Data Privacy Notice for Candidates for Employment/Applicants of Capital One Philippines Support Services Corp.

  1. This is to formally inform you that all personal information collected from you at the point of your application with Capital One Philippines Support Services Corp. (COPSSC), such as full name, email address, residence address, phone numbers, signature, picture, fingerprints, place of birth, date of birth, age, marital status, nationality, government IDs, Tax Account Number, Social Security number, employment information, academic degrees, personal and familiar references, personal information of family members, and other sensitive information such as education, employment, criminal and medical history, shall be used in processing your application for employment with COPSSC, including but not limited to, activities such as education and employment verification, criminal and medical background investigation. Any personal information received from third parties will likewise be used for the same purpose.

  2. In the event that you provide us with personal information relating to a third party or your family member, you acknowledge that you have his/her consent for us to use the information for purposes in which they were collected.

  3. We hereby inform you that we have in place administrative, technical, personal and physical measures to protect and safeguard your information against loss, misuse, unauthorized access, theft, unauthorized modification, disclosure or destruction. We have restricted access to your personal information to those employees and contractor employees who have a legitimate business need for such access. Those with access to your information shall include, among others, Human Resources employees who regularly process employment related information (e.g. for payroll). Your direct supervisors and/or managers may also have access to your personal information for purposes of contacting you in relation to your work.

  4. COPSSC also provides training to employees and third parties where relevant to promote awareness of COPSSC’s requirements and policies surrounding protection and security of your personal information.

  5. By giving us your personal information, it is understood that you consent to the transfer of such information where applicable, to any entity that forms a direct or indirect part of COPSSC, its subsidiaries or affiliates, as well as third parties, either local or foreign, including: a) any banking institution or other related supplier involved in the processing of payments, b) any person connected with us that is involved in service, verification, review or certification processes relating to tax and administrative matters, c) any supplier who assists us in ensuring the effective provision of the services, d) any company with which we have entered into a cooperation agreement for the purpose of promoting and providing their products and services, (for which your consent is required), e) any third party in compliance with applicable laws and/or court or administrative orders, and f) the competent authority, where required. In all instances, the one processing your personal information shall do so following specific instructions as laid out in the respective outsourcing agreements.

  6. Similarly, your personal information may also be processed and shared with third parties or affiliates for the following purposes:

    • Human Resources Management: including but not limited to the normal business practices related to the establishment, maintenance and termination of employment relationships. For example, the Employee’s application for employment, hiring, his or her role and function in COPSSC, employee management and administration generally (including both during and after employment), employment verification, administering benefits, administering personal short or long-term compensation programs, conducting disciplinary proceedings, addressing labor relations issues, processing health insurance claims, and communicating with Employee Candidates and Employees.

    • Operations Management: including but not limited to establishment, performance and management of business activities of COPSSC. For example, maintaining and monitoring usage of internal networks and information technology systems.

    • Security Management: including but not limited to ensuring the security of COPSSC’s premises and information held by COPSSC as well as the safety of COPSSC’s Employees.

    • Legal and Regulatory Compliance: including but not limited to obtaining and releasing Employee Personal Information as required by law (e.g., tax, health and safety, antidiscrimination laws) or judicial authorization and to maintain records that can include Personal Information, such as government identifiers, information relating to sickness, maternity or parental leave, pension and retirement.

    • Conducting analytics and research such as employee behaviors, preferences, associate lifecycle, market data and similar activities.

  7. However, COPSSC may still disclose your personal information to third parties other than those mentioned in items #5 and #6 only if required by law or legal order, or to protect the interest of COPSSC and/or its employees, or if there is an emergency situation involving the health and safety of an employee, or when necessary for COPSSC to perform a contractual obligation owed to an employee or for other lawful purposes, such as to establish a claim or defense, or with your consent.

  8. You may be entitled to object to the sharing of your information except when the disclosure is required by law, regulations, court order, or where the transfer is necessary to perform an obligation owed to you, as a result of your employment with COPSSC. You may also withdraw your consent for the use of your personal information at any time during your employment with COPSSC. However, please note that, upon withdrawal of your consent, we will be unable to process your personal information to provide you with any service that would require the processing of your information.

  9. COPSSC will employ reasonable means to keep your personal information accurate, complete, up-to-date and reliable. However, it is your responsibility to inform us regarding changes that may occur in your personal information. You will be permitted to review and, where inaccurate, correct your personal information. However, we reserve the right to deny access to or make changes in your personal information, when doing so is disproportionate to the risk and expense required to update or correct your personal information.

  10. For the avoidance of doubt, you agree to share your personal information to any bank, employer or entity, who may conduct criminal or background investigation with us.

  11. COPSSC may also disclose your personal information to any Capital One group of companies and their affiliates where such entities need to process your personal information for business or business efficiency purposes. COPSSC will ensure that your personal information is protected during such disclosure or transfer. Your personal information may also be processed outside the Philippines through Amazon Web Services but only to the extent of storage and none other.

  12. COPSSC will maintain a program to ensure compliance with this Privacy Notice. The Data Privacy Team is primarily responsible in implementing and overseeing the administration of this Privacy Notice. All employees whose responsibilities include processing of Associate Personal Information are required to adhere to this Privacy Notice and any implementing policies. Failure to do so is deemed a serious offence, for which disciplinary action may be taken, potentially resulting in termination of employment. Equally, the misuse of Associate Personal Information by an individual or organization acting as agent or service provider to COPSSC is deemed a serious issue for which action may be taken, potentially resulting in the termination of any agreement.

  13. Finally, consistent with the Data Privacy Act of 2012, its Implementing Rules and Regulations, advisory opinions of the National Privacy Commission and existing jurisprudence, you have the following rights:

    • You have the right to be informed, whether personal data pertaining to you shall be, are being, or have been processed, including the existence of automated decision-making and profiling. You shall be notified and furnished with information before the entry of your personal data into the processing system of the personal information controller, or at the next practical opportunity: (a) Description of the personal data to be entered into the system; (b) Purposes for which they are being or will be processed, including processing for direct marketing, profiling or historical, statistical or scientific purpose; (c) Basis of processing, when processing is not based on your consent; (d) Scope and method of the personal data processing; (e) The recipients or classes of recipients to whom the personal data are or may be disclosed; (f) Methods utilized for automated access, if the same is allowed by you, and the extent to which such access is authorized, including meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you; (g) The identity and contact details of the personal information controller or its representative; (h) The period for which the information will be stored; and (i) The existence of your rights, including the right to access, correction, and object to the processing, as well as the right to lodge a complaint before the Commission.

    • You shall have the right to object to the processing of your personal data, including processing for direct marketing, automated processing or profiling. You shall also be notified and given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to you in the preceding paragraph. When you object or withhold consent, the personal information controller shall no longer process the personal data, unless: (a) The personal data is needed pursuant to a subpoena; (b) The collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which you are a part of, or when necessary or desirable in the context of an employer-employee relationship between the collector and the data subject; or (c) The information is being collected and processed as a result of a legal obligation.

    • That you have the right to reasonable access to, upon demand, the following: (a) Contents of your personal data that were processed; (b) Sources from which personal data were obtained; (c) Names and addresses of recipients of the personal data; (d) Manner by which such data were processed; (e) Reasons for the disclosure of the personal data to recipients, if any; (f) Information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect you; (g) Date when your personal data were last accessed and modified; and (h) The designation, name or identity, and address of the personal information controller.

    • You have the right to dispute the inaccuracy or error in the personal data and have the personal information controller correct it immediately and accordingly, unless the request is unjustified or otherwise unreasonable. If the personal data has been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by the intended recipients thereof: Provided, That recipients or third parties who have previously received such processed personal data shall be informed of its inaccuracy and its rectification, upon your reasonable request.

    • You shall have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data from the personal information controller’s filing system. This right may be exercised upon discovery and substantial proof of any of the following: (a) Your personal data is incomplete, outdated, false, or unlawfully obtained; (b) Your personal data is being used for purpose that you do not authorize; (c) Your personal data is no longer necessary for the purposes for which they were collected; (d) You withdraw consent or object to the processing, and there is no other legal ground or overriding legitimate interest for the processing; (e) The personal data concerns private information that is prejudicial to you, unless justified by freedom of speech, of expression, or of the press or otherwise authorized; (f) The processing is unlawful; (g) The personal information controller or personal information processor violated your rights.

      The personal information controller may notify third parties who have previously received such processed personal information.

    • You shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, taking into account any violation of your rights and freedom.

  14. Should you not consent to the collection, processing, storage and disposal of your personal information as required in this notice, COPSSC may be constrained not to process your application for employment with us.