Privacy Manual
1. POLICY
The Nutrana Health and Wellness Co. Privacy and Data Protection Policy articulates the Privacy Principles followed by Nutrana Health and Wellness Co. employees and third-party affiliates in regards to the collection, use, transfer, storage and destruction of Personal Data. These Privacy Principles comply with RA 10173 Data Privacy Act of 2012 and are aligned to the highest privacy standards in trade and commerce. Nutrana Health and Wellness Co.’s commitment to these high standards reflects the value we place on earning and maintaining the trust of our employees, clients, business partners, and others whose Personal Data or other confidential information is shared with us.
2. APPLICABILITY
As allowable by law, this policy applies worldwide to all directors, officers, executives, employees, and contracted representatives of Nutrana Health and Wellness Co. and their affiliates.
3. REQUIREMENTS
3.1. Scope
This Privacy and Data Protection Policy applies to the collection, storage, processing, transfer, and use of Personal Data concerning its customers, including outsourcing and other services clients, business partners, employees, former employees, and applicants for employment, (“covered individuals”).
Personal Data may be collected from covered individuals through a variety of means, including, for example, through websites, other ordering channels, and service or employment processes.
3.2 Privacy Principles
3.2.1 Personal Data
Nutrana Health and Wellness Co. shall Process Personal Data only as permitted or required by RA 10173 Data Privacy Act of 2012 and in accordance with the following Privacy Principles:
3.2.1.1 Fair and Lawful Processing of Personal Data
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject, including:
- Notice
Nutrana Health and Wellness Co. shall provide timely and appropriate notice to Data Subjects about its data processing practices as required by applicable laws and regulations or, from time to time, as necessary in Nutrana Health and Wellness Co.’s business judgment. - Choice
Nutrana Health and Wellness Co. shall not use Personal Data with third parties or provide Personal Data to third parties without giving the Data Subject an opportunity to choose whether their data can be disclosed for such use, unless otherwise permitted or required by law or regulation. - Consent
Nutrana Health and Wellness Co. shall Process Personal Data only with an individual’s consent, which may be express or implied, depending on the sensitivity of the Personal Data and the individual’s reasonable expectations, unless otherwise permitted or required by law or regulation. For example, Nutrana Health and Wellness Co. may Process Personal Data without seeking consent to perform, or take steps with view to entering into, a contract with the Data Subject or to comply with legal obligations.
3.2.2 Limitations on Collection, Use, and Disclosure of Personal Data
3.2.2.1 Purpose
Nutrana Health and Wellness Co. shall collect Personal Data only for specific, legitimate business purposes. The information collected will be relevant, adequate, and not excessive for the purposes for which it is collected. Nutrana Health and Wellness Co. shall Process Personal Data in a manner consistent with the purposes for which it was collected, unless otherwise permitted or required by law or regulation or the individual has subsequently consented to the new use of their Personal Data. Nutrana Health and Wellness Co. does not sell, rent, or lease Personal Data of covered individuals.
3.2.2.2 Data Minimization
Nutrana Health and Wellness Co. shall take all legally required and commercially reasonable steps to ensure that Personal Data Processed by it will be adequate, relevant and limited to what is necessary in relation to the purposes for which those data are processed.
3.2.2.3 Onward Transfer
Nutrana Health and Wellness Co. shall take appropriate measures, by contract or otherwise, to provide adequate protection for Personal Data that is disclosed to a third party or transferred to or accessed from another country, including internal transfers within Nutrana Health and Wellness Co. or between Nutrana Health and Wellness Co. Business Units and/or third parties.
3.2.3 Management of Personal Data
3.2.3.1 Accuracy/Integrity
Nutrana Health and Wellness Co. shall take all legally required and commercially reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and, where necessary, kept up to date. Nutrana Health and Wellness Co. shall take every reasonable step to ensure that Personal Data that are inaccurate are promptly either erased or rectified.
3.2.3.2 Access
Nutrana Health and Wellness Co. shall maintain procedures to give Data Subjects reasonable access to their Personal Data and, as appropriate, the ability to correct, delete, or update inaccurate or incomplete information.
3.2.3.3 Security
Nutrana Health and Wellness Co. shall take all legally required and commercially reasonable measures, proportional to the associated risk, to protect Personal Data from loss, misuse, unauthorized access or disclosure, alteration, and destruction. Nutrana Health and Wellness Co. provides appropriate additional levels of protections for data considered to be Sensitive Personal Data.
3.2.3.4 Retention
Pursuant to its global records and information management policies and procedures, and unless otherwise required by applicable laws, Nutrana Health and Wellness Co. shall keep Personal Data in a form that permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are Processed. Personal Data may be stored for longer periods insofar as the data will be Processed solely for archiving purposes in the public interest, or scientific, historical, or statistical purposes and subject to the implementation of appropriate safeguards.
3.2.4 Accountability and Enforcement
3.2.4.1 Accountability
Nutrana Health and Wellness Co. is responsible for and shall be able to demonstrate compliance with these Privacy Principles. Nutrana Health and Wellness Co. shall designate individuals within the company to be accountable for compliance with privacy and data protection laws and related Nutrana Health and Wellness Co. policies.
3.2.4.2 Enforcement
Nutrana Health and Wellness Co. shall provide internal controls to verify compliance with privacy and data protection laws and related Nutrana Health and Wellness Co. policies and procedures.
3.2.4.3 Data Subject Access Requests, Complaints, and Dispute Resolution
As required by law, Nutrana Health and Wellness Co. shall provide for various points of contact and multiple communication channels to raise access requests, to initiate data protection and privacy- related complaints, or to pursue dispute resolution, including a fair process to investigate and resolve requests and complaints and to communicate the progress and status of requests or complaints to Data Subjects.
3.3 Education and Awareness
Nutrana Health and Wellness Co. shall make available training and programs to educate and raise awareness among employees and staff, for their individual and collective legal, regulatory, and contractual responsibilities regarding the Processing of Personal Data.
3.4 Compliance Governance
Nutrana Health and Wellness Co. shall charter and maintain a Privacy and Data Protection Office (“PDP Office”) charged with the responsibility to implement this policy, to promulgate additional privacy related policies as may be required, and to provide strategically-coordinated privacy-related compliance and other services and resources to its Nutrana Health and Wellness Co. constituents and other stakeholders.
3.5 Accountability
Nutrana Health and Wellness Co.’s Data Protection Officer (DPO) assumes responsibility and accountability for the Privacy and Data Protection Program (“PDP Program”) and any changes or enhancements thereto, including devising and promulgating additional procedures and processes as necessary to drive compliance with Nthis policy.
The Data Protection Officer can be contacted at: [email protected]
4. KEY DEFINITIONS
4.1. Privacy Principles: Nutrana Health and Wellness Co.. shall process Personal Data only as permitted or required by applicable laws and in accordance with the Privacy Principles set forth in this policy.
4.2. Business Units: All Nutrana Health and Wellness Co. legal entities and organizations, including corporate support organizations, subsidiaries, related corporations, partnerships or professional associations, affiliates, divisions, or groups, and their subsidiary operations and operating units.
4.3. Data Subjects: An identified or identifiable natural person whose Personal Data is subject to Processing by Nutrana Health and Wellness Co. For example, Nutrana Health and Wellness Co. employees are Data Subjects.
4.4. Personal Data: Personal Data includes any data by which a person can be identified or located, as well as any data to which Nutrana Health and Wellness Co. has access in customer systems. In accordance with certain country-specific laws and definitions, Personal Data revealing certain sensitive information (“Sensitive Personal Data”) may require additional protection, such as encryption, anonymization or de-personalization.
4.5. Process or Processing: Any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure, or destruction.
5. VIOLATIONS
Any Nutrana Health and Wellness Co. employee who knowingly violates or attempts to violate this Policy shall be subject to disciplinary action, up to and including separation from Nutrana Health and Wellness Co.
6. REFERENCES
Nutrana Health and Wellness Co. online privacy notice published on covidone.ph/privacy-notice.
7. CONTACT
For data privacy concerns, send an email to [email protected]