Privacy-Notice-4-Business-Partners

Privacy Notice for Business Partner

This Privacy Notice provides information regarding the processing of personal information of individual business partners or potential business partners of National Book Store Group (“NBS” or “we”), and the individuals who work for and on behalf of NBS’ corporate business partners or potential corporate business partners.

This Privacy Notice explains what personal data is collected and processed, for which purposes, how long we hold the personal data, who we share your personal data with, how to access and update your personal data, your rights as data subject and where to go for further information.

For retail and institutional customers, please refer to Privacy Notice for Retail or Institutional Customer Laking National Member, Visitor of an NBS Group Website, Participant of Marketing Promotion or Event.

What personal data do we process?

We collect and process information, including personal data about you as our individual business partners or potential business partners and the individuals who work for and on behalf of NBS’ corporate business partners or potential corporate business partners from information that you provide to us or information that we obtain from contracts, forms, and publicly available sources.

These include personal information and sensitive personal information as follows:

• Full Name
• Photo
• Business Address
• Signature
• Email Address
• Tax Identification Number (for individual business partners)
• Contact Numbers
• Job Title / Position / Designation
• Bank Account Name and Number (for individual business partners)
• Government identification such as BIR 2303, SEC and DTI Registration, UMID ID Number, Driver’s License number, Passport number, GSIS/SSS Number, Voter’s Registration Number, etc.

We only process your personal data:

• In order to take steps at the request of an individual prior to entering into a contract;
• Where it is necessary to conclude a transaction with you;
• Where it is necessary for NBS to comply with a legal or regulatory obligation;
• Where it is necessary for the purposes of legitimate interests of NBS, except where such interests are overridden by the interests or fundamental rights and freedom of the individual/s; or
• With the express consent of the individual, if required.

In those cases where the processing is based on consent, you have the right to withdraw your consent at any time. This will not affect the validity of the processing prior to the withdrawal of consent.

What do we do with the information we gather?

We collect, use, keep, share or otherwise process your personal data for one or more of the following purposes:

• For the selection and accreditation of suppliers, vendors, service providers, and contractors;
• To enroll and maintain the vendors, suppliers, service providers, contractors and lessors in NBS’ enterprise system and other platforms and issue a unique identification;
• To be used as a basis for preparing a contract and/or service agreement with the suppliers, vendors, service providers, contractors and lessors;
• To contact the vendors, suppliers, service providers, contractors and lessors;
• For internal record keeping;
• To conduct statistical, historical or scientific research and studies;
• To transfer personal data to an archive;
• To comply with NBS’ obligations under law and as required by government organizations and/or agencies;
• To comply with legal and regulatory requirements or obligations; and
• To perform such other processing or disclosure that may be required under law or regulations.

How we collect, acquire or generate your data?

• When you fill-out and/or accomplish the following:
  • Vendor Accreditation Form
  • Bank Account form
• When you submit the following requirements:
  • Company Profile
  • Any government valid identification cards
  • BIR 2303 Certificate of Registration
  • SEC or DTI Registration
  • Audited Financial Statements
  • Bank Certification

How we protect your personal data?

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

• We keep and protect your personal data using a secured server behind a firewall, deploying encryption on computing devices and physical security controls.
• To the extent that certain information are not digitized, we keep and protect your information by keeping them out of sight of unauthorized personnel and third parties and kept in a locked receptacle as soon as possible.
• We restrict access to your personal data only to qualified and authorized personnel who hold your personal data with strict confidentiality.

How and who we share your personal data with?

As a general rule, we are not allowed to share your data to third parties except in limited circumstances as listed below. Personal data will only be shared on a strict need to know basis and solely to complete the process for the purposes mentioned above with the following:

• NBS affiliates and subsidiaries;
• Authorized third party partners and/or subcontractors; and
• Government, regulatory authorities or agencies where it is necessary to comply with legal or regulatory obligation, as required or authorized by or under the law.

Organizational, contractual and legal measures have been implemented to safeguard your personal data and ensure that adequate levels of protection are followed when transferring personal data within NBS or to authorized third party partners, service providers, subcontractors and/or government, regulatory authorities or agencies. Non-disclosure and data sharing agreement with the secured data transfer mechanisms are executed to ensure compliance with the applicable laws and regulations and set measures.

Where and how long do we keep your personal data?

All personal data of individual business partners or potential business partners of NBS and the individuals who work for and on behalf of NBS’ corporate business partners or potential corporate business partners will be retained for a period of 10 years after the termination of the relevant contracts.

Your personal data are retained in accordance with the above parameters, industry standards, laws and regulations, unless you request that your personal data be deleted from our systems, databases and hard copies immediately. Once deleted, your personal data will no longer be searchable or included in anonymous searches and will be completely removed from all storage locations.

How can I access my personal data?

Personal data of Business Partners can be accessed through the following:

• Vendors who registered in the Vendor Integrated Portal can access their personal data via logging in to http://vip.nationalbookstore.com.ph/login.php.
• Vendors, suppliers and service providers who have been accredited can access their personal data by sending a request to NBS’ Merchandising Department (merchandising-books@nationalbookstore.com.ph / merchandising-supplies@nationalbookstore.com.ph) and/or Procurement Department (procurement@nationalbookstore.com.ph).
• Construction contractors who have been accredited can access their personal data by sending a request to NBS’ Engineering and Construction Group (ecg@nationalbookstore.com.ph ).
• Lessors can access their personal data by sending a request to NBS’ Site Leasing Team.
• Personal data of other business partners can be accessed by sending a request to the Data Privacy Officer.

The Data Privacy Officer may, however, choose not to grant access or correct information based on the request following laws and regulations. He/she will give the individual a written notice that sets out the reason/s for the refusal.

What are your rights as a Data Subject?

The following are your rights as a Data Subject and our legal obligations with respect to your information:

• The Right to be Informed
• The Right to Access
• The Right to Object
• The Right to Erasure of Blocking
• The Right to Rectify
• The Right to Data Portability
• The Right to File a Complaint with the National Privacy Commission
• The Right to Damages

The rights mentioned are not applicable if personal data are processed only for scientific and statistical research purposes, and without being used as basis for carrying out any activity or taking any decision regarding you as the data subject. Your rights as a data subject are also subject to other limitations provided by law.

The law requires you to exercise your rights as described in this Privacy Notice in a reasonable and non-arbitrary manner, and with regard to rights of other parties.

Who can I contact for more information?

To exercise your rights which include right to access, modify, erase and object to processing your personal data within a reasonable time after such request or should you have any inquiries, feedbacks on this Privacy Notice, and/or complaints about https://www.nationalbookstore.com, you may reach us through our “Contact Us” menu in this website: https://www.nationalbookstore.com, through a written letter or through an email to our Data Protection Officer (DPO).

Our contact details are as follows:

• Data Protection Officer
• 2/F Quad Alpha Centrum Building
• 125 Pioneer Street, Mandaluyong City
• 02-6318061 to 66
• dpo1@nationalbookstore.com.ph

You may also lodge a complaint before the National Privacy Commission. For further details, please refer to the National Privacy Commission’s website: https://privacy.gov.ph/mechanics-for-complaints/.

Any action to a request for correction, erasure and/or objection to process your personal data as it appears in our records is subject to applicable laws and/or the Data Privacy Act, its Implementing Rules and Regulations and other issuances of the National Privacy Commission.

What if there are changes in our Privacy Policy?

NBS may revise this Privacy Notice as the need arises or when dictated by issuances of the National Privacy Commission or any amendment to the Data Privacy Act. Any change to this Privacy Notice shall be duly posted in this website and will take effect immediately. Data subjects are encouraged to periodically check for such updates. Changes shall not be retroactively applied and will not alter how we handle personal data previously collected without obtaining your consent, unless required by law.