You are here :
MR TOY Philippines
Personal Data Privacy Protection Policy
Personal Data Privacy Protection Policy
Last amended: July 25, 2024
BRICOLAGE PHILIPPINES, INC ("us", "we", "our", or “BPI”), through this Personal Data Protection Policy (“Policy”), is committed to protecting and respecting your personal data privacy in compliance with the Philippine Data Privacy Act of 2012 (“the DPA”).
Please read and review this BPI Personal Data Protection Policy (“Policy”), which will inform you about the collection, use, processing, storage, and disclosure of your Personal Data. We trust that it will assist you in making an informed decision about providing us with your Personal Data.
1. DEFINITION OF TERMS
To understand the Policy, capitalized terms used in this Policy shall have the following meanings:
“Applicable Laws” means the Philippine Data Privacy Act of 2012 and its subsequent related legislations and regulations, which may be amended occasionally.
“MR. D.I.Y. PHILIPPINES, we, us, our, or BPI” means BRICOLAGE PHILIPPINES, INC.
“Personal Data” or “Personal Information” means any information, whether true or not, which is (a) about an individual who can be identified (i) from that data, or (ii) from that data and other information to which we have or are likely to have access and would include data in our records as may be updated from time to time; or (b) defined as “personal data”, “personal information”, or “sensitive personal information” under Philippine Data Protection Law.
“Platforms” means collectively MR. D.I.Y.’s Social Media accounts and Website and any other websites/pages or applications that we may create, own, or operate from time to time.
“Processing” refers to the collection, usage, storage, management, disclosure, alteration, destruction, and any other action upon or handling Personal Data.
“Social Media” means MR. D.I.Y. PHILIPPINES’s pages and accounts on third-party social media platforms such as Instagram, Facebook, Twitter, Pinterest, TikTok, and Google+.
“Service Provider” means our service providers and other partners that provide their services to BPI, such as but not limited to payment processing, payroll system, shipping, and inventory management of our products. The Service Provider/s may have access to certain Personal Information/s only to perform their functions on our behalf and are obligated not to disclose or use it for any other purpose.
“Third-party apps” means add-ons that we may have integrated with our Platforms that allow BPI to gather information relating to customer behavior and for marketing purposes. These third parties may have access to certain Personal Information only to perform their functions on our behalf and are obligated not to disclose or use it for any other purpose.
“Website” means the BPI’S websites accessed at https://www.mrdiy.com/ph/
2. SERVICE DESCRIPTION
BPI, through its brands, MR. D.I.Y. PHILIPPINES, may process your Personal Data by the DPA to pursue its vision of being the largest home improvement retailer worldwide.
BPI offers various high-quality, value-for-money home improvement items, adhering to its motto of “ALWAYS LOW PRICES.”
3. PERSONAL INFORMATION THAT IS COLLECTED
During our relationship with you, we may collect Personal Data from you. The Personal Data we may collect from you includes, but is not limited to, the following (collectively, the “Collected Data”):
- Name
- Contact details (including mobile number, mailing and delivery addresses, and email address)
- Birthday
- Network and device data (including your IP address and device or advertising identifiers)
- Shopping or browsing behaviors
- Voice recording (for customer service calls
- Information needed for payments/refunds of transactions (such as but not limited to bank account number/s and other payment options)
- Credit card details
- Any other personally identifiable information you have provided us in any forms you may have submitted to us, or in the course of any other forms of interaction between you and us, for and about your purchase of any MR. D.I.Y. PHILIPPINES product/s.
For transactions through our Platforms and Website, we note your credit card details, whether to process your payment or for customer service purposes, are collected, processed, and stored directly by our third-party payment processors under their terms of use and privacy policies. None of your credit card details are stored with us.
Processing refunds may require the collection of additional Personal Information for the sole purpose of completing refund transactions.
For transactions with the stores, your credit card information will only be viewed for comparison with your presented valid government-issued identification to validate your identity. However, we have not stored any of such information.
If you provide us with Personal Data relating to a third party by submitting such Personal Data to us, you warrant and represent to us that you have obtained the necessary and informed consent of the third party to provide us with the Personal Data provided to us for the respective purpose/s for which it was submitted.
Please ensure that all Personal Data submitted to us is complete, accurate, true, and correct. Failure to do so may result in our inability to provide you with the products and services you have requested.
4. COLLECTION METHOD AND TIMING OF COLLECTION
We collect Personal Data through the following methods and moments:
- You register an account on the Websites;
- You purchase MR. D.I.Y. product/s through the Websites, Platforms, and our stores;
- You can visit our stores, which are equipped with CCTV cameras for the safety and security of Mr. D.I.Y. patrons, shoppers, visitors, and employees.
- You purchase, use, and receive gift certificates honored by MR. D.I.Y. PHILIPPINES stores
- You can use any related services, such as subscribing to our newsletter and product notifications.
- You can browse our products and services or interact with our website and social media.
- You accept our cookies on your device.
- You interact with our customer experience team or other representatives, for example, via our webform, emails, telephone calls, letters, or face-to-face meetings.
- You interact with us on our Social Media, such as liking our posts, commenting on our posts, and private messaging us on our Social Media.
- You participate in our promotions, lucky draws, initiatives, or requests for additional Personal Data, such as customer surveys.
- We receive references from third parties when such third parties purchase MR. D.I.Y. PHILIPPINES products to be delivered to you, whether as a gift or otherwise
- Your authorized representative submits your Personal Data to us for any purpose reasonably authorized by you, for example, if such representative is purchasing our product or service to be delivered to you.
- Our third-party partners and other service providers provide your Personal Data to us, which was collected and processed by them and disclosed to us under their separate privacy policies.
- When you voluntarily submit your Personal Data to us for any reason.
We may also collect your Personal Data when such collection does not require consent under Applicable Laws. In this instance, we shall inform you before collecting the Personal Data exempt from the consent requirement.
5. PURPOSES OF COLLECTED INFORMATION
We may use and disclose the Collected Data for purposes necessary to provide you with our products and related services, as follows (collectively, the “Purposes”):
I. CUSTOMER INFORMATION
-
-
- Transaction Processing: To process orders, complete transactions, and provide related customer services, including online and in-store purchases.
- Credit Payment: To process and verify credit card and other electronic methods, ensuring secure transactions.
- Refund Processing: To manage and process returns and refunds according to company policies and Philippine consumer protection laws.
- Receipt Issuance and Tax Compliance: To issue receipts and comply with tax rules and regulations mandated by the Bureau of Internal Revenue.
- Customer Support: To provide customer support, respond to inquiries, and address issues or complaints through various channels, including in-store, online, and via mobile app.
- Personalization: To personalize the shopping experience by recommending products and services based on customer preferences and past purchases.
- Marketing and Promotions: To inform customers about promotions, special offers, and new products or services that may be of interest.
- Loyalty Programs: To manage and operate customer loyalty programs, including issuing rewards and benefits through physical stores, online marketplaces, and mobile apps.
- Feedback and Improvement: Collect feedback to improve products, services, and customer experience.
- Legal Compliance: To comply with legal obligations and regulations, including tax, accounting, and consumer protection laws.
- Fraud Prevention: To detect and prevent fraudulent activities and unauthorized transactions.
- Mobile App and Online Marketplaces: To facilitate seamless customer experiences through mobile applications and online marketplaces, ensuring secure and efficient transactions and customer interactions.
-
II. EMPLOYEE DATA
-
-
- Recruitment and Hiring: To evaluate and process job applications, conduct interviews, and make hiring decisions.
- Employment Records: To maintain accurate employment records, including personal details, job titles, employment history, and performance evaluations.
- Payroll and Benefits: To administer payroll, benefits, and other employment-related services, ensuring compliance with Philippine labor laws and regulations.
- Performance Management: To assess employee performance, provide feedback, and manage promotions, transfers, and terminations.
- Training and Development: Identify training needs, provide development opportunities, and track progress.
- Health and Safety: To ensure a safe working environment and comply with health and safety regulations.
- Legal Compliance: To comply with employment laws and regulations, including labor standards, workplace safety, and anti-discrimination laws.
- Internal Communication: To facilitate communication within BPI, including announcements, policy updates, and organizational changes.
- Security: To ensure the security of company facilities, assets, and information systems, including access control and monitoring.
- Employee Support: To provide support services, including employee assistance programs, counseling, and grievance handling.
- Human Capital Management System (HCMS): To manage employee data and HR processes efficiently through an integrated HCMS, ensuring data accuracy, confidentiality, and compliance with data privacy regulations.
- Tax Compliance: To manage and comply with tax obligations related to employment, including withholding taxes, social security contributions, and other statutory deductions.
-
We may also use your Personal Data (a) for other purposes reasonably related to the Purposes and where we have obtained and maintained related consent or (b) in circumstances where such use does not require consent under Applicable Laws. In case consent is not required, we may use the contact information provided to inform you of the use and disclosure of the collected Personal Data.
If you do not consent or withdraw your consent for us to use and process your Personal Data for the Purposes, we may no longer be able to provide you with the related products, services, or benefits associated with our promotion.
6. METHOD OF USE, STORAGE, LOCATION, AND TRANSMISSION OF PERSONAL INFORMATION
We use your Personal Information gathered by the Purposes discussed in this Policy, including but not limited to clicks and scrolls on our Site, to provide us with anonymized data for customer insight and strategic marketing plans.
We store personal information via our in-house system and the cloud storage of our various Service Providers and Third-Party Apps. The processing in our in-house system is limited to the information necessary to fulfill your product orders. Our Service Provider and Third-Party Apps process your personal information in their system.
CCTV-captured photos and videos recorded and monitored (“CCTV Media”) for the security and safety of persons in our stores are stored in secure locations and accessible only by duly authorized personnel to ensure their safety and security and for any action/proceeding to assert BPIs rights. Such CCTV media may be shared with proper government authorities for investigations and enforcement of public order/public peace.
For MR. DIY PHILIPPINES Gift Certificates used in-store, we do not ask for customer info when processing GCs. We ensure the security of your data by implementing reasonable security arrangements to ensure that your Personal Data is adequately protected and secured. This includes implementing reasonable security measures to prevent unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage, alteration, or any other processing of your Personal Data. However, we cannot be liable for any unauthorized processing of Personal Data by third parties attributable to factors beyond our control.
7. THIRD-PARTY TRANSFER
In relation to using your Personal Data for the Purposes and effectively managing our operations and providing you with high-quality services, MR. D.I.Y. PHILIPPINES may disclose your Personal Information to the following parties:
a. Employees and Consultants:
-
-
- BPI's Employees, Consultants, and Temporary Workers: Individuals directly employed or contracted by BPI to assist in operating and managing our services.
-
b. Payment Processors:
-
-
- Third-Party Payment Processors: For the sole purpose of processing and facilitating your payment of MR. D.I.Y. PHILIPPINES products, both in-store and on our platforms, ensure secure and efficient transaction handling.
-
c. Logistics Providers:
-
-
- Courier and Delivery Services: To facilitate the delivery of your orders to you or a designated third party, ensuring timely and accurate delivery.
-
d. Loyalty and Rewards Partners:
-
-
- Business Partners for Loyalty Programs: To maintain an account with you for loyalty or point redemption programs, including future initiatives to enhance customer rewards and engagement.
-
e. Promotion and Event Partners:
-
-
- Business Partners or Vendors: In connection with the processing and management of any promotion, event, or service that you voluntarily enter into, ensuring smooth and coordinated execution of such activities.
-
f. Professional Advisers and Consultants:
-
-
- Legal and Professional Advisors: In case of any dispute or controversy arising from your transaction with MR. D.I.Y. PHILIPPINES, to provide necessary advice and representation.
-
g. Operational Service Providers:
-
-
- Agents, Contractors, or Service Providers: Who provide essential operational services such as:
- Online Cloud Storage and Processing: To securely store and process your data.
- Marketing Optimization: To enhance our marketing strategies and outreach.
- Information Technology and Telecommunications: To maintain and improve our IT infrastructure and communication systems.
- Security Services: To ensure our systems' and data's safety and security.
- Other Relevant Services: Any other operational services that necessitate collecting, using, or disclosing your Personal Data.
-
h. Government Authorities:
-
-
- Regulatory and Government Agencies: As Philippine laws and regulations require, comply with legal obligations and ensure adherence to statutory requirements.
-
i. Authorized Third Parties:
-
-
- Any Other Party Authorized by You: Any additional party to whom you explicitly authorize us to disclose your Personal Information based on your consent and instructions.
-
Additional Disclosure of Personal Data
We may also disclose your Personal Data under the following circumstances:
a. Related Purposes and Consent:
-
-
- Reasonably Related Purposes: For other purposes that are reasonably related to the primary purposes for which the data was collected, provided we have obtained and maintained your consent.
- Consent Maintenance: We ensure continuous adherence to the consent for such related purposes.
-
b. Legal Exceptions:
-
-
- Disclosure Without Consent: In circumstances where such disclosure does not require consent under applicable laws. These may include instances where the disclosure is necessary to comply with legal obligations, protect vital interests, or perform a task in the public interest.
- Notification: In cases where consent is not required, we may use the contact information provided to inform you of the collected data's use and disclosure as permitted by applicable laws.
-
c. Scope of Data Disclosure
-
-
- Limited Disclosure: The disclosure of your Personal Data is limited to the information necessary to perform the Purpose subject to your consent. This ensures that only the minimum required data is disclosed for the intended purpose.
- Legal Compliance: All disclosures are made by applicable laws and regulations to ensure compliance and protection of your data rights.
-
d. Transfer of Personal Data Outside the Philippines
-
-
- Compliance with Foreign Jurisdictions: If Personal Data is transferred out of the Philippines, we will comply with the laws applicable in those jurisdictions, including but not limited to:
- Obtaining Consent: Securing your consent for the transfer unless an exception exists under applicable laws or other relevant legislation.
- Data Sharing Agreements: Executing necessary data sharing or outsourcing agreements to ensure the protection and proper handling of your Personal Data, unless an exception exists under applicable laws.
- Protection Standards: Taking reasonable steps to ascertain whether the foreign recipient of the Personal Data is bound to comply with protection standards that are at least comparable to those required under Philippine laws.
- Compliance with Foreign Jurisdictions: If Personal Data is transferred out of the Philippines, we will comply with the laws applicable in those jurisdictions, including but not limited to:
-
e. Assurance of Data Protection
-
-
- Reasonable Steps: We undertake reasonable steps to ensure that any foreign recipient of your Personal Data adheres to comparable data protection standards, safeguarding your data regardless of geographic location.
- Continuous Monitoring: We continuously monitor compliance with data protection standards within the Philippines and in foreign jurisdictions to uphold the highest data security and privacy level.
-
Third-Party Cookies
BPI uses the services of third-party platforms, which may implement cookies on the Websites. Third-party advertisements may also be provided on the websites. These advertisements may also generate cookies, for example, to track how many people have viewed the advertisement. The collection, use, and disclosure of information, including Personal Data, collected by such third-party cookies are subject to the third-party vendors' privacy and data protection policies and are not under our control.
You may reject third-party cookies through your browser's settings. However, this may result in the loss of Website functionality, restrict your use of the Website, or delay or affect how the Website operates.
Google Analytics
BPI uses certain Google Analytics functions. Please see this link for how your data is collected and instructions on how to opt out of any Google Analytics data tracking.
BPI may use Google Analytics features based on Display Advertising, including but not restricted to the following: Remarketing, Google Display Network Impression Reporting, DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. Using Google Ads Settings, you can opt out of Google Analytics for Display Advertising and customize Google Display Network ads.
BPI may also use Remarketing with Google Analytics to advertise online; third-party vendors, including Google, may show YYY ads on sites across the Internet. XXX, our Platform, Third Party Apps, including Google, use first-party cookies and third-party cookies together to inform, optimize, and serve ads based on visitor’s past visits to the Website, as well as report how ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to the Website.
When you log on to the website, BPI, with the help of Google Analytics, may use your browsing behavior to connect it with any other data you have previously provided per this policy.
8. RETENTION AND DESTRUCTION OF PERSONAL DATA
When Personal Data in our possession meets any of the following conditions:
- No Longer Required for Original Purpose: The Personal Data is no longer required for any reason connected to the purpose for which it was initially collected.
- Unnecessary for Purposes: Retention of the Personal Data is no longer necessary for the primary purposes and any additional purposes for which it was collected or processed.
- Data Subject Request: The data subject (you) has requested the blocking, removal, or destruction of their Personal Data, and such a request complies with applicable laws and regulations.
- Legal and Regulatory Mandate: The destruction of Personal Data is mandated by law or regulations issued by the proper government authorities, either upon or within a prescribed period.
In such cases, we will take the following measures to ensure the proper and secure destruction of Personal Data:
Measures for Data Destruction
- Secure Destruction Methods: We will employ safe and effective methods for destroying Personal Data, such as shredding, digital wiping, or other appropriate means, to ensure that the data cannot be reconstructed or retrieved.
- Documentation and Compliance: We will document the destruction process to maintain compliance with legal and regulatory requirements, ensuring that all actions are auditable and verifiable.
- Anonymized Data Exception: Personal Data that has been previously anonymized will not be subject to destruction. Anonymized data cannot be traced back to the data subject, making it impossible to re-identify the individual from such data. As a result, anonymized data is excluded from destruction requirements.
Continuous Monitoring and Review
- Periodic Reviews: We will conduct periodic reviews of the Personal Data in our possession to identify any data that meets the criteria for destruction, ensuring timely and appropriate action is taken.
- Compliance with Updates: We will stay updated with changes in laws and regulations regarding data retention and destruction, adjusting our policies and procedures accordingly to remain compliant.
- Data Minimization Principle: We adhere to the principle of data minimization, collecting and retaining only the Personal Data necessary for the specified purposes, thereby reducing the risk of maintaining unnecessary data.
9. PARTICIPATION OF DATA SUBJECT
By the Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules and regulations, you, as a data subject, are entitled to the following rights:
- Right to Be Informed: You have the right to be informed of the facts, manner, and purpose of processing your Personal Data, including details of any automated decision-making and profiling activities.
- Right to Object: You may object to the processing of your Personal Data, including processing for marketing, automated processing, and profiling. You also have the right to withdraw your consent to continued processing in case of changes or amendments to the data processing.
- Right to Access: Upon request, you have the right to reasonable access to your Personal Data, including details on when it was last accessed and modified, its source, the manner of processing, and the details of any disclosures (including the recipients' names and addresses).
- Right to Rectification: You can contest inaccuracies or errors in your Personal Data and request immediate correction unless such requests are vexatious or unreasonable. This right includes access to the corrected data and ensuring that recipients of the erroneous data receive the updated information simultaneously.
- Right to Erasure or Blocking: You may request the suspension, withdrawal, removal, or destruction of your Personal Data from BPI's system. If applicable, BPI will notify third parties who previously received the processed data.
- Right to Damages: You can seek damages for inaccuracies, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your Personal Data, considering any violation of your rights and freedoms as a data subject.
- Right to Lodge a Complaint: You can complain to the National Privacy Commission (NPC) if your rights under the Data Privacy Act have been violated.
- Right to Data Portability: You can obtain and reuse your Personal Data across different services. Upon request, we will provide your data in a structured, commonly used, and machine-readable format and, where technically feasible, directly transmit the data to another entity.
For further information on your rights as a data subject, kindly visit the National Privacy Commission’s official website.
Ensuring Accuracy and Completeness
- Reasonable Efforts: We will make reasonable efforts to ensure that the Personal Data processed is accurate and complete. If you provide updated Personal Data, please inform us promptly.
- Reliance on Provided Data: Without updates from you, XXX will rely on the Personal Data as initially provided and will not be responsible for relying on inaccurate or incomplete information.
Access and Correction of Personal Data
- Website Users: You may access or correct your name, email address, birthday, shipping and billing addresses, and contact numbers by logging into your user account on the Website under “Account Information” and clicking the “Edit” button under each relevant field.
- Non-Editable Data: For Personal Data that cannot be corrected through your user account, submit a written request to our Data Protection Officer at [email protected]. We may require additional information to confirm your identity before processing your request.
Response Time
Timely Response: We will strive to respond to Personal Data access and correction requests within 30 business days. If you need more time to meet this timeline, we will inform you of the expected completion time.
Withdrawal of Consent
- Right to Withdraw: You may withdraw your consent for the collection, use, and disclosure of your Personal Data by submitting a written request via email to our Data Protection Officer at [email protected]. Depending on the nature of the consent withdrawal, we may not be able to continue providing certain products or services.
- Processing of Withdrawal Requests: We will process such requests within a reasonable time and cease processing your Personal Data, except for compliance, regulatory, or other legal purposes.
- Marketing Withdrawal: To withdraw consent for marketing communications:
- Promotional Emails: Click the Unsubscribe link in promotional emails.
- Promotional Material in Orders: Email our Data Protection Officer at [email protected]
Legal and Regulatory Compliance
In accordance with the Data Privacy Act, despite withholding consent, BPI may still process your Personal Data if:
- Government Orders: The processing is necessary to comply with duly issued orders from proper government authorities.
- Contractual Necessity: Data processing is essential to fulfilling a contract to which you are a party (e.g., purchasing an MR. D.I.Y. PHILIPPINES product).
- Legal Requirement: The processing is required by Philippine law and regulations.
Special Cases: CCTV Footage
Access to CCTV Footage: Individuals whose Personal Data was collected through CCTV may request a copy by contacting the Data Protection Officer at the provided email. Police authorization is required before releasing the footage.
10. INQUIRY
For any questions relating to your Personal Data or about this Policy, if you have a complaint regarding the processing of your Personal Data by us or a question about how we are complying with Applicable Laws, you may contact our Data Protection Officer via one of the following methods:
- Open Every (Mon-Fri, 9:00 am-6:00 pm)
- Email address: [email protected]
- Office address: Unit 3A Xeland Building, Mayor Gil Fernando corner Guerilla St., Marikina City
Emails and letters should clearly state in the subject line that you are making a data protection query, request, or complaint to ensure the matter is handled expediently. We will strive to deal with any query, request, or complaint promptly and fairly.
11. MISCELLANEOUS
Update of the Policy
This Policy complements and does not replace any other consents you may have previously provided to MR. D.I.Y. PHILIPPINES regarding your Personal Data. BPI may update this Policy to ensure its consistency with legal or regulatory requirements changes.
As part of our commitment to properly manage, protect, and process your Personal Data and to keep up with industry trends and regulatory changes, we regularly review our policies, procedures, and processes. In this regard, BPI may update this Policy to ensure it remains relevant and compliant with industry standards and legal requirements. We reserve the right to amend the terms of this Policy at our sole discretion.
Notification of Policy Updates
Any amendments to this Policy will be posted on our website https://www.mrdiy.com/ph/privacy-policy.
By clicking “Yes” or our Policy pop-up or any web form referring to the amended Policy on any of our online Platforms, you are agreeing to the terms of this Policy. You are encouraged to visit the above websites periodically to ensure you are well-informed of our latest policies regarding Personal Data protection. We will also notify you of any updates to the Policy through pop-up notifications or email and secure your consent through these means.
Governing Law
This Policy and your use of our Platforms shall be governed by and construed by the laws of the Philippines.
Children’s Privacy
Our Service is not intended for children under 18 ("Minors"). We do not knowingly collect personally identifiable information from Minors. If you are a parent or guardian and you become aware that your child has provided us with Personal Information, please get in touch with us immediately. If we discover that we have collected Personal Information from a Minor without verifying parental consent, we will promptly delete such information from our servers.
Parental Consent for Minors:
- For minors aged 13 to 17, our Data Privacy Policy will require parental consent upon sign-up.
- Without verified parental consent, we will not process any transactions or services requiring Personal Data from minors aged 13 to 17.
Data Collection from Minors:
- Any Personal Data collected from minors will be handled with the highest level of security and confidentiality in compliance with Philippine laws and regulations.
- Parents or guardians have the right to review, modify, or request the deletion of their child’s Personal Data at any time.
- If you are aware that we have inadvertently collected Personal Data from a minor without the necessary parental consent, please get in touch with our Data Protection Officer immediately at [email protected], and we will take appropriate measures to address the situation promptly.