1. PERSONAL DATA PROTECTION POLICY
United Marine Training Center, Inc. (“we” or “us”) is committed to the protection of your personal information and your privacy. This Personal Data Protection Policy (“Policy”), prepared in accordance with the Data Privacy Act 2012, sets out our personal data protection practices that are put in place to protect the personal information of our employees and trainees.
We may amend this policy at any time without prior notice and we will notify you of any such amendments via our website or by email.
1.1. Definition of Terms
1.2. Scope and Limitations
This policy is applicable to all our employees regardless of the type of employment, and trainees regardless of his/her training arrangement.
1.3. Collection of Personal Data
In the course of your employment and training with us, we shall request you to provide certain personal data as applicable including, but not limited to the following; rank, full name, photo, birth date, birthplace, age, nationality, religion, gender, marital status, address, email address, contact number(s), health, height, weight, travel documents (passport / seaman’s book), educational background, employment history, references, bank account number/s, SSS number, Philhealth number, and Pag-ibig number, including your relatives’ full name, birth date, age, relationship, address, email address, and contact number.
We shall collect such personal data from you when you:
We may also obtain your personal data from third parties whom we deal with or who are connected with you and from other sources where you have given your consent for the disclosure of information relating to you, and/or where otherwise permitted by law.
1.4. Purpose Collecting Personal Data
The personal data you provided will be processed by us for (but not limited to) the following purposes as applicable:
1.5. Disclosure of your Personal Data
The personal data you have provided to us will be kept confidential. But for the purposes stated in this policy, you hereby consent and authorize us to share and/or disclose your personal data to the following parties:
1.6. Personal Data Security
We will take all appropriate measures to protect your personal data from accidental or unlawful destruction, alteration, disclosure, misuse, unlawful processing; as well as protect you against any damages sustained due to such inaccurate, incomplete, outdated, false and unlawfully obtained or unauthorized use of your personal data.
We will not keep your personal data for longer than necessary, and we will take appropriate measures to remove or destroy records of your personal data as applicable in accordance with the Data Privacy Act 2012.
1.7. Personal Data Access and Correction
In accordance with the Data Privacy Act 2012, we may on a written request received from you, provide you with access to your personal information and consider a request for the correction of that data. In such circumstances, you may request for a ‘Data Subject Request Form’ through:
Data Protection Officer
United Marine Training Center, Inc.
2120 Leon Guinto St. Malate, Manila, Philippines
You may also send your feedback on any related issues at:
2. PROCESSING OF PERSONAL DATA
The company collects personal data such as (but not limited to):rank, full name, photo, birth date, birthplace, age, nationality, religion, gender, marital status, address, email address, contact number, educational background, present employer, including his/her relatives’ full name, relationship, address and contact number.
The company collects such personal data such as (but not limited to): company addresses, and other information sent to the company via email or submitted by the company representative for delivering training certificates, billing statement and training results.
The company uses the personal data for (but not limited to) the following purposes:
2.3. Rights of the Data Subject
The company shall allow the data subject to access and/or obtain copy of their personal data whether processed or not in manual or electronic format. Under which case, the data subject may dispute any inaccuracy of the personal data. The Training Center shall update or correct the personal data in agreement with the data subject.
The data subject shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, and false and unlawfully obtained or unauthorized use of personal data.
The data subject may object the processing, or order the blocking, removal or destruction of their personal data. However by doing so, the company will not be able to fulfill any services related to their employment, including the purposes mentioned on above point no. 2.2.
As provided under the DPA, data subjects have the following rights in connection with the processing of their personal data: right to be informed, right to object, right to access, right to rectification, right to erasure or blocking, right to damages, right to complaint, transmissibility of rights of data subject and data portability.
The data subject has the right to be informed whether personal data pertaining to him or her shall be, are being, or have been processed. The data subject shall be notified and furnished with information indicated hereunder before the entry of his or her personal data into the records of the company, or at the next practical opportunity:
The data subject shall have the right to object to the processing of his or her personal data, including processing for automated processing or profiling. The data subject shall also be notified and given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the data subject in the preceding paragraph.
When a data subject objects or withholds consent, the company shall no longer process the personal data, unless:
The data subject has the right to reasonable access to, upon demand, the following:
The data subject has the right to dispute the inaccuracy or rectify the error in his or her personal data, and the company shall correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal data has been corrected, the company shall ensure the accessibility of both the new and the retracted personal data and the simultaneous receipt of the new and the retracted personal data by the intended recipients thereof, provided that recipients or third parties who have previously received such processed personal data shall be informed of its inaccuracy and its rectification, upon reasonable request of the data subject.
The data subject shall have the right to suspend, withdraw, or order the blocking, removal, or destruction of his or her personal data from the company’s filing system.
The data subject may claim compensation if he/she suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, considering any violation of his/ her rights and freedoms as data subject.
If the data subject feel that his / her personal information has been misused, maliciously disclosed, or improperly disposed, or that any of his/ her data privacy rights have been violated, he/she have the right to file a complaint with the NPC.
The lawful heirs and assigns of the data subject may invoke the rights of the data subject to which he or she is an heir or an assignee, at any time after the death of the data subject, or when the data subject is incapacitated or incapable of exercising his/her rights.
Where his or her personal data is processed by the company through electronic means and in a structured and commonly used format, the data subject shall have the right to obtain a copy of such data in an electronic or structured format that is commonly used and allows for further use by the data subject. The exercise of this right shall primarily take into account the right of data subject to have control over his or her personal data being processed based on consent or contract, for commercial purpose, or through automated means. The DPO shall regularly monitor and implement the National Privacy Commission’s issuances specifying the electronic format referred to above, as well as the technical standards, modalities, procedures and other rules for their transfer.
3. STORAGE, RETENTION, DESTRUCTION AND DISPOSAL
The company ensures that personal data under its custody are protected against any accidental or unlawful destruction, alteration, disclosure, misuse, as well as against any other unlawful processing.
The company will implement appropriate security measures in storing personal data in secure facilities and paper-based files, and uses various processes such as (but not limited to):
The company retains personal data depending on the documentation classification after the data subject’s last transaction with the company, as it may need to resolve issues, answer to possible local and/or international queries from authorities, and/or comply with any legal requirements under applicable laws.
4. DISCLOSURE AND SHARING
The company shall maintain the confidentiality and secrecy of all personal data that come to their knowledge and possession, even after resignation, termination of contract or other contractual relations. Personal data under the custody of the company shall be disclosed only pursuant to a lawful purpose, and to authorized recipients of such data.