Patakaran sa Privacy
Collingwood Learning Solutions Ltd
Data Privacy and Cookie Notice
At Collingwood Learning Solutions Ltd (“Collingwood”) we value the people we deliver our educational tools and materials to and understand the importance of the role of Data Privacy in creating trusted and respected relationships.
1. WHAT IS THE PURPOSE OF THIS POLICY?
1.1 To explain how your personal data will be handled by Collingwood for our purposes and to explain your rights in relation to your personal information.
Generally, Collingwood will use your personal data as part of its legitimate interests and in connection with your relationship with Collingwood. The purposes for which Collingwood uses your personal information are set out in this section but may also be in other communications which may be created or amended from time to time.
We may withdraw or modify this Policy at any time, and we may supplement or amend it by additional policies and guidelines from time to time.
2. WHO DOES THIS POLICY APPLY TO?
2.1 This policy applies to all individuals whose personal data we process. Processing refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
3. HOW DOES COLLINGWOOD HANDLE YOUR INFORMATION FAIRLY AND LAWFULLY? AND FOR WHAT PURPOSES?
3.1 The types of data that we may process about you are as follows:
3.1.1 name (first, middle and surname), school address, e-mail address;]
3.1.2 where you are a natural person acting for a school or college, financial information (e.g. bank account details); and
3.1.3 your electronic identification data where required for the purpose of delivering educational tools (e.g. login, passwords, IP address, online identifiers/cookies, logs, access and connection times,).
During our relationship with you, Collingwood may collect and process additional categories of personal data which are not specified above, for example if you voluntarily disclose it to us. In accordance with our legal obligations, we will be transparent about any new processing of personal data.
3.2 We will process your personal data on the basis of consent. If you are below the legal age to consent, we will process on the basis of the consent of your parent or guardian. Where you provide your consent, you are free at any time to withdraw it.
3.3 We will process your personal data in a manner compatible with the legitimate purpose we pursue, which is based on our aim to help educate young people on the risks of underage drinking.
3.4 The personal data we process may be held in an unstructured way, such as paper records and in Outlook email.
3.5 The personal data we process may also be held in a structured way within various IT or other systems, applications, solutions and databases; some of which may be owned and/ or operated by third parties. Where we engage with such third parties, we impose contractual requirements to protect your personal data.
4. WHY IS DATA PRIVACY IMPORTANT?
4.1 Collingwood respects the legal privacy rights of individuals.
The Data Privacy Act of 2012 (hereinafter referred to as the “Act”) and its implementing rules sets out the rights of a data subjects in the Philippines. The Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines. It requires the personal information controller to protect personal data by complying with the Data Privacy Principles (see paragraph 6 below) and imposes restrictions on how the controller may process the personal data. Some key words have a specific meaning under the Act (see paragraph 5 below).
5. WHAT DO THE KEY TERMS MEAN?
5.1 Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
5.2 Personal information controller refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf. The term excludes:
(1) A person or organization who performs such functions as instructed by another person or organization; and
(2) An individual who collects, holds, processes or uses personal information in connection with the individual’s personal, family or household affairs.
5.3 Personal information processor refers to any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject;
5.4 Processing refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
6. WHAT ARE THE DATA PRIVACY PRINCIPLES?
6.1 Collingwood complies with the Data Privacy Principles set out below:
6.2 Transparency. The data subject must be aware of the nature, purpose, and extent of the processing of his or her personal data, including the risks and safeguards involved, the identity of personal information controller, his or her rights as a data subject, and how these can be exercised. Any information and communication relating to the processing of personal data should be easy to access and understand, using clear and plain language.
6.3 Legitimate purpose. The processing of information shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy.
6.4 Proportionality. The processing of information shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose. Personal data shall be processed only if the purpose of the processing could not reasonably be fulfilled by other means.
6.5 Purpose limitation. Collection must be for a declared, specified, and legitimate purpose.
6.6 Fair and legal. Personal data shall be processed fairly and lawfully.
6.7 Accuracy. Personal information must be accurate, relevant and, where necessary for purposes for which it is to be used the processing of personal information, kept up to date; inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted.
6.8Adequacy. Adequate and not excessive in relation to the purposes for which they are collected and processed;
6.9 Data retention. Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law; and Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed.
6.10 Finally, we will respect your rights as a data subject (see paragraph 12 below).
7. FOR WHAT PURPOSES WILL COLLINGWOOD USE MY PERSONAL DATA?
7.1 We process your personal data primarily in order to be able to provide our educational resources for you.
7.2 We may also need to process your personal data for these purposes:
7.2.1 for legal and/or regulatory purposes;
7.2.2 to communicate and provide you with information, news and updates;
7.2.3 for live transmission of images through use of applications including but not limited to Zoom and Microsoft Teams;
7.2.4 to monitor to ensure our network and information security and to meet our Information Management and Security
7.2.5 for the purposes of crime prevention and detection, including where it is necessary for the assessment of risk or the
prevention of fraud and Health and Safety issues;
7.2.6 for analytics or benchmarking activities on an aggregated or statistical level to support our legitimate business
interests and to monitor Performance;
7.2.7 routine management of day-to-day business and operational activities with you, such as contact information.
7.3 Processing as described above may continue following the termination of our arrangement with you (as appropriate and necessary) and in line with our records management policies from time to time. Examples include any litigation or dispute and when there is a requirement to do so.
8. IS THE PROCESSING OF MY DATA OUTSOURCED TO SERVICE PROVIDERS?
8.1 We may outsource or subcontract with service providers throughout the duration of our relationship with you for such purposes including but not limited to those described in paragraph 7 or indeed afterwards, where this is necessary or reasonably required for the performance of our responsibilities under any arrangements we may have in place.
8.2 Where we outsource the processing of data to service providers acting on our behalf, the service providers are classed under Data Privacy Act as being a Personal Information Processor, and are subject to statutory obligations, as well as contractual obligations which are set out in a written agreement.
9. IS MY DATA SHARED WITH THIRD PARTIES OTHER THAN SERVICE PROVIDERS?
9.1 We will share your personal data to third parties on the basis of consent. If you are below the legal age to consent, we will process on the basis of the consent of your parent or guardian. Where you provide your consent, you are free at any time to withdraw it.
9.2 We may share personal data with third parties throughout the duration of our relationship with you for such purposes including but not limited to those described in paragraph 7 or indeed afterwards, where this is necessary or reasonably required for the performance of our responsibilities under any arrangements we may have in place.
9.3 Such third parties include your school or colleges, and any potential purchasers of Collingwood.
10. IS MY DATA TRANSFERRED OUTSIDE THE PHILIPPINES?
10.1 If your data was provided or created within the Philippines, we may need to transfer your data outside the Philippines as part of Collingwood’s legitimate interests as described in this Policy and in other transparency notices and other policies, standards and guidance from time to time.
If your personal data is transferred outside the Philippines, please be aware that you may have fewer rights under the local Data Privacy Law than you do under the Philippine Data Privacy Law of 2012. However, we will take all reasonable steps to ensure that your personal data is treated securely and in accordance with this policy and with relevant Data Privacy Law. This includes having agreements in place to ensure the security of your personal data and we will ensure that such transfers of data are subject to adequate and appropriate safeguards.
10.2 Where your personal data is handled by Personal Information Controllers, some of them may be located outside Philippines. We may have to use data centres and operations facilities that are operated from outside the Philippines, for example, if servers are switched. Some service providers may store data in the cloud in various locations around the world.
11. HOW IS MY DATA KEPT SECURE?
11.1 We have a number of policies, procedures, standards and guidelines in place to keep your personal data secure.
11.2 We ensure that the personal data is being held securely, both technically and organisationally and is only disclosed to authorised recipients, whether it is on paper or electronically held.
11.3 We have put in place technical and organisational measures to ensure the security of the information we collect, and have decided on which measures to take by taking account of the nature of the information and what would be the most effective way to prevent unauthorised access.
12. FOR HOW LONG IS MY DATA KEPT?
12.1 We will continue to retain your personal information for three years after our educational tools have been delivered to you. After this period, then we will securely destroy your personal data with due consideration of legal and regulatory requirements or guidance on retention.
12.2 We will not retain your personal data for any longer than is necessary for the purposes set out in this policy, nor will we retain any personal data about you which we know or which you have notified us is out of date.
13.2 This section explains what cookies are and gives details of the specific cookies we use on our website. It also sets out why we use these cookies and provides information on the cookie choices that you and all our website visitors have.
13.4 What is a cookie?
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your device’s hard disk. A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number. The other technologies we use serve a very similarly function but work slightly differently.
13.5 We use two broad types of cookies:
First party cookies, served directly by us to your device when you visit our website; and
Third party cookies, served by a third party on our behalf when you visit our website and certain third party websites with whom we have partnered.
These cookies can be divided into session cookies and persistent cookies. Session cookies are temporary cookies that remember your user choices and preferences and are then deleted as soon as you leave the site. Persistent cookies stay in one of your browser’s subfolders until you delete them manually or until they expire.
Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies at: www.allaboutcookies.org.
This website uses the following cookies for the following purposes:
Strictly Necessary cookies: These cookies are essential to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, our website cannot function properly and services you have asked for, like shopping baskets or e-billing, cannot be provided.
Examples of Strictly Necessary Cookies we may use on this website include Content Management Cookies which are required by the site for the content management system to work and Template Preference Cookies which are necessary for mobile sites and enable the site to look and feel the way it is intended to.
Functional cookies : These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or posting a comment. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
We may place a cookie to remember your preferences (Preference Cookie) so that you do not need to re-enter your details (country and language preferences) on our gateway page. You can choose this by selecting ‘Remember me on this device’, but it is not suitable if you share your computer with someone else. This cookie does not collect your date of birth.
13.7 We may also use certain service providers to set cookies on our behalf via third party partner websites. These cookies enable us to analyse visits to specific sections of those websites and collect certain information regarding purchases of our products. The types of information collected by such cookies may include: shopping cart information, what product pages have been viewed, whether a purchase of our product has been made, which of our products have been searched for.
13.8 How can you manage cookies?
If you are using a web browser (e.g. Google Chrome, Mozilla Firefox or Microsoft Edge), you have the ability to accept or decline cookies by modifying the settings in your browser. Please refer to your browser instructions or help screen to learn more about the functions which your browser provides to manage cookies. If you use different browsers and/or different devices you may need to ensure that each browser is adjusted to suit your cookie preferences. For instructions on how to manage cookies in your browser, please read the information available here. Please note that you may not be able to use all the interactive features of our site if all cookies are disabled.
14. WHAT ARE MY RIGHTS IN RELATION TO MY PERSONAL DATA?
You (or if you are below the legal age of consent for data privacy purposes, your parent or guardian) have the right to:
14.1 Be informed whether personal information pertaining to him or her shall be, are being or have been processed;
14.2 Be furnished the information indicated hereunder before the entry of his or her personal information into the processing system of the personal information controller, or at the next practical opportunity:
(1) Description of the personal information to be entered into the system;
(2) Purposes for which they are being or are to be processed;
(3) Scope and method of the personal information processing;
(4) The recipients or classes of recipients to whom they are or may be disclosed;
(5) Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized;
(6) The identity and contact details of the personal information controller or its representative;
(7) The period for which the information will be stored; and
(8) The existence of their rights, i.e., to access, correction, as well as the right to lodge a complaint before the Commission.
14.3 Reasonable access to, upon demand, the following:
(1) Contents of his or her personal information that were processed;
(2) Sources from which personal information were obtained;
(3) Names and addresses of recipients of the personal information;
(4) Manner by which such data were processed;
(5) Reasons for the disclosure of the personal information to recipients;
(6) Information on automated processes where the data will or likely to be made as the sole basis for any decision significantly affecting or will affect the data subject;
(7) Date when his or her personal information concerning the data subject were last accessed and modified; and
(8) The designation, or name or identity and address of the personal information controller;
14.4 Dispute the inaccuracy or error in the personal information and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal information have been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by recipients thereof: Provided, That the third parties who have previously received such processed personal information shall be informed of its inaccuracy and its rectification upon reasonable request of the data subject;
14.5 Suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected. In this case, the personal information controller may notify third parties who have previously received such processed personal information; and
14.6 Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.
15. HOW CAN I ACCESS MY PERSONAL DATA?
15.1 There are some exceptions to this general right, meaning that some of the personal data requested may be withheld in certain circumstances, including where:
15.1.1 the information is not your personal data and is not about you specifically;
15.1.2 the information relates or involves a third party where it is not reasonable in all the circumstances to disclose the information since it contains details of that third party and they have not given their consent to disclose;
15.1.3 you already have the information;
15.1.4 the information is subject to legal privilege; or
15.1.5 statutory law restricts disclosure.
Where you have made earlier requests, we will provide you with only the updates or additions to your information that have been made since the date of your last request.
If you would like to request access to your personal data, you can write to Collingwood Learning Solutions Ltd
with “Subject Access Request” in the subject line of the email or letter. You should set out the reason for the requests and specify exactly what data you would like to see and the periods of time you are referring to.
16. DOES COLLINGWOOD COLLECT MY PERSONAL DATA FROM ANY OTHER SOURCES?
16.1 We obtain your personal data from a number of sources, including from your school, or college.
16.2 We monitor communications on our networks, including office and mobile telephone networks. The information collected may be periodically reviewed by authorised staff to ensure compliance with our policies and to detect any unauthorised use of our IT infrastructure and systems.
17. HOW IS MY PERSONAL DATA KEPT ACCURATE AND UP-TO-DATE?
17.1 We want to ensure that personal data we hold is accurate and kept up-to-date. We need to do this both to comply with our obligations under the Data Privacy Act of 2012 and its implementing rules, and for the practical day to day management of our relationship with you.
17.2 For these and other reasons related to administering your relationship with us, please notify us of any change in your information (see section 16 “What Steps Can I Take If I Have Any Concerns About My Personal Data” for details on contacting us) as soon as is practicable, so that records can be updated.
18. WHAT STEPS CAN I TAKE IF I HAVE ANY CONCERNS ABOUT MY PERSONAL DATA?
18.1 You can report any concerns or issues to:
Collingwood Learning Solutions Ltd
We will do our best to support resolution of your query.
18.2 If after this you are not satisfied by our response you have the right to lodge a formal complaint with the National Privacy Commission.