Toyota Bacoor Cavite, Inc. is committed to upholding the privacy of your Personal Information. This policy explains the collection, processing, storage, sharing, and disclosure of personal information in compliance with the Data Privacy Act (DPA) of 2012, and its Implementing Rules and Regulations (IRR) effective since September 8, 2016.
Should you have questions or concerns about Data Privacy, please email us at firstname.lastname@example.org.
In the normal course of business, TOYOTA BACOOR, CAVITE INC. (the “Company”) collects, records, stores, uses, generates, consolidates, or in any way, whether through automated or manual means, process personal information and sensitive personal information (“Personal Data”) from its clients or data subjects, including but not limited to, the following:
• Nature or Place of present work/ employment
• Telephone Number
• Contact Information
• Marital Status
• Birth date
• Payroll and Benefits Information
• Tax Returns
• Other financial information including Bank or Billing Statements, etc.
• Any other information reflecting preferences of behaviors of an individual
The Company shall Process Personal Data, as provided under applicable laws and regulations, for the following purposes:
(a.) to offer and provide new or related products and/or services, to provide incentives and promotions (such as loyalty programs, pre-qualification to new products or services, and other incentives);
(b.) to facilitate communications with customers such as post sales follow-up survey, service campaigns, and parts back order confirmation;
(c.) for business performance data validation and analysis in all aspects such as vehicle sales, service, parts sales, and insurance sales;
(d.) for customer profiling and data validation;
(e.) for monitoring communications, validation of dealer personnel related to movement, training, qualifications, succession planning, and warranty labor rates; and
(f.) for compliance with the requirements of the Data Privacy Act and its implementing rules and regulations;
Personal Data shall be made available to TMPC, its agents, officers, employees, third party service providers, and other third parties solely to meet the purposes specified above.
All employees and personnel of the Company shall maintain the confidentiality and secrecy of all Personal Data that come to their knowledge and possession, even after resignation, termination of contract, or other contractual relations. Personal Data under the custody of the Company shall be disclosed only pursuant to the lawful purposes mentioned above, and to authorized recipients of such data.
Personal Data shall be stored in electronic or structured format, such as data centers (on premises and cloud) and physical document storage facilities. The Company may retain Personal Data for the period necessary to meet the purposes specified above, after which, it shall be disposed of and destroyed through secured means.
The Company shall, to the best of its abilities under the circumstances, ensure that personal data under its custody are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. The company will implement appropriate security measures in storing collected personal information, depending on the nature of the information.
The Company shall, at all times, uphold and respect the following rights of clients/data subjects under Sections 16 to 19 of the Data Privacy Act including, but not limited to the following:
1. Right to be informed whether Personal Data pertaining to him or her shall be, are being or have been processed;
2. Right to be furnished the Personal Data before the entry thereof into the processing system of the Company, or at the next practical opportunity;
3. Right of Reasonable access to (upon demand) the Personal Data processed, as well as information on the sources from which the Data were obtained, the manner by which the Data was processed, reasons for the disclosure of the Data to recipients, the designation, or name or identity and address of the personal information controller;
4. Right to object to the collection and processing of Personal Data;
5. Right to access and rectify or correct erroneous data;
6. Right to erase or block Personal Data;
7. Right to secure data portability;
8. Right to be indemnified for damages arising from the mishandling, as well as the unauthorized use or disclosure, of Personal Data; and
9. Right to lodge a complaint before the National Privacy Commission in case of violation of one’s rights as data subject.