- Who we are
- What is Personal Data?
- Data Protection Principles
- The Personal Data We Collect from You
- How We Use Your Personal Data
- When and How We Share Your Personal Data with Others
- Transfer of Your Personal Data to Other Countries
- The Security of Your Personal Data
- Our Storage and Retention of Your Personal Data
- Your Rights as a Data Subject
- Data Protection Officer
1. Who We Are
Cosmetigroup is a “Data Controller”.
This means that we are responsible for deciding how we hold and use personal information about you. Where we act as a data controller, we are required under Republic Act No. 10173 (otherwise known as the “Data Privacy Act of 2012”) to notify anyone who provides personal data to us, either directly or through a third party.
Cosmetigroup is the trade name of Cosmetigroup International Corporation, a corporation organized and existing under and by virtue of Philippine laws with principal office address at 2/F Libran House Bldg. 144, Legaspi St., San Lorenzo, Makati City, Philippines.
2. What is Personal Data
Personal Data is any information about an individual from which that individual can be identified. Your name, address, phone number and bank account number are examples of Personal Data. It does not include data where the identity has been removed (anonymous data).
3. Data Protection Principles
We will comply with all data protection principles as laid down in the Data Privacy Act of 2012. In accordance therewith, the personal information we hold about you shall be:
- used lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- relevant to the purposes we have relayed to you and limited only to those
- accurate and kept up to date;
- kept only as long as necessary for the purposes we have told you about; and
4. The Personal Data We Collect from You Inquiries
When you request information or make inquiries about any of our services, we may use the Personal Data you provide in order to fulfil your request or respond to your inquiry.
We may email you or contact you regarding our services by telephone utilizing automated technology at the telephone number(s) you provided or via our live chat platform. It is in our legitimate interests to use your Personal Data in this way so that you receive the information you have requested.
You may give us information about you by completing a form, or by corresponding with us by phone, email, live chat or otherwise. This includes information you provide when you register to use our site, participate in social media functions on our site, enter a competition, promotion, or survey, and when you report a problem with our site.
When you register for any of the services we provide, we may collect the following categories of personal data about you:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
- Date of birth
- Nationality and country of residence
- Government-issued Identification Card (e.g. your passport, driver’s license, or TIN)
- Bank account details
- Billing address
- Credit card or other payment information in order to process your payments
- Name of nearest kin or authorized representative/s
It is in our legitimate interests to collect and use the above information in order to consider and process your registration and perform the contract we have entered with you.
Where you have explicitly consented to do so through a consent form, we may use your personal data to inform you of special offers and new or existing services we offer that are similar to those that you have already purchased or inquired about. This may also include surveys or questionnaires so that we can learn more about your needs and interests.
From time to time, we may use your personal data to offer you the opportunity to participate in other promotions. When you enter you should carefully review any rules, as they may contain additional information about our use of your personal data.
Automated Technologies or Interactions
With regard to each of your visits to our website, we may automatically collect the following information:
- technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time);
- pages you viewed or searched for; and
- page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service
We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you and assist you in participating in interactive features of our services and track your progress in the use of our website;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Internal Business Purposes
We also may use your personal data for our internal business purposes. This is in our legitimate interests in order to operate as a business and monitor and improve the services we provide. Where possible we will anonymize this information. Please contact us using the
If You Fail To Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Parents and Guardians
We collect personal data as described above. However, if you are under eighteen (18) years of age and want to request information, register, or procure any of our services, you must ask your parent or guardian for permission.
5. How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- where we need to perform a contract we have entered into with you;
- where we need to comply with a legal obligation; or
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those
We may also use your personal data in the following situations, which are likely to be less common:
- where we need to protect your vital interests (or someone else’s interests)
- Where it is needed in the public interest or for official purposes
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us.
6. When and How We Share Your Personal Data with Others
We may share your personal data with third parties where required by law, where it is necessary to perform our contract with you, or where we have a legitimate interest in doing so. Such third parties may include the following:
- Our Service We may share your personal data with other companies that perform certain services on our behalf. These services may include processing payments, providing customer service and marketing assistance, performing business and sales analysis, advertising, analytics, search information services, credit reference services and supporting our website and IT functionality. These service providers may be supplied with or have access to your personal data solely for the purpose of providing these services to us or on our behalf. Cosmetigroup is the data controller and will remain accountable for your personal data.
- Our Business We may share your personal data with our business partners with whom we have a contract relating to the services we provide to you.
- If you use an agent or authorized representative to arrange the fulfillment of the services that you have availed with you, we may share your personal data with them.
- Other Entities in We may share your personal data with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganization or group restructuring exercise or for system maintenance support and hosting of data.
- We may need to share your personal data if required by the National
Privacy Commission (“NPC”) or to otherwise comply with law.
- We may share your personal information with other third parties in order to permit us to pursue available remedies or limit damages we may sustain.
7. Transfer of Your Personal Data to Other Countries
Considering the scale of our business and the location of our shareholders, other business partners, clients, and other service providers, we may need to transfer the personal data you provide to us to other countries.
8. The Security of Your Personal Data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, service providers, business partners, agents and other third parties who have a legitimate need to know. They will only process your personal information on our instructions or as otherwise agreed and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and the NPC of a suspected breach where we are legally required to do so.
9. Our Storage and Retention of Your Personal Data
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
10. Your Rights as a Data Subject
Under certain circumstances and pursuant to the Data Privacy Act of 2012, you have the right to:
- Request access to your personal data (commonly known as a “Data Subject Access Request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing
- Request the transfer of your personal data to another
No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What We May Need From You
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Your Right To Withdraw Consent
12. Data Protection Officer
DPO Contact Details
Email address: firstname.lastname@example.org
Address: 2/F Libran House Bldg. 144, Legaspi St., San Lorenzo, Makati City 1223
You have the right to make a complaint at any time to the NPC. We would, however, appreciate the chance to deal with your concerns before you approach the NPC so please contact us in the first instance.
Data and Information Consent Form
I/We hereby consent to provide Cosmetigroup International Corporation (“the Company”) with various information or data in the course of our dealings or transactions with the Company, and on the general use and sharing of such information obtained from us. These data, which might include personal or sensitive personal information,1 may be collected, processed, stored, updated, or disclosed by the Company (i) for legitimate purposes2, such as those described in the Data Privacy Manual of the Company, (ii) to implement transactions which we request, allow, or authorize, and (iii) to comply with the internal policies observed by the Company and its reporting obligations to governmental authorities under applicable laws.
Our consent will allow the Company to process, collect, use, store, or disclose our information to any of the Company’s subsidiaries or affiliates, as well as its associates and other related companies (collectively, the “Cosmetigroup Group”), to governmental authorities, and to third parties who perform services for and/or on behalf of the Company for the aforementioned purposes, as may be necessary.
We acknowledge that our information may continue to be collected, stored, processed and/or shared for as long as necessary to achieve the purpose for which it was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law.
Our consent will allow the Company, any member of the Cosmetigroup Group, its associates, or other related companies, and/or the third-party service providers to process our current and future transactions more efficiently, with less inconvenience on our part.
1 Personal information or sensitive personal information referred to in this form includes our name, address, gender, age, marital status, contact details, birthday, SSS/GSIS, TIN, education, employment information, financial information, medical information, spouse details, preferences, behavior, and other information classified as “personal data,” “personal information,” or “sensitive personal information” under the Data Privacy Act, and those of our authorized representatives, as well as accounts, transactions, and communications.
2 Purposes include processing of information to administer our business relationship with the Company and to run the Company’s business, such as
- documentation purposes,
- providing, administering and servicing products and services, including for purposes of upgrading systems and business processes or appointment of third-party service providers
- accessing suitability for products and services, including conducting data analytics, market research and surveys which are aimed to improve the provision of products and services or interaction/ interfacing with suppliers and business partners/associates
- preparation of informational materials for the Company’s products and services, including marketing or promotional documents through phone calls, mail, email, SMS or other electronic channels
- compliance with applicable laws, regulations, directives, issuances by, or agreements and obligations of the Company to any competent authority, regulator, supervisory body, enforcement agency, exchange, court/judicial, quasi-judicial body or tribunal
- compliance with due diligence requirements in transactions with lenders, creditors or financial institutions
- compliance and responding with legal processes or lawful order of any governmental agency, judicial or quasi-judicial body or enforcing and/or defending the rights of the Company before any governmental agency, judicial or quasi-judicial body, including compliance with government authority requests for information, liens, garnishments and tax compliance
- Identification or evaluation of other lawful or legitimate commercial or business purposes necessary for the performance of, or in relation to, a contract or service to which we are a party
- internal reporting
- audit; and
- other legal and customary business-related
We also acknowledge that we have the primary responsibility with regard to the accuracy of our information. We further acknowledge that it is our choice as to what information is provided to the Company, however we hereby attest that the information provided by us to the Company are true and correct to the best of our knowledge. We understand that any concealment, false statement and/or non-declaration may constitute misrepresentation and fraud which shall be a ground for the filing of legal action against us. We further acknowledge that withholding or falsifying of information may act against the best interests of our relationship with the Company.
We are aware that if we desire to access, update, or correct certain information that we believe to be inaccurate or no longer valid, or withdraw consent to the use of any of our information as set out in this letter, we shall communicate with the Company’s Data Protection Officer through: email@example.com. We understand that if, in exceptional circumstances, access is denied for legitimate reasons, we will be informed of said reasons and the remedies or possible alternatives to correct the situation.
Furthermore, we warrant that we have: (i) obtained consent from third persons, if any,
allowing us to disclose their information included in the Company’s information forms; and
(ii) informed said persons of the purpose of disclosure, collection and use of information. We will indemnify and hold the Company free and harmless from any and all claims arising from breach of this warranty, for damages and for actual legal fees to defend such claims if any.
By signing below, we represent and warrant that we have read and understood all of the above provisions, and that we hereby agree and consent that the Company may collect, use, disclose and process our personal information set out in this form and/or otherwise provided by us or possessed by the Company for one or more of the purposes as stated above.
Print Full Name and Signature of Guest