Privacy Policy

At Sourcefit, we prioritize the protection of personal data and uphold the rights and interests of data subjects (owners of Personal Identifiable Information). We recognize the value of Personal Identifiable Information (PII) entrusted to us and are committed to managing and safeguarding it responsibly. This Privacy Policy outlines how we collect, use, and share personal information when you visit our website, www.sourcefit.com (referred to as the “Site”).

Data Subjects and Rights

We guarantee that you feel secure knowing that we will handle your information with utmost care. Our privacy controls adhere to various applicable data privacy regulations, ensuring the protection of personal data collected, used, and stored in our systems. We have mapped out these regulations to cover extensive areas and have formulated solutions to address any unique requirements.

  • Right to Information. Your personal data is treated as your property, and we will not collect, process, or store it without your explicit and informed consent, except as required by law. We obtain consent through consent forms, privacy notices, and acknowledgment pages.
  • Right to Access Information. You have the right to know if we hold any personal data about you and request access to it. We provide a written description of the information we hold and its purpose, along with easy access to obtain a copy.
  • Right to Object Processing. You can object to the processing of your personal data based on consent or legitimate interest. We cease processing your data upon objection or withdrawal of consent, except when legally obligated.
  • Right to Erasure or Blocking. You can suspend, withdraw, or request the deletion of your personal data under certain circumstances, such as incomplete or unlawfully obtained data.
  • Right to Damages. You may claim compensation for damages resulting from inaccurate or unauthorized use of personal data, including violations of your rights.
  • Right to Data Portability. You have the right to obtain and transfer your data securely for further use.
  • Right to Rectify Errors. You can dispute and correct any inaccuracies in your personal data, with prompt action taken by us.

Information We Collect, Use, and Why

Your Personal identifiable information (PII) is crucial to our business operations, and we handle it with care to deliver services efficiently. PII may be collected and used by our support services team for various purposes, including employee compensation, access management, and business development.

We may collect the following types of information.

  • Identifiers and Contacts. Your name, contact numbers, and email addresses for communication and identification purposes.
  • Biometric Information. Fingerprints for physical access control.
  • Basic Health Information. Health status and wellness data are required for employment and wellness programs.
  • Location and Addresses. Mailing and physical addresses for correspondence and asset delivery.
  • Government ID Numbers. For government-mandated applications and transactions.
  • Work History, Background, and Credentials. Educational and work history for employee profiling and credential verification.

Please note that customer information of our client partners is managed exclusively by them, ensuring control and compliance with privacy regulations. We do not store client information but facilitate its use within client systems as needed.

Website Information Collection

When you visit our website, we collect device information such as browser details, IP addresses, and cookies. Contact information is collected through contact forms for communication purposes.

Processing

We ensure PII processed is adequate, relevant, and not excessive, considering the intended purpose.

Data Privacy Principles and Legislative Requirements

We adhere to principles of transparency, legitimate purpose, and proportionality in processing PII, ensuring fair and lawful practices.

Consent

Informed and active consent is obtained before data collection, with consent forms utilized whenever possible.

Transparency

We obtain consent before processing PII and inform data subjects of the purpose, risks, safeguards, and rights associated with data processing.

Privacy Impact and Risks

Privacy Impact Assessments and Risk Analysis are conducted periodically and before implementing new processes or technologies involving PII.

Legitimate Purpose

Our PII processing aligns with declared purposes and legal requirements.

Retention

We retain your PII for specified periods based on regulatory requirements and necessity, ensuring proper disposal afterward. In compliance with prevailing regulatory requirements, we may retain PII for up to 5 years, however; retention and disposal o sensitive information may require further consent from data subjects.

Proportionality

We collect only necessary information for specified purposes with consent.

Disposal

Records and documents are disposed of properly according to retention schedules. Clients have control over the disposal of customer information stored in their portals.

Security Measures

PII is securely stored in databases managed by the Company’s Information Technology department. We maintain appropriate technical, physical, and organizational security measures to safeguard your information. These measures are regularly reviewed and updated to align with regulatory standards and technological advancements. These controls include, and is not limited to:

  • Secure Storage. PII is securely stored in databases managed by our Information Technology department. These databases are equipped with encryption and access controls to prevent unauthorized access.
  • Technical Safeguards. We utilize state-of-the-art security technologies, such as firewalls, intrusion detection systems, and encryption protocols, to protect your information from cyber threats.
  • Physical Security. Our facilities are equipped with physical security measures, including access controls and surveillance systems, to prevent unauthorized access to our premises and hardware.
  • Organizational Controls. We enforce strict policies and procedures governing the handling and processing of PII by our employees. Regular training and awareness programs ensure that our staff are well-equipped to maintain the security of your data.
  • Regular Review and Updates. Our security measures are continuously reviewed and updated to align with regulatory standards and technological advancements. We conduct regular security assessments and audits to identify and address any potential vulnerabilities.

To learn more about these measures and how PII is secured, please get in touch with our Data Protection Officer

Data Classification

To sustain our efforts of protecting PII, the following data classification is implemented:

The following controls are implemented per category:

Note: This applies to internal records and records that are shared with third parties and vendors.

Restriction on Sharing PII and Marketing Use

Sharing PII

We restrict the sharing of PII with third parties unless it is necessary for the fulfillment of contractual obligations or required by law. Any sharing of PII is done with utmost caution, ensuring that appropriate safeguards are in place to protect the data.

Marketing

We will not use your PII for profiling or marketing purposes unless a legitimate purpose is established, or explicit consent is obtained from you. Legitimate purposes may include providing relevant information about our products or services that are directly related to your interests or needs.

Data Subject Requests and Incident Management

Exercising Data Subject Rights

You may engage our Data Protection Officer (DPO) to exercise your rights data privacy rights. Whether it involves accessing information, rectifying inaccuracies, objecting to processing, or requesting data erasure, our DPO facilitates these requests promptly and transparently. You may fill out the Data Subject Action Request Form (https://forms.office.com/r/zR5p32wTHf) to send your requests to the DPO.

Reporting Incidents

In the event of a data privacy incident or breach, you may report it directly to our DPO. Our DPO oversees incident response procedures, ensuring timely assessment, mitigation, and reporting in compliance with regulatory requirements.

Our Data Protection Officer

Our Data Protection Officer (DPO) oversees all data privacy matters, managing the Data Privacy Program, responding to inquiries, identifying risks, and ensuring compliance.

To contact our DPO, email [email protected].

Our Data Privacy Compliance

Sourcefit have successfully complied with the Data Protection Officer and Personal Information Controller Registration Requirements of the National Privacy Commission of the Philippines, in accordance with NPC Circular No. 16-03. Our registration is valid until July 5, 2024. You may scan the QR code to get more information about our registration details.