INTRODUCTION
North Star International Travel, Inc. (“North Star” and the “Company”) greatly values the privacy and confidentiality of Personal Data of its customers (“Data Subject”) and adheres to the relevant applicable laws of the Philippines. This Privacy Policy (“Policy”) details how the Company collects, use, and handles Personal Data for the purpose of the travel services we provide, in accordance with the Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), other issuances of the National Privacy Commission (NPC), and other relevant laws of the Republic of the Philippines.
DEFINITION OF PERSONAL DATA
“Personal Data” refers to and includes:
- “Personal information” which means any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual; and
- “Sensitive personal information” which means:
- about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
- about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
- issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
- specifically established by an executive order or an act of Congress to be kept classified.
PURPOSE OF PERSONAL DATA COLLECTION
North Star collects, uses, processes, stores and retains Personal Data necessary to perform its business processes efficiently and safely in accordance with the relevant Company policies and laws. In particular, the Company will collect your data in order to accomplish the requested travel service and provide you with access to the best applicable rates and services available in the industry.
TYPES OF PERSONAL DATA COLLECTED
In order for North Star to provide you with your travel needs, we will collect the following Personal Data.
- Passenger Information – includes personal information appearing on your Passport or other government-issued IDs (e.g. name, passport number, birth date) and those specifically required in completing Travel Visa application or travel-related forms.
- Employment Information – we collect employment information in adherence to the instructions given to us necessary to comply with our clients’ operational and financial requirements.
- Financial Information – to comply with the requirements of external tourism entities (e.g. embassies) particularly for Travel Visa application purposes.
COLLECTION PROCESS OF PERSONAL DATA
North Star collects Personal Data in the most secured and direct method available between the Data Subject and the Company. Personal Data collected electronically can be transmitted with encryption or via a secured file transfer protocol. Personal Data in written form are transmitted by the Company’s in-house Messengers, or may be transmitted via a third-party courier service, whichever the Data Subject prefers.
ACCURACY OF COLLECTED PERSONAL DATA
The Data Subjects are primarily responsible for ensuring that the Personal Data submitted to North Star with their consent is accurate, complete and up-to-date. Providing incomplete, inaccurate or outdated Personal Data may result to denial of requested service. North Star will request for the updated Personal Data of its Data Subjects every time a travel request is received to ensure successful transaction results.
SECURITY OF PERSONAL DATA
North Star strictly enforces its Information Security Policy and Data Privacy Policy. Information Security and Data Privacy policies, controls, and security measures are in place to ensure the security of systems handling Personal Data and the confidentiality of Personal Data against misuse, unauthorized access, modification, disclosure, loss or destruction. The Company uses security controls and measures such as the following:
- Defined roles and access privileges to individuals or groups limited to oblige with the personnel’s function and responsibility.
- Use of unique username and password to access Personal Data.
- Periodic review of access and authorization of qualified and authorized personnel.
- Strict implementation of critical Information Security Policies (e.g. Access Control, Email, Internet, Assets).
SHARING OF PERSONAL DATA
As a general rule of the Company, it is strictly prohibited to share any Personal Data with unauthorized entities except as necessary for the execution of processes related to the required business purposes, or the use or disclosure of the Personal Data is required or authorized by or under the law.
For the purpose of official travel transactions between the Company’s external travel providers and suppliers, necessary but limited Personal Data may be shared in accordance with the Company’s Data Sharing Agreement (DSA) for its third party business partners and the Data Processing Consent from the Data Subjects.
North Star ensures that the relevant third party entities involved in the purpose of the requested service also adheres to the proper security and confidentiality of Personal Data as stated in the Data Sharing Agreement.
RETENTION OF PERSONAL DATA
The Company retains your Personal Data for as long as necessary to fulfil the purpose for which it was collected. We may retain limited Personal Data for longer if it may be the subject for legal claim, compliance with local governance or law, or may otherwise be relevant for future litigation.
The Company obliges with the right of the Data Subjects for data erasure or blocking should the Data Subject requests us to.
RIGHTS OF A DATA SUBJECT
The Data Subjects, as mandated by the Data Privacy Act of 2012, have the:
- Right to be informed;
- Right to object;
- Right to access;
- Right to rectification;
- Right to erasure or blocking;
- Right to be indemnified for damages; and
- Right to file a complaint.
The Company’s decisions are always subject to applicable and relevant laws and/or the Data Privacy Act of 2012, its Implementing Rules and Regulations, and other issuance of the National Privacy Commission.
CONTACT US
For any inquiries, feedback, and/or complaints relative to your Personal Data or this Policy, you may reach our Data Protection Officer through the following contact details:
Data Protection Officer
North Star International Travel, Inc.
19th Floor Trident Tower 312 Sen. Gil Puyat Ave.
Makati City 1200 Philippines
Tel: +63 2 3485 7272 Ext. 813
Fax: +63 2 8843 3360
Email: DPO@northstar-travel.com.ph