WHAT PERSONAL INFORMATION IS COLLECTED AND PROCESSED AND HOW
Personal information is any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
This includes sensitive personal information which is personal information about one’s (i) individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; (ii) health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; (iii) information issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and (iv) specifically established by an executive order or an act of Congress to be kept classified.
We collect personal information through our websites and Services (“Sites”) when you use our platform.
Details collected and stored in the system when you use our service are your:
- Full name;
- Physical and/or mailing address;
- Payment information, including but not limited to bank accounts, credit or debit card numbers or bank account information;
- Email address;
- Phone number;
- Transaction information; and
- Messages and other correspondences.
When you use our Sites, the following are collected automatically:
- Browser data, such as device type, operating system and Internet browser type, screen resolution, operating system name and version;
- Device information, such as a unique device identifier;
- Location information, such as your IP address or geo-location; and
- Usage data, such as time spent on the Sites, pages visited, links clicked, language preferences, and the pages that led or referred you to our Sites.
We may likewise utilize web analytics tools such as cookies.
Additional data may be needed as part of the registration process such as:
- Valid Government Identification (e.g. Passport, LTO issued driver’s license, Philhealth ID, Postal ID, UMID);
We collect and process the above information through both manual and electronic means.
WHY PERSONAL INFORMATION IS COLLECTED AND PROCESSED
We collect and process the above personal information for the following purposes:
- To register for an account and use the BZAAR platform;
- Verifying your identity;
- Identifying fraudulent or illegal activity;
- Conducting investigations on suspicious and/or fraudulent activities;
- Sending of information, or updates regarding our product or services;
- Conducting research and data analytics; and
- To understand how our users interact to improve our service and product offerings.
PERSONAL INFORMATION DISCLOSURE
We may disclose your personal information to the following:
- Buyers and other users of the BZAAR platform;
- Law enforcement agencies and/or legal advisors;
- Government, supervisory, and judicial authorities as required by law;
- Third-party service providers that assist in various business activities; website hosting, data analytics, credit assessment, marketing, payment processing, fraud protection, and other relevant services;
- Third-party services engaged in delivery, logistics, and freight forwarding; and
- All third-party services (e.g. Financial institutions, identity verification services) that are integrated with BZAAR.
We may transfer your personal information to third parties as required by law or legal instrument, to protect our rights or assets, to facilitate acquisition or disposition of our businesses, and in emergencies where the health or safety of a person is endangered.
When the processing of your personal data is outsourced by us to a third party, the processing will be subject to written agreements between us and the third parties processing the data. These written agreements specify the rights and obligations of each party and will provide that the third party has adequate security measures in place and will only process your personal information based on our specific written instructions.
We will not sell, rent, share, trade, or disclose any of your personal data to any other party without your prior written consent, with the exception of entities within our company and any third-party service providers which we have engaged, whose services necessarily require the processing of your personal data.
RETENTION PERIOD FOR PERSONAL INFORMATION
We retain the information collected and/or processed for as long as the purposes for which they are being processed have not been satisfied. Data collected will be stored for ten (10) years from the date of the transaction and is subjected to the user if he/she wants to delete the data moving forward. This data retention period shall be subject to Our obligations under applicable law and regulations which may require a longer retention period.
Our platform and infrastructure operate on top of one of the world’s most secure and reliable cloud service providers. Additionally, our platform and infrastructure are continuously monitored to protect your data and make it available when you need it.
We also use commercially reasonable physical and administrative measures to secure your personal information from accidental loss and from unauthorized access, use, and disclosure. We have the following measures in place:
- We implemented a strict data security policy;
- We restrict access to personal information to employees, contractors, and other service providers on a need-to-know basis;
- We use industry-standard encryption technology to secure data;
- We conduct training on privacy issues and appointed a Data Privacy Officer;
- We review privacy practices of new products and services we integrate to our Service; and
- We require all employees to sign confidentiality agreements.
However, the transmission of information via the Internet is not completely secure. Thus, we cannot guarantee the security of information transmitted to or from us and we are not responsible for any unauthorized access to and disclosure of any information you send to or receive from us. Any transmission of personal information is at your own risk.
You are responsible for keeping your account information, including your password, confidential. We ask you not to share your password with anyone.
If you have reason to believe that your data is no longer secure, please contact us immediately at the email address: firstname.lastname@example.org
YOUR RIGHTS AS A DATA SUBJECT
Under the Data Privacy Act, you have the right to:
- Be informed that your personal information will be collected and processed;
- Be furnished information in relation to the processing of your personal information;
- Reasonable access to your personal information;
- Dispute any error in your personal information and have it corrected,
- The erasure or blocking of your personal information from our system if said information is incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or no longer necessary for the purposes for which they were collected,
- Object to the processing of your personal information,
- Lodge a complaint before the National Privacy Commission; and
- Damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal information.
We reserve the right to modify this Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make any material changes to this Policy, we will post a notice of changes on our website.
Any questions regarding Data Privacy may be coursed through our Data Protection officer:
E-mail Address: email@example.com