Privacy Policy

 

INTRODUCTION

Welcome to the GUS Education Business Process Solutions and Services Philippines Inc privacy notice.

GUS Education Business Process Solutions and Services Philippines, Inc. (together referred to as “GUS Philippines”, “us” or “we”)respects your privacy and is committed to protecting your personal data.

This privacy notice is provided in a layered format so you can click through to a specific privacy policy.

This website is not intended for children and we do not knowingly collect data relating to children on this website. However where GUS Education Business Process Solutions and Services Philippines Inc processes personal data of children in its business operations, we ensure that appropriate safeguards and consents are obtained from parents or caregivers as applicable [and that we follow relevant guidance from the National Privacy Commission ('NPC') in relation to the processing of children’s data]. You may contact DPOPh@gus.global for further information about this.

It is important that you read the privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

IMPORTANT INFORMATION AND WHO WE ARE

DATA CONTROLLER

GUS Education Business Process Solutions and Services Philippines Inc. is a company registered in the Philippines under the Securities and Exchange Commission with registration no. CS201911502 and we have our registered office and our main trading address at 8F Robinsons Zeta Tower, Bridgetowne, C5 Road, Ugong Norte, Quezon City, Philippines

GUS Education Business Process Solutions and Services Philippines Inc. engage in, maintain, operate, conduct and render business process outsourcing services and solutions in connection with the education sector including but not limited to: (i) human resource, marketing and sales support services fir the international recruitment of students to offshore clients, (ii) date encoding, data processing and communications services, (iii) software, animation and graphics development for multimedia promotional purposes provided that the primary or principal business of this company does not include that of an advertising company or mass media company, and (iv) knowledge-based and computer-enabled support services such as, among others, consultancies, market research and analysis, business planning and coordination, information processing requirements, technical support and maintenance, system hosting data and other related services for the international recruitment of students to offshore clients and (v) other information technology-enabled services through telephone, email, internet or fax and any and all related activities as may be necessary to provide the foregoing, without however engaging in the business of an educational institution.

GUS Education Business Process Solutions and Services Philippines Inc. is part of the Global University Systems B.V. group of companies is made up of different legal entities, details of which can be found here
https://www.globaluniversitysystems.com/our-institutions

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

CONTACT DETAILS

Our full details are:

Full name of data controller legal entity: GUS Education Business Process Solutions and Services Philippines Inc.

FAO Data Protection Officer

Email address: DPOPh@gus.global

Postal address: 8F Robinsons Zeta Tower, Bridgetowne, C5 Road, Ugong Norte, Quezon City, Philippines

Telephone number: +63 9178286085

You have the right to make a complaint at any time to the National Privacy Commission ('NPC') the Philippines supervisory authority for data protection issues (www.privacy.gov.ph). For data protection issues in other countries, you have the right to complain at any time to the supervisory authority for that country.

We would always prefer that you come to us to help address any concerns of a privacy nature however before you go to the NPC or other applicable supervisory authority, so please contact us in the first instance.

CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

This version was last updated November 2020 and historic versions can be obtained by contacting us.

We may from time to time change the detail in this notice. Any changes we may make in the future will be posted on this page. Please check back frequently to see any such updates or changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

THIRD-PARTY LINKS

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

COOKIES

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see here.

GLOSSARY

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting our DPO DPOPh@gus.global

Contractual necessity means processing your data where it is necessary for the performance of a contract to which you are a party or to take preliminary pre-contractual steps at your request before entering into such a contract.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

To view relevant privacy policy click to expand below

Website visitor privacy notice

 

GUS Business Process Solutions and Services Philippines, Inc. (“Company”) respects your right to privacy and aims to comply with the requirements of all relevant privacy and data protection laws, particularly the Data Privacy Act of 2012 and the General Data Protection Regulation (‘’GDPR’’). Please take the time to read this Policy explaining how we process the information we collect from or generate about you every time you access this website.

What We Collect

Whenever you browse this site, we automatically record technical information about your visit. They may include the following:

  • browser type and version
  • browser plug-in types and versions
  • date and time of connection
  • length of visits to certain pages
  • IP address
  • operating system
  • pages viewed/searched for
  • page interaction information (e.g., scrolling, clicks, and mouse-overs)
  • page response time
  • time zone setting
  • download errors
  • platforms and referrers

In most instances, this information, by itself, is not sufficient to determine your identity.

Why We Collect Them

The recorded information is used primarily to help keep the site safe and secure. In addition, it may also be used for bug tracking, investigations relating to a security or data breach, and usage statistics. Our legal basis for processing this data is legitimate interest.

If we need to use any collected information that constitutes personal data for purposes not compatible with those listed here, we will inform you prior to such use and, where required by law, obtain your consent.

How We Use, Store, and Retain Them

All information collected by domains maintained by the Company is stored in its data centers that are accessible only to authorized personnel and agents, such as, in some cases, third party service providers. Third parties who maintain or manage websites for the Company store their collected information in their own designated servers or data centers.

The collected information is kept for as long as necessary to achieve the declared purpose for its collection. In no case is it shared with or transferred to other persons or organizations, unless required or permitted by law.

Data Transfers

Where any of your personal data is transferred outside the Philippines it will be subject to contractual or other reasonable means to provide a comparable level of protection.

 

Our Use of Cookies

This site makes use of cookies, which may be set by our webserver or provided by a third party. These are small text files that are automatically downloaded to your browser upon visiting this site. These then collect your browsing data in order to help the site better interact with you and other visitors. In other instances, cookies are also relevant for authentication, session management, and performance analytics.

 

Your Rights and How to Exercise Them

As a data subject, you have the following rights in relation to your personal data processed by us:

To gain access to your personal data

To rectify inaccuracies or where appropriate, given the purposes for which your data is processed, the right to have incomplete data completed

To have your personal data erased. This is a limited right which applies, among other circumstances, when the data is no longer required, consent has been withdrawn and/or the processing has no legal justification. There are also exceptions to this right, such as when the processing is required by law or in the public interest

To object to the processing of your personal data for marketing purposes. You may also object when the processing is based on the public interest or other legitimate interests, unless we have compelling legitimate grounds to continue with the processing.

To restrict the processing of your personal data. This is a limited right which will apply in specific circumstances and for a limited period.

To obtain a copy of your data in a commonly used electronic form if the data is processed by automated means and the processing is based on your consent or contractual necessity.

To not have decisions with legal or similar effects made solely using automated processing, unless certain exceptions apply.

For more information on your rights, if you wish to exercise any right or for any queries you may have or if you wish to make a compliant, please contact our Data Protection Officer at: DPOph@gus.global

You have the right to make a complaint at any time to the National Privacy Commission, the authority for data protection issues in the Philippines. National Privacy Commission

 

Changes to This Policy

We may, from time to time, make changes to this Policy. When permissible, we will let you know through other means of communication. However, any modification is effective immediately upon posting on this website.

Applicants Privacy Notice

 

Purpose of this Notice

GUS Education Business Process Solutions and Services Philippines, Inc. (together referred to as “GUS Philippines”, “us” or “we”) are committed to protecting and respecting your privacy.

This privacy policy sets out the basis on which any personal data we collect from you, or that you or any third parties provide, will be processed by us. We may withdraw or modify this notice at any time and we may supplement or amend this notice by additional policies and guidelines from time to time. We will notify you if this notice is amended.

We are a data 'controller', which means we are responsible for deciding how we hold and use your personal information.

"Personal data" refers to information relating to a living, identifiable individual. It can also include "special categories of data", which is information about your racial or ethnic origin, religious or other beliefs, and physical or mental health, the processing of which is subject to strict requirements. Similarly, information about criminal convictions and offences is also subject to strict requirements.

“Processing” means any operation which we carry out on your personal data e.g. obtaining, storing, transferring and deleting.

2. Your personal information

We hold a range of personal data about you, some of which you provide to us direct and some of which we receive from third parties, such as UCAS, where relevant. See below for further details of personal data we receive from third parties. Examples of categories of personal data which we hold are: your contact details, prior educational experience/attainment, immigration information (e.g. passport details, language proficiency), where relevant, health information (including any disabilities) and other equality-monitoring data you provide to us.

The purposes for which we process your personal data and the legal basis

When you are an applicant, we process your personal data for the purposes of assessing your eligibility to be offered a place on one of our academic or professional programmes.

If you are unsuccessful or do not take up a place at GUS, we will retain your personal data in line with our retention schedules for statistical and audit purposes or in the event of a complaint or an appeal.

We only process data for specified purposes and if it is justified in accordance with data protection law. The table below lists the various purposes for which we process personal data and the corresponding justification for it. Some processing of your personal data is justified on the basis of contractual necessity. In general, this applies to personal data you provide to us to process your application Without that information, we would be unable to provide you with your chosen academic programme and related support services. Some personal data is also required to fulfil our legal obligations regarding immigration.

No.

Purpose

Legal basis/ justification

1

Assessing eligibility to undertake our academic or professional programmes.

Processing is necessary for the purposes of taking steps prior to entering into a contract with us

2

Supporting applicants through the application process and providing further information on the services we can offer

Necessary for negotiating to enter into a contract and legitimate interests in providing support to applicants

3

Provision of academic programmes and related services

Necessary for performing a contract, i.e. to provide your chosen academic programme.

4

Obtaining proof of payment for school admission fees.

Contractual necessity and our legitimate interest in obtaining essential documents to complete student enrollment service we provide.

5

Communicating with applicants

Contractual necessity and our legitimate interest in marketing GUS schools or brands.

6

To facilitate data-gathering to improve our educational services, our website, and our marketing efforts

GUS Philippines legitimate business interests such as managing and developing its business

 

There may be other processing in addition to the above, for example, when you access our website which uses cookies or when we take photos of our events and publish them. This is done on the basis of our policies and we will inform you about such processing at the time when the data is obtained or as soon as reasonably possible thereafter.

Where the basis of processing your personal data is contractual necessity and you fail to provide the personal data in question, GUS Philippines may not be able to process your application or provide you with the programme for which you have applied.

Personal data received from third parties

No

Data

Source

1

Contact details and attainment.

Call agents

2

Transcripts - details of programmes undertaken or being undertaken at another institution; attainment.

Another institution

and/or secondary/high schools.

3

Medical, mental health, accessibility-related and similar information. This is special category personal data. We only obtain this information from third parties if you give us consent to do so or if it’s a matter of life and death.

Another institution, medical practitioners

and/or family members

4

Information required to assess eligibility for courses i.e. from employers or sponsors.

Employers or sponsors.

 

Recipients of personal data

On occasion we may need to share your data with third parties. The following table lists what information we may share with whom

No

Recipients

Data which we may share with them

1

Companies within the group

Passport details, Contact details, academic details, financial details

2

Data processors i.e. third parties who process personal data on our behalf e.g. software providers or marketing service providers

Contact details which are not retained by the third party

 

Overseas transfers of personal data

Where possible, we aim to hold personal data relating to applicants within Philippines. Where any of your personal data is transferred outside Philippines it will be subject to a legally binding data sharing agreement, contractual or other reasonable means to provide a comparable level of protection.

Retention of data

The length of time that we keep your personal data for is set out in the Records Retention Schedule, please contact DPOPh@gus.global for more information.

Your rights as a data subject

As a data subject, you have the following rights in relation to your personal data processed by us:

  • To gain access to your personal data

  • To rectify inaccuracies or where appropriate, given the purposes for which your data is processed, the right to have incomplete data completed

  • To have your personal data erased. This is a limited right which applies, among other circumstances, when the data is no longer required, consent has been withdrawn and/or the processing has no legal justification. There are also exceptions to this right, such as when the processing is required by law or in the public interest.

  • To object to the processing of your personal data for marketing purposes. You may also object when the processing is based on the public interest or other legitimate interests, unless we have compelling legitimate grounds to continue with the processing.

  • To restrict the processing of your personal data. This is a limited right which will apply in specific circumstances and for a limited period.

  • To obtain a copy of your data in a commonly used electronic form if the data is processed by automated means and the processing is based on your consent or contractual necessity.

  • To not have decisions with legal or similar effects made solely using automated processing, unless certain exceptions apply.

Where we are relying on your consent to process your data, you may withdraw your consent at any time. Your requests will be considered at the latest within one month.

Address data protection queries

We have appointed a Data Protection Officer [DPO] to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact the DPO at DPOPh@gus.global. You have the right to make a complaint at any time to the National Privacy Commission, authority for data protection issues. National Privacy Commission

Privacy Policy For GUS Ph Staff

 

Introduction

Welcome to the GUS Business Process Solutions and Services Philippines, Inc. This Privacy Policy (also known as Privacy Notice) tells you about our policy when we collect, use, or otherwise process your personal data, in relation to your engagement with the Company.

We respect your right to privacy and aim to comply with the requirements of all relevant privacy and data protection laws, particularly the Data Privacy Act of 2012 (DPA). As in the case of the National Privacy Commission (NPC), we also seek to strike a balance between your personal privacy, and the free flow of information, especially when pursuing our legitimate interests and when necessary to carry out our responsibilities as an employer, and/or as a contracting party.

In this Policy, the terms, “data” and “information” are used interchangeably. When we speak of “personal data”, the term includes the concepts of personal information, sensitive personal information, and privileged information. The first two are typically used to distinctively identify you. For their exact definitions, you may refer to the text of the DPA or you can visit the website of the National Privacy Commission. You should also note that while we give examples here to explain this Policy in simple and clear language, they do not make up an exhaustive list of all the data that we process.

Information We Collect, Acquire and Generate

We collect your personal data in many forms. They may consist of written records, photographic and video images, digital material, and even biometric records. Examples include:

  • Information you provide or we generate prior to your engagement. When you apply for a certain job or position within the University, or if we seek to engage you for a particular service or work, we ask for your personal data through a Personal Data Sheet (PDS) and Occupation and Employer of Relatives Form. We also request you to provide your resume, Transcript of Records, and details about your professional license, if any. During the preliminary screening, we may collect additional information, including those generated from your interview and/or those obtained from your indicated professional referees. If you are already engaged by the Company, we may use the information already in our possession to process your application for the new or different position.
  • Information we collect or generate upon issuance of an employment offer or the commencement of your engagement. Once you accept our job offer or agree to the terms of a proposed engagement, we will collect another set of information including, but not limited to, the following: (1) Certificate of Employment; (2) Medical/Fit-to-Work Clearance; (3) NBI or Police Clearance; (4) Philippine Statistics Authority (PSA) Birth Certificate (applicant/dependents); (5) PSA Marriage Contract; (6) SSS ID or E1 or E4; (7) Pag-IBIG Member’s Data Form and/or ID; (8) Pag-IBIG Member’s Change in Information Form (MCIF); (9) PhilHealth MDR or ID; (10) PhilHealth Member Registration Form; (11) tax-related documents, such as your TIN ID or BIR Form 1902 (with stamp) and 2316; and (12) bank account details necessary to facilitate the processing of your compensation.
  • Information we collect or generate during the course of your employment or engagement with the Company. After you join the Company, we may also collect additional information about you, including: your annual physical examination results and other data that may be used in the processing of loan applications and insurance claims, in performance evaluation, in administrative and disciplinary cases. There will also be times when we will acquire other forms of data like pictures or videos of activities you participate in, via official documentation of such activities, or through recordings from closed-circuit security television cameras installed within company premises.
  • Unsolicited Information. There may be instances when your personal information is sent to or received by us even without our prior request. In such cases, we will determine if we can legitimately keep such information. If it is not related to any of our legitimate interests, we will immediately dispose of the information in a way that will safeguard your privacy. Otherwise, it will be treated in the same manner as information you provide us.

If you supply us with personal data of other individuals (e.g., person to contact in the event of an emergency, professional referees), we will request you to certify that you have obtained the consent of such individuals before providing us with their personal data.

How We Use Your Information

To the extent permitted or required by law, we use your personal data to pursue our legitimate interests as an employer, and/or contracting party, including a variety of administrative, research, historical, and statistical purposes. For example, we may use the information we collect for purposes such as:

  • Identifying applicants and processing their respective applications;
  • Assessing the suitability of candidates for a particular role or position;
  • Verifying the provided or submitted information;
  • Checking background information;
  • Evaluating academic qualifications;
  • Supporting personnel when implementing health-related adjustments that will allow him/her to carry out a particular role or task;
  • Administering remuneration, payroll, pension, and other standard employment functions;
  • Administering human resource-related processes, including those relating to performance management, and disciplinary issues;
  • Delivering or providing facilities, services, security, and staff benefits to employees;
  • Facilitating claims and remittances for mandatory benefits;
  • Communicating effectively with personnel, including the distribution of relevant newsletters and circulars;
  • Supporting personnel training, health, safety, welfare and religious requirements;
  • Compiling statistics and conducting surveys and research for internal and statutory reporting purposes;
  • Enabling the Office of Human Resources to contact others in the event of an emergency.
  • Other similar or related tasks

We consider the processing of your personal data for these purposes necessary for the performance of our contractual obligations to you, for our compliance with a legal obligation, to protect your vitally important interests, including your life and health, for the performance of tasks we carry out in the public interest (e.g., public order, public safety, etc.), or for the pursuit of the legitimate interests of the Company, or a third party. We understand that the DPA imposes stricter rules for the processing of sensitive personal information and privileged information, and we are fully committed to abiding by those rules.

If we require your consent for any specific use of your personal data, we will collect it at the appropriate time.

Please note further that we will not subject your personal data to any automated decision-making process without your prior consent.

How We Share, Disclose, or Transfer Your Information

To the extent permitted or required by law, we may also share, disclose, or transfer your personal data to other persons or organizations in order to pursue our legitimate interests as an educational institution, employer, and/or contracting party. For example, we may share, disclose, or transfer your personal data for purposes such as:

  • Submission of information to government agencies such as the Commission on Higher Education and Department of Education, for accreditation and reportorial requirements; the Social Security System, Philippine Health Insurance Corporation, Pag-IBIG, and Bureau of Internal Revenue, for the provision of employment benefits mandated by law;
  • Sharing of necessary information to contracted providers such as insurance companies, insurance brokers, banks, and other similar organizations, in relation to any or all of your loan applications and insurance claims;
  • Sharing information with entities or organizations (e.g., Philippine Accrediting Association of Schools, Colleges and Universities and QS World University Rankings) for accreditation and university ranking purposes;
  • Disclosure of your information related to Termination of Employment, Flexible Fixed/Variable Work Arrangements, Employees Compensation Report to the Department of Labor and Employment, as part of the University’s reportorial obligations;
  • other purposes, when necessary and under circumstances permitted or required by law.

How We Store and Retain Your Information

Your personal data is stored and transmitted securely in a variety of paper and electronic formats, including databases. Access to your personal data is limited to Company personnel who have a legitimate interest in them for the purpose of carrying out their contractual duties. Rest assured that our use of your personal data will not be excessive and shall be limited to that which is necessary to achieve the purpose of their collection, and/or only when permitted by law.

In retaining your personal information, we generally subscribe to the following schedule:

  • Employees. One year (1) from the day of your separation from the Company or the termination of your employment, after which your employment records (e.g., 201 file) in HR are transferred to the Company Archives, subject to applicable Company policies.
  • Job applicants. Seven (7) months to one (1) year for pooling purposes, after which they are disposed of in a secure and safe manner, if not used within said period.
  • For other types of personal data, we only retain them for historical and statistical purposes, unless otherwise provided by law or by applicable Company policies.

Your Rights with Respect to Your Personal Data

We recognize your rights with respect to your personal data, as provided under the DPA. If you wish to exercise any of your rights, or should you have any concern or question regarding them, this Notice, or any matter involving the Company and data privacy, you may contact the Company Data Protection Officer at:

Questions: DPOPH@gus.global

Complaints / Security Incidents: DPOPH@gus.global

Changing This Privacy Policy

We may, from time to time, make changes to this Policy. On such occasions, we will let you know through our website and, when permissible, other means of communication. Any modification is effective immediately upon posting on the website.

Other Company Policies

Other policies of the Company, which are not inconsistent with this one, will continue to apply. If any provision of this Policy is found to be unenforceable or invalid by any court having competent jurisdiction, the invalidity of such provision will not affect the validity of the other provisions, which shall remain in full force and effect.

Former GUS Employees

 

GUS Education Business Process Solutions and Services Philippines, Inc.(together referred to as “GUS Philippines”, “us” or “we”)are committed to protecting and respecting your privacy.

This privacy notice applies to former employees of GUS Education Philippines.

It is important that you read this privacy notice together with our privacy notice or any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you. This is so that you are fully aware of how and why we are using your data.

Information we collect

GUS does not collect personal data from former employees after they have left our employment, but it may hold the information that was collected before and during the employment relationship, including:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
  • Date of birth
  • Gender
  • Marital status and dependents
  • Next of kin and emergency contact information
  • Philhealth Number
  • Copy of identification (Passport/driver’s license)
  • Bank account details, payroll records and tax status information
  • Salary, annual leave and benefits information
  • Start date
  • Location of employment or workplace
  • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process)
  • Employment records (including job titles, work history, working hours, training records and professional memberships)
  • Compensation history
  • Performance information
  • Disciplinary and grievance information
  • CCTV footage and other information obtained through electronic means
  • Information about your use of our information and communications systems
  • Photographs

Our lawful basis for processing

The lawful bases for processing personal data will be:

Section 21 (b) Contract
Section 21 (c) Legal obligation
Section 21 (g) Legitimate interest

How we process your information

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

1. Where we need to perform the obligations in a contract we have entered into with you, such as the employment contract, or a settlement agreement. Some of the contractual obligations in these contracts continue after your employment has terminated, such as the duty to observe confidentiality.

2. Where we need to comply with a legal obligation.

We may also use your personal information in the following situations, which are likely to be rare:

1. Where we need to protect your vital interests (or someone else’s vital interests). Section 12 (d)

2. Where it is needed in the public interest. Section 12 (e)

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We may process your data for the following purposes:

  • Paying you and deducting tax, government mandated contribution such as SSS, Philhealth and HDMF, and other lawful deductions.

  • Providing you with any employee related benefits to which you are entitled after the termination of your employment.

  • To reimburse you for expenses incurred in the course of your employment.

  • Administering any contract we have entered into with you.

  • Business management and planning, including accounting and auditing.

  • Gathering evidence for possible grievance or disciplinary hearings.

  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.

  • To prevent and detect fraud.

  • To ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution.

  • To conduct data analytics studies (such as the staff survey) to review and better understand employee retention and attrition rates.

  • Equality and diversity monitoring

  • Publicizing our activities (e.g., group photos of events, site visits, etc.).

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

How we process “special categories” of more sensitive personal information

We may also store and use the following “special categories” of more sensitive personal information that we have collected from you:

  • Information about your race or ethnicity

  • Information about your health, including any medical condition, health and sickness records.

  • Biometric data.

  • Information about criminal convictions and offences.

These “special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for storing and using this type of personal information. Our data protection policy contains details of the safeguards which we are required by law to maintain when processing such data.

We may process special categories of personal information in the following circumstances:

1. Where we need to carry out our legal obligations or exercise rights in connection with employment.

2. Where it is needed in the public interest: for example, we will use information about your race or national or ethnic origin to ensure meaningful equality and diversity monitoring and reporting. Where possible, we would seek to anonymize this data.

3. In limited circumstances, with your explicit written consent. However, we do not need your consent to use special categories of your personal information to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

Who is the information shared with

We may share your data with third parties, including third-party service providers, Government departments and agencies.

We require third parties to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information outside the Philippines. If we do, you can expect a similar degree of protection in respect of your personal information.

GUS shares your data with:

  • Occupational Health providers screening

  • Local government unit – Health and Occupational Permit screening and issuance

Retention

GUS will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected.

GUS has a records retention schedule that outlines how long we will retain information.

To determine the appropriate retention period for personal data collected as part of your employment, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee we will retain and securely destroy your personal information after the following periods

  • 12 months from date of leaving for employees; except

  • Payroll, tax, SSS, Philhealth and HDMF records which must be retained required for 10years. This is a legal requirement.

However, these periods only apply to your employment records and not for example to images and materials created and use for marketing and communication purposes (e.g. group photographs taken etc.)

RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION

Your rights in connection with personal data

Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data corrected.

  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

  • Request the transfer of your personal data to another party.

If you want to review, verify or correct your personal data, you can do so by logging into the online system. If you wish to request erasure of your personal data or object to the processing of your personal data, please send an email to DPOPh@gus.global

Changes to our privacy Policy

Any changes we make to this privacy notice in the future will be [posted on this page] and, where appropriate, notified to you by e-mail.

Who regulates the use of my personal information?

GUS Philippines maintains a data protection registration with the National Privacy Commission, the independent authority which oversees compliance with the Data Protection Legislation.. Please visit the https://www.privacy.gov.ph/ website for details.

Who do I contact with questions?

We have appointed a Data Protection Officer [DPO] to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact the DPO at DPOPh@gus.global. You have the right to make a complaint at any time to the National Privacy Commission, authority for data protection issues.



Recruitment Candidate Privacy Notice

 

GUS Education Business Process Solutions and Services Philippines, Inc. (together referred to as “GUS Philippines”, “us” or “we”) respect your privacy and are committed to protecting your personal data. GUS Philippines is a personal data controller. This means that we are responsible for deciding how we hold and use personal data about you. This notice is aimed at informing you of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR) and the local data protection law.

DATA PROTECTION PRINCIPLES

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Maintained only for as long as necessary for the purposes we have told you about, i.e. in relation to the recruitment exercise.
  • Kept securely and protected against unauthorized or unlawful processing and against loss or destruction using appropriate technical and organizational measures.

THE KIND OF DATA WE HOLD ABOUT YOU

In connection with your application, we will collect, use and store the following categories of personal data about you:

  • The data you have provided to us in your curriculum vitae (CV) and the personal data contained in your covering letter.
  • The data you have provided on our application form, including name, title, home/term address, telephone number, personal email address, date of birth, gender, employment history, qualifications, nationality, social media accounts, profession, professional memberships, educational achievements, diplomas, transcripts, languages, computer skills, national service completion (if applicable), identification number and any data you provide us during interviews at our premises.
  • Any personal data provided to us about you by your referees [if applicable].

HOW IS YOUR PERSONAL DATA COLLECTED?

We collect personal data about candidates from the following sources:

  • You, the candidate.
  • Your named referees, from whom we collect the following categories of data: full name, periods of previous employment, performance during previous employment.
  • From publicly accessible sources, such as Linkedin, etc., where we collect your full name, email, work history, and other data included on your profile.

HOW WE WILL USE DATA ABOUT YOU

We will use the personal data we collect about you to:

  • Assess your skills, qualifications, and suitability for the role.
  • Carry out background and reference checks, where applicable.
  • Communicate with you about the recruitment process.
  • Keep records related to our hiring processes.
  • Comply with legal or regulatory requirements.

It is in our legitimate interests to decide whether to appoint you to the role since it would be beneficial to our business to appoint a suitable candidate to that role.

We also need to process your personal data to decide whether to enter into a contract with you.

Having received your CV and covering letter and the results from any tests you took; we will then process that data to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is suitable to invite you for an interview. If we decide to call you for an interview, we will use the data you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we may then take up references and/or any other check before confirming your appointment.

If you fail to provide personal data

If you fail to provide personal data when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we may not be able to process your application further. For example, if we require references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

HOW WE USE PARTICULARLY SENSITIVE PERSONAL DATA

We will use your sensitive personal data only in so far as we are permitted by Law to do so :

We will use data about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.

We will use data about your nationality or ethnicity, to assess whether a work permit and a visa will be necessary for the role.

AUTOMATED DECISION-MAKING

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

DATA SHARING

We will only share your personal data with third parties for the purposes of processing your application. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our specific instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our website privacy notice.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

DATA RETENTION

We will retain your personal data for a period of 3 years after your last application date [ if you are unsuccessful we shall retain your personal data for 6 months or for a period of 3 years upon your explicit consent]. We retain your personal data for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. We further retain such personal data in case a similar role becomes vacant for which you will be a fitting candidate. Please ensure that your data is kept up to date at all times by logging into the online system. After this period, we will securely destroy your personal data in accordance with our data retention policy.

RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION

Your rights in connection with personal data

Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.

If you want to review, verify or correct your personal data, you can do so by logging into the online system. If you wish to request erasure of your personal data or object to the processing of your personal data, please send an email to DPOPh@gus.global

ADDRESS DATA PROTECTION QUERIES

We have appointed a Data Protection Officer [DPO] to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact the DPO at DPOPh@gus.global. You have the right to make a complaint at any time to the National Privacy Commission, authority for data protection issues.

Suppliers to GUS Education Business Process Solutions and Services Philippines Inc.

 

Types of personal information we collect

We collect, use and store different types of personal information about you, which we have grouped together as follows:

Types of personal information

Description

Identity Data

ID information including your name, marital status, title, date of birth and gender

Contact Data

Where you live and how to contact you

Financial Data

Your financial position, status and history, including bank details and credit rating

Transactional Data

Details about payments to and from you and other details about services you purchase from us and we purchase from you

Communications Data

What we learn about you from letters, emails and conversations between us

Publicly Available Data

Details about you that are publicly available or elsewhere on the internet

Consents Data

Any permissions, consents or preferences that you give us

 

How we use your information

The table below outlines how we use your personal information and our reasons. Where these reasons include legitimate interests, we explain what these legitimate interests are.

What we use your information for

Our reasons

Our legitimate interests

  • To receive the products or services you provide to us

  • Contractual performance

  • Legal obligation

  • Legitimate interests

  • For company management

  • To maintain access and control records

  • For incident/breach reporting, management and investigation

  • To fulfil our contractual obligations

  • Contractual performance

  • Legitimate interests

  • To comply with our contractual obligations to you and your organization

  • To properly manage the risks and liabilities associated with the contracts we are party to

  • To comply with laws and regulations that apply to us

  • To protect our reputation

  • To enforce the terms of our contract with you

  • Contractual performance

  • Legitimate interests

  • To ensure that we benefit from the terms of the contracts we have entered into and properly manage the risks and liabilities associated with them

  • For procurement purposes, including supplier due diligence, background checks and the assessing of tenders

  • To carry out credit checks

  • Legitimate interests

  • To carry out supplier due diligence

  • To ensure our contracts provide us with best value

  • To assess the financial worthiness and reliability of those with whom we deal

  • For financial administration, including calculating and managing payments, benchmarking, calculating fees and interest and collecting and recovering money that is owed to us

  • Contractual performance

  • Legitimate interests

  • Our legal duties

  • To meet our contractual obligations to you or your organization

  • To ensure that we benefit from the terms of the contracts we have entered into and properly manage the risks and liabilities associated with them

  • To comply with laws and regulations that apply to us

  • To establish, enforce and defend legal claims

  • Legal claims

  • Legitimate interests

  • To comply with laws and regulations that apply to us

  • To respond to questions or complaints

  • To maintain records to evidence matters that may be in dispute

  • To manage our business properly

  • For corporate activity, such as a sale, transfer, merger or re-organization of our business

  • Consent

  • Contractual performance

  • Legitimate interests

  • To manage our business efficiently and properly in accordance with normal business practices, legal requirements and to optimize its value for shareholders

  • To ensure that we run our business in accordance with good business principles and meet corporate governance, accounting and audit standards

  • For the prevention of crime and public safety, including through the use of CCTV

  • Legal obligation

  • Legitimate interests

  • To manage the risk of crime and safety for us, our employees and our clients

  • To develop and improve how we deal with crime

  • To report criminality or the suspicion of criminality for the wider benefit of society

  • To be efficient about how we fulfil our responsibilities generally

 

Where we collect your personal information from

We may collect personal information about you from the following sources:

  • Directly from you or the organization for whom you work

  • Companies or individual that tell you about us

  • Publicly available resources

  • The internet and social networking sites such as LinkedIn

  • Third parties with whom we deal with during the course of carrying on our business

  • Market researchers

  • Intermediaries such as other companies who know you

Who we share your information with

We may share your personal information with the following third parties:

  • Agents and service providers that we use during the course of providing services,

  • Our professional advisors

  • Other suppliers to the GUS Group

  • The police and other law enforcement agencies

  • Other companies owned or jointly owned by GUS

  • Potential or actual purchasers of any part of our business or assets, or other third parties in the context of a possible transfer or restructuring of our business

If you choose not to give your personal information

If you choose not to give us your personal information, it may delay or prevent us from being able to comply with our own legal obligations. It may also result in us being unable to, or refusing to, engage you or your organizations as a supplier.

Automated decisions

We do not envisage taking any decisions about you based solely on automated processing (i.e. without human involvement), which have a legal or similarly significant effect on you.

How long we keep your personal information

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In general terms, we will hold information for so long as you continue to provide us with products and services and for an additional period of 6 years thereafter.

International transfers

As a global company, we hold some personal information concerning our suppliers. We do work with agents and service providers who may process your personal information on our behalf outside the Philippines. If your information is processed outside the Philippines, we will ensure that it is protected to the same standards as if it were being processed within the Philippines by putting in place a contract with our agents and service providers that provides adequate safeguards.

If you require more information or have any queries, please contact our Data Protection Officer at: DPOPh@gus.global

© GLOBAL UNIVERSITY SYSTEMS PHILIPPINES 2021. ALL RIGHTS RESERVED.