Data Privacy Policy

The Data Privacy Policy explains how HRBuddy collects, uses, maintains, shares and processes personal information about:

Visitors to our websites, mobile applications, and other online properties (each a “Service Site”)
Contact persons for our former, current, and prospective clients
Contact persons for suppliers of goods and services of HRBuddy
Any other individual or group with whom HRBuddy obtains personal information

In this Data Privacy Policy, “Personal Information” refers to any detail or data (singularly or combined with other details and related information used by HRBuddy) that enables you to be identified as an individual or recognized directly or indirectly. It also defines an “Authorized User” as a person or group able to access the www.hrbuddy.ph website and as another person or group. This policy is developed in compliance with the principles defined within Republic Act 10173, otherwise known as the Data Privacy Act of 2012. All provisions in this policy apply to the site and all products and services offered by HRBuddy.

Overview

HRBuddy is the controller of personal information we process and is responsible for making sure that the systems and processes we use are compliant with data protection laws, to the extent applicable to us. HRBuddy personnel, both directly and indirectly utilizing features of the HRBuddy, are required to comply with this Data Privacy Policy and other associated company policies when dealing with Personal Information. They must also complete training where it is required for their respective role.

Summary of Key Points

Collection	We collect Personal Information from several sources in connection to the day-to-day management of our business and our commercial relationships.
Use	We use Personal Information to provide our services and respond to inquiries, manage accounts, maintain business operations, provide relevant marketing, and fulfill other business and compliance purposes.
Sharing	We share Personal Information as necessary to provide our services and respond to requests and fulfill other business and compliance purposes.
Marketing Choices	You have control on how we use your Personal Information for marketing.
Cookies	We use cookies on our Service Sites and provide choices on the use of cookies.
Data Subject Rights	You have certain rights to request for access, rectification, deletion, restriction, or other actions regarding your Personal Information that are required by law.
Data Storage and Security	We maintain technical and organizational measures to protect Personal Information from loss, misuse, alteration, or unintentional destruction.
Other Issues	We provide other information in this Data Privacy Policy about: (i) The possible consequences for not providing Personal Information. (ii) How we do not engage in automated decision-making that has substantial effect on individuals. (iii) Data retention (iv) Links to third-party websites (v) Employee and contractor issues (vi) Changes to this Data Privacy Policy
User Acceptance	We would like to determine if User accepts or refuses to conform with the provisions indicated in this policy.
Contact Us	Please contact us as indicated below for questions.

Collection of Personal Information

We collect the following categories of Personal Information about Service Site visitors, clients, prospective clients, suppliers and other third parties:

Basic information: Name, contact number, mailing address and email address.
Registration information: Username and passwords
Client service information: Personal Information received from clients in respect of employees, customers or other individuals known to clients, invoicing details and payment history, and client feedback.
Marketing information: Information about individual product interests and preferences.
Transaction information: Personal information contained in documents, correspondence or other materials provided by or relating to transactions conducted by our clients.
Compliance information: Government identifiers, passports or other identification documents, dates of birth, beneficial ownership data, and due diligence data.
Device information: Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our Service Sites.

We collect Personal Information from several sources, either directly from the data subjects, or from clients, colleagues, and publicly available sources. When HRBuddy receives data from its clients about employees, customers or other individuals, the client is responsible for ensuring that any information is transferred to us in compliance with applicable data protection laws. The following are considered sources of information:

Provided details using the HRBuddy forms supplied at the HRBuddy website or mobile application.
Details sent thru e-mail messages or feedback.
Direct access to the HRBuddy site or mobile application through:

Downloading
Signing up on the mobile app
Subscription to HRBuddy services (e.g. loan application)
Data sharing using social media or e-mail accounts during application login
Reporting an error encountered during use

Details provided from using a registered device such as:

Technical information, including mobile device specifications (e.g. device serial number, operating system, browser) and device settings (e.g. location, time zone)
Information stored in devices such as contacts, photographs, stored files.
Data used from third-party application
Data registered when using HRBuddy service sites or mobile application such as:

Traffic data
Location data
Weblogs
Other communication data

Use of Personal Information

The purposes for which we use Personal Information, and the legal bases for such processing, are as follows:

Account Verification. Verifying user accounts shall make use of the information provided. This information will not be shared with outside sources or entities unless necessary to expedite services.

Assessment of Credit Worthiness. Information provided by users, such as documents relating to financial activities, will be used to assess financial wealth and creditworthiness. This information will not be shared with outside sources or entities unless necessary to expedite the provision of services and facilitate payment and collection.

Sending of Periodic E-Mail Messages. Responding to inquiries, questions, and other requests shall involve using e-mail addresses provided by the user. The computation of the appropriate loan amount to be offered shall involve using information collected from the user through the phone.

Geolocation. Geolocation contains information that shall determine the exact location of an account user within the Philippines.

Contacts’ List. The Contacts’ List is used to confirm if the declared guarantor is in the account user’s contacts list.

SMS Messages. SMS Messages are composed of notifications sent that will serve as a reference for every login and transaction activity made.

Installed Applications. Assessing the exposure to other lenders or financial applications will involve using installed applications.

Accounts. User accounts serve as a channel for communication by sending email and phone numbers if needed.

Camera and Storage. Identification cards and documents needed during the application process will be uploaded using the camera and storage files.

Service Sites Monitoring. We use device data to make our Service Sites more intuitive and easier to use. It is necessary for our legitimate interests to monitor how our Service Sites are used, help us improve the layout and information available on our Service Sites, and provide a better service to our users.

Security and Effective Functioning. We use basic data, registration data, transaction data, and device data to protect the security and effective functioning of our Sites and information technology systems. It is necessary for our legitimate interests to monitor how our Service Sites are used to detect and prevent fraud, other crimes, and their misuse. This helps us to ensure that you can safely use our Service Sites.

Marketing. To provide relevant marketing such as providing information about events or services that may be of interest to you including legal services, legal updates, client conferences or networking events, and groups of specific interest (e.g. specific types of networking groups) we use marketing data, basic data, special categories of data, registration data, client service data, and device data. It is necessary for our legitimate interests to process this information to provide you with tailored and relevant marketing, updates, and invitations.

Compliance and Obligations. To address compliance and legal obligations, such as complying with tax reporting obligations, checking the identity of new clients and to prevent money laundering or fraud we use compliance data, basic data, registration data, transaction data, and device data. This processing is necessary for the purposes of complying with legal requirements to which we are subject. Among such samples are “Know Your Customer Principles”, “Customer Due Diligence”, “Anti-Money Laundering”, and “Anti-Terrorism Financing”.

Sharing of Personal Information

The services we provide entails us to work with third-party, legal, financial, and other similar entities (including credit reference agencies and mobile network providers) that enable us to receive valuable user information from them. To help filter information received from these sources, an automated credit scoring tool has been created to be used during our approval process.

Suppliers and Service Providers. We share Personal Information with suppliers and service providers to enable such parties to perform functions on our behalf and under our instructions to carry out the purposes identified above. These include:

Infrastructure and IT services providers, the providers of our client intake system, our finance systems, and our customer relationship management databases

Financial Institutions. We share Personal Information with financial institutions in connection with invoicing and payments.

Corporate Purchasers. We may share Personal Information with any corporate purchaser or prospect to the extent permitted by law as part of any merger, acquisition, sale of HRBuddy assets, or transition of service to another provider, as well as in the event of insolvency, bankruptcy, or receivership in which data would be transferred as an asset of Right Choice Finance.

Mandatory disclosures and legal claims. We share Personal Information to comply with the HRBuddy's tax reporting obligations, comply with any subpoena, court order or other legal process, to comply with a request from our regulators, government request, or any other legally enforceable demand. We also share Personal Information to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.

Other Purposes. For purposes involving acts that constitute the following:

Enforcement of Terms and Conditions and other agreements
Investigate potential breaches
Report defaulters to any credit bureau
Publish statistical figures related to the use of the application, where all information will be aggregated and made anonymous

Marketing Options

You have control regarding our use of Personal Information for direct marketing. In certain markets, you will need to expressly consent before receiving marketing. In all markets, you can choose not to receive such communications at any time. If you no longer wish to receive any marketing communications, remain on a mailing list to which you previously subscribed, or receive any other marketing communication.

Cookies

We use and engage certain providers to use cookies, web beacons, and similar tracking technologies on our Service Sites.

What are cookies?

Cookies are small amounts of data that are stored on your browser, device, or the page you are viewing. Some cookies are deleted once you close your browser, while other cookies are retained even after you close your browser so that you can be recognized when you return to a website.

How do we use cookies?

We use cookies and allow certain third parties to place cookies to provide the Service Sites, gather information about your usage patterns when you navigate to these to enhance your personalized experience, and to understand usage patterns to improve our Service Sites, products, and services. Cookies are generally divided into the following categories:

Necessary Cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not work. These cookies do not store any personally identifiable information.

Functional Cookies. These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all these services may not function properly.

Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site and will not be able to monitor its performance.

Targeting Cookies. These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They do not store direct personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social Media Cookies. These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They can track your browser across other sites and build up a profile of your interests. This may affect the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.

What are your options if you do not want cookies on your computer?

When you first visit our Service Sites, you will be asked for your consent to the use of any cookies which are not classed as strictly necessary. You can manage your choices using the consent management tool provided. If you change your mind, you can adjust your preferences at any time using the manage cookies link in the footer of our Service Sites.

Data Subject Rights

Listed below are the rights of users:

Right to Rectification. Users can modify or change their password login PIN using their profile.

Right of Access, Erasure and Restricted Processing. Users can request for access to or erasure of their personal information. They can also request for restrictions in further processing of their person information. Such requests can be coursed through www.hrbuddy.ph. It is advised to allow at least thirty (30) days for processing of requests. HRBuddy reserves the right to charge a reasonable fee for processing excessive or repeated requests.

Right to Complaints Lodging. Users have the right to lodge a complaint with a supervising authority. Should a user feel that his data privacy rights are not being adequately met or protected by HRBuddy, user has the right to lodge a formal complaint with an appropriate supervising authority.

Right to Prevent Use of Information other than Personal Purposes. Should HRBuddy wish to have user personal information be used for marketing purposes, HRBuddy shall inform user prior to carrying out the intent. User shall be entitled to prevent such occurrence by informing us within 10 days from receipt of proposed use and prevent disclosure of personal information.

Data Storage and Security

We have implemented technical and organizational measures to safeguard the Personal Information in our custody and control. Such measures include:

Restricting access to Personal Information to staff and service providers on a need-to-know basis.

Appropriate data collection, storage, processing practices and security measures have been taken to protect against unauthorized access, alteration, disclosure or destruction of personal information, username, password, transaction information and data stored in the HRBuddy site.

Employment of security products such as firewall and data encryption and other internal controls meant to safeguard all servers and information systems, including the data stored in these systems.

Establishment and application of policies on Information Security, Data Privacy, Storage and Retrieval of Information that are all aligned with ISO 27001 and 27002:2013.

While we endeavor to always protect our systems, sites, operations and information against unauthorized access, use, modification, and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be safe from intrusion by others.

You also have an important role in protecting Personal Data. You should not share any username, password or other authentication data provided to you with anyone, and we recommend that you do not re-use passwords across more than one website or application. If you have any reason to believe that your username or password has been compromised, please contact us at www.hrbuddy.ph.

Links with Other Sites

As an added feature of data security, our service does not address any person under the age of 18 years old. HRBuddy does not collect personally identifiable information from anyone under the age of 18. It is advised that parents or guardians be made aware if any of their child or children have provided HRBuddy with personal data and should have it immediately reported to www.hrbuddy.ph. If we have collected personal data from children without prior parental consent, we shall take steps to remove such information from our servers.

Other Issues

What are the consequences of not providing Personal Information?

You are not required to provide all Personal Information identified in this Data Privacy Policy to use our Service Sites or to interact with us offline, but certain functionality will not be available if you do not provide Personal Information. If you do not provide Personal Information, we may not be able to respond to your request, provide legal services to you, or provide you with marketing that we believe you would find valuable.

Do we engage in automated decision-making without human intervention?

We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.

How long do we retain Personal Information?

We typically retain Personal Information related to marketing activities for as long as you accept marketing communications from us, and we will securely delete such data in accordance with applicable law upon request. For Personal Information that we collect and process for other purposes, we will typically retain such Personal Information for as long as it is necessary to fulfill the purposes outlined in this Data Privacy Policy and as otherwise specified in applicable record retention policies and procedures.

Are third party websites governed by this Data Privacy Policy?

The Service Sites may contain links and references to other websites administered by unaffiliated third parties. This Data Privacy Policy does not apply to such third-party sites. When you click a link to visit a third-party website, you will be subject to that website's privacy practices. We encourage you to familiarize yourself with the privacy and security practices of any linked third-party websites before providing any Personal Information on that website.

How does HRBuddy handle employee and contractor privacy issues?

Personal Information about our employees and contractors are addressed through internal HRBuddy policies and procedures and are outside the scope of this Data Privacy Policy.

How will we handle any changes to this Data Privacy Policy?

We may update this Data Privacy Policy from time to time as our services and privacy practices change, or as required by law. The effective date of our Data Privacy Policy is posted below, and we encourage you to visit our Sites periodically to stay informed about our privacy practices. We will post the updated version of the Data Privacy Policy on our Service Sites and ask for your consent to the changes if legally required.

User Acceptance of Terms

By using this service site and mobile application, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our service site and mobile application. Your continued use of our service site and mobile application following the posting of changes to this policy shall mean your acceptance of these changes.

Contact Us

Should you have questions about this Data Privacy Policy, please contact us at 7^th Floor, Philcox Building, 172 Salcedo Street, Legaspi Village, Makati City 1229. Our contact number is (+632) 7215-3220. We can be contacted through the www.hrbuddy.ph site.

Last Update	:	November 8, 2022
Current Update	:	February 6, 2023

Enhance HR with Buddy!

Contact Info

Head Office Address: 7th Floor, PhilCox
Building, 172 Salcedo Street, Legazpi
Village, Makati City 1229

Cebu Office Address: Unit 102 Jose R.
Martinez Bldg., Osmeña Blvd., Cebu City

Email: customercare@hrbuddy.asia