Privacy Policy

Our Privacy Policy

DEFINITION OF TERMS

Customer or Data Subject refers to business and individuals whose Personal Information, including Sensitive Personal Information or Privileged Information is processed by STRATEGY X.

Data Privacy Act of 2012 refers to Republic Act No. 10173 and its implementing rules and regulations.

Data Protection Officer refers to an individual assigned by STRATEGY X who shall oversee the compliance of STRATEGY X with the Data Privacy Act, its Implementing Rules and Regulations, and other related policies, including the conduct of a privacy impact assessment, implementation of security measures, security incident and data breach protocol, and the inquiry and complaints procedure.

Personal Data refers to all types of Personal Information, including Privileged Information in the custody of STRATEGY X.

Personal Data Breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise process.

Personal Information refers to any information, whether recorded in a material form or not from which the identity of an individual is apparent, from which identity can be reasonably or directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

Privileged Information refers to any and all forms of data which, under the Rules of Court and other pertinent laws, constitute privileged communication.

Processing refers to any operation or any set of operations performed upon Personal Information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation use, consolidation, blocking, erasure or destruction of data

STRATEGY X refers to StrategyX and all subsidiaries of Outsourced Global Limited including but not limited to StrategyX.  When reading this Privacy Policy in the context of a subsidiary company, "STRATEGY X" should be substituted with the name of the relevant subsidiary.

Sensitive Personal Information refers to Personal Information:

Security Incident refers to an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity, and confidentiality of Personal Data.


SECURITY MEASURES

STRATEGY X needs to collect, and hold Personal Information of Customers in order to provide services. We treat this information with care, and in order to protect it from unauthorized disclosure, we take the following data security measures:

Data Protection Officer

A Data Protection Officer (DPO) shall be appointed by STRATEGY X at such time that this becomes a requirement of the Data Privacy Act. Until a DPO is appointed a Compliance Officer will fulfill the duties of the DPO.

Data Privacy Principles

The Processing of Personal Data within STRATEGY X will be conducted in compliance with the following data privacy principles as indicated in the Data Privacy Act:

Transparency

The Customer must be aware of the nature, purpose, and extent of the Processing of his or her Personal Data by the Company, including the risks and safeguards involved, the identity of persons and entities involved in Processing his or her Personal Data, his or her rights as a Data Subject, and how these can be exercised. Any information and communication relating to the Processing of Personal Data should be easy to access and understand, using clear and plain language.

Legitimate Purpose

The Processing of Personal Data by the Company shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy.

Proportionality

The Processing of Personal Data shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose. Personal Data shall be processed by the Company only if the purpose of the Processing could not reasonably be fulfilled by other means.

PHYSICAL SECURITY MEASURES

STRATEGY X has developed and implemented policy and procedures to monitor electronic storage and/or filing cabinets which contain Personal Data and ensure that these facilities are accessible only by authorized personnel of STRATEGY X.

TECHNICAL SECURITY MEASURES

STRATEGY X shall continuously develop and evaluate our security policy with respect to the Processing of Personal Data to make sure that the Personal Information is secured or processed in accordance with the Data Privacy Act.


PROCESSING OF PERSONAL DATA

The kinds of Personal Information that STRATEGY X collects and holds

In order for STRATEGY X to provide services, we need to collect and hold Personal Information. That information may include Customer names, addresses, telephone numbers, including mobile numbers, email addresses, copies of government-issued identification, bank account or credit card details, password details for accessing STRATEGY X services. Details of your authorized representative may also be required in which case you must ensure that you have obtained their consent to STRATEGY X collecting and holding their Personal Information.

 

 

How STRATEGY X collects and holds Personal Information

STRATEGY X collects Personal Information from Customers when they apply for services, request technical assistance or request that their details be updated. This can occur over the telephone, through an online process, or through completion of a form.

Personal Information will be held in secure electronic databases and/or secure filing cabinets. STRATEGY X will use all reasonable endeavors to ensure that Personal Information is accessible only to appropriately authorized employees.

The purposes for which STRATEGY X collects, holds, uses and discloses Personal Information

STRATEGY X uses Personal Information for the following purposes:

The aforementioned uses may require disclosure of the Personal Information to third parties including:

Disclosure of Personal Information to overseas recipients

STRATEGY X operates both in Philippines and overseas.

STRATEGY X may need to disclose Personal Information that we hold to organizations located outside Philippines in countries which do not have the same or substantially similar privacy laws, but only to the extent necessary for STRATEGY X to meet underlying business requirements such as legal and compliance in order to provide telecommunications services as requested by Customers in a written Service Agreement.

STRATEGY X may also store Personal Information in cloud storage or other types of networked or electronic storage. It is not always practicable to know in which country this information may be held, for example, when the Personal Information is stored in cloud storage infrastructure.

Overseas organizations will be subject to their own laws and may be legally required to disclose information that we share with them. In those instances, STRATEGY X will not be responsible for that disclosure.

STRATEGY X use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Storage, Retention and Destruction of Personal Information

STRATEGY X will ensure that Personal Data in the custody of STRATEGY X is protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful Processing. STRATEGY X will implement appropriate security measures in storing collected Personal Information, depending on the nature of the information. All information gathered shall not be retained for a period longer than necessary and/proportionate, subject to applicable requirements of the Data Privacy Act and other relevant laws and regulations. All hard and soft copies of Personal Information shall be disposed and destroyed, through secured means.

STRATEGY X will provide Customers access to their own Personal Information and Customers may request that such information be updated or corrected.

STRATEGY X will take all reasonable steps to ensure that Personal Information which we collect, use or disclose is accurate, complete and up-to-date. Customers may access and correct some of the Personal Information (such as contact details) that we hold by securely logging in to our website. Customers may also request that incorrect information be corrected or deleted by contacting Support.


PRIVACY RIGHTS OF THE CUSTOMER

Right to Be Informed

The Customer has a right to be informed whether Personal Data pertaining to him or her shall be, are being, or have been processed, including the existence of automated decision-making and profiling.

The Customer shall be notified and furnished with information indicated hereunder before the entry of his or her Personal Data into the processing system of the STRATEGY X, or at the next practical opportunity:

  1. Description of the Personal Data to be entered into the system;
  2. Purposes for which they are being or will be Processed, including Processing for direct marketing, profiling or historical, statistical or scientific purpose;
  3. Basis of Processing, when Processing is not based on the consent of the Data Subject;
  4. Scope and method of the Personal Data Processing;
  5. The recipients or classes of recipients to whom the Personal Data are or may be disclosed;
  6. Methods utilized for automated access, if the same is allowed by the Data Subject, and the extent to which such access is authorized, including meaningful information about the logic involved, as well as the significance and the envisaged consequences of such Processing for the Data Subject;
  7. The identity and contact details of the Personal Data controller or its representative;
  8. The period for which the information will be stored; and (i) The existence of their rights as Data Subjects, including the right to access, correction, and object to the Processing, as well as the right to lodge a complaint before the Commission.

Right to Object

The Data Subject shall have the right to object to the Processing of his or her Personal Data, including Processing for direct marketing, automated Processing or profiling. The Data Subject shall also be notified and given an opportunity to withhold consent to the Processing in case of changes or any amendment to the information supplied or declared to the Data Subject in the preceding paragraph.

When a Data Subject objects or withholds consent, the Personal Information Controller shall no longer Process the Personal Data, unless:

  1. The Personal Data is needed pursuant to a subpoena;
  2. The collection and Processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which the Data Subject is a party, or when necessary or desirable in the context of an employer-employee relationship between the collector and the Data Subject;
  3. The information is being collected and processed as a result of a legal obligation.

Right to Access

The Data Subject has the right to reasonable access to, upon demand, the following:

  1. Contents of his or her Personal Data that were processed;
  2. Sources from which Personal Data were obtained;
  3. Names and addresses of recipients of the Personal Data;
  4. Manner by which such data were processed;
  5. Reasons for the disclosure of the Personal Data to recipients, if any;
  6. Information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the Data Subject;
  7. Date when his or her Personal Data concerning the Data Subject were last accessed and modified; and
  8. The designation, name or identity, and address of the Personal Information Controller

Right to Rectification

The Data Subject has the right to dispute the inaccuracy or error in the Personal Data and have the Personal Information Controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the Personal Data has been corrected, the Personal Information Controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by the intended recipients thereof: Provided, that recipients or third parties who have previously received such processed Personal Data shall be informed of its inaccuracy and its rectification, upon reasonable request of the Data Subject.

Right to Erasure

The Data Subject shall have the right to suspend, withdraw or order the blocking, removal or destruction of his or her Personal Data from the Personal Information Controller’s filing system.

  1. This right may be exercised upon discovery and substantial proof of any of the following:
    1. The Personal Data is incomplete, outdated, false, or unlawfully obtained;
    2. The Personal Data is being used for purpose not authorized by the Data Subject;
    3. The Personal Data is no longer necessary for the purposes for which they were collected;
    4. The Data Subject withdraws consent or objects to the Processing, and there is no other legal ground or overriding legitimate interest for the Processing;
    5. The Personal Data concerns private information that is prejudicial to Data Subject, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;
    6. The Processing is unlawful;
    7. The Personal Information Controller or Personal Information processor violated the rights of the Data Subject.
  2. The Personal Information Controller may notify third parties who have previously received such processed Personal Information.

Right to Damages

The Data Subject shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Data, taking into account any violation of his or her rights and freedoms as Data Subject.

Transmissibility of Rights of the Data Subjects

The lawful heirs and assigns of the Data Subject may invoke the rights of the Data Subject to which he or she is an heir or an assignee, at any time after the death of the Data Subject, or when the Data Subject is incapacitated or incapable of exercising the rights as enumerated in the immediately preceding section.

 

Right to Data Portability

Where his or her Personal Data is processed by STRATEGY X through electronic means and in a structured and commonly used format, the Data Subject shall have the right to obtain a copy of such data in an electronic or structured format that is commonly used and allows for further use by the Data Subject. The exercise of this right shall primarily take into account the right of Data Subject to have control over his or her Personal Data being processed based on consent or contract, for commercial purpose, or through automated means. The DPO shall ensure that it regularly monitor and implement the NPC’s guidelines specifying electronic format referred to above, as well as the technical standards, modalities, procedures and other rules for their transfer.


DATA BREACHES & SECURITY INCIDENTS

Data Breach Notification

All employees of STRATEGY X involved in the Processing of Personal Data are tasked with regularly monitoring for signs of a possible Personal Data Breach or Security Incident. In the event of Personal Data Breach or Security Incident or such signs are discovered, the employee shall immediately report the facts and circumstances to the DPO within twenty-four (24) hours from discovery to determine whether or not such breach requires notification under the Data Privacy Act. If it has been determined that such breach requires notification, the DPO shall notify the Commission and the affected Data Subject(s) pursuant to the requirements and procedures prescribed under the Data Privacy Act.

The notification to the NPC and the affected Data Subject(s) shall at least describe the nature of the breach, the Personal Data possibly involved, and the measures taken by STRATEGY X to address the breach. The notification shall also include measures taken to reduce the harm or negative consequences of the breach, and the name and contact details of the DPO from whom the affected Data Subject(s) can obtain additional information about the breach, and any assistance to be provided to the affected Data Subjects.

Breach Reports

All Personal Data Breaches and Security Incidents shall be documented through written reports including those not covered by the notification requirements. In the case of Personal Data Breaches, a report shall include the facts surrounding an incident, the effects of such incident, and the remedial action taken by STRATEGY X. In other Security Incidents not involving Personal Data, a report containing aggregated data shall constitute sufficient documentation. These reports shall be made available when requested by the NPC. A general summary of the reports shall be submitted to the NPC annually.

Questions or making a complaint related to Privacy

If Customers have questions, concerns, or would like further information regarding their Personal Information, or if they wish to make a complaint about our privacy practices, they can contact the STRATEGY X Legal Department.

Legal Department

Email: [email protected]

Policy Updates

STRATEGY X is continuously improving and enhancing its products and services to our clients and we may update this Privacy Policy from time to time. Any changes to this policy will be updated on this page on the STRATEGY X website.

By continuing to use STRATEGY X products and services, you signify that you have read, understood, and consented to the collection and use of your Personal Information, in accordance with this Privacy Policy.

This STRATEGY X Privacy Policy shall be effective from the 1st of January 2021


STRATEGY X Privacy Statement

The kinds of Personal Information that STRATEGY X collects and holds

In order for STRATEGY X to provide you services, we will need to collect, and hold, some of your Personal Information. That information may include your name, your address, your telephone numbers, including your mobile number, email addresses, copies of government-issued identification, bank account or credit card details, password details for accessing STRATEGY X services. You may also choose to provide similar details of your authorized StrategyX representative. You must ensure that you have obtained the consent of such persons to STRATEGY X collecting and holding their Personal Information.

If you are unwilling to provide STRATEGY X with some details, we may not be able to supply you with services that you wish to acquire. It is not possible to acquire services from STRATEGY X under a pseudonym.

How STRATEGY X collects and holds Personal Information

STRATEGY X collects Personal Information when you apply for a service, request technical assistance, or provide us with updated information. This can occur either over the telephone, email, through an online process, through completion of a form or in writing. STRATEGY X may also collect Personal Information about you in accordance with its obligations to adopt and observe appropriate standards for Personal Data protection in compliance with Republic Act No. 10173 or the Data Privacy Act.

Personal Information will be held in secure electronic databases or secure filing cabinets. STRATEGY X will use all reasonable endeavors to ensure that Personal Information is accessible only to appropriately authorize StrategyX employees.

The purposes for which STRATEGY X collects, holds, uses and discloses Personal Information

STRATEGY X will only use your Personal Information for the following purposes:

The above uses may require disclosure of the Personal Information to third parties including:

If you do not wish to receive marketing material from STRATEGY X about STRATEGY X events, products and services, you may email such a request to STRATEGY X and STRATEGY X will cease communications about such products and services within fourteen (14) days. Please include your full name and customer ID. If you have more than one Customer ID, you must provide all of them.

Disclosure of Personal Information to overseas recipients

STRATEGY X operates both in Philippines and overseas. Therefore, we may need to share some of your Personal Information with organizations outside Philippines.

STRATEGY X may disclose some of your Personal Information that we hold to organizations located outside Philippines in countries which do not have the same or substantially similar privacy laws, but only to the extent necessary for STRATEGY X to meet underlying business requirements such as legal and compliance in order to provide you with telecommunications services as requested by you in a written Service Agreement. Overseas organizations will be subject to their own laws and may be required to disclose information that we share with them. In those instances, STRATEGY X will not be responsible for that disclosure.

STRATEGY X may also store your information in cloud or other types of networked or electronic storage. It is not always practicable to know in which country your information may be held, for example, when your Personal Information is stored in cloud infrastructure.

Storage, Retention and Destruction of Personal Information

STRATEGY X will ensure that Personal Data in the custody of STRATEGY X is protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful Processing. STRATEGY X will implement appropriate security measures in storing collected Personal Information, depending on the nature of the information. All information gathered shall not be retained for a period longer than necessary and/proportionate, subject to applicable requirements of the Data Privacy Act and other relevant laws and regulations. All hard and soft copies of Personal Information shall be disposed and destroyed, through secured means.

How you may access Personal Information and seek the correction of such information

STRATEGY X will take all reasonable steps to ensure that your Personal Information which we collect, use or disclose is accurate, complete and up-to-date. You can access and correct some of the Personal Information (such as contact details) that we hold about you by securely logging in to our website. You can also request that incorrect information about you be corrected or deleted.

Questions or Complaints about your privacy.

If you have any questions or concerns regarding your Personal Information with us or if you have any complaints about our privacy practices or would like further information, please contact the STRATEGY X Legal Department.

Legal Department

STRATEGY X

[email protected]