Data Privacy Notice Terms and Conditions for Prople Website:

Prople BPO, Inc. is committed to fully protecting your personal data privacy in compliance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA).

We shall detail the manner in which we process your personal data and provide a separate privacy notice in an appropriate format and manner whenever we collect personal data through other channels (e.g., publicly facing data processing systems implemented, notice posted at the reception area of Prople BPO, Inc. where visitor’s personal data is collected through attendance sheets or registration forms when personal data is collected according to the NPC's mandate).

In all instances, we assure you that processing your personal data will strictly follow the provisions of the DPA, especially the general data privacy principles of Transparency, Legitimate Purpose, and Proportionality.

Prople BPO, Inc. Website Privacy Notice

Our official website: www.propleinc.com

This Privacy Notice is for Prople BPO, Inc. website. These functionalities enable Prople BPO, Inc. to collect and process your personal information.

Personal Data Collected and Manner of Collection

We collect the following personal data from you when you manually or electronically submit to us your inquiries or requests:

• Name
• Email Address
• Phone Number
• Company
• Country/State/City/Municipality

Contact Us / Book a Demo Page

This form is used by the data subject to submit inquiries and concerns to Prople BPO, Inc.

Basis, Use, and Purpose for Processing of Personal Data

While your consent may be solicited to process your personal data, we may also process personal data without your consent in certain cases, such as when processing is conducted according to NPC’s mandate or when processing is allowed under Section 12 or Section 13 of the Data Privacy Act (DPA).

In these instances, your personal data is utilized for the following purposes:

• To provide you with the appropriate updates and response in an orderly and timely manner.
• To document and process inquiries and requests with Prople BPO, Inc. to properly address them and forward them to the appropriate internal units for action and response.
• To solicit feedback for the services we provide.
• To comply with a legal obligation to which Prople BPO, Inc. is subject.
• To comply with the requirements of public order and safety or fulfill the functions of public authority, including processing personal data to fulfill NPC's mandate.
• To provide the appropriate action that a data subject may require concerning their data privacy rights.

Moreover, we may collect other personal data that are relevant and necessary to perform NPC’s mandate of providing compliance support and data subject assistance.

Methods Utilized for Automated Access

Prople BPO, Inc. uses WordPress Statistics, a third-party service, to analyze our web traffic data, helping us determine our website's engagement and improve its services and features. This service uses cookies. Data generated is not shared with any other party.

The following web traffic data are processed for this purpose:

• Your IP address
• The pages and internal links accessed on our site
• The date and time you visited the site
• Geolocation
• The referring site or platform (if any) through which you accessed this site
• Your operating system
• Web browser type

Usage of Cookies

A cookie is a small piece of data or message sent from an organization’s web server to your web browser and then stored on your hard drive. Cookies cannot read data off your hard drive, access cookie files created by other sites, or damage your system.

However, you can reset your browser settings to refuse any cookie or alert you when a cookie is being sent. Web browsers allow you to control cookies stored on your hard drive through the browser settings. To find out more about cookies, including what cookies have been set and how to manage or delete them, visit www.allaboutcookies.org.

We only use cookies to monitor the performance of our website and enhance the user experience.

If you choose not to accept our cookies, some features of our site may not function as intended.

Cookies Used by Prople BPO, Inc.

• Google Analytics (utma, _utmb, _utmc, _utmz) - These cookies help monitor the performance of our site. We use this information to improve the site. The cookies collect data anonymously, including the number of visits to our site, the origin of visitors, and the pages visited. To opt out of Google Analytics tracking across all websites, visit Google Analytics Opt-out.
• YouTube Preferences (PREF, use_hitbox, VISITOR_INFO1_LIVE) - We use YouTube to embed a selection of videos on our pages. These embedded videos do not set cookies themselves but will if the 'Share' button is clicked. The VISITOR_INFO1_LIVE cookie estimates your bandwidth, while the use_hitbox and PREF cookies increment the 'views' counter and store session preferences. These cookies do not collect user-identifiable information.
• Twitter (guest_id) - We embed a Twitter feed in some of our pages. This cookie is used to identify you to Twitter. If you do not have a Twitter account or have never accessed Twitter directly, they will assign you a unique code to track your visit to the Twitter feed.

Disclosure of Personal Data

Personal data processed by the NPC is not shared with any other party unless such disclosure is allowed under Section 12 or Section 13 of the Data Privacy Act (DPA).

Risks Involved

Risk refers to the potential of an incident to result in harm or danger to a data subject or organization. Risks may lead to the unauthorized collection, use, disclosure, or access to personal data. This includes risks involving the confidentiality, integrity, and availability of personal data, or the risk that processing will violate the general data privacy principles and the rights of data subjects.

Prople BPO, Inc. ensures that adequate physical, technical, and organizational security measures are in place to protect personal information's confidentiality, integrity, and availability. However, this does not guarantee absolute protection against certain risks, such as:

• Exposure to targeted cyberattacks, malware, ransomware, and computer viruses
• Unauthorized access to manual records

Adequate policies are in place to ensure appropriate security incident management in line with existing NPC policies, circulars, and other issuances.

Data Protection and Security Measures

We safeguard the confidentiality, integrity, and availability of your personal information by maintaining a combination of organizational, physical, and technical security measures based on generally accepted data privacy and information security standards. Among the measures we implement are the following:

• Policies on access control in both digital and physical infrastructures to prevent unauthorized access to personal information
• Acceptable use policies
• End-to-end encryption and data classification whenever suitable
• Security measures against natural disasters, power disturbances, external access, and similar threats
• Technical measures to protect our computers and databases against accidental, unlawful, or unauthorized usage, interference, or access

Storage and Retention

We store files containing personal information in our computers and servers, which are kept in a secure environment. We may also store your personal information with cloud-based third-party data storage providers. We shall ensure that proper measures are adopted to protect your information.

Personal data shall be stored in a database for two (2) years after inquiries and requests are acted upon. After which, records shall be disposed of securely.

Other categories of data may be kept longer than two (2) years when its retention period is determined by other relevant laws and regulations.

Disposal

Physical records shall be disposed of through shredding, while digital files shall be anonymized. In all instances, our manner of disposal shall ensure that the personal information shall no longer be retrieved, processed, or accessed by unauthorized persons.

Rights of a Data Subject

Under the Data Privacy Act (DPA), you have the right to be informed regarding the processing of the personal information we hold about you. Further, you may be entitled to request:

• Access to personal data we process about you. It is your right to obtain confirmation on whether or not data relating to you are being processed;
• Rectification of your personal data. This is your right to have your personal data corrected if it is inaccurate or incomplete;
• Erasure or order blocking of your personal data whenever warranted;
• The right to object if the personal data processing involved is based on consent or on legitimate interest;
• The right to data portability, through which you may obtain and electronically move, copy, or transfer your data securely for further use.

You may claim compensation if you believe you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data or for violating your rights and freedoms as a data subject.

Suppose you think that your personal information has been misused, maliciously disclosed, or improperly disposed of or that your data privacy rights have been violated. In that case, you have the right to file a complaint with the NPC.

Changes to the Privacy Notice

Prople BPO, Inc. reserves the right to update or revise this privacy notice at any time and will provide a new privacy notice whenever there are substantial changes. Prior versions of the privacy notice shall be retained by Prople BPO, Inc. and shall be provided to data subjects upon request.

Feedback on our Privacy Notice

Suppose you have suggestions or comments regarding our privacy statement and notice or for any issues concerning Prople BPO, Inc’s data privacy practices, you may reach us through our email: [email protected] or through our landline: +63 2 8772-72-72 loc. 7247.

Revision Number: 1

Date last updated: September 19, 2024