Cooperative Development Authority
- use the CDA Co-opBiz’s products and services (e.g. websites, applications, or services supplied, owned, or operated by CDA Co-opBiz) which we refer to collectively in this Privacy as our “Platform”, or
- otherwise communicate with us
It is the policy of the Authority to respect and uphold data privacy rights, and to ensure that all personal data collected from the Platform’s data subjects – customers, sellers, and other third parties – are processed pursuant to the general principles of transparency, legitimate purpose, and proportionality espoused in the DPA.
Specifically, this Policy is hereby adopted to:
- Ensure fair and lawful processing of the personal data of data subjects, including customers, sellers, and other third parties or individuals;
- Ensure the confidentiality, integrity, and availability of personal data under the control of the Authority;
- Protect the Authority from reputational and legal risks that may result from non-compliance with the DPA; and
- Comply with the statutory obligations set forth under the DPA and the regulations of the NPC.
Definition of Terms
The following terms used in this Policy are defined for consistency, uniformity in usage, and in accordance with the Data Privacy Act of 2012:
The Act refers to Republic Act No. 10173, also known as the “Data Privacy Act of 2012”.
- Authority or CDA
The Authority shall refer to the Cooperative Development Authority.
- Commission or NPC
The Commission shall refer to the National Privacy Commission.
- Consent of the data subject
Consent of the data subject refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal data, sensitive personal data, and privileged information. Consent shall be evidenced by written, electronic, or recorded means. It may also be given on behalf of a data subject by a lawful representative or an agent specifically authorized by the data subject to do so.
- Data subject
Data subject refers to an individual whose personal, sensitive personal, and/or privileged information is processed and collected by the Authority whenever they interact with or use the Platform.
- Data processing systems
Data processing systems refer to the structure and procedure by which personal data is collected and further processed in an information and communications system or relevant filing system, including the purpose and intended output of the processing.
- Data sharing
Data sharing is the disclosure or transfer to a third party of personal data under the custody of a personal information controller or personal information processor. In the case of the latter, such disclosure or transfer must have been upon the instructions of the personal information controller concerned. The term excludes outsourcing or the disclosure or transfer of personal data by a personal information controller to a personal information processor.
- Personal data
Personal data means any information about an individual, whether recorded in a material form or not and whether true or not, who can be identified from that data (whether directly or indirectly), or from that data and other data to which we have or are likely to have access. The Personal Data that you may opt to provide to us are as follows:
a. Personal identifiers, which may include your name, date of birth, gender, username and password, email address, telephone number, your interests, and any Personal Data in any photographs or videos, or audio recordings that you upload onto our Platform. Where you are a seller, we may also collect your company name, address, date of incorporation, and other business-related information (e.g. Cooperative registration number, business license, tax information, shareholder, and director information).
b. Payment Information, which may include your billing address and payment method, such as bank account information, credit, debit, or other payment card information.
c. Transaction Information, which includes data about your purchases and use of services or transactions facilitated by/through the Platform.
d. Usage Information, such as audio, videos, images, and other information uploaded, viewed, shared, and downloaded on and from the Platform, and interactions and exchanges with other users (e.g. reviews, comments, etc.)
e. Other Information You Provide to Us, which may include the content of your feedback, chat, email, or call history on the Platform or with third party service providers.
f. Inferences Drawn from your Data may include your interests, viewing preferences, survey responses, preferences in receiving marketing materials from us and your communication preferences, your preferences for particular products or services.
9. Personal data breach
Personal data breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to the personal data transmitted, stored, or otherwise processed.
- Personal information
Personal information refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information or when put together with other information would directly and certainly identify an individual.
- Personal Information Controller
Personal information controller refers to any natural or juridical person, or any other body who controls the processing of personal data or instructs another to process personal data on its behalf. The term excludes:
a. A natural or juridical person or any other body, who performs such functions as instructed by another person or organization; or
b. A natural person who processes personal data in connection with his or her personal, family, or household affairs.
There is control if the natural or juridical person or any other body decides on what information is collected or the purpose or extent of its processing.
- Personal Information Processor
Personal information processor refers to any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject.
Processing refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking and erasure or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system.
- Web traffic data
a. IP address
b.Search terms you used
c. Pages and internal links accessed on our website (both mobile and desktop versions)
d. Date and time you visited the website
f. Browser type
A.How We Use Your Personal Data
CDA Co-opBiz processes the following types of personal data for the following purposes and in reliance on the following legal bases:
|Type(s) of Personal Data||Purpose(s) for Processing||Legal Bases for Processing|
|All types of Personal Data depending on the Service requested||To perform our obligations in the course of or in connection with Services requested by you||
|Personal Identifier Usage Information||To enable you to engage with other users
To allow you to leave comments on content
|Personal Identifiers||To communicate with you on service-related issues|
|Personal Identifiers Government ID Data Payment Information Transaction Information Web Traffic Data
Other Information You Provide to Us
|To verify your identity and respond to, handle, and process queries, requests, applications, complaints, and feedback from you|
|Personal Identifiers Payment Information||To process payment or credit transactions|
|Personal Identifiers||To provide you with news, special offers and general information about other goods, services, and events||Where required under applicable law, we will ask for and rely on your consent. You can withdraw your consent to the processing at any time but this does not affect the lawfulness of our processing of your personal information based on consent before such withdrawal.|
|Personal Identifiers Payment Information Transaction Information||To process your Personal Data in accordance with the regulatory requirements of the Anti-Money Laundering Council and Bangko Sentral ng Pilipinas||
To comply with a legal obligation.
|Personal Identifiers Transaction Information Usage Information Web Traffic Data||To access, preserve or disclose personal data in response to a request from a regulator, law enforcement, court, or others|
|Inferences Drawn From Your Data
Usage Information Web Traffic Data
|To improve users’ experience with CDA Co-opBiz by providing content recommendations, user suggestions and relevant notifications||To pursue our legitimate interests to make your experience of our Platform efficient and effective|
|Inferences Drawn From Your Data
Usage Information Web Traffic Data
|To operate, maintain, improve, provide, create, and develop all of the features, functionality, and services (new and existing) found on our Platform||To pursue our legitimate interests to make your experience of our Platform efficient and effective|
|Usage Information Web Traffic Data||To provide and increase safety and security for our websites, products, software, or applications and services (by preventing, detecting and implementing proper measures against spam, scammers, abuse, misuses of our services and violation of our rules)||To pursue our legitimate interests to ensure our products and services are safe and secure and to ensure they are used in accordance with our applicable Terms|
|To investigate and address violations of Terms
To detect, prevent and combat unlawful behavior
|To pursue our legitimate interests to ensure our products and services are safe and secure and to ensure they are used in accordance with our applicable Terms|
|Inferences Drawn From Your
Information Web traffice
|Data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns||To pursue our legitimate interests to inform and improve our products and services.|
You can style the table using CSS.
Please note that if you are using a WordPress theme, you may need to enqueue css file to make it work.
Where we need to collect the abovementioned categories of personal data by virtue of a legal obligation or in light of a contract entered or to be entered into with you, and you do not provide this personal data when requested, we may not be able to comply with our legal obligations, provide you with a service or perform the contract we have or are trying to enter into with you. In order to ensure that your personal data is current, complete, and accurate, please update us if there are any changes to your personal data.
B. How We Store and Dispose of Your Personal Data
We will cease to retain your Personal Data by securely disposing of the same, or remove the means by which the data can be associated with you through anonymization, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data was collected, and is no longer necessary for any legal or business purpose.
C. Your Data Privacy Rights
The rights of a data subject as provided in the Act should be observed when processing personal data, which shall include the following:
- Right to be informed
- Right to object
- Right to access
- Right to rectification
- Right to erasure or blocking
- Right to secure data portability
- Right to be indemnified
- Right to lodge a complaint
CDA Co-opBiz’s decision to provide access, consider requests for correction or erasure, and address objections to process data as it appears in the Authority’s official records, are always subject to applicable internal policies, relevant laws, and regulations.
A. Security Measures
As a personal information controller, CDA Co-opBiz imposes reasonable and appropriate physical, technical, and organizational security measures which must be implemented to maintain the availability, integrity, and confidentiality of personal data and protect them against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration, and contamination. We put safeguards such as the following:
- We keep and protect data using a secured server behind a firewall, deploying encryption on computing devices and physical security controls
- We restrict access to your personal data only to qualified and authorized personnel who hold your personal data with strict confidentiality
- We train our employees to properly handle your data and
- We require our third parties to protect personal data aligned with our own security standards.
B. Sanctions and Penalties for Non-Compliance
Violation of this Policy, the Act, and its IRR, will be dealt with in accordance with an established disciplinary action and appropriate responses for potential legal actions, including civil and criminal actions.
III. PRIVACY CONCERNS AND INQUIRIES
If you have other concerns about our data protection/privacy practices, or wish to exercise any rights you may have under applicable law, please feel free to contact our Data Protection Officer through the Cooperative Project Development and Assistance Division (CPDAD) or in the following manner:
ATTY. MONA LIZA ARRIBA-JUAREZ
Data Protection Officer & Deputy Administrator II
General Administration and Support Service
Cooperative Development Authority Head Office
827 Aurora Boulevard, Brgy. Immaculate Conception,
Cubao, Quezon City 1111
THRU: THE CHIEF, CPDAD
VI .CHANGES TO OUR DATA PRIVACY NOTICE
You also authorize CDA Co-opBiz to disclose your data to accredited or affiliated third parties or independent/non-affiliated third parties, whether local or foreign, in the following circumstances:
- As necessary for the proper execution of processes related to the declared purpose; ● The use or disclosure is reasonably necessary, required or authorized by or under law; and ● Provided security systems are employed to protect my data.
Consenting to this Privacy Notice, however, does not waive any of your rights under the Data Privacy Act of 2012.