Data Privacy Policy

I. Introduction

Purpose
This Data Privacy Policy outlines how Spiralytics, Inc. collects, uses, discloses, and protects personal information across our operations. This policy complies with Republic Act No. 10173 (Data Privacy Act of 2012) of the Philippines, Singapore Personal Data Protection Act of 2012 (PDPA), European Union General Data Protection Regulation (GDPR), and other applicable data protection laws.

This policy applies to personal information processed through our website, services, and business operations, including information from clients, employees, business partners, and website visitors. By using our services or engaging with us, you acknowledge this policy and our data handling practices as described herein. If you do not agree with this Privacy Policy, please discontinue use of our services.

Key Terms and Definitions
For the purposes of this policy:

  • “Personal Data” refers to any information relating to an identified or identifiable natural person
  • “Data Subject” refers to an individual who is the subject of personal data
  • “Processing” means any operation performed on personal data
  • “Controller” refers to Spiralytics, Inc. as the entity determining the purposes and means of processing
  • “Processor” refers to any entity processing personal data on behalf of Spiralytics, Inc.

This organization respects and values your data privacy rights, and makes sure that all personal data collected from you, our clients and customers, are processed in adherence to the general principles of transparency, legitimate purpose, and proportionality.

This Manual shall inform you of our data protection and security measures, and may serve as your guide in exercising your rights under the DPA. If you do not agree with the terms of this Privacy Policy, please do not use the Site or any services offered through the Site.

II. Core Data Categories & Processing

Categories of Personal Data
We process the following categories of personal data:

  1. Employee Data
    • Basic personal identification
    • Employment information
    • Financial information for payroll purposes
    • Emergency contact details
  2. Client Data
    • Business contact information
    • Project and contract details
    • Service-related communications
  3. Marketing/Lead Data
    • Contact information
    • Company information
    • Marketing preferences
    • Service interests
  4. Website Visitor Data
    • IP address
    • Browser information
    • Site usage data
    • Cookie data

Purpose and Legal Basis for Processing
We process personal data for:

  • Fulfilling contractual obligations
  • Legal compliance requirements
  • Legitimate business interests
  • Marketing with consent where required

Note: The specific data elements collected within these categories may vary based on business needs and legal requirements.

Scope and Limitations of the Data Privacy Policy
This Data Privacy Policy applies to the collection, use, and disclosure of personal information by Spiralytics Inc, in connection with our services, website, and interactions with our users. However, there are certain limitations to this policy:

  1. Applicability: This policy applies only to personal data collected directly by Spiralytics Inc,. It does not cover data collected by third-party websites or services linked from our site, nor does it cover information that is publicly available.
  2. User Responsibilities: Users are responsible for ensuring that any personal information they provide to us is accurate and up to date. We are not liable for any inaccuracies or omissions in the information provided by users.
  3. External Data Sources: We may obtain personal information from external sources (e.g., public databases, marketing partners). This policy does not cover the data handling practices of these external sources.
  4. Legal Compliance: While we strive to protect personal information and comply with applicable data protection laws, this policy does not guarantee absolute security. We are not liable for unauthorized access to or use of personal information that occurs despite our security measures.
  5. Policy Updates: We reserve the right to modify this Data Privacy Policy at any time. Changes will be posted on our website, and your continued use of our services after such changes constitutes acceptance of the updated policy.
  6. Limitations of Liability: To the extent permitted by law,Spiralytics Inc, shall not be liable for any indirect, incidental, or consequential damages arising from the use or inability to use our services or from any breach of this policy.

Information We Collect
We may collect personal information from you in various ways, including:

  • Personal Identification Information: Name, email address, phone number, mailing address, etc.
  • Non-Personal Identification Information: Browser type, IP address, operating system, and usage data.
  • Cookies and Tracking Technologies: We use cookies and similar technologies to enhance user experience and analyze website traffic.

How We Use Your Information
We may use the information we collect for various purposes, including:

  • To provide, maintain, and improve our services
  • To communicate with you, including sending updates and promotional materials
  • To process transactions and manage your account
  • To analyze user behavior and improve our website

Disclosure of Your Information
We do not sell, trade, or otherwise transfer your personal information to outside parties without your consent, except in the following situations:

  • Service Providers: We may share information with trusted third-party service providers who assist us in operating our website and services.
  • Legal Compliance: We may disclose your information when required by law or to protect our rights and safety or those of others.

III. Essential Security Measures

Data Security Measures
To safeguard your personal information, Spiralytics, Inc. implements a variety of security measures, including:

  1. Encryption: We use industry-standard encryption protocols (such as SSL/TLS) to protect sensitive information transmitted online.
  2. Access Controls: Access to personal data is limited to authorized personnel only. We employ role-based access controls to ensure that only those who need to know can access sensitive information.
  3. Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and mitigate potential risks to our data protection practices.
  4. Data Minimization: We only collect and retain personal data that is necessary for the purposes outlined in this policy.
  5. Secure Storage: Personal data is stored in secure environments with protections against unauthorized access, including firewalls and intrusion detection systems.
  6. Incident Response Plan: We have a comprehensive incident response plan in place to address any data breaches or security incidents swiftly and effectively.
  7. Employee Training: We provide regular training to our employees on data protection and security best practices to ensure they understand their responsibilities in safeguarding personal information.
  8. Third-Party Risk Management: We conduct due diligence on third-party service providers to ensure they adhere to adequate security measures to protect any personal data we share with them.
  9. Regular Updates and Patching: We regularly update our systems and software to protect against known vulnerabilities.
  10. Anonymous Data Usage: Where possible, we employ data anonymization techniques to ensure that personal data cannot be traced back to an individual.

 

Physical Security Measures
We prioritize the physical security of our facilities and the data contained within them. Our measures include:

  1. Restricted Access: Physical access to our data storage and processing facilities is restricted to authorized personnel only. Entry is controlled through access cards, biometric scanners, or security codes.
  2. Surveillance Systems: We utilize surveillance cameras and monitoring systems to oversee the premises and ensure that all access points are monitored continuously.
  3. Security Personnel: Trained security staff are present on-site to enforce access controls and respond to any security incidents.
  4. Visitor Management: All visitors must sign in and be escorted while on our premises. We maintain logs of visitor access for security purposes.
  5. Environmental Controls: Our facilities are equipped with environmental controls, including fire suppression systems, climate control, and flood prevention measures to protect physical assets.
  6. Secure Disposal: We have procedures in place for the secure disposal of physical documents and electronic devices containing personal data, ensuring that sensitive information is irretrievable.
  7. Emergency Preparedness: We conduct regular drills and have emergency response plans in place to address potential threats, including natural disasters, theft, or vandalism.
  8. Controlled Equipment Access: Access to computers and other devices containing personal data is restricted. Devices are secured when not in use, and sensitive information is stored in locked cabinets.

Additional security measures may be implemented as needed based on risk assessment and operational requirements.

IV. Basic Data Subject Rights

We respect and will facilitate the exercise of data subject rights as required by applicable laws, including:

  • Access to personal data
  • Correction of inaccurate data
  • Deletion of data where legally required
  • Withdrawal of consent

Requests will be handled within reasonable timeframes and in accordance with legal requirements.

V. Breach Management

Data Breach Notification Policy
At Spiralytics Inc., we take data breaches seriously and have established procedures to address and mitigate any incidents involving unauthorized access to personal information. Our commitment includes:

  1. Incident Detection: We continuously monitor our systems for signs of unauthorized access or suspicious activity. This includes automated alerts and manual reviews.
  2. Breach Assessment: In the event of a suspected data breach, we promptly investigate to determine the nature and scope of the incident, including the type of data involved and the number of affected individuals.
  3. Notification Procedures: If a data breach is confirmed and involves personal information, we will notify affected individuals as soon as feasible. Notifications will include:
    • A description of the breach
    • The type of personal information involved
    • Steps that we are taking to address the breach
    • Recommendations for affected individuals to protect themselves
  4. Regulatory Compliance: We will comply with all applicable laws and regulations regarding data breach notifications. This may include notifying relevant regulatory authorities within specified timeframes.
  5. Remedial Actions: Following a breach, we will implement corrective actions to address the vulnerabilities that led to the incident and prevent future occurrences. This may include updating security protocols, enhancing employee training, and conducting additional audits.
  6. Documentation: We will maintain records of the breach, our investigation, and the response actions taken to ensure accountability and facilitate any necessary reporting.
  7. Ongoing Review: We will regularly review and update our data security practices to adapt to evolving threats and improve our response strategies.

VI. Contact Information

Inquiries and Complaints
At Spiralytics, Inc. we value your privacy and are committed to addressing any questions or concerns you may have regarding our data privacy practices. If you have inquiries or wish to lodge a complaint, please follow these guidelines:

  1. Contact Us: For any questions or concerns about this Data Privacy Policy or our data handling practices, please contact us at:
    • Email: hr@spiralytics.com
    • Phone: 0917-515-2597
    • Mail: Zeta II Building, Salcedo St. Legaspi Village, Makati City
  2. Response Time: We will acknowledge your inquiry or complaint within 5 business days and aim to respond to your concerns as promptly as possible.
  3. Complaint Resolution: We take complaints seriously and will investigate any reported issues. We will communicate the outcome of our investigation and any actions taken in response.
  4. Escalation: If you are not satisfied with our response or believe that we have not adequately addressed your concerns, you have the right to escalate your complaint to the relevant data protection authority in your jurisdiction.
  5. Feedback: We welcome feedback on our data privacy practices and encourage you to share your thoughts on how we can improve.

By providing clear channels for inquiries and complaints, we aim to foster trust and transparency in our data privacy practices.

Changes to the Privacy Policy
Spiralytics Inc, reserves the right to amend this Privacy Policy at any time with or without notice.If you provide information to us, access, or use the Site in any way after this Privacy Policy has been changed, you will be deemed to have unconditionally consented and agreed to such changes. The most current version of this Privacy Policy will be available on the web page at all appropriate times and will supersede all previous versions of this Privacy Policy.