data Privacy Act, as a Data subject your rights are:
• Be Informed - You have the right to be informed of what, how, and why we collect and
process your personal data.
• To Object - You have the right to object to the processing and/or sharing of your personal
data especially when you feel that we do not have lawful grounds to do so. However, note
that this may result in the termination of your employment with us when such data you
RESTRICTED – INTERNAL USE ONLY
4 of 8
objected or refused to provide us is necessary for us to perform our obligations to you as
your employer.
• Withdraw Consent - You have the right to withdraw your consent to our processing
activities on your personal data. However, note that this right does not apply on instances
wherein our processing of your personal data rely on grounds provided by law besides
consent. Similar with the right to object, your withdrawal of your consent to the
processing of your personal data may result in the termination of your employment with
us when such withdrawal impairs our capability to perform completely our obligations to
you as your Employer.
• To Access - you have the right to request reasonable access to your personal data subject
to our company’s internal procedures.
• To Data Portability - You have the right to obtain a copy of the personal data we collected
from you in a format that is portable subject to our internal procedures.
• To Rectify - You have the right to ask us to rectify and/or update your personal data if
there are any errors or inaccuracies, subject to review and our company’s internal
procedures.
• Erasure or Blocking - You have the right to suspend, withdraw, or order the blocking,
removal, or destruction of inaccurate, incomplete, outdated, false, or unlawfully obtained
personal data, or personal data not necessary for the purpose for which it was collected,
and for such other cases provided in the Data Privacy Act of 2012. Do note that your
exercise of this right may result in the termination of your employment with us when such
demand to erase or block your data impairs completely our capability to perform our
obligations to you as your Employer.
• Damages - You have the right to be indemnified for damages sustained, if any, due to
inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your
personal data.
If you have any questions, concerns, or clarifications about any provisions of this Privacy Policy
you may contact the Data Protection Officer’s office via email at dpo@jtexpress.ph
[This part is intentionally left blank, succeeding pages are Annex A and Acknowledgment form]