I. Introduction
QBE GROUP SHARED SERVICES LIMITED – PHILIPPINE BRANCH and QBE MANAGEMENT SERVICES ASIA OPERATING HEADQUARTERS (collectively, “QBE,” “QBE Group Shared Services Centre,” or “GSSC”) are committed to respecting privacy rights of our customers, employees, including interested job candidates/applicants and protecting their personal data from misuse or unauthorized disclosure and complying with privacy laws.
QBE values its reputation and aims to maintain high ethical standards in the conduct of its business affairs. The actions and conduct of employees as well as others acting on QBE’s behalf, such as agents and third parties, are key to maintaining these standards.
II. Definition
For purposes of this GSSC Privacy Policy Statement, the following terms are defined as follows:
“personal data” refers to either:
- “personal information”, which means any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an individual; or
- “sensitive personal information”, which refers to personal information (1) about an individuals’ race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations; (2) about an individual’s health, education, genetic, or sexual life, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings; or (3) issued by government agencies peculiar to an individual, which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension, or revocation, and tax returns.
“processing” or “process” refers to any operation or any set of operations performed upon personal data, including, but not limited to, the collection, recording, organization, storage, updating, or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data. Processing may be performed through automated means or manual processing if the personal data are contained or are intended to be contained in a filing system.
“profiling” refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
III. GSSC Privacy Policy Statement
The confidentiality of the personal data you have entrusted to QBE is important to QBE management. This GSSC Privacy Policy Statement provides how QBE values and protects your personal data in accordance with the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), other issuances of the National Privacy Commission (NPC), and other relevant laws of the Philippines.
This GSSC Privacy Policy Statement also tells you how QBE will process your personal data.
Why does QBE collect your personal data?
It is important that QBE collects, uses, processes, stores, and retains your personal data in performing its legitimate interests as an organization, in processing your job application, and during instances when it is deemed reasonable and necessary or required by applicable law. In particular, QBE processes your personal data in relation to its operation of a shared services centre for the QBE Group, specifically:
- to track the progress of your job application;
- as part of QBE’s recruitment process and strategy; and
- for data analytics to enable QBE to determine trends pertaining to its recruitment process and strategy.
What type of personal data does QBE collect?
QBE receives or collects your personal information and sensitive personal information in the course of your job application process or as a result of your submission of your job application to QBE, including all documents that you disclose or submit in support of the said application. Please note that you are responsible in ensuring that all such personal data you submit to QBE are accurate, complete and updated.
QBE collects your information to track the process of your job application, which includes:
- Full name
- Mobile number
- Email address
- Personal address
- Birthdate
- Educational background
- Employment background
- Government IDs
- Character references
- Negative records (for background check)
How does QBE acquire or process your personal data?
QBE acquires or processes your personal data upon your application for a job with QBE, and if your job application progresses to the point you are offered a job at QBE, for the duration of your employment through any of the following means:
- The recruitment/job application forms that you filled-up, whether through hard copies, electronic documents, or an online recruitment system, including the documents that you submitted in the course of your hiring process
- In conducting background and health checks
- When you provide or update your information using QBE’s HRMS tool (e.g., Workday)
- When you disclose your personal data or your personal data is captured through phone calls, videoconferencing, mobile devices, instant messaging or chat systems (e.g., Viber, WhatsApp, Skype, or text messaging), e-mails, or when you otherwise use and access GSSC facilities and network
- When you disclose your personal data to QBE or when you access or use certain tools and facilities within QBE premises through the course of your job application process and employment: instant messaging systems (e.g., Skype, WhatsApp, or Viber), social networking service, HRMS tool, productivity and workflow system, e-mail system, online survey system, quality control and assurance processing system, communications systems, incident management system, crisis management system, whistleblowing systems, governance, risk, and compliance systems, internal audit system, contract management system, travel and expenses management system, learning and training system, payroll system, work health and safety systems, data analytics solution tools, desktop virtualization and networking system, and other IT and networking systems (collectively, “Tools and Facilities”).
The Tools and Facilities that you are given access to or are in place within QBE premises are outsourced to QBE’s valuable partners who have contractual obligations to secure personal data that they may acquire through the course of their delivery of outsourced services to QBE.
In the processing of your information, QBE may carry out wholly or partly automatic processing operations that may involve a series or structure set of processing operations performed on your personal data, which is intended to serve a single purpose or several related purposes as set forth in this document, including passive collection of data; or use automated decision-making and profiling systems.
Who does QBE share data with?
As GSSC is the shared services centre to the Divisions, it is part of the offshore outsourcing arrangement that GSSC may share data with QBE affiliates located in Australia, New Zealand, North America, United Kingdom, Europe, and Asia Pacific. QBE GSSC and parties outside the Philippines will be accountable for any cross-border transfer of personal data.
In order to be compliant with and if required by applicable laws, QBE will be required to disclose data about you to the Philippine Economic Zone Authority (PEZA), Bureau of Immigration (to the extent relevant) and such other relevant government agencies that have the legal authority to require the disclosure of your data.
As GSSC has outsourced certain recruitment functions (including background and health checks), QBE will be providing data and information to GSSC’s recruitment processing outsourced providers. For the purpose of promoting work health and safety, QBE will be providing data and information to providers of corporate security, building maintenance and storage facility. They will also be providing data to its consultants and job-contractors as required in the operation of shared services centre. (For the list of information that QBE share, please refer to “What type of personal data does QBE collect?” located on page 2 of this document.)
Any of the foregoing QBE partners are contractually bound to secure any data that they receive from QBE, which are intended to be used only for the purpose disclosed in this Privacy Policy Statement.
QBE will not share your personal data to a third party, except in instances when required by law, when it is necessary for QBE to perform its legal, regulatory, and contractual obligations or in order for QBE to perform its legitimate interests as an organization or legal obligations.
How does QBE protect your personal data?
QBE is committed to comply with the requirements of the law to secure your personal data. GSSC has sufficient technical and organizational measures in place to protect your personal data. The measures cover various aspects of data security including the following:
- Encryption, data masking and activity logging as appropriate
- Putting in place access controls and maintaining access logs
- Having minimum password requirements and requiring regular changes to passwords
- Having physical access controls to our offices
- Implementing procedures for security incident management and back-up and recovery and having in place disaster recovery and business continuity plans
- Use of firewalls and up-to-date virus scanning software and email filtering services
- Providing regular security and privacy/data protection training for all our employees
QBE’s security measures are kept under periodic review and are regularly updated to reflect developments in technology and security and changes to its business. However, you must be aware that there are inherent security risks in transmitting data, such as e-mails or via the Internet, because it is impossible to safeguard completely against unauthorized access by third parties.
Where and how long do we keep your personal data?
The personal data will be stored in facilities located in the Philippines and in QBE servers of the QBE Division that you are supporting or associated with, that are located in Australia, United States of America, United Kingdom and Europe, and will be retained for a period of two (2) years from the date of submission of your job application or end date of your job application process, whichever comes first. In the event that your job application progresses to the point you are offered a job at QBE, your personal data will be retained for the duration of your employment and for a period of ten (10) years from the termination of your employment with QBE (“Retention Period”). Upon the expiration of the Retention Period, QBE will properly dispose your personal data.
What are my rights?
QBE relies on the accuracy of the information you submit. You may contact us to update your personal information or advise us if the personal information QBE GSSC holds is not accurate, up to date, or complete. You can contact us to amend your personal information to the extent such request is reasonable and to the extent allowed by law.
You may obtain a copy of your information to the extent required by applicable law, and know how your information is being used. If your personal data is processed by electronic means and in a structured and commonly used format, QBE may provide a copy of your personal data in an electronic or structured format that is commonly used upon your request.
You have the right to object to the processing of your personal data, including the processing for direct marketing, automated processing, or profiling.
You have the right to have your data deleted and withdraw your consent to further use your personal data by QBE, unless QBE has a legal ground or overriding legitimate interest to keep and/or for the continued processing of your personal data or as required or justified by applicable law. Your consent to process your personal information may be required to progress your job application. If you withdraw your consent, QBE will be unable to process your job application.
You have the right to reach out to the National Privacy Commission, if you want to need more information about your legal rights with respect to your personal data and how to enforce the same. QBE reserves to avail of legal remedies as appropriate under the circumstances.
Your exercise of the above rights is subject to limitations as allowed by law, such as (a) if the processed personal data are used for scientific and statistical research and, on the basis of such, no activities are carried out and no decisions are taken regarding the data subject; and (b) if the processing of your personal data is gathered for the purpose of investigations in relation to any criminal, administrative, or tax liabilities of a data subject.
GSSC Data Protection Officer
If you have any questions about this Privacy Policy Statement or your rights and how to exercise the same hereunder, concerns, or want to report a data breach incident or a complaint, if you need to access or request for the modification/erasure of your personal data, or you would like to object to the processing of your personal data, you can contact the GSSC Data Protection Officer (DPO):
Data Protection Officer
QBE Group Shared Services Centre
QBE Group Shared Services Limited – Philippine Branch
Three/Neo Building (formerly, NetCube Building)
3rd Avenue cor. 30th Street., E-Square Crescent Park West,
Bonifacio Global City, Taguig City, Philippines
[email protected]
Data Protection Officer
QBE Group Shared Services Centre
QBE Management Services Asia Operating Headquarters
Level 14, W Fifth Building
5th Avenue, Bonifacio Global City, Taguig City, Philippines
[email protected]