Privacy Policy

 

Customer Frontline Solutions Inc. (hereinafter referred to as “CFS,” “we,” “us” or “our”) is committed to creating “happy customers” and providing quality services to our clients and to our clients’ customers. Notwithstanding, CFS is committed to protect and safeguard the fundamental human right of every individual to privacy, and ensure that all personal data it processes is protected from collection to disposal.

 

In August 2012, the Congress enacted Republic Act No. 10173, known as the “Data Privacy Act of 2012” (“DPA”). After four years, the National Privacy Commission issued the Implementing Rules and Regulations of the DPA (“IRR”) which provides the guidelines for the implementation of this law.

 

In compliance thereto, we have adopted the principles contained in the DPA, its IRR, and other relevant policies and issuances of the National Privacy Commission. We adhere to these principles including the general data privacy principles set forth in Section 11 of the DPA, which shall govern the manner of our collection, use, disclosure, securing and disposal of personal data. Thus, the personal data shall be:

 

  1. Obtained only for specific, lawful purposes and shall not be processed in any manner incompatible with those purposes;
  2. Processed fairly and lawfully;
  3. Accurate, relevant and kept up to date for purposes for which it is to be used;
  4. Adequate and not excessive in relation to those purposes;
  5. Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained; and
  6. Kept in a form which permits identification of data subjects.

 

This Privacy Policy covers your personal data when transacting or doing business with CFS, as well as other personal data we process by virtue of a contracting or subcontracting arrangement with us. This outlines our ongoing obligations to you in respect of how we manage said personal data.

 

This Privacy Policy is effective January 2, 2018.

 

WHAT DO WE CONSIDER PERSONAL DATA

 

Personal data refers to personal information, sensitive personal information and privileged information as defined in the IRR and other applicable laws and regulations.

 

  • Personal information is any information, whether recorded in a material form or not, that will directly ascertain the identity of an individual. Some of the personal information that we collect include:
  • Name
  • Address
  • Email address
  • Contact Number
  • Account Number

 

  • Sensitive personal information may include:
  • race, ethnic origin, marital status, age, date of birth, color, and religious, philosophical or political affiliations
  • individual’s policy, health/medical and financial information, education, genetic or sexual life of a person
  • Membership of a trade union or other professional body
  • Criminal record
  • Government issued numbers such as the social security numbers, licenses or its denials, suspension or revocation, and tax returns.

 

  • Privileged Information is any and all forms of information which, under the Rules of Court and other pertinent laws, constitute privileged communication, such as, but not limited to, information which a person authorized to practice medicine, surgery or obstetrics may have acquired in attending to a patient in a professional capacity.

 

HOW DO WE COLLECT IT

 

Personal data shall be obtained through documents or applications submitted to us, interviews, payment services, customer assistance, mail or communication, our newly serviced Document Management System (DMS), our website (www.customerfrontlinesolutions.com), third parties, publicly-available sources, or otherwise voluntarily provided to us by you for any legitimate purpose declared at point of collection of such information.

 

PURPOSE

 

We shall collect your personal data for the following purposes:

  • Employment
  • Establishing identity, verification and evaluation
  • Payment Services
  • Responding to your inquiry, concern or complaint
  • Provide information to our clients and marketing
  • Conducting business with you
  • Account maintenance and update
  • Business analysis and marketing initiatives
  • Send business offers and promotions
  • Complying with statutory, legal and regulatory requirements

 

AUTHORIZATION

 

Before we collect your personal data, we will provide you a Consent Form which will explain to you why we are collecting your personal data and how we plan to use it. Your signed Consent Form will serve as your authorization and consent which will continue to have effect throughout the duration of the purpose.

 

The Consent Form shall also include your permission on data sharing. (Please refer to “Data Disclosure and Sharing” below.)

 

You may choose to unsubscribe or request to pull-out your personal data from us at any time by contacting us through report@cfs.com.ph or our office number (02-656 7974).

 

SENSITIVE PERSONAL INFORMATION

 

The processing of sensitive personal information shall be prohibited, except in the following cases:

  • For the primary purpose (or secondary purpose that is directly related to the primary purpose) for which it was obtained as indicated in the signed Consent Form;
  • Where required or authorised by existing laws and regulations; Provided, that such regulatory enactments guarantee the protection of the sensitive personal information; Provided further, that the consent of the data subjects are not required by law or regulation permitting the processing of the sensitive personal information;
  • The processing is necessary to protect your life and health or another person’s, and you are not legally or physically able to express your consent prior to the processing; or
  • The processing is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority.

 

DATA DISCLOSURE AND SHARING

 

We ensure you that your personal data shall not be accessed by or disclosed to anyone outside CFS. Access thereto is restricted to CFS employees and contractors on a need to know basis to carry out their responsibilities with regard to the conduct of our business. We require our contractors, through a Non-Disclosure Agreement (NDA), to secure and keep your information confidential and we do not allow them to disclose your information to others, or to use it for their own purposes.

 

The signed Consent Form shall authorize us to share your personal data to our parent company, related companies and third party service providers, who shall be required to ensure the confidentiality, integrity and availability of the personal data processed, prevent its use for unauthorized purposes, and generally, comply with the requirements of the DPA.

 

Your information may also be disclosed to government entities pursuant to and in compliance with applicable laws and regulations, subpoena or court order.

 

Data collected from third parties

 

We may collect your personal data from third parties for purpose of research; Provided, that the personal data is publicly available or you consented to such collection for purpose of research; Provided further, that adequate safeguards are in place, and no decision directly affecting you shall be made on the basis of the data collected or processed. Your rights shall be upheld without compromising research integrity.

 

PERSONAL DATA SECURITY

 

We are committed to ensure that your information is secure. CFS shall undertake and implement reasonable organizational, physical, and technical security measures in collecting, receiving, transmitting, storing, and disposing your personal data.

 

Your personal data shall be stored in a manner that reasonably protects it from any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing. Once the purposes for which the personal data were collected are no longer necessary, we shall order the suspension, withdrawal, blocking, removal or destruction of your personal data from our filing system in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public.

 

DATA ACCESS, OBJECTION AND CORRECTION

 

It is important to us that your personal data is accurate, relevant and kept up to date. If you find that the information we have is incorrect, incomplete or otherwise not updated, please advise us as soon as possible so we can promptly update our records.

 

You may request for a copy of your personal data in our possession, or have it corrected if you believe that it is inaccurate or incomplete. If you wish to request for a copy of your personal data, or have it corrected or deleted, please reach out to us through our contact information found below. We will promptly respond to your request.

 

Data Protection Officer

Telephone Number: 02-656 7974

Email: report@cfs.com.ph

Office Address: Business Solutions Center, Meralco Complex Ortigas Avenue, Pasig City

 

CFS will not charge any fee for your access request, but we may request your letter of authorization if the requestor is your agent or representative.

 

In order to protect your personal data, we may require identification from you before releasing the requested information.

 

BREACH AND SECURITY INCIDENTS

 

The CFS Data Breach Response (DBR) Team, which consists of five (5) department heads, will be responsible for ensuring timely action in the event of a security incident or personal data breach. The DBR team will conduct initial assessment of the data breach and will identify the severity of the incident. The DBR team shall prepare a detailed report of every incident to be submitted to our Data Protection Officer (DPO), and the National Privacy Commission (NPC).

 

In order to prevent such breach, the DBR Team shall regularly monitor security breaches and review the process for identifying and accessing reasonably foreseeable vulnerabilities in our computer networks. The DBR Team shall conduct regular Privacy Impact Assessment in our processing systems and shall conduct regular trainings to all our Personal Information Processor (PIP) for capacity building, as well as, breach reporting procedures including the preventive, corrective and mitigating action against security incidents that can lead to a personal data breach.

 

We shall also have periodic review of our policies and procedures to minimize occurrence of any data breach.

 

PRIVACY POLICY COMPLAINTS AND INQUIRIES

 

If you have any queries or complaints about our Privacy Policy please contact us through this email: report@cfs.com.ph

 

POLICY UPDATES

 

This Privacy Policy may change from time to time to comply with government and regulatory requirements. CFS reserves the right to revise or modify this Privacy Policy, as necessary.