Data Protection
Effective Date: July 1, 2025
Konektao is dedicated to safeguarding the personal data of everyone we work with. This page outlines our data protection practices, your rights under the Philippine Data Privacy Act of 2012 (RA 10173), and how we ensure compliance with international data protection standards.
1. Our Commitment to Data Protection
- Konektao is committed to protecting the personal data of our clients, employees, and all individuals whose information we process. We comply with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and other applicable data protection laws.
- Our data protection practices are designed to ensure that personal data is processed lawfully, fairly, and transparently, and that it is kept secure at all times.
2. Data Protection Officer
- Konektao has appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and ensuring compliance with applicable data protection laws.
- You may contact our DPO at support@konektao.com for any data protection inquiries, complaints, or requests.
3. Legal Bases for Processing
- We process personal data only when we have a lawful basis to do so, including:
- Contractual necessity — processing required to perform our EOR, payroll, and HR compliance services.
- Legal obligation — processing required to comply with labor laws, tax regulations, and other legal requirements in applicable jurisdictions.
- Legitimate interests — processing for business operations, fraud prevention, and service improvement, where such interests are not overridden by your rights.
- Consent — where you have given explicit consent for specific processing activities, such as marketing communications.
4. Data We Process
- In the course of providing EOR and workforce management services, we process categories of personal data including:
- Identity data: full name, nationality, government-issued ID numbers, date of birth.
- Contact data: email address, phone number, home address.
- Employment data: job title, compensation, employment contracts, performance records, tax filings.
- Financial data: bank account information for payroll disbursements.
- Sensitive personal information: where required by law, including health information for benefits administration.
5. Data Minimization
- We collect only the personal data that is necessary for the specific purposes for which it is processed.
- We regularly review the data we hold to ensure it remains accurate, relevant, and limited to what is necessary.
6. Data Security Measures
- We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction. These include:
- Encryption of data in transit and at rest.
- Role-based access controls limiting data access to authorized personnel only.
- Regular security assessments, vulnerability scanning, and penetration testing.
- Employee training on data protection and security awareness.
- Incident response procedures to detect, report, and respond to data breaches promptly.
7. Data Breach Notification
- In the event of a personal data breach that poses a real risk of serious harm, Konektao will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, as required under the Philippine Data Privacy Act.
- Affected individuals will be notified without undue delay where the breach is likely to result in high risk to their rights and freedoms.
8. Data Transfers
- As a global EOR provider, Konektao may transfer personal data across borders when necessary to provide our services.
- International transfers are conducted only to countries that provide an adequate level of data protection, or with appropriate safeguards in place (such as data processing agreements with standard contractual clauses).
- We do not transfer personal data to third parties outside of what is necessary to deliver our services or comply with legal obligations.
9. Third-Party Processors
- We engage third-party service providers who process personal data on our behalf (sub-processors), such as cloud infrastructure providers, payroll systems, and HR platforms.
- All sub-processors are bound by data processing agreements that require them to maintain appropriate security standards and process data only as instructed by Konektao.
10. Your Data Subject Rights
- Under the Philippine Data Privacy Act and other applicable laws, you have the following rights regarding your personal data:
- Right to be informed — to know what personal data we collect and how it is used.
- Right to access — to request a copy of the personal data we hold about you.
- Right to correction — to have inaccurate or incomplete data corrected.
- Right to erasure — to request deletion of your personal data in certain circumstances.
- Right to object — to object to certain types of processing, including direct marketing.
- Right to data portability — to receive your data in a structured, commonly used format.
- Right to damages — to be indemnified for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data.
- To exercise any of these rights, please contact us at support@konektao.com. We will respond within 15 business days.
11. Retention Periods
- We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes.
- Employment records are generally retained for a minimum of 10 years following the end of an employment relationship, in compliance with Philippine labor and tax regulations.
- Marketing data is retained until you withdraw consent or opt out.
- When data is no longer required, it is securely deleted or anonymized.
12. Complaints
- If you believe your data protection rights have been violated, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.
- We encourage you to contact us first at support@konektao.com so we can address your concern directly.
13. Updates to This Policy
- We review and update our data protection policies regularly to reflect changes in law, technology, and our business practices.
- Material changes will be communicated via our website or directly to affected individuals.
14. Contact Us
- For any data protection inquiries, access requests, or complaints, please reach out to:
- Konektao Data Protection Officer Email: support@konektao.com Website: https://konektao.com