The Company collects Personal Data from its customers and potential customers necessary for it to offer products and services to the public, to fulfill its obligations under the purchase contracts executed, to attend to requests to the Company in the course of transactions, and to ultimately provide the goods and services ordered. The Company collects Personal Data in the following opportunities:

When the customer or potential customer voluntarily discloses the Personal Data

• Personal Data is required to be disclosed to the Company before a purchase may be made. In making a purchase, the potential customer must necessarily disclose the following Personal Data: name, home address, email address, contact information, as well as the purchase details.
• Personal Data may also be disclosed by a customer through the forms and documents he/she submits to the Company.
• Personal Data would likewise be collected in the event customers call the Company with requests for assistance, complaints or feedback.

When the customer or potential customer accesses any of the Company’s online services

• When the customer/potential customer opts to access any of the Company’s online services, such as choosing to contact the Company through the online “Contact Us” form or availing of the Company’s delivery service, Personal Data may be collected including: personal details, location details/address, contact details, order details, and any information provided in the message.
• The customer/potential customer may prefer to contact the Company through its social media accounts. In choosing to engage the Company through its social media accounts, the following Personal Data of the customer/potential customer may be collected: Personal Data on his/her account, personal details, contact details, location details/address, and other information that may be disclosed in the message.
• The Company operates the https://www.iyasjumbopastillas.com/ website. Personal Data may be disclosed by customers/potential customers to the Company on website, including the following: access details, IP address and other information about the system used to access the site.

From publicly available information or from third parties

• Advertisements of the Company and its products found at other third-party sites may be serviced by Company service providers that may use cookies to collect information about visits to these sites.
• The Company may likewise collect Personal Data from third-party websites which are not affiliated with or connected to the Company, whether directly or indirectly. The information may include, but is not limited to, the user ID associated with the account that accessed the Company website or any of the services therein, access tokens necessary to access the service, any other information that the customer/potential customer may have permitted the third party to share with the Company, and any information that the customer/potential customer may have made public in connection with the service.

Data subjects may inform the Company of the specific Personal Data that they do not want to be processed beyond the requested purpose. The Company will respect the request of data subjects in so far as it is feasible to fulfill the purposes for which the Personal Data was collected.

Data subjects may inform the Company of the specific Personal Data that they do not want to be processed beyond the requested purpose. The Company will respect the request of data subjects in so far as it is feasible to fulfill the purposes for which the Personal Data was collected.

Personal Data, depending on the transaction or business with the Company, shall be processed for the following purposes:

1. To fulfill the Company’s obligations, and enforce its’s rights, under its contracts with its customers, including but not limited to delivery of requested products and/or services;
2. To communicate with customers, through any available means, regarding matters related to customer experience and other legitimate matters, including:
   
   • customer feedback and perspectives, and possible participation in the Company’s market research activities;
   • resolution of complaints;
   • requests for assistance regarding technical and other product or service issues;
   • customer demographics and preferences;
   • improvement of sales and marketing activities, and overall customer satisfaction;
   • alignment of the Company’s program or training with customer development needs;
3. To prepare statistical analysis and technical reports;
4. To solve website errors and possible problems;
5. To fulfill legitimate business purposes;
6. To comply with obligations under law;
7. To establish, exercise, or defend legal claims; and
8. To fulfill any other purposes directly related to the above-stated purposes.

The Company will not process the Personal Data of users in ways incompatible with the above-stated purposes.

The Company is the Personal Information Controller of any Personal Data disclosed by data subjects as it determines the purposes for which the Personal Data is being collected and processed.

Personal Data may be disclosed to the Company’s partners and third parties for the following purposes:

1. To facilitate orders for goods and services;
2. To settle possible disputes;
3. To respond to law enforcement authority or other government regulatory bodies’ requests;
4. To process and administer technical and sales support;
5. To answer and resolve inquiries, concerns or complaints;
6. To make promotional events or activities;
7. To conduct audits, including operational, risk, compliance, financial, and anti-fraud and corruption audits, and/or investigate a Complaint or security threat;
8. To comply with the Company’s business and management responsibilities and policies, which are necessary for the organizational functioning of the Company;
9. To comply with statutory requirements;
10. To establish, exercise, or defend legal claims; and
11. Fulfill any other purposes directly related to the above-stated purposes.

When the processing of Personal Data is outsourced by the Company to a third party, the processing will be subject to written agreements between the Company and the third parties processing the Personal Data. These written agreements specify the rights and obligations of each party and will provide that the third party has adequate security measures in place and will only process the Personal Data on the specific written instructions of the Company. The Company may also transfer Personal Data to third parties as required by law or legal instrument, to protect the Company’s rights or assets, to facilitate acquisition or disposition of the Company’s businesses, and in emergencies where the health or safety of a person is endangered. The Company will not sell, rent, share, trade, or disclose any of the Personal Data it obtained to any other party without the prior written consent of the data subjects, with the exception of entities within the Company and any third-party service providers which the Company has engaged, whose services necessarily require the processing of Personal Data. The following are the third parties to whom Personal Data may be disclosed:

1. Regulatory bodies/agencies, law enforcement authorities, and other legal bodies;
2. Service providers;
3. Suppliers;
4. Stockholders and business partners; and
5. Potential investors or target companies in the context of an M&A deal.

Personal Data will be retained or stored for as long as the purposes for which they are being processed have not been satisfied. The Company will retain and use the Personal Data as necessary to comply with its legal obligations, resolve disputes, and enforce its agreements, after which the Personal Data shall be deleted or anonymized.

The Company has put in place physical, electronic, and managerial procedures designed to help prevent unauthorized access, to maintain data security, and to use correctly the Personal Data collected. These safeguards vary based on the sensitivity of the Personal Data collected and stored.

Subject access requests may be made by emailing the data protection officer. The Company may take reasonable steps to confirm the requester’s identity as a data subject before granting access to the Personal Data and allowing updates thereto.

Data subjects have the following rights under the DPA, which may be exercised at their discretion:

1. The right to access Personal Data
   Under the DPA, it is possible for individuals to request access to any of their Personal Data held by the Company, subject to certain restrictions. A request for disclosure of such information is called a subject access request. Any such requests should be addressed to the Data Protection Officer.


2. The right to make corrections to Personal Data
   The DPA requires the Company to take reasonable steps to ensure that any Personal Data it processes is accurate and up to date. It is the responsibility of data subjects to inform the Company of any changes to the Personal Data that they have supplied to the Company during the course of their engagement.


3. The right to object to the processing of Personal Data
   Data subjects have the right to object to the processing of his/her Personal Data, including processing for direct marketing, automated processing or profiling. Data subjects shall also be notified and be given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the data subjects in this Data Privacy Policy. Please note that some of the Personal Data provided to the Company is necessary for it to comply with statutory and regulatory requirements, as well as its administrative policies and is thus mandatorily required to be collected and processed. Withholding of consent to the processing of certain personal information may prevent data subjects from availing of certain benefits


4. The right to erasure or blocking of Personal Data
   Data subjects have the right to suspend withdraw or order the blocking, removal or destruction of their Personal Data from the filing system of the Company.


5. The right to be informed of the existence of processing of Personal Data
   Data subjects have the right to be informed whether Personal Data pertaining to them shall be, is being, or have been processed, including the existence of automated decision-making and profiling.


6. The right to damages
   Upon presentation of a valid decision, the Company recognizes the right of data subjects to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Data, taking into account any violation of the rights and freedoms as a data subject.


7. The right to lodge a complaint before the NPC

This Data Privacy Policy may be updated from time to time. The data subjects will be notified whenever there are any updates that will significantly affect their rights.

In case of complaints, concerns, or questions regarding the processing of Personal Data, or if data subjects wish to exercise their data subject rights, it may be addressed to:

JMCML Int’l Trading Corp.
GF 411 Anflocor Bldg., Quirino Ave cor NAIA Rd.
Paranaque, Manila 1004
(+632) 8855-2741
info@jmcml.com