Privacy-Notice-1-Employees

Privacy Notice for Employees, their Dependents, Contractors and Interns

This Privacy Notice provides information regarding the processing of personal data of existing and former employees, interns and contractors of National Book Store Group (“NBS” or “we”), including employees’ dependents.

This Privacy Notice explains what personal data is collected and processed, for which purposes, how long we hold the personal data, who we share your personal data with, how to access and update your personal data, your rights as data subject and where to go for further information.

For existing and former employees, their dependents, interns and contractors who are also retail customers or users of NBS’ websites in any capacity, please refer to the Privacy Notice for Customers (In Store and Online) and Laking National Card Members. For individuals who apply to work for, or who attend a recruitment event or undertake an assessment with NBS, please see the Privacy Notice for Job Applicants.

What personal data do we process?

We collect and process information to manage employment relationship, to support organizational development, to engage contractors and interns and to provide benefits to NBS employees and their declared dependents.

• These include personal information and sensitive personal information as follows:
• Full Name
• Signature
• Home Address
• Health or Medical History
• Business Address
• Government identification such as TIN,UMID ID number, Driver’s license number,Passport number, GSIS/SSS number,PhilHealth ID number, PAGIBIG ID number,Voter’s registration number
• Email Address
• Date Hired
• Contact Number
• Job Title/Position
• Date Of Birth
• Department
• Age
• Employee Number
• Marital Status
• Bank Account Name and Nubmer
• Color,Race or Ethnic Origin
• Occupation
• Religion
• Emergency Contacts
• Place of Birth
• Dependent’s Full Name, Date of Birth, Age,Civil Status, Occupation, Health condition
• Education
• Work Performance or Evaluation
• Height and Weight
• Assesment Results
• Photo
• Biometrics
• Wage Benefits

We only process your personal data:

• Where it is necessary for NBS to comply with a legal obligation; or
• For legitimate business interests; or
• Where we have your explicit consent.

Since your relationship with NBS is contractual in nature, processing of your personal data does not need your consent since such processing is needed in order for NBS to fulfill its obligations under the contract and for legitimate business interests. However, there are limited circumstances when consent is required, such as if required by applicable local law, including for processing “sensitive” personal data.

Personal data requested from you is the minimum required in order to fulfill legal and/or contractual requirements and to provide opportunities to take part in programs or to provide a benefit. Failure to provide NBS with the information requested may negatively affect your ability to remain in employment, internship or engagement as a contractor or from participating in a program or receiving a benefit.

Where the processing is based on consent, you have the right to withdraw your consent at any time. This will not affect the validity of the processing prior to the withdrawal of consent.

What do we do with the information we gather?

We collect, use, keep, share or otherwise process your personal data for one or more of the following purposes:

• (i) Human resource and personnel management. This purpose includes collection and processing of personal data that is necessary for the preparation, performance or termination of an employment contract or any other contract or relationship with an employee, or for managing employer-employee relationship. It includes management and administration of recruitment and outplacement, calculation, determination and payment of compensation and benefits, calculation and payment of taxes and social security contributions, calculation and payment of retirement and pensions of any description, as well as any similar entitlements, career and talent development, performance evaluations, training, travel and expenses, leave and other absence, security and employee communications. Specifically, we use your personal data:
• To consider and evaluate your suitability for employment and, with your permission, inform and consider you for future job opportunities that may be of interest to you;
• To evaluate whether you are fit to work or qualified and competent to perform certain functions;
• To process your data necessary for your employment such as, but not limited to, payroll, benefits application, allowances and refunds processing, tax processing, retirement benefits, and other purposes that demand processing of your personal data (e.g., business travels, anniversaries, social activities, emergencies, and so on);
• To share your data with the third party service provider and government agencies who will process payroll crediting to your bank account, tax filings, and retirement benefits processing; and
• Upon separation, to process your data for the exit interview and preparation of final pay.

• (ii) Business process execution and internal management. This purpose includes activities such as scheduling work, time-recording, managing company assets, conducting internal audits and investigations, implementing business controls and creating, managing and using employee directories. Specifically, we use your personal data:
• To manage performance evaluation and career development including seminars, trainings, workshops, and compliance monitoring;
• To manage dispute resolutions in labor-related concerns; and
• To process your data necessary to execute business transactions such as preparation and/or approval of business documents and any other functions that are directly related and/or incidental to your job and that will demand processing of your personal data.

• (iii) Health, safety and security. This purpose includes, activities such as occupational safety and health, the protection of company and employee assets, and the authentication of employee status and access rights. Specifically, we use your personal data:
• To monitor your medical needs, history and condition within the company clinics and for medical consultation;
• For HMO and insurance enrollment and claims; and
• To provide assistance to, and account for, employees and their declared dependents in case of emergency.

• (iv) Organizational analysis and development and management reporting. This purpose includes activities such as conducting employee surveys, and processing employee personal data for management reporting and analysis. Specifically, we use your personal data:
• To conduct statistical, historical or scientific research and studies; and
• To transfer personal data to an archive.

• (v) Compliance with legal obligations. This purpose includes the collection and processing of employee’s personal data as necessary for compliance with a legal obligation to which NBS is subject. Specifically, we use your personal data:
• To comply with NBS’ obligations under law and as required by government organizations and/or agencies;
• To comply with legal and regulatory requirements or obligations; and
• To perform such other processing or disclosure that may be required under law or regulations.

• • (vi) Protecting the vital interests of employee, dependent, contractor, and intern. This purpose permits collecting and processing of personal data as necessary to protect the vital interests of an employee, dependent, contractor, and intern.

How we collect, acquire or generate your data?

• When you fill-out:
  • Employee Data (201) sheet;
  • Bank forms;
  • Member’s enrollment sheet and claim forms for HMO and insurance processing;
  • Time and Attendance system;
  • Performance Management System (PMS) forms;
  • Training request form;
  • Attendance sheet;
  • Contact tracing forms;
  • Medical consultation slips; and
  • Doctors maintaining employee medical index.
• When you enter our offices and/or stores and your movement is captured by surveillance cameras (CCTV)s;
• When you contact us or communicate with use through our website/s, email, phone, social media platforms, or other methods of inquiry or communication; and
• When you provide or submit documents in whatever form to NBS, whether directly or through another person, for purposes of obtaining the above-mentioned purposes.

Who will collect, process and control your personal data?

NBS’ Human Resources and Administration Department (HRAD) will be responsible for the collection, processing and control of any relevant personal data that will be required from employees, regular or seasonal employees, contractors, interns, and employees’ dependents.

What and why do we monitor?

Company files, records (whether or not electronic), computers, devices and facilities are the property of NBS, and we may examine and review their contents at any time, whether or not an officer, employee or other staff has personal data, property or other information stored therein.

Existing employees, regular or seasonal employees, contractors and interns are monitored as follows:

• When assigned NBS-owned ICT equipment is connected to NBS network which may be monitored for legitimate business purposes;
• Through access badge and biometrics which allow NBS to record the date, time and access points made by individuals within office, stores and warehouse premises and assets; and
• Surveillance cameras (CCTV) located in the office, stores and warehouse premises and assets which when used can identify the individual through footages.

The data that will be generated from these monitoring activities are used for:

• Health, safety and security purposes of NBS employees, visitors and assets within NBS premises;
• Legal and regulatory compliance to provide information to government/regulatory authorities;
• Attendance monitoring for payroll use; and
• Investigation in the event of health, safety, or security incident or suspected or actual criminalactivity.

How we protect your personal data?

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

• We keep and protect your personal data using a secured server behind a firewall, deployingencryption on computing devices and physical security controls.
• To the extent that certain information are not digitized, we keep and protect your informationby keeping them out of sight of unauthorized personnel and third parties and kept in a lockedreceptacle as soon as possible.
• We restrict access to your personal data only to qualified and authorized personnel who holdyour personal data with strict confidentiality.
• It is important for you to protect against unauthorized access to your password and to yourcomputer or gadget. Be sure to sign-off when finished using a shared computer.

How and who we share your personal data with?

As a general rule, we are not allowed to share your data to third-party except in limited circumstances as listed below. Personal data will only be shared on a strict need to know basis and solely to complete the process for the purposes mentioned above with the following:

• NBS affiliates and subsidiaries;
• Authorized third party partners, service providers and/or subcontractors;
• Government, regulatory authorities or agencies where it is necessary to comply with legal orregulatory obligation, as required or authorized by or under the law.

Organizational, contractual and legal measures have been implemented to safeguard your personal data and ensure that adequate levels of protection are followed when transferring personal data within NBS or to authorized third party partners, service providers, subcontractors and/or government, regulatory authorities or agencies. Non-disclosure and data sharing agreement with the secured data transfer mechanisms are executed to ensure compliance with applicable laws and regulations and set measures.

What is our Privacy Policy regarding children?

NBS is very sensitive to privacy issues and it is especially careful in its communications with children. NBS will never directly collect personal data from children under the age of 18 without the parent's consent.

Personal data pertaining to children and collected from their parents employed with NBS is used to provide technical fulfillment or other services (for example, enrollment with HMO and insurance provider). These personal data are not sold.

How long do we keep your personal data?

All personal data of existing and former employees of NBS, employees’ dependents, contractors and interns will be retained within 3 years in physical form and 10 years in digital form after contract termination and are preserved both in HR 201 files and the relevant information system.

Your personal data are retained in accordance with the above said parameters, industry standards, laws and regulations, unless you request that your personal data be deleted from our systems, databases and hard copies immediately. Once deleted, your personal data will no longer be searchable or included in anonymous searches and will be completely removed from all storage locations

How can I access my personal data?

Personal data of existing or former employees, employees’ dependents, contractors and interns can be accessed, corrected, updated, deleted and restricted through sending a request to NBS’ Human Resources and Administration Department (HRAD). Access to the relevant information system is limited and controlled by HRAD.

For those individuals who have access to Time and Attendance System (TNA), you can access your personal data through:

http://192.168.0.102/tna-abc/ http://192.168.0.102/tna-nbs/

Each department has an assigned HRAD business partner who can be contacted for personal data access concerns. For contractors, you should speak with your external contracting/employing company/agency.

The Data Privacy Officer may, however, choose not to grant access or correct information based on the request following laws and regulations. He/she will give the individual a written notice that sets out the reason/s for the refusal.

What are your rights as a Data Subject?

The following are your rights as a Data Subject and our legal obligations with respect to your information:

• The Right to be Informed
• The Right to Access
• The Right to Object
• The Right to Erasure of Blocking
• The Right to Rectify
• The Right to Data Portability
• The Right to File a Complaint with the National Privacy Commission
• The Right to Damages

The rights mentioned are not applicable if personal data are processed only for scientific and statistical research purposes, and without being used as basis for carrying out any activity or taking any decision regarding you as the data subject. Your rights as a data subject are also subject to other limitations provided by law.

The law requires you to exercise your rights as described in this Privacy Notice in a reasonable and non-arbitrary manner, and with regard to rights of other parties.

Who can I contact for more information?

To exercise your rights which include right to access, modify, erase and object to processing your personal data within a reasonable time after such request or should you have any inquiries, feedbacks on this Privacy Notice, and/or complaints regarding https://www.nationalbookstore.com, you may reach us through our “Contact Us” menu in this website: https://www.nationalbookstore.com, through a written letter or through an email to our Data Protection Officer (DPO).

Our contact details are as follows:

• Data Protection Officer
• 2/F Quad Alpha Centrum Building
• 125 Pioneer Street, Mandaluyong City
• 02-6318061 to 66
• dpo1@nationalbookstore.com.ph

You may also lodge a complaint before the National Privacy Commission. For further details, please refer to the National Privacy Commission’s website: https://privacy.gov.ph/mechanics-for-complaints/.

Any action to a request for correction, erasure and/or objection to process your personal data as it appears in our records is subject to applicable laws and/or the Data Privacy Act, its Implementing Rules and Regulations and other issuances of the National Privacy Commission.

What if there are changes in our Privacy Notice?

BS may revise this Privacy Notice as the need arises or when dictated by issuances of the National Privacy Commission or any amendment to the Data Privacy Act. Any change to this Privacy Notice shall be duly posted in this website and will take effect immediately. Data subjects are encouraged to periodically check for such updates. Changes shall not be retroactively applied and will not alter how we handle personal data previously collected without obtaining your consent, unless required by law.