QUANBY SOLUTIONS INC. DATA PROTECTION POLICY
Quanby Solutions Inc. is committed to protecting the privacy and security of personal data in compliance with the Data Privacy Act of 2012 and other relevant regulations. This Data Protection Policy establishes guidelines to ensure that personal data is collected, processed, stored, and disposed of lawfully, fairly, and securely. All employees are strictly required to adhere to this policy to safeguard individuals’ rights and maintain the integrity of the Organization’s data-handling practices. Non-compliance may result in disciplinary action.
The Organization is committed to processing personal data in accordance with its responsibilities under the DPA. In line with the DPA, personal data shall be:
A. Processed lawfully, fairly, and transparently in relation to individuals.
B. Collected for specified, explicit, and legitimate purposes, and not further processed in ways incompatible with those purposes. Processing for archiving in the public interest, scientific or historical research, or statistical purposes shall not be considered incompatible.
C. Adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
D. Accurate and, where necessary, kept up to date. Inaccurate data shall be corrected or erased promptly.
E. Retained only as long as necessary for the purposes for which it is processed. Personal data may be retained for longer periods for archiving in the public interest, scientific or historical research, or statistical purposes, provided that proper safeguards are in place.
F. Processed securely to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage using appropriate technical or organizational measures.
A. This policy applies to all personal data processed by the Organization.
B. The Responsible Person shall take responsibility for the Organization’s ongoing compliance with this policy.
C. This policy shall be reviewed at least annually.
D. The Organization shall register with the National Privacy Commission (NPC) as a processor of personal data.
A. To ensure its processing of data is lawful, fair, and transparent, the Organization shall maintain a Register of Systems.
B. The Register of Systems shall be reviewed annually.
C. Individuals have the right to access their personal data. The Organization shall address such requests in a timely manner.
The Organization may collect and process the following types of personal data but is not limited to:
Full name;
Date and place of birth;
Gender, age, civil status, religion, citizenship/nationality, blood type, health data;
Address (E-mail, office, local and foreign residential);
Contact numbers (work, home, and mobile);
Curriculum vitae (employment history);
Agency name and address; Position or designation; employment history;
Government-issued ID;
Photo.
The Organization gathers personal data directly from individuals or their duly authorized representatives when they:
Fill out a form manually or electronically, submit a document, or request for data/documents;
Respond to an interview;
Apply for employment, are currently employed, or have been appointed within the Organization;
Open a support ticket;
Register or use our website and web/mobile applications.
All data processing are done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task, or legitimate interests.
The Organization shall note the appropriate lawful basis in the Register of Systems.
If consent is relied upon as the lawful basis, evidence of opt-in consent shall be maintained alongside the data.
Communications with individuals based on their consent shall include a clear option to revoke consent, with systems in place to reflect such revocations accurately.
A. The Organization shall ensure personal data is adequate, relevant, and limited to the purposes for which it is processed.
A. Reasonable steps shall be taken to ensure personal data is accurate and up to date.
B. Procedures shall be established to ensure timely updates to personal data as necessary for the lawful basis of processing
A. The Organization shall implement an archiving policy to ensure personal data is retained only as long as necessary. This policy shall be reviewed annually.
B. The archiving policy shall define what data must be retained, the duration, and the purpose for retention.
C. Disposal of personal data shall follow secure methods such as deleting digital files, emptying the recycle bin, using file-shredding tools for sensitive information, shredding paper documents, or incinerating physical records to prevent unauthorized access.
A. Personal data shall be stored securely using up-to-date software and technologies.
B. Access to personal data shall be restricted to authorized personnel only. Security measures shall prevent unauthorized sharing.
C. Data deletion processes shall ensure irrecoverable removal of personal data.
D. Backup and disaster recovery solutions shall be implemented to safeguard against data loss.
In the event of a data breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data, the Organization shall:
A. Promptly assess the risk to individuals’ rights and freedoms.
B. Report the breach to the National Privacy Commission (NPC) if necessary.
