To provide the best experience possible for our users, startups, partners, and community in the use of our website (www.kickstart.ph) and associated services, we regard your privacy with utmost importance. As such, we ensure that all personal data collected are protected at all times in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (“Data Privacy Act” or the “Act”), its corresponding Implementing Rules and Regulations (“IRR”), and the existing Memorandum Circulars, Advisories, and other issuances issued by the National Privacy Commission (“NPC”).
As part of our commitment to protect your personal data, we have installed internal policies and technologies that ensure that your data is free from unauthorized access, processing, and disposal. We continually improve these policies, processes, and technologies to make sure that the protection that we put in place are always relevant and up-to-date.
DEFINITION OF TERMS
- Data Subject refers to any individual whose personal data is processed.
- Data Sharing refers to the disclosure or transfer to a third party of personal data under the control or custody of a personal information controller. The term excludes outsourcing, or the disclosure or transfer of personal data by a personal information controller to a personal information processor.
- Processing refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
- Personal Information is any information from which the identity of an individual can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify an individual, such as name, gender, date of birth, address, telephone/mobile number, email address, proof of identification, etc.
- Personal Information Controller refers to any person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.
- Personal Information Processor refers to any natural or juridical person qualified to act as such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.
- Sensitive Personal Information refers to personal information (a) About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; (b) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; (c) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and (d) Specifically established by an executive order or an act of Congress to be kept classified.
- Non-Personal Information is any information that does not identify you individually, and includes statistical and analytical data and anonymous and aggregate reports.
- Personal Data collectively refers to all categories of personal information.
THE INFORMATION WE COLLECT
We collect and process the following types of personal date, among others:
- Personal information (such as name, phone number, email and postal address), employment information, and/or business affiliation for you or for other people you would like us to contact (e.g. principals or representatives in your business).
- Personal information in content you submit to us (e.g. business plans, pitch decks, investment memos).
- Personal information, employment history, educational background, biometric information, organizational affiliation, filial relations, gender, date of birth, religion, ethnicity, civil status citizenship, physical medical history, past criminal and/or administrative records, government issued identifying information (such as Pag-IBIG, SSS, TIN, PhilHealth, Professional IDs, Passport, and Birth Certificates), payroll information, company identification of our prospective job applicants, current employees, agents and stakeholders.
If you are just browsing our website, we will not collect personal data.
PURPOSE OF COLLECTION AND USE OF DATA
In general, we collect and process personal data for legitimate business purposes and needs, the achievement of corporate objectives, communications and administration, internal operations, human resources and financial management, and compliance with applicable laws, rules and regulations.
- Vendors, Partners, Investors, and other Business Contacts
- For purposes of ensuring our investor and business contact records are up-to-date;
- For purposes of identifying opportunities to develop our business and conducting appropriate and necessary due diligence;
- For purposes of verification, assessment and accreditation;
- For purposes of communication and maintenance of continues business relations;
- For the management of our business;
- To process information for statistical, analytical, and research purposes. We use your Non-Personal Information for statistical, analytical, and research purposes to create anonymous and aggregate reports that we use to further improve our business operations and processes;
- To exercise or defend any legal claims of the organization; and
- To fulfill and enforce any contractual terms and obligations we may have.
- We collect, process personal data from and about our employees for administrative and human resource development purposes as well as in compliance to applicable regulations and/or laws, including, but not limited to: identity verification; pre-qualification and post-qualification assessment; processing of employment compensation and benefits; internal security; compliance to regulatory requirements; for the protection of lawful rights and interests of the organization in internal administrative and court proceedings, or the establishment, exercise or defense of legal claims of the organization.
- Pitch Decks/Business Plans/Business Proposals
- If you choose to submit a pitch deck, business plan, or business proposal, we will review that plan in order to review and consider plans for potential investment. If your deck, plan, or proposal contains any personal data, we will use that information only in the context of reviewing your business plan. It is in our legitimate interests to assist startups but to do so we only process personal data that you provide to us. You can object to processing of your personal data on the grounds of legitimate interest (see the 'Your Rights' section). However, bear in mind that if you do, we will not be able to review your business plan.
HOW WE COLLECT AND PROCESS PERSONAL DATA
We collect both electronic and physical personal data from the following sources:
- When you interact with us, for example by visiting our offices, corresponding with us by email, post or telephone, or speaking to us at an event or meeting.
- When you contact us through our agents and representatives, sign up to receive communications from us, respond to our surveys, participate in our events; and indirectly through third-party sources such as social media/event management and ticketing sites, publicly available databases and government repositories and/or from other customers.
- When you visit our website and social media profiles as well as when you use our digital platforms and/or mobile applications.
- When you submit a business plan, pitch deck, business proposal or any content through our website or to our offices.
- When individuals representing or affiliated with our vendors, partners, investors and other business contacts voluntarily provide us with their contact information in order to develop business relations and/or complete legitimate transactions with them.
- Directly from our employees and job applicants through their curriculum vitae, personal information sheets, submitted medical records and government documents, and interview and training assessment results conducted by authorized personnel, and pre-employment health screening and indirectly from the verification efforts of third-party employee background/screening service providers, job search sites and/or other social media sites and references.
Our data processing is always in a manner compatible with declared, specified, and legitimate purpose. Data processing is also adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
DISCLOSURES OF INFORMATION
We generally do not disclose or sell the personal data we process to third parties without the consent of data subjects unless: (a) we are legally required to do so; (b) it is necessary to fulfill the purposes for which we process personal data as mentioned above; or (c) such action is necessary to protect, defend and/or enforce our rights, property or personal safety of our employees and other individuals.
Like any business, we use third-party service providers/ suppliers/ vendors/ consultants to assist us in our business operations. Some of these third-party providers will process your data as part of the services they offer to us. Nevertheless, we remain responsible over the personal data disclosed to such third parties and we take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure.
If you would like additional information on the identities of these parties, please contact our Data Privacy Officer.
We recognize that you should be the ultimate decision maker on matters that involve your personal data. To this end, we are mindful of your legal rights as a data subject:
- The right to demand and be informed of the details about the type of personal data, the purpose of processing, and how they are being processed by Kickstart, including its sources, recipients, methods, disclosures to third parties and their identities, automated processes, manner of storage, period of retention, manner of disposal and any changes to such processing activities before the same is undertaken;
- The right to reasonable access, upon demand, of the contents of your personal data that was processed, including its sources, recipients, manner of processing, reasons for disclosure, information on automated processes, and the date of last access and/or modification;
- The right to dispute any inaccuracy or error in your personal data and have it corrected or amended; provided that such request is not vexatious or otherwise unreasonable;
- The right to reject further processing of your personal data, including the right to suspend, withdraw, and remove your personal data in the possession of Kickstart which are discovered and substantially proven to be incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes, or are no longer necessary for the purposes for which they were collected.
If at any time you object or withhold your consent to the collection and processing of your personal data, we will be constrained to terminate all activities associated with such and not be able to fully deliver our services. Further, we will be unable to provide you with any updates and you may be unable to participate in our events and/or other activities.
Should you feel at any point that there has been mishandling or misuse of your personal data, or that any of your data privacy rights have been infringed, please contact our Data Privacy Officer.
PROTECTION OF DATA
We secure and protect your personal data with proper safeguards to ensure confidentiality and privacy; prevent loss, theft, or use for unauthorized purposes; and comply with the requirements of the law.
We make reasonable and appropriate security arrangements and measures that use a variety of physical, electronic, and procedural safeguards to protect your personal data. We regularly review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to our system and unauthorized alteration, disclosure, or destruction of information we hold.
We only permit your personal data to be collected, processed, used and shared by our authorized employees, contractors, and subcontractors who hold such information under strict confidentiality and in accordance with their contractual obligations and who have implemented minimum security features against data leakage, unauthorized access, or disclosure.
We keep your personal data in our business records as long as it is necessary to fulfil the purpose for which it was collected, or while it is needed by us for business, tax, or legal purposes. When disposing of your personal data, we take reasonable measures to ensure that it is done properly and is not accessible to the public.