close

Privacy Policy

  • Website Privacy Policy

    EFFECTIVE: 1 January 2018

    Safeguarding your privacy is important to us. KMC MAG Solutions, Inc. (KMC Solutions) is committed to maintaining your trust by protecting personal information that we collect and use.

    This Privacy Policy describes how KMC Solutions collects, uses, and discloses your personal information in connection with any website, application, or other services that refers to or links to the Policy. KMC Solutions may amend this Privacy Policy at any time by posting the amended terms on this site. All amended terms automatically take effect on the date set out in the posted Privacy Policy, unless otherwise specified.

    Sites covered by this Privacy Policy

    This Privacy Policy applies to all KMC Solutions owned websites and domains, including https://www.kmcsolutions.us and https://kmc.solutions  (collectively, “Sites”). The KMC Solutions Websites may provide links to third-party websites for your convenience and information. If you access those links, you will leave the KMC Solutions Websites. We do not control those sites or their privacy practices, which may differ from our own privacy practices. This Privacy Policy does not cover any personal data that you choose to give to unrelated third parties. We do not monitor or control the information collected by such sites or the privacy practices of any third parties, and we are not responsible for their practices or the content of their sites.

    Information Collection and Use

    While using our Sites, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to your name, address, telephone number, email address, business name, a unique login name, and password ("Personal Information"). We use this information to contact you about the services on our Sites in which you have expressed interest, to verify your identity, in connection with a transaction that you or your company or organization has initiated, to deliver notifications and other operational communications, and for troubleshooting.

    You also have the option to provide demographic information (such as type of business, size of business, locations, etc.). KMC Solutions uses this demographic information to understand your needs and interests and to provide you a more personalized experience on our Sites. The information is used by KMC Solutions to process your orders, enable participation in promotions, and facilitate your relationship with us.

    In some cases, we collect billing and payment information you provide when you purchase products and services. We also collect information that you provide us when you participate in our surveys, sweepstakes or events.

    To the extent that you disclose to us any personal information of another individual, we assume that you have obtained such individual’s consent for the disclosure of such personal information as well as the processing of the same in accordance with the terms of this Policy.

    Log Data

    Like many site operators, we collect information that your browser sends whenever you visit our Sites ("Log Data").

    This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Sites that you visit, the time and date of your visit, the time spent on those pages, whether you have opened or forwarded our e-mails or connected to offers or links that we send you, your general or specific geographic location, such as through GPS, Bluetooth or WiFi signals to the extent permitted by the settings of your devices, and other statistics.

    If you use our internet connection, networks, telecommunications systems or information processing systems, your activity and any files or messages on those systems may also be monitored by KMC Solutions at any time, in accordance with applicable law, for purposes of an investigation or to ensure compliance with company policies.

     

    Information From Third-Party Sources

    We receive information about you from publicly and commercially available sources and other third parties as permitted by law. We may combine this information with other information we receive from or about you, where necessary to provide the Services you requested.

    We also may  partner with the following categories of third parties to collect, analyze, and use some of the personal information described in this Policy:

    • Third-parties that provide features and functionality on the services by means of plug-ins. Even if you do not click on or interact with social networking services or other plug-ins, they may collect information about you, such as your IP address and the pages that you view.
    • Advertising providers help us and our advertisers provide advertisements on our services or elsewhere, including advertisements that are targeted based on your online behaviour, and analytics companies help us measure and evaluate the usage of our services.
    • Other content providers may offer products and services on our services and may operate contents, sweepstakes, or surveys on our services.

    Communications

    We may use your contact information to send you information about KMC Solutions products and services as well as promotional material that may be of interest to you.  For example, we may periodically contact you with offers and information about our products, services, features, and events; to send you newsletters or other information about topics that we believe may be of interest; to conduct online surveys; and to otherwise promote our products, services, features, and events. We also may deliver targeted advertisements to you, both on and off the Services.

    Cookies, Web Beacons and other Internet Technologies

    Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive.

    Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

    Web beacons and similar technologies are small bits of code, which are embedded in web pages, advertisements, and e-mail, that communicate with third parties. We use web beacons, for example, to count the number of users who have visited a particular web page, to deliver or communicate with cookies, and to understand usage patterns. We also may include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

    There are other local storage and internet technologies, such as Local Shared Objects (also referred to as “Flash cookies”) and HTML5 local storage, that operate similarly to the cookies discussed above in that they are stored on your device and can be used to store certain information about your activities and preferences across different services and sessions.

    Our websites use these technologies for the following purposes:

    • Administering our Services.
    • Improving our Services, including helping us measure and research the effectiveness of our content, features, advertisements, and other communications. For example, we measure which pages and features website visitors are accessing and how much time they are spending on our webpages. We may include web beacons in e-mails, for example, to understand whether messages have been opened, acted on, or forwarded.
    • Storing your sign-in credentials and preferences so that you do not have to enter those credentials and preferences every time you log on to a Service.
    • Helping us and third parties provide you with relevant content and advertising by collecting information about your use of our Services and other websites.

    Security

    The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

    Accessing, Reviewing, and Updating Your Personal Information

    To the extent provided for under Republic Act No. 1073, otherwise known as the Data Privacy Act of 2012, you may have the right to access your personal information and to update or correct inaccuracies in your personal information.

    You may have rights to revoke consent you previously granted us with respect to processing personal information and to object to the use of your personal information for direct marketing or for other purposes that are not necessary in light of the nature of our legal relationship. Note that if you revoke your consent to such processing, we may be unable to provide you with certain aspects of the services.

    If you would like to exercise any of your rights under the Data Privacy Act, please send an e-mail to dpo@kmc.solutions.

    Changes To This Privacy Policy

    We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

    If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.

    Contact Us

    If you have any questions about this Privacy Policy, please contact us at:

    KMC MAG Solutions, Inc. 25th Floor, Picadilly Star Building, 4th Avenue, corner 27th Street,

    Bonifacio Global City, Taguig 1634, Metro Manila, Philippines. Email: dpo@kmc.solutions.

     

  • Data Privacy Manual

    KMC MAG Solutions, Inc.
    DATA PRIVACY MANUAL

    Introduction

    KMC MAG Solutions, Inc. (KMC) respects and values data privacy rights, and makes sure that all personal data collected from employees, clients and vendors, are processed following the general principles of transparency, legitimate purpose, and proportionality. This Manual provides information on the KMC’s data protection and security measures and may serve as a guide for the exercising of a Data Subject’s rights under the Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA) and when applicable, the European Union’s General Data Protection Regulation 2016/679 (GDPR).

    Privacy laws aim to protect personal data in information and communications systems. Under the DPA and the GDPR, KMC is processing personal data and has policies, and implements measures and procedures that guarantee the safety and security of personal data under control
    or custody, thereby upholding an individual’s data privacy rights. KMC takes reasonable and appropriate measures to protect personal data against dangers such as accidental loss or destruction, unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.

    To inform its personnel of such measures, KMC has prepared this Privacy Manual. This Manual guides personnel for compliance with the DPA, its Implementing Rules and Regulations (IRR), other relevant issuances of the National Privacy Commission (NPC) and if applicable, the GDPR. It also describes the privacy and data protection protocols to be observed and carried out for specific circumstances (e.g., from collection to destruction), to protect the rights of data subjects.

    Definition of Terms

    “Data Subject” – refers to an individual whose personal, sensitive personal or privileged information is processed by the organization. It may refer to officers, employees, consultants, vendors and clients of this organization.

    “Personal Information” – refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

    “Processing” refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.

    Scope and Limitations

    All personnel of this organization, regardless of the type of employment or contractual arrangement, must comply with the terms set out in this Privacy Manual.

    This Manual shall be read in conjunction with the following:

    1. Privacy Statement for Clients and/or Vendors; and
    2. Privacy Statement for Human Resources.

    Processing of Personal Data

    A. Collection (e.g. type of data collected, mode of collection, person collecting information, etc.)

    KMC collects the basic contact information of clients, vendors and employees, including their full name, address, email address, contact number, and other necessary personal information.

    B. Use

    Personal data collected shall be used by KMC for documentation purposes, compliance with
    legal obligations and governmental regulations.

    C. Storage, Retention and Destruction (e.g. means of storage, security measures, form of information stored, retention period, disposal procedure, etc.)

    KMC will ensure that personal data under its custody are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. KMC will implement appropriate security measures in storing collected personal information, depending on the nature of the information. All information gathered shall not be retained for a period longer than five (5) to ten (10) years. After the five (5) to ten (10) year period, all hard and soft copies of personal information shall be disposed and destroyed, through secured means.

    D. Access (e.g. personnel authorized to access personal data, purpose of access, mode of access, request for amendment of personal data, etc.)

    Due to the sensitive and confidential nature of the personal data under the custody of the KMC, only the client and the authorized representative of KMC shall be allowed to access such personal data, for any purpose, except for those contrary to law, public policy, public order or morals.

    E. Disclosure and Sharing (e.g. individuals to whom personal data is shared, disclosure of policy and processes, outsourcing and subcontracting, etc.)

    All employees and personnel of KMC shall maintain the confidentiality and secrecy of all personal data that come to their knowledge and possession, even after resignation, termination of contract, or other contractual relations. Personal data under the custody of KMC shall be disclosed only pursuant to a lawful purpose, and to authorized recipients of such data.

    Security Measures

    KMC implements reasonable and appropriate physical, technical and organizational measures for the protection of personal data. Security measures aim to maintain the availability, integrity and confidentiality of personal data and protect them against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination. This section generally describes those measures.

    A. Organization Security Measures

    1. Data Protection Officer (DPO)
      The designated Data Protection Officer is Atty. Patricia C. Velarde, who is concurrently serving as the Corporate Legal Counsel of KMC.
    2. Functions of the Data Protection Officer
      The DPO shall oversee the compliance of the organization with the DPA, its IRR, and other related policies, including the conduct of a Privacy Impact Assessment, implementation of security measures, compliance with the GDPR and data protection laws, security incident and data breach protocol, and the inquiry and complaints procedure. 
    3. Conduct of trainings or seminars to keep personnel, especially the Data Protection Officer updated vis-à-vis developments in data privacy and security
      The organization shall sponsor a mandatory training on data privacy and security at least once a year. For personnel directly involved in the processing of personal data, management shall ensure their attendance and participation in relevant trainings and orientations, as often as necessary.
    4. Conduct of Privacy Impact Assessment (PIA)
      The organization shall conduct a Privacy Impact Assessment (PIA) relative to all activities, projects and systems involving the processing of personal data. It may choose to outsource the conduct of a PIA to a third party. 
    5. Recording and documentation of activities carried out by the DPO, or the organization itself, to ensure compliance with the DPA, its IRR and other relevant policies.
      The organization shall sponsor a mandatory training on data privacy and security at least once a year. For personnel directly involved in the processing of personal data, management shall ensure their attendance and participation in relevant trainings and orientations, as often as necessary. 
    6. Duty of Confidentiality
      All employees will be asked to sign a Data Consent Form and Non-Disclosure Agreement (NDA). All employees with access to personal data shall operate and hold personal data under strict confidentiality if the same is not intended for public disclosure. 
    7. Review of Privacy Manual
      This Manual shall be reviewed and evaluated annually. Privacy and security policies and practices within the organization shall be updated to remain consistent with current data privacy best practices. 

    B. Physical Security Measures

    Physical security measures monitor and limit access to the facility containing the personal data, including the activities therein. It provides the actual design of the facility, the physical arrangement of equipment and furniture, the permissible modes of transfer, and the schedule and means of retention and disposal of data, among others. The following provisions are included to ensure that mechanical destruction, tampering and alteration of personal data under the custody of the organization are protected from man-made disasters, power disturbances, external access, and other similar threats:

    1. Format of data to be collected.
      Personal data in the custody of the organization may be in digital/electronic format and paperbased/physical format.
    2. Storage type and location (e.g. filing cabinets, electronic storage system, personal data room/separate room or part of an existing room).
      All personal data being processed by the organization shall be stored in a data room, where paper-based documents are kept in locked filing cabinets while the digital/electronic files are stored in computers provided and installed by KMC. 
    3. Access procedure of agency personnel
      Only authorized personnel shall be allowed inside the data room. For this purpose, they shall each be given an exclusive access to the room. Other personnel may be granted access to the room upon filing of an access request form with the Data Protection Officer and the latter’s approval thereof.
    4. Monitoring and limitation of access to room or facility
      All personnel authorized to enter and access the data room or facility must fill out and register with the online registration platform of the organization, and a logbook placed at the entrance of the room. They shall indicate the date, time, duration and purpose of each access.
    5. Design of office space/work station
      The computers are positioned with considerable spaces between them to maintain privacy and protect the processing of personal data.
    6. Persons involved in processing, and their duties and responsibilities
      Persons involved in processing shall always maintain confidentiality and integrity of personal data. They are not allowed to bring their own gadgets or storage device of any form when entering the data storage room.
    7. Modes of transfer of personal data within the organization, or to third parties
      Transfers of personal data via electronic mail shall use a secure email facility with encryption of the data, including any or all attachments.
    8. Retention and disposal procedure
      The organization shall retain the personal data of a client for five (5) to ten (10) years from the date of transaction. Upon expiration of such period, all physical and electronic copies of the personal data shall be destroyed and disposed of using secure technology.

    C. Technical Security Measures

    KMC implements technical security measures to make sure that there are appropriate and sufficient safeguards to secure the processing of personal data, particularly the computer network in place, including encryption and authentication processes that control and limit access. These include the following, among others:

    1. Monitoring for security breaches
      KMC shall use an intrusion detection system to monitor security breaches and alert the KMC of any attempt to interrupt or disturb the system.
    2. Security features of the software/s and application/s used
      KMC shall first review and evaluate software applications before the installation thereof in computers and devices of KMC to ensure the compatibility of security features with overall operations.
    3. Process for regularly testing, assessment and evaluation of effectiveness of security measures
      The organization shall review security policies, conduct vulnerability assessments and perform penetration testing within KMC on regular schedule to be prescribed by the appropriate department or unit.
    4. Encryption, authentication process, and other technical security measures that control and limit access to personal data
      Each personnel with access to personal data shall verify his or her identity using a secure encrypted link and multi-level authentication.

    Breach and Security Incidents

    KMC has developed and is implementing policies and procedures for the management of a personal data breach, including security incidents. This section describes or outlines such policies and procedures, including the following:

    1. Creation of a Data Breach Response Team
      A Data Breach Response Team comprising of five (5) officers shall be responsible for ensuring immediate action in the event of a security incident or personal data breach. The team shall conduct an initial assessment of the incident or breach in order to ascertain the nature and extent thereof. It shall also execute measures to mitigate the adverse effects of the incident or breach.
    2. Measures to prevent and minimize occurrence of breach and security incidents
      KMC shall regularly conduct a Privacy Impact Assessment to identify risks in the processing system and monitor for security breaches and vulnerability scanning of computer networks. Personnel directly involved in the processing of personal data must attend trainings and seminars for capacity building. There must also be a periodic review of policies and procedures being implemented in the organization.
    3. Procedure for recovery and restoration of personal data
      KMC shall always maintain a back-up file for all personal data under its custody. In the event of a security incident or data breach, it shall always compare the back-up with the affected file to determine the presence of any inconsistencies or alterations resulting from the incident or breach.
    4. Notification protocol
      The Head of the Data Breach Response Team shall inform the management of the need to notify the NPC and the data subjects affected by the incident or breach within the period prescribed by law. Management may decide to delegate the actual notification to the head of the Data Breach Response Team.
    5. Documentation and reporting procedure of security incidents or a personal data breach
      The Data Breach Response Team shall prepare a detailed documentation of every incident or breach encountered, as well as an annual report, to be submitted to management and the NPC, within the prescribed period.

    Inquiries and Complaints

    Every data subject has the right to reasonable access to his or her personal data being processed by KMC. Other available rights include: (1) right to dispute the inaccuracy or error in the personal data; (2) right to request the suspension, withdrawal, blocking, removal or destruction of personal data; and (3) right to complain and be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data.

    Accordingly, KMC has procedures for inquiries and complaints that will specify the means through which concerns, documents, or forms submitted to the organization shall be received and acted upon.

    Data subjects may inquire or request for information regarding any matter relating to the processing of their personal data under the custody of the organization, including the data privacy and security policies implemented to ensure the protection of their personal data. They may write to the organization at dpo@kmc.solutions and briefly discuss the inquiry, together with their contact details for reference.

    Complaints shall be filed in three (3) printed copies, or sent to dpo@kmc.solutions. The data privacy team shall confirm with the complainant its receipt of the complaint.

    Effectivity

    The provisions of this Manual - Second Version are effective this 11th day of June 2018, until revoked or amended by KMC.

  • Data Privacy Statement for Clients/Vendors

    This Privacy Statement sets out how KMC MAG Solutions, Inc. (KMC) collects, uses, manages and protects the personal data or information (Personal Data) that it collects whether as a controller or processor.

    Privacy Protection

    KMC is committed in processing Personal Data in accordance with the required laws such as Republic Act Number 10173, otherwise known as the Philippine Data Privacy Act of 2012, Regulation (EU) 2016/679 otherwise known as the European Union General Data Protection Regulation (GDPR) and other personal data security and protection laws. Before using and providing Personal Data for the purposes set out in this Privacy Statement, KMC is required by law to obtain written consent, and in such cases, only after having obtained such written consent, KMC can use Personal Data in the manner specified.

    Personal Data

    KMC can collect and use Personal Data. For the purposes of carrying our business (including the verification of the identity to detect, prevent and address fraud, security or technical issues, the registration, activation and management of the Client and/or Vendor’s account with KMC, and the billing and charging of KMC’s services and complying with laws, rules, guidelines, regulations and/or requests issued by applicable government authorities, courts, law enforcement or other authorities or regulatory bodies, you may be requested to provide Data such as, but not limited to:

    1. the name, date of birth and other details documented on your Passport or other government issued competent proof of identity;
    2. contact details including name, address, phone number, mobile telephone number and/or email address;
    3. Personal Data that you have shared with our app for guests entering our facilities;
    4. payment details including account number and other electronic banking Data;
    5. all Data requested by applicable government authorities, courts, law enforcement or other authorities or regulatory bodies to enable us to comply with or in connection with any law, rule, regulation, judgment or court order (whether within or outside the Philippines); and
    6. any other Data as may be required, necessary and applicable on the corresponding availed Service Agreement.

    In some instances, we may seek your consent to process the following “Sensitive Personal Information” (SPI) in order from KMC to further improve our Services and/or better tailor the type of information or content that we present to you and improve our business relationship:

    1. age;
    2. gender and ethnicity;
    3. marital status;
    4. employment details;
    5. education and profession;
    6. hobbies and leisure activities; and
    7. family and household demographics.

    Personal Data supplied by you will be held by one or more members of KMC’s Sales Team and/or the KMC team dealing with your Company that is working on a particular Service Agreement.

    How We Collect Personal Data

    We collect Data in a number of ways, including from:

    1. you directly, for example, when you provide Personal Data by phone or via email, attend our functions, complete an agreement for one of our Services, or when you submit your Data through our website, or over any customer service hotlines, or when you contact us with a query or request, or during the ordinary course of our business relationship with you, or when we are legally required to do so; and/or
    2. your participation in surveys or marketing promotions organized by us or on our behalf.

    How We Use Your Personal Data

    We may collect, retain and use your Personal Data for the following purposes:

    1. to verify your identity;
    2. to process your application to avail our Services;
    3. to promote and market our Services to you;
    4. to conduct credit checks and detect fraudulent activities in compliance with the Anti-Money Laundering Act and in relation to other compliance purposes;
    5. to perform research or analyses so that we may improve and optimize the Services that can be made available to you;
    6. to conduct surveys and marketing, promotional, behavioral scoring for business operations and/or planning purposes;
    7. for vendors, to avail the Services that your Company would be providing to KMC;
    8. to enforce KMC’s contractual rights;
    9. to process any payment instructions;
    10. to maintain, enhance and develop our products and service offerings; and
    11. to comply with applicable laws in or outside the Philippines as may be required by applicable government authorities, courts, law enforcement, or regulatory or investigation bodies, in relation to the supply of Services/ availment of your Company’s Services, including to assist in the prevention, detection of crime or possible criminal activities.

    Legal Basis for Using your Personal Data

    KMC’s use of your personal data may be necessary for the performance of the Services that your Company may wish to avail. As for the vendors of KMC, the same is necessary for the availment of the Services that your Company may render. KMC may, to the extent permissible under applicable laws and regulations, disclose your Data to government and regulatory entities.

    Importance of Safety of your Data

    All required efforts are made to ensure that any Personal Data held by us is stored in a secure and safe place and is accessible only by our authorized employees.


    When we pass your Data to third parties for them to process, we seek to ensure that they have appropriate security measures in place to keep your Personal Data safe and to comply with applicable principles in relation to data protection.

    Retention of Personal Data

    KMC will retain your Personal Data in accordance with KMC’s internal policies. Our policies are in compliance with the Data Privacy Act and the GDPR where applicable, and cover the following principles:

    1. Data will only be retained for as long as is necessary to fulfil the original or directly related purposes for which it was collected, unless the Data is also retained to satisfy any applicable legal, regulatory or contractual obligations; and
    2. Data are purged from our electronic, manual and other filing systems based on the above
      criteria and our internal procedures.

    Right to Access, Correct and Delete Personal Data

    KMC takes all reasonable precautions to ensure that the Personal Data we collect, use and disclose is accurate, complete and up-to-date. However, the accuracy of that Personal Data depends to a large extent on the Data you provide. You have a right to request access to, and correction of, your Data and we recommend that you:

    1. let us know if there are any errors in your Data; and
    2. keep us up-to-date with changes to your Data.

    If you wish to access or amend any of your Personal Data that we hold, or request that we delete any of your information that is no longer necessary for the provision of our Services, you may contact us in the manner as set forth under the “How to Contact Us” section.

    You may decline to share Personal Data with us and/or withdraw any consent which you may have provided, in which case, we may not be able to provide you with some of our Services or we may discontinue availing your Company’s Services.

    At any time, you may object to us holding or processing your Data, on legitimate grounds, save and except as otherwise permitted by the applicable law.

    How to Contact Us

    For all issues and enquiries regarding KMC’s compliance with our obligations under the Data Privacy Act of 2012 and the GDPR, and any request for access to, correction or deletion of your Data, please contact us in writing at:

    Data Protection Officer
    KMC MAG Solutions, Inc.
    25F Picadilly Star Building
    4th Avenue Corner 27th Street
    Bonifacio Global City, Taguig
    Philippines

    Or send an e-mail to: dpo@kmc.solutions


    This Privacy Statement may be amended from time to time and the handling of Personal Data will be governed by the most recent version of this Privacy Statement.

  • Data Privacy Statement for Human Resources

    This policy statement provides information on the obligations of KMC MAG Solutions, Inc. (“KMC”) under the Philippine Data Privacy Act of 2012 (Data Privacy Act) and, when applicable, the European Union’s General Data Protection Regulation 2016/679 (GDPR). All individuals who submit an application to KMC in respect of a job vacancy and all employees of the KMC upon accepting offer of employment shall be deemed to have consented to their personal data to be processed, stored, transferred or used or handled in accordance with this Privacy Statement. To the extent the GDPR applies to the processing of such application, the processing of personal data is done in accordance with the legitimate interest of KMC.

    This policy specifically addresses KMC’s obligations in respect of with the Philippine Data Privacy Act. This policy also addresses, when required, the requirements of the GDPR.

    COMPANY CORPORATE POLICY

    KMC shall fully comply with the obligations and requirements of the Data Privacy Act and, when applicable, the GDPR. KMC’s officers, management, and employees shall, at all times, respect the confidentiality and security of all personal data collected and/or stored and/or transmitted and/or used for, or on behalf of KMC.

    KMC shall ensure all collection, storage, transmission and other handling or usage of personal data by KMC shall be done in accordance with the obligations and requirements of the Data Privacy Act and, when applicable, the GDPR.

    Where an individual legitimately requests access to and/or correction of personal data relating him/her, held by KMC, KMC shall provide and/or correct that data in accordance with the data privacy laws.

    STATEMENT OF PRACTICES

    RECRUITMENT

    During the recruitment process, job applicants may be required to provide sufficient personal data so that KMC may, as appropriate and/or applicable:

    1. Assess the applicant's suitability for the position being applied for; 
    2. Assess the applicant's suitability for other available vacant positions;
    3. Determine remuneration and benefit packages;
    4. Verification of credentials and/or experience; and/or
    5. Perform security vetting and/or integrity checking.

    At a minimum, such personal data will include:

    1. The applicant's name and contact details, including address and telephone number(s);
    2. Previous employment and relevant experience; and
    3. Education and relevant training.

    Additional information may also be required subject to the nature of the position being applied for.

    The applicant is responsible for ensuring all personal data that he/she provide is accurate and complete. Any attempt to provide inaccurate information or withhold (or deliberately omit) essential requested information may cause one or more of the following consequences:

    1. Prevention of making any offer of employment;
    2. Invalidate any offer of employment made; or
    3. Termination of employment, if the employment has commenced.

    The personal data so provided by the applicant may be shared, at the time of recruitment or after employment has commenced, to persons within KMC and its clients. Personal data would be shared with the corresponding Client since it is involved in the assessment of the applicant's suitability for the position applied for and/or other positions.

    The data may also be shared to third parties, such as investigative agencies, as are necessary to satisfy purposes relating to human resources management such as background check. KMC shall retain the personal data of unsuccessful applicants for future recruitment purposes for a period of five years from the day on which the recruitment period ends. The personal data of successful applicants shall be retained for the duration of their employment by KMC and handled in such manner as described below under the heading of "Employment, Including Post Employment."

    EMPLOYMENT, INCLUDING POST EMPLOYMENT

    In the course of employment in KMC, personal data of employees and their family members, as appropriate, will be collected and used on an ongoing basis for various purposes relating to human resources management including but not limited to administering staffing, performance management, training, career development, salary and benefits administration, communication, medical benefits, insurance, taxation, welfare and providing information in compliance with legal requirements. Personal data will be transferred to internal departments, intra-company, and/or to other third parties as deemed necessary by KMC for the purposes of which the data are collected.

    KMC retains certain personal data of employees when they cease to be employed by the KMC (and such data will be retained for no longer than five years after their cessation of employment). Such data are required for any residual employment-related activities of the former employee including, but not limited to:

    1. The provision of job references;
    2. Processing applications for re-employment;
    3. Matters relating to retirement benefits; and
    4. Allowing KMC to fulfill contractual or statutory obligations.

    TRANSFER OF PERSONAL DATA OUTSIDE OF THE PHILIPPINES

    At times it may be necessary and/or prudent for KMC to transfer certain personal data to places outside the Philippines in order to carry out the purposes, or directly related purposes, for which the personal data are collected. By submitting job applications or entering into employment relationship with KMC, candidates or employees have consented to such transfer which will be performed in compliance with the requirements of the Data Privacy Act and, when applicable, the GDPR.

    SECURITY OF PERSONAL DATA

    Physical records containing personal data are securely stored in locked areas when not in use.

    Computer data are stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas.

    Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a "need to know" basis.

    Where KMC holds, uses and/or transmits personal data, the data will be adequately protected from accidental and/or unauthorized disclosure, change and/or destruction.

    ACCESS AND CORRECTION OF PERSONAL DATA

    Under the terms of the Data Privacy Act and, when applicable, the GDPR, job applicants and employees (current or former) have the right to:

    1. Ascertain whether KMC holds any personal data relating to them and, if so, obtain copies of such data (“right of access”);
    2. Require KMC to correct personal data in its possession which is inaccurate for the purpose for which it is being used by means of a data access request (right of correction); and
    3. Ascertain the KMC's policies and practices in relation to personal data, which are those policies and practices set out in their entirety herein.

    The said right to access personal data can be exercised by sending a request on the address given below.

    KMC will, upon satisfying itself of the authenticity and validity of the access request, make every endeavor to comply with and respond to the request.

    If the accessed data contains any incorrect information, KMC will accept written request for correction which can be sent to the KMC's Data Protection Officer at the address or e-mail listed below, specifying the data obtained through the Data Access Request mentioned above which needs to be corrected. Satisfactory proof and/or explanation of the inaccuracy is essential before KMC would consider correcting the specified data.

    Data Protection Officer
    KMC MAG Solutions, Inc.
    25F Picadilly Star Building
    4th Avenue Corner 27th Street
    Bonifacio Global City, Taguig
    Philippines

    Or send an e-mail to: dpo@kmc.solutions

    To raise an issue regarding our handling of your Personal Data, please contact us in order for us to resolve your issue.

    This Privacy Statement may be amended from time to time and the handling of Personal Data will be governed by the most recent version of this Privacy Statement.