PRIVACY STATEMENT

PersonaCheck Inc. (PCI),is committed to the protection of individual privacy rights.

GET STARTED
privacy statement
PersonaCheck NPC Seal 2025
cisp

SERVICES FOR CLIENT

Adheres to the highest legal and ethical standards for compliance in the background check industry. We value the trust our clients, colleagues, data source partners, and vendors place in us and incorporate respect for privacy into every aspect of our operations.

Scope of Application

This statement applies to the collection, processing, and hosting of personal and sensitive information, including fraud-related data, which PersonaCheck (“PCI”, “we”, or “us”) collects and processes while providing services to clients.

Why We Collect Personal Information

Our primary function is as a service provider to our clients. The types of services we offer include:

  • Background screening before and during employment or contractual relationships.
  • Validation and storage of on-boarding and other HR documents.
  • Due diligence research for directorships and business relationships.

Types of Personal Information Collected

For background verification and related services, we may collect the following:

  • Personal identifiers (e.g., name, address, birthdate, government identification numbers).
  • Employment history and educational background.
  • Professional references and other relevant documentation.
  • Sensitive data such as derogatory records and drug test results.
  • Fraud-related information provided or discovered during our services.

Data Usage

PersonaCheck processes personal data strictly within the scope of the services agreed with the client. Data is not used for any other purpose unless explicitly authorized or required by applicable law. We operate as a data processor under the instructions of our clients, who retain primary control over the data.

DATA SECURITY, HOSTING, RETENTION AND DISPOSAL

Adheres to the highest legal and ethical standards for compliance in the background check industry. We value the trust our clients, colleagues, data source partners, and vendors place in us and incorporate respect for privacy into every aspect of our operations.

Hosting of Personal and Sensitive Data

PersonaCheck securely hosts data, including sensitive information like fraud-related data, in our private cloud infrastructure, managed by a third-party provider compliant with global data protection standards (e.g., ISO/IEC 27001) and the Philippine Data Privacy Act of 2012. Our hosting services include:

  • Hosting of client-provided sensitive personal data, including fraud data, in secured environments designed to prevent unauthorized access.
  • Encrypted storage of sensitive information using industry-standard algorithms.
  • Regular vulnerability assessments and penetration testing.
  • Compliance with jurisdiction-specific data protection laws, including GDPR and the Philippines’ Data Privacy Act of 2012.

Data Access and Security Measures

Access to personal data is strictly limited to authorized personnel based on a need-to-know basis. Key security measures include:

  • Role-Based Access Control (RBAC): Ensuring users have the minimum necessary privileges to perform their job functions. Permissions are regularly reviewed and updated based on roles.
  • Multi-Factor Authentication (MFA): Enforced for accessing sensitive data to provide an additional layer of security.
  • Encryption of data both in transit (using secure protocols such as HTTPS) and at rest (with industry-standard encryption algorithms).
  • Regular audits and compliance checks to ensure adherence to security protocols.

Retention of Personal Data

We retain data only as long as necessary to fulfill the agreed-upon purposes or to comply with legal and contractual obligations. Specifically:

  • Client data: Retained as instructed by the client or for a defined period in compliance with legal obligations.
  • Fraud-related data: Stored securely and retained only for the duration of the provision of services.

Data Disposal

Upon the expiration of the retention period, PersonaCheck ensures secure disposal of personal data to prevent unauthorized access or further processing. Methods include:

  • Cross-cut shredding for paper records.
  • Permanent deletion of electronic records, including rendering data irretrievable.
  • Secure disposal of storage media, including physical destruction (e.g., drilling or pulverization).

COMPLIANCE WITH GLOBAL AND PHILIPPINE DATA PROTECTION STANDARDS

Adheres to the highest legal and ethical standards for compliance in the background check industry. We value the trust our clients, colleagues, data source partners, and vendors place in us and incorporate respect for privacy into every aspect of our operations.

PersonaCheck complies with global best practices and regulatory standards for data protection, including but not limited to:

  • Ensuring all data processing activities align with the General Data Protection Regulation (GDPR) and the Philippine Data Privacy Act of 2012.
  • Adherence to the Information Security Policy framework, including access controls, data classification, and encryption.
  • Implementing a documented incident response plan for identifying, investigating, and addressing security incidents promptly.
  • Conducting regular staff training on data protection policies and procedures.
  • Engaging external audits to assess and enhance data protection mechanisms.

RIGHTS OF THE DATA SUBJECTS

Adheres to the highest legal and ethical standards for compliance in the background check industry. We value the trust our clients, colleagues, data source partners, and vendors place in us and incorporate respect for privacy into every aspect of our operations.

Under applicable laws, including the Philippine Data Privacy Act of 2012, data subjects have the following rights:

  1. Right to be Informed: Transparency on how personal data is collected, used, and protected.
  2. Right to Access: Access to personal data processed by PCI, including details of data sources and recipients.
  3. Right to Correct: The ability to rectify inaccuracies in personal data.
  4. Right to Object: The right to withdraw consent or object to certain types of processing.
  5. Right to Data Erasure: The right to request data deletion, subject to applicable legal requirements.
  6. Right to Data Portability: The ability to obtain data in a structured, electronic format.
  7. Right to File a Complaint: Submit concerns or complaints to our Data Protection Officer or the relevant regulatory authority.

CONTACT OUR DATA PROTECTION OFFICER

For inquiries and concerns, contact:

Director for Compliance/Data Protection Officer
Vicente Madrigal Building, Ayala Avenue, Makati City
dpo@personacheck.com.ph

KEEP IN TOUCH WITH US

We would be more than glad to further discuss this with you to engage our partnership soon.

For any concerns, kindly feel free to reach out at
info@personacheck.com.ph

CONTACT US