Search
Close this search box.
Contact us
Book A Meeting

Privacy Policy

Sharing our thoughts on the Outsourcing Industry and more

At Sourcefit, we prioritize the protection of personal data and uphold the rights and interests of data subjects (owners of Personal Identifiable Information). We recognize the value of Personal Identifiable Information (PII) entrusted to us and are committed to managing and safeguarding it responsibly. This Privacy Policy outlines how we collect, use, and share personal information when you visit our website, www.sourcefit.com (referred to as the “Site”).

DATA SUBJECTS AND RIGHTS

We guarantee that you feel secure knowing that we will handle your information with utmost care. Our privacy controls adhere to various applicable data privacy regulations, ensuring the protection of personal data collected, used, and stored in our systems. We have mapped out these regulations to cover extensive areas and have formulated solutions to address any unique requirements.

  • Right to Information. Your personal data is treated as your property, and we will not collect, process, or store it without your explicit and informed consent, except as required by law. We obtain consent through consent forms, privacy notices, and acknowledgment pages.
  • Right to Access Information. You have the right to know if we hold any personal data about you and request access to it. We provide a written description of the information we hold and its purpose, along with easy access to obtain a copy.
  • Right to Object Processing. You can object to the processing of your personal data based on consent or legitimate interest. We cease processing your data upon objection or withdrawal of consent, except when legally obligated.
  • Right to Erasure or Blocking. You can suspend, withdraw, or request the deletion of your personal data under certain circumstances, such as incomplete or unlawfully obtained data.
  • Right to Damages. You may claim compensation for damages resulting from inaccurate or unauthorized use of personal data, including violations of your rights.
  • Right to Data Portability. You have the right to obtain and transfer your data securely for further use.
  • Right to Rectify Errors. You can dispute and correct any inaccuracies in your personal data, with prompt action taken by us.

INFORMATION WE COLLECT, USE, AND WHY

Your Personal identifiable information (PII) is crucial to our business operations, and we handle it with care to deliver services efficiently. PII may be collected and used by our support services team for various purposes, including employee compensation, access management, and business development.

We may collect the following types of information.

  • Identifiers and Contacts Your name, contact numbers, and email addresses for communication and identification.
  • Biometric Information. Fingerprints for physical access control.
  • Basic Health Information. Health status and wellness data are required for employment and wellness programs.
  • Location and Addresses. Mailing and physical addresses for correspondence and asset delivery.
  • Government ID Numbers. For government-mandated applications and transactions.
  • Work History, Background, and Credentials. Educational and work history for employee profiling and credential verification.

Please note that customer information of our client partners is managed exclusively by them, ensuring control and compliance with privacy regulations. We do not store client information but facilitate its use within client systems as needed.

Website Information Collection

When you visit our website, we collect device information such as browser details, IP addresses, and cookies. Contact information is collected through contact forms for communication purposes.

Data Privacy Principles and Legislative Requirements

We adhere to principles of transparency, legitimate purpose, and proportionality in processing PII, ensuring fair and lawful practices.

Transparency

We obtain consent before processing PII and inform data subjects of the purpose, risks, safeguards, and rights associated with data processing.

Legitimate Purpose

Our PII processing aligns with declared purposes and legal requirements.

Proportionality

We collect only necessary information for specified purposes with consent.

Processing

We ensure PII processed is adequate, relevant, and not excessive, considering the intended purpose.

Consent

Informed and active consent is obtained before data collection, with consent forms utilized whenever possible.

Privacy Impact and Risks

Privacy Impact Assessments and Risk Analysis are conducted periodically and before implementing new processes or technologies involving PII.

Retention

We retain your PII for specified periods based on regulatory requirements and necessity, ensuring proper disposal afterward. In compliance with prevailing regulatory requirements, we may retain PII for up to 5 years, however; retention and disposal o sensitive information may require further consent from data subjects.

Disposal

Records and documents are disposed of properly according to retention schedules. Clients have control over the disposal of customer information stored in their portals.

Security Measures

PII is securely stored in databases managed by the Company’s Information Technology department. We maintain appropriate technical, physical, and organizational security measures to safeguard your information. These measures are regularly reviewed and updated to align with regulatory standards and technological advancements. These controls include, and are not limited to:

  • Secure Storage. PII is securely stored in databases managed by our Information Technology department. These databases are equipped with encryption and access controls to prevent unauthorized access.
  • Technical Safeguards. We utilize state-of-the-art security technologies, such as firewalls, intrusion detection systems, and encryption protocols, to protect your information from cyber threats.
  • Physical Security. Our facilities are equipped with physical security measures, including access controls and surveillance systems, to prevent unauthorized access to our premises and hardware.
  • Organizational Controls. We enforce strict policies and procedures governing the handling and processing of PII by our employees. Regular training and awareness programs ensure that our staff are well-equipped to maintain the security of your data.
  • Regular Review and Updates. Our security measures are continuously reviewed and updated to align with regulatory standards and technological advancements. We conduct regular security assessments and audits to identify and address any potential vulnerabilities.

To learn more about these measures and how PII is secured, please get in touch with our Data Protection Officer.

Data Classification

To sustain our efforts of protecting PII, the following data classification is implemented:

Public

Information intended and released for public use

Examples

  • Published Research
  • Training Course Catalogs
  • Privacy Policy
  • Support Directory
  • Basic Emergency Response Plans (life safety)
  • Corporate Policies
  • Publications
  • Press Releases
  • Published Marketing Materials
  • Regulatory and Legal Filings
  • Published Annual Reports
  • Plans of Public Spaces/ Evacuation Plans
  • Public Announcements

Business Confidential

Information that may be shared only within Sourcefit 

Examples

  • Department Policies and Procedures
  • Employee Web/Intranet Portals
  • Training Materials
  • Pre-Release Articles
  • Non-Public Building Plans or Layouts
  • Non-Sensitive Administration Survey Data

Confidential

High-risk information that requires strict controls

Examples

  • Password and PIN’s
  • System Credentials
  • Individually Identifiable Financial Account Information (eg: Bank Account, Credit or Debit Card Numbers)
  • Individually Identifiable Health or Medical Information
  • Detailed Security System Procedures and Architectures

Classified

Extremely sensitive information requiring specific controls

Examples

  • Classified Client Data
  • Client Trade Secrets

The following controls are implemented per category:

Activity

Printing

Mailing Paper Based-Info

Storing electronic files on work or personal computer (including portable devices)  

Sharing files with authorized individuals

Engaging vendors to store/process data

Business Confidential

Do  not leave unattended on printer trays or bins

Put in a closed mailing envelope/box

Only store in IT allowed storage (ie., One Drive

Used approved collaboration tools and share with specific individuals, not anonymous or guest links

Written contracts are strongly recommended

Confidential

Do  not leave unattended on printer trays or bins 

Put in a closed mailing envelope/box

Only store in IT allowed storage (ie., One Drive

Used approved collaboration tools and share with specific individuals, not anonymous or guest links

Written contracts are strongly recommended

Classified

Never print unless there is explicit approval 

Never mail

Never store out of client systems or portals

Never share

Written contracts are strongly recommended

Note: This applies to internal records and records that are shared with third parties and vendors.

RESTRICTION ON SHARING PII AND MARKETING USE

Sharing PII

We restrict the sharing of PII with third parties unless it is necessary for the fulfillment of contractual obligations or required by law. Any sharing of PII is done with utmost caution, ensuring that appropriate safeguards are in place to protect the data.

Marketing

We will not use your PII for profiling or marketing purposes unless a legitimate purpose is established, or explicit consent is obtained from you. Legitimate purposes may include providing relevant information about our products or services that are directly related to your interests or needs.

DATA SUBJECT REQUESTS AND INCIDENT MANAGEMENT

Exercising Data Subject Rights

You may engage our Data Protection Officer (DPO) to exercise your rights data privacy rights. Whether it involves accessing information, rectifying inaccuracies, objecting to processing, or requesting data erasure, our DPO facilitates these requests promptly and transparently. You may fill out the Data Subject Action Request Form (https://forms.office.com/r/zR5p32wTHf) to send your requests to the DPO.

Reporting Incidents

In the event of a data privacy incident or breach, you may report it directly to our DPO. Our DPO oversees incident response procedures, ensuring timely assessment, mitigation, and reporting in compliance with regulatory requirements.

OUR DATA PROTECTION OFFICER

Our Data Protection Officer (DPO) oversees all data privacy matters, managing the Data Privacy Program, responding to inquiries, identifying risks, and ensuring compliance. To contact our DPO, email [email protected].

OUR DATA PRIVACY COMPLIANCE

Sourcefit has successfully complied with the Data Protection Officer and Personal Information Controller Registration Requirements of the National Privacy Commission of the Philippines, in accordance with NPC Circular No. 16-03. Our registration is valid until July 5, 2024. You may scan the QR code to get more information about our registration details.

Contact
Us Now

A Division of

Privacy Policy

Quick Links
Offices

#526 1401 Lavaca St Austin, TX 78701

19th Floor Exxa Tower, Bridgetowne IT Park, Ugong Norte, C5 Road, Quezon City, 1110, Metro Manila, Philippines

Hamilton House, 30 Chiappini Street, De Waterkant, Cape Town, 8001

Calle Porfirio Herrera 29 Evaristo Morales, Santo Domingo Distrito Nacional, Rep Dom.

Contacts

U.S./International: +1 209 604 3442
U.S. Toll Free: +1 888 433 8801
Philippines: +63 2 84702484
South Africa: +27 64 737 8500
Dominican Rep.: +1 809 834 5885

Follow us on our social media
Facebook Linkedin-in

Copyright © 2024, Sourcefit. All Rights Reserved.

Get In Touch