AIM Privacy Notice
This Data Privacy Statement and Consent Form covers the personal information that the guests may be asked to disclose in the course of its stay with AIM. AIM values the trust put upon it by its guest and strives to protect their privacy.
I. Information We Collect
By virtue of your contract with AIM, you (the ‘Guest’) hereby expressly agree, consent, and authorize AIM to collect and process the following personal and sensitive personal information:
1. Personal Details: name, citizenship, gender, civil status, date of birth, age, contact details, address, email address, signature, credit card information
2. Government-issued Identification: passport, SSS id, driver’s license
3. Company Details: name of the company, contact person of the company
II. How We Use the Information
The Guest agrees and authorizes the above-mentioned personal information for the purposes stated below:
1. To verify guest information in order to facilitate the process of checking in.
2. To obtain feedback regarding the organization’s services to be used for marketing purposes.
3. To verify accommodation details.
4. To make the necessary reservations for its rooms and other amenities.
5. To confirm reservations made.
6. To identify guests to whom services should be rendered.
III. How We Collect the Information
We collect your personal data from any documents or communications that you may have directly submitted to us, from publicly available information to third parties. This may include any references that you have provided, such as company affiliations, associations / organizations, and events.
You may inform us of the specific personal data you do not want to be processed beyond the requested purpose. We will respect your request in so far as it is feasible to fulfill the purposes for which the personal data was collected.
Where you have provided us with the personal data of individuals other than yourself, you warrant that you have obtained their consent for the disclosure, in accordance with the DPA.
IV. How We Process the Information
Your personal data may be processed both by way of computer media and on paper, in compliance with the rules in relation to personal data protection, therein including those relating to data security.
V. AIM as the Personal Information Controller
AIM is the Personal Information Controller under the DPA, which means that it determines what purposes personal information it holds will be used for. It may also be that your personal data is disclosed to third parties pursuant to a data sharing agreement, in which case, such third parties are also the personal information controllers of your personal information.
VI. Information Sharing and Disclosure
The Guest agrees that the above-mentioned personal information may be disclosed by AIM to the following recipients for the following purposes:
1. Messenger and/or Courier Service Providers: For the receipt and delivery of documents to various units and/or institutions.
2. Third-Party Storage Management Service Provider: For the storage, safekeeping, organization of documents and all of its contents.
The personal information of the Guest may be disclosed to third parties, including third-party service providers for the following purposes:
1. For digitization and storage;
2. Data collection and analysis;
3. For the establishment, exercise, or defense of legal claims.
When the processing of personal information is outsourced by AIM to a third party, the processing will be subject to written agreements between AIM and the third parties processing the data, in accordance with the requirements of the Data Privacy Act of 2012. These written agreements specify the rights and obligations of each party and will provide that the third party has adequate security measures in place and will only process the personal information of the Guest on the specific written instructions of AIM.
AIM may also transfer the personal information of the Guest to third parties as required by law or legal instrument, to protect AIM’s rights or assets, to facilitate acquisition or disposition of AIM’s businesses, and in emergencies where the health or safety of a person is endangered.
AIM will not sell, rent, share, trade, or disclose any personal information of the Guest to any other party without the prior written consent of the Guest, with the exception of entities within AIM and any third-party service providers which AIM has engaged whose services necessarily require the processing of the personal information of the Guest.
The Guest agrees that the above-mentioned personal information will be retained or stored for as long as the purposes for which they are being processed have not been satisfied. AIM will retain and use your personal information as necessary to comply with its legal obligations, resolve disputes, and enforce its agreements:
1. Hardcopies of the registration forms accomplished by the Guest may be stored in the offices of AIM or in an off-site warehouse managed by a third-party service provider.
2. The forms with the information of the Guest will be digitized and stored in AIM’s information management system hosted by AIM on-site or in the premises of an authorized third-party service provider.
3. AIM shall ensure, using contractual and other reasonable means, that the Third-Party Service Provider implements proper safeguards to ensure the confidentiality, integrity and availability of the personal data processed, prevent its use for unauthorized purposes, and comply with the requirements of the Data Privacy Act of 2012, its Implementing Rules and Regulations, and other applicable laws for processing of personal data, and other issuances of the National Privacy Commission.
VIII. Data Protection Measures
AIM has put in place physical, electronic, and managerial procedures designed to help prevent unauthorized access, to maintain data security, and to use the Information we collect and process in the correct and proper manner. These safeguards vary based on the sensitivity of the Information that we collect, store, and process.
IX. Acknowledgement or Rights
You have the following rights under the DPA, which you may exercise at your discretion.
1. The right to access personal information.
Under the DPA, it is possible for individuals to request access to any of their personal data held by the Company, subject to certain restrictions. A request for disclosure of such information is called a subject access request. Any such requests should be addressed to the Data Protection Officer.
2. The right to make corrections to personal information.
The DPA requires the Company to take reasonable steps to ensure that any personal data it processes is accurate and up-to-date. It is your responsibility to inform us of any changes to the personal information that you have supplied to us during the course of your engagement.
3. The right to erasure or blocking of personal information.
You have the right to suspend, withdraw or order the blocking, removal or destruction of your personal information from our filing system.
4. The right to object to the processing of personal information.
You have the right to object to the processing of his/her personal information, including processing for direct marketing, automated processing or profiling. You shall also be notified and be given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to you in this Data Privacy Statement. Please note that some of the personal data you have provided to us is necessary for us to comply with statutory and regulatory requirements, as well as the Company’s administrative policies and is thus mandatorily required to be collected and processed. Withholding of your consent to the processing of certain personal data may prevent you from availing of certain benefits.
5. The right to data portability.
The data subject shall be allowed to obtain and reuse their personal data, in a structured, commonly used and machine readable format, for their own purposes.
6. The right to be informed of the existence of processing of personal information.
You have the right to be informed whether personal information pertaining to you shall be, is being, or have been processed, including the existence of automated decision-making and profiling.
7. The right to damages.
Upon presentation of a valid decision, the Company recognizes your right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information, taking into account any violation of your rights and freedoms as a data subject.
8. The right to lodge a complaint before the NPC.
The data subject has the right to file a complaint in cases of violation of his / her rights and/or for any injury suffered as a result of unlawful processing of his / her data.
X. Changes to this Statement
This Data Privacy Statement may be updated from time to time. The data subject will be notified whenever there are any updates that will significantly affect his/her rights.
XI. Complains, Concerns, Access and Questions
The Guest/s understands that in case of complaints, concerns, or questions regarding the processing of his/her personal information, he/she may address them to the:
Data Protection Officer
Asian Institute of Management
123 Paseo de Roxas St., Legazpi Village,
Makati, 1229 Metro Manila
Contact No. 892-40-11 to 23
XII. Validity of Consent
This consent and authorization remains valid and subsisting for a limited period consistent with the purposes above or until otherwise revoked or cancelled in writing. You may inform AIM of the specific personal information you do not want to be processed beyond the requested purpose. Ipsos will respect the employee’s request insofar as it is feasible to fulfill the purpose for which the personal information was collected.
I have carefully read this agreement and fully understand the terms and conditions stated therein.