OUR COMMITMENT

Exploretale Technologies, OPC. (“Exploretale”) is committed to providing its employees, clients, and Data Subjects with the highest levels of professional service. This includes protecting their privacy as Exploretale understands the importance of privacy of their Personal Data and Personal Information.

This Privacy Policy & Manual sets out how we collect, hold, use, and disclose your personal data.

By communicating with Exploretale’s email address, interacting with any of its social media accounts, requesting its services, applying for a job with Exploretale, asking Exploretale to recruit and place employees, or otherwise providing Exploretale with your personal data, all employees, clients, and Data Subjects will need to consent to their personal data being collected, held, used, and disclosed as set out in this Privacy Policy & Manual.

This Privacy Policy & Manual applies to all individuals (including Exploretale’s clients, the individuals whose personal data is collected from clients or other third parties, job applicants, and prospective employees) who provide Exploretale with their personal data.

PURPOSE OF THE POLICY

This Data Privacy Policy is designed to raise awareness of personal data in the course of Exploretale’s daily operations and enable Exploretale to protect the integrity and security of personal data which has been entrusted to Exploretale by its clients, employees, and business partners. It sets out the basic obligations of Exploretale personnel regarding personal data.

Exploretale personnel should familiarize themselves with this Data Privacy Policy & Manual and handle all personal data in accordance with the directions in it.

Should there be questions in connection with this Data Privacy Policy & Manual or in the event of any particular action or conduct that is observed to have been in breach of this Manual, please seek legal advice from the designated or retained lawyers of Exploretale or Exploretale’s Data Privacy Officer as indicated below.

EFFECTIVE DATE

This Data Privacy Policy takes effect from December 1, 2021.

DEFINITIONS

For purposes of this Data Privacy Policy & Manual, all terms defined by Republic Act No.10173 or the Data Privacy Act of 2012 (i.e. Data, Personal Information, Sensitive Personal Information, Data Sharing Agreement, etc); including any terms defined or referred to by any implementing rules or regulations issued by the Philippine National Data Privacy Commission shall be understood to have been adopted herein.

DATA PROTECTION PRINCIPLES

All Exploretale personnel must adhere to the following general principles when collecting, using, disclosing, processing, or otherwise handling Personal Information and/or Sensitive Personal Information.

CONSENT

The consent of an individual must be obtained, in accordance with the applicable Philippine data privacy laws, before collecting, using, or disclosing his personal data for a purpose. An individual also has a right to withdraw his consent, by giving reasonable notice.

Before embarking on a new business project or initiative that requires the collection of Personal Data, consider each category of Personal Data that is proposed to be collected and assessed whether the PIC (such as Exploretale) is able to perform the project or initiative without it. One should only collect the minimum Personal Data it requires for the legitimate purpose it is required for.

PURPOSE

Personal Data may only be collected, used, or disclosed for legitimate purposes that a reasonable person would consider appropriate in the circumstances. Fresh consent must be sought if any purposes for which consent was obtained differ from the original purpose communicated and agreed to by the individual.

Before using any Personal Data for a new purpose, all Exploretale personnel must ensure that the new purpose is covered under the relevant provisions of this Data Privacy Policy and Manual.

NOTIFICATION

Exploretale must notify individuals of the purpose(s) for which it intends to collect, use or disclose his Personal Data on or before Exploretale’s collection, use, or disclosure of such Personal Data. If Exploretale will be collecting Personal Data for a new purpose (as above), Exploretale will need to provide fresh notification to the individuals.

ACCESS

Upon request by an individual, he or she must be provided with his/her Personal Data possessed or controlled by Exploretale, unless prohibited by Philippine Data Privacy laws or regulations or other applicable laws or regulations in the country. Once Exploretale received the request, Exploretale will need to understand internally how the individual’s Personal Data has been used, processed, or disclosed by Exploretale. Exploretale needs to ensure that it logs all activities in relation to the access and extraction of Personal Data held by it.

Unless the aforesaid laws or regulations provide otherwise, such personal data must be provided as soon as practicable and no later than thirty (30) days after the individual’s first request for such personal data.

CORRECTION

An individual may also request Exploretale to correct any inaccuracies in her/his personal data which is in Exploretale’s possession or control. Unless Philippine laws or regulations provide otherwise, such personal data must be corrected or erased as soon as practicable, but no later than thirty (30) days after the individual’s first request for such correction.

ACCURACY

Reasonable efforts must be made to ensure that personal data collected by or on behalf of Exploretale is accurate and complete. This obligation applies at the time of collection and throughout the period during which such personal data is in Exploretale’s possession or control.

Where the data is more sensitive (e.g. identification numbers, mobile numbers), Exploretale must ensure that there are additional testing and checking performed to address any mistakes made during the point of data entry. For example, a second person should double-check the records to ensure accuracy.

SECURITY

Personal Data in Exploretale’s possession or under its control must be protected by reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks.

Exploretale personnel should take note of the following basic guidelines when sending Personal Data:

• Before sending a communication (e.g. email, Skype message/attachment) containing Personal Data, ensure that the recipient’s address (e.g. email address, fax number, Skype ID) is correct and matches that of the intended recipient and that the right files are attached prior to sending.
• Perform regular housekeeping of auto-complete email list and double-check recipient’s email addresses before sending out emails or documents containing Personal Data.
• Where possible, implement automated processing of documents or communications containing Personal Data (e.g. merging content or populating fields from various sources). Ensure the accuracy and reliability of the automated process by checking it regularly.
• Require Exploretale employees handling and sending Personal Data to be bound by confidentiality obligations in their employment agreements.
• Store hardcopy documents containing Personal Data in locked storage systems.
• Ensure that the computer networks being utilized by Exploretale to access, store or process Personal Data are secure.
• Install appropriate computer security software and use suitable computer security settings.

RETENTION

Unless Philippine laws or regulations provide otherwise, the retention of documents containing personal data must cease, or the means by which the personal data can be associated with particular individuals must be removed (for e.g., anonymization of data) as soon as:

• it is reasonable to assume that the purpose for which the personal data was collected is no longer being served by retention of such personal data; and
• retention is no longer necessary for legal or business purposes.

Exploretale personnel shall ensure proper disposal of Personal Data which should no longer be retained by Exploretale. Printed Personal Data should be shredded and digital documents containing such Personal Data should be permanently deleted.

DATA PRIVACY OFFICE

Email Address: dpo@exploretale.com