- Data Protection. The information collected from the data subject is stored into our database and hosted locally in a server in Head Office. We keep submitted/shared personal data secure and make it accessible to partners and staff on a need to know basis. QRS has implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, alteration or destruction. Only authorized QRS personnel are provided access to personal data and these employees have agreed to ensure confidentiality of this information. QRS collects these information only when necessary for business purposes or to meet the purposes for which the data subject have submitted the information.
- Use of Information. QRS collects, uses or discloses personal information only for reasonable business purposes and only if there is consent or deemed consent from the data subject. QRS may also collect, use or disclose personal information if it is required or authorized under applicable laws.
- Access to Information. We have implemented generally accepted standards of technology and operational security to protect the personal information in our possession or under our control and to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks. All QRS personnel follow a network-wide security policy. Only authorized QRS personnel are provided access to personally identifiable information and these personnel have agreed to ensure confidentiality of this information.
- Disclosure to Third Parties. QRS does not disclose personal information to third parties except when required by law, when we have the data subject’s consent or deemed consent, or in cases where we have engaged the third party such as data intermediaries or subcontractors to assist with our activities. Any such third parties whom we engage will be bound contractually to keep all information confidential.
- Data Retention. We will cease to retain personal information, as soon as it is reasonable to assume that the purpose for collection of such personal information is no longer being served by such retention, and such retention is no longer necessary for legal or business purposes. We will ensure that any transfers of personal information to a territory outside of Philippines will be in accordance with the DPA so as to ensure a standard of protection to personal information so transferred that is comparable to the protection under the DPA.