Privacy Policy
This Privacy Manual is hereby adopted in compliance with Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and other relevant policies, including issuances of the National Privacy Commission.
DucknCover Inc respects and values your data privacy rights, and makes sure that all personal data collected from you, our clients and customers, are processed in adherence to the general principles of transparency, legitimate purpose, and proportionality.
This Manual shall inform you of our data protection and security measures, and may serve as your guide in exercising your rights under the DPA.
Terms used in the service must be defined for consistency and uniformity in usage. This portion will make sure of that, and allow users of the service to understand the words, statements, and concepts used in the document.
“Data Subject” – refers to an individual whose personal, sensitive personal or privileged information is processed by the organization. It may refer to officers, employees, consultants, and clients of this organization.
“Personal Information” – refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
“Processing” refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
|
Personal info we collect | Why we collect it? | |
Your name & address | We need this in order to determine the appropriate insurance price based on a risk assessment of your property, your claims history, and other attributes. | |
Your email address | This is part of the account creation process. It’s also the way that we will contact you with policy, service, claims. | |
Your personal property inventory | The more we know about your personal property the better and faster we’re able to respond when you have a problem. | |
Your payment information | This is needed to process your payment. Since we use a third-party payment processor, we have only limited information about your payment transactions. | |
App and device usage statistics | We may collect data from your smartphone. We aggregate and anonymize this data to look for statistical patterns that can help us give you, and all our users, more precise rates and coverage, as well as to improve overall performance and experience. | |
The type of incident, date, and time | We need this in order to create a record of your claim and to assess how to best respond. | |
Your phone number | We need this in order to contact you. We may share your phone number with our service providers who need to coordinate with you. | General
All personnel of DucknCover Inc, regardless of the type of employment or contractual arrangement, must comply with the terms set out in this Privacy Manual.
DucknCover Inc will ensure that personal data under its custody are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. The company will implement appropriate security measures in storing collected personal information, depending on the nature of the information. All information gathered shall not be retained for a period longer than one (1) year. After one (1) year, all hard and soft copies of personal information shall be disposed of and destroyed, through secured means.
Due to the sensitive and confidential nature of the personal data under the custody of the company, only the client and the authorized representative of the company shall be allowed to access such personal data, for any purpose, except for those contrary to law, public policy, public order or morals.
All employees and personnel of the company shall maintain the confidentiality and secrecy of all personal data that come to their knowledge and possession, even after resignation, termination of contract, or other contractual relations. Personal data under the custody of the company shall be disclosed only pursuant to a lawful purpose, and to authorized recipients of such data.
The Data Protection Officer shall oversee the compliance of the organization with the DPA, its IRR, and other related policies, including the conduct of a Privacy Impact Assessment, implementation of security measures, security incident and data breach protocol, and the inquiry and complaints procedure.
The organization shall sponsor a mandatory training on data privacy and security at least once a year. For personnel directly involved in the processing of personal data, management shall ensure their attendance and participation in relevant training and orientations, as often as necessary.
The organization shall conduct a Privacy Impact Assessment (PIA) relative to all activities, projects and systems involving the processing of personal data. It may choose to outsource the conduct of a PIA to a third party.
The organization shall sponsor a mandatory training on data privacy and security at least once a year. For personnel directly involved in the processing of personal data, management shall ensure their attendance and participation in relevant training and orientations, as often as necessary.
All employees will be asked to sign a Non-Disclosure Agreement. All employees with access to personal data shall operate and hold personal data under strict confidentiality if the same is not intended for public disclosure.
This Manual shall be reviewed and evaluated annually. Privacy and security policies and practices within the organization shall be updated to remain consistent with current data privacy best practices.
DucknCover shall use an intrusion detection system to monitor security breaches and alert the organization of any attempt to interrupt or disturb the system.
DucknCover shall first review and evaluate software applications before the installation thereof in computers and devices of the organization to ensure the compatibility of security features with overall operations.
DucknCover shall review security policies, conduct vulnerability assessments and perform penetration testing within the company on a regular schedule to be prescribed by the appropriate department or unit.
Each personnel with access to personal data shall verify his or her identity using a secure encrypted link and multi-level authentication.
A Data Breach Response Team shall be responsible for ensuring immediate action in the event of a security incident or personal data breach. The team shall conduct an initial assessment of the incident or breach in order to ascertain the nature and extent thereof. It shall also execute measures to mitigate the adverse effects of the incident or breach.
DucknCover shall regularly conduct a Privacy Impact Assessment to identify risks in the processing system and monitor for security breaches and vulnerability scanning of computer networks. Personnel directly involved in the processing of personal data must attend training and seminars for capacity building. There must also be a periodic review of policies and procedures being implemented in DucknCover.
DucknCover shall always maintain a backup file for all personal data under its custody. In the event of a security incident or data breach, it shall always compare the backup with the affected file to determine the presence of any inconsistencies or alterations resulting from the incident or breach.
Data subjects may inquire or request for information regarding any matter relating to the processing of their personal data under the custody of the organization, including the data privacy and security policies implemented to ensure the protection of their personal data. They may write to the organization at
inquiry@duckncover.com.ph and briefly discuss the inquiry, together with their contact details for reference.
The provisions of this Manual are effective immediately, until revoked or amended by this company, through a Board Resolution.