Staff Leasing
STAFF LEASING
VIRTUAL CAPTIVES
PROJECT-BASED SOLUTIONS
CREATE A PLAN
HIRE AND TRAIN
GET STARTED
Privacy Policy
At Sourcefit, we prioritize the protection of personal data and uphold the rights and interests of data subjects (owners of Personal Identifiable Information). We recognize the value of Personal Identifiable Information (PII) entrusted to us and are committed to managing and safeguarding it responsibly. This Privacy Policy outlines how we collect, use, and share personal information when you visit our website, www.sourcefit.com (referred to as the “Site”).
DATA SUBJECTS AND RIGHTS
We guarantee that you feel secure knowing that we will handle your information with utmost care. Our privacy controls adhere to various applicable data privacy regulations, ensuring the protection of personal data collected, used, and stored in our systems. We have mapped out these regulations to cover extensive areas and have formulated solutions to address any unique requirements.
- Right to Information. Your personal data is treated as your property, and we will not collect, process, or store it without your explicit and informed consent, except as required by law. We obtain consent through consent forms, privacy notices, and acknowledgment pages.
- Right to Access Information. You have the right to know if we hold any personal data about you and request access to it. We provide a written description of the information we hold and its purpose, along with easy access to obtain a copy.
- Right to Object Processing. You can object to the processing of your personal data based on consent or legitimate interest. We cease processing your data upon objection or withdrawal of consent, except when legally obligated.
- Right to Erasure or Blocking. You can suspend, withdraw, or request the deletion of your personal data under certain circumstances, such as incomplete or unlawfully obtained data.
- Right to Damages. You may claim compensation for damages resulting from inaccurate or unauthorized use of personal data, including violations of your rights.
- Right to Data Portability. You have the right to obtain and transfer your data securely for further use.
- Right to Rectify Errors. You can dispute and correct any inaccuracies in your personal data, with prompt action taken by us.
INFORMATION WE COLLECT, USE, AND WHY
Your Personal identifiable information (PII) is crucial to our business operations, and we handle it with care to deliver services efficiently. PII may be collected and used by our support services team for various purposes, including employee compensation, access management, and business development.
We may collect the following types of information.
- Identifiers and Contacts. Your name, contact numbers, and email addresses for communication and identification purposes.
- Biometric Information. Fingerprints for physical access control.
- Basic Health Information. Health status and wellness data are required for employment and wellness programs.
- Location and Addresses. Mailing and physical addresses for correspondence and asset delivery.
- Government ID Numbers. For government-mandated applications and transactions.
- Work History, Background, and Credentials. Educational and work history for employee profiling and credential verification.
Please note that customer information of our client partners is managed exclusively by them, ensuring control and compliance with privacy regulations. We do not store client information but facilitate its use within client systems as needed.
Website Information Collection
When you visit our website, we collect device information such as browser details, IP addresses, and cookies. Contact information is collected through contact forms for communication purposes.
Processing
We ensure PII processed is adequate, relevant, and not excessive, considering the intended purpose.
Data Privacy Principles and Legislative Requirements
We adhere to principles of transparency, legitimate purpose, and proportionality in processing PII, ensuring fair and lawful practices.
Consent
Informed and active consent is obtained before data collection, with consent forms utilized whenever possible.
Transparency
We obtain consent before processing PII and inform data subjects of the purpose, risks, safeguards, and rights associated with data processing.
Privacy Impact and Risks
Privacy Impact Assessments and Risk Analysis are conducted periodically and before implementing new processes or technologies involving PII.
Legitimate Purpose
Our PII processing aligns with declared purposes and legal requirements.
Retention
We retain your PII for specified periods based on regulatory requirements and necessity, ensuring proper disposal afterward. In compliance with prevailing regulatory requirements, we may retain PII for up to 5 years, however; retention and disposal o sensitive information may require further consent from data subjects.
Proportionality
We collect only necessary information for specified purposes with consent.
Disposal
Records and documents are disposed of properly according to retention schedules. Clients have control over the disposal of customer information stored in their portals.
Security Measures
PII is securely stored in databases managed by the Company’s Information Technology department. We maintain appropriate technical, physical, and organizational security measures to safeguard your information. These measures are regularly reviewed and updated to align with regulatory standards and technological advancements. These controls include, and is not limited to:
- Secure Storage. PII is securely stored in databases managed by our Information Technology department. These databases are equipped with encryption and access controls to prevent unauthorized access.
- Technical Safeguards. We utilize state-of-the-art security technologies, such as firewalls, intrusion detection systems, and encryption protocols, to protect your information from cyber threats.
- Physical Security. Our facilities are equipped with physical security measures, including access controls and surveillance systems, to prevent unauthorized access to our premises and hardware.
- Organizational Controls. We enforce strict policies and procedures governing the handling and processing of PII by our employees. Regular training and awareness programs ensure that our staff are well-equipped to maintain the security of your data.
- Regular Review and Updates. Our security measures are continuously reviewed and updated to align with regulatory standards and technological advancements. We conduct regular security assessments and audits to identify and address any potential vulnerabilities.
To learn more about these measures and how PII is secured, please get in touch with our Data Protection Officer
Data Classification
To sustain our efforts of protecting PII, the following data classification is implemented:
Public
Information intended and released for public use
Examples
- Published Research
- Training Course Catalogs
- Privacy Policy
- Support Directory
- Basic Emergency Response Plans (life safety)
- Corporate Policies
- Publications
- Press Releases
- Published Marketing Materials
- Regulatory and Legal Filings
- Published Annual Reports
- Plans of Public Spaces/ Evacuation Plans
- Public Announcements
Business Confidential
Information that may be shared only within Sourcefit
Examples
- Department Policies and Procedures
- Employee Web/Intranet Portals
- Training Materials
- Pre-Release Articles
- Non-Public Building Plans or Layouts
- Non-Sensitive Administration Survey Data
Confidential
High-risk information that requires strict controls
Examples
- Password and PIN’s
- System Credentials
- Individually Identifiable Financial Account Information (eg: Bank Account, Credit or Debit Card Numbers)
- Individually Identifiable Health or Medical Information
- Detailed Security System Procedures and Architectures
Classified
High-risk information that requires strict controls
Examples
- Classified Client Data
- Client Trade Secrets
To The following controls are implemented per category:
Activity
Printing
Mailing Paper Based-Info
Storing electronic files on work or personal computer (including portable devices)
Sharing files with authorized individuals
Engaging vendors to store/process data
Business Confidential
Do not leave unattended on printer trays or bins
Put in a closed mailing envelope/box
Only store in IT allowed storage (ie., One Drive)
Used approved collaboration tools and share with specific individuals, not anonymous or guest links
Written contracts are strongly recommended
Confidential
Do not leave unattended on printer trays or bins
Put in a closed mailing envelope/box
Only store in IT allowed storage (ie., One Drive)
Used approved collaboration tools and share with specific individuals, not anonymous or guest links
Written contracts are strongly recommended
Classified
Never print unless there is explicit approval
Never mail
Never store out of client systems or portals
Never share
Written contracts are strongly recommended
Note: This applies to internal records and records that are shared with third parties and vendors.
Restriction On Sharing PII And Marketing Use
Sharing PII
We restrict the sharing of PII with third parties unless it is necessary for the fulfillment of contractual obligations or required by law. Any sharing of PII is done with utmost caution, ensuring that appropriate safeguards are in place to protect the data.
Marketing
We will not use your PII for profiling or marketing purposes unless a legitimate purpose is established, or explicit consent is obtained from you. Legitimate purposes may include providing relevant information about our products or services that are directly related to your interests or needs.
Data Subject Requests And Incident Management
Exercising Data Subject Rights
You may engage our Data Protection Officer (DPO) to exercise your rights data privacy rights. Whether it involves accessing information, rectifying inaccuracies, objecting to processing, or requesting data erasure, our DPO facilitates these requests promptly and transparently. You may fill out the Data Subject Action Request Form (https://forms.office.com/r/zR5p32wTHf) to send your requests to the DPO.
Reporting Incidents
In the event of a data privacy incident or breach, you may report it directly to our DPO. Our DPO oversees incident response procedures, ensuring timely assessment, mitigation, and reporting in compliance with regulatory requirements.
Our Data Protection Officer
Our Data Protection Officer (DPO) oversees all data privacy matters, managing the Data Privacy Program, responding to inquiries, identifying risks, and ensuring compliance.
To contact our DPO, email [email protected].
Our Data Privacy Compliance
Sourcefit have successfully complied with the Data Protection Officer and Personal Information Controller Registration Requirements of the National Privacy Commission of the Philippines, in accordance with NPC Circular No. 16-03. Our registration is valid until July 23, 2025. You may scan the QR code to get more information about our registration details.
Terms and Policy Updates
We have updated our Terms of Use and Privacy Policy. This update took effect on August 6, 2024
