CAREERS GET IN TOUCH

Privacy Policy

Carisle Media Privacy Policy (Philippines)

Effective date: August 14, 2025
Last updated: August 14, 2025

Carisle Media (“Carisle,” “we,” “our,” “us”) respects your privacy. This Privacy Policy explains how we collect, use, share, retain, secure, and dispose of personal data in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations (IRR), and relevant issuances of the National Privacy Commission (NPC).

By accessing our websites (including carislemedia.com/careers), submitting an application, engaging our services, or interacting with us, you acknowledge that you have read and understood this Policy.

1) Scope & Who This Covers

This Policy applies to:

  • Job applicants (including interns and contractors)
  • Employees and former employees
  • Clients, prospects, vendors, and partners
  • Website visitors and social media community members

This Policy covers processing performed by Carisle and our authorized service providers and affiliates, whether within or outside the Philippines.

2) Definitions (simplified)

  • Personal Information (PI): Any information that identifies you (e.g., name, email, phone, address, ID numbers).
  • Sensitive Personal Information (SPI): Data such as government IDs (e.g., SSS, TIN), health or medical data, biometric data, race, ethnic origin, marital status, age, education, etc.
  • Privileged Information: Communications covered by legal privilege (e.g., attorney–client).
  • Processing: Any operation on personal data (collecting, recording, storing, using, sharing, erasing, etc.).
  • Data Subject: An individual whose data we process.
  • DPO: Data Protection Officer.

3) What We Collect

Depending on your interaction with us, we may collect:

A. Identification & Contact

  • Name, address, email, phone, date/place of birth, nationality, emergency contacts.

B. Recruitment & Employment

  • CV/resume, cover letters, portfolios, certifications, employment history, education, references, interviewer notes, pre-employment checks (subject to consent and legal limits), job preferences, compensation expectations.
  • Government numbers (e.g., SSS, PhilHealth, PAG-IBIG, TIN), bank details for payroll (employees only).

C. Work & Performance

  • Role details, schedules, performance data, KPIs, training records, timekeeping/attendance, device identifiers on company systems (in accordance with internal policies).

D. Transactional & Commercial

  • Contract details, billing and payment information (for clients/vendors).

E. Website/Technical

  • Cookies, IP address, device/browser info, analytics (page views, session data), approximate location, and referral source.

F. Special/Optional Disclosures

  • Health or accommodation information voluntarily disclosed for recruitment or workplace accommodations (processed only as necessary and proportionate).
  • Any other information you voluntarily provide in forms or communications.

We collect data directly from you, automatically (via cookies/analytics), and indirectly (e.g., references, background check providers, publicly available sources, job boards) subject to your consent and applicable law.

4) Lawful Bases for Processing (Sec. 12 & 13, DPA/IRR)

We process personal data only when at least one of the following conditions applies:

  1. Consent you provide (e.g., submitting an application, opting into marketing).
  2. Contractual necessity (e.g., to evaluate and enter into an employment or services contract, pay salaries, deliver services).
  3. Legal obligations (e.g., tax, labor, and corporate compliance; regulatory filings).
  4. Protection of vitally important interests (e.g., health/safety emergencies).
  5. Establishment, exercise, or defense of legal claims or to protect lawful rights and interests in court/administrative proceedings.

Sensitive personal information and privileged information are processed only under the stricter conditions allowed by law (e.g., explicit consent, legal obligations, vital interests, medical treatment, or legal claims).

5) How We Use Personal Data

  • Recruitment & Hiring: evaluate applications, schedule interviews, conduct assessments/reference checks (as permitted), communicate decisions, and create onboarding records.
  • Employment/Engagement: HR administration, payroll/benefits, performance management, training, compliance, and internal communications.
  • Client/Partner Relations: proposals, contracting, project management, billing, account support, and compliance.
  • Security & Compliance: identity verification, audit logs, incident management, compliance reporting, dispute resolution.
  • Website Operations & Analytics: improve content, measure performance, detect/prevent fraud or misuse.
  • Marketing (with consent where required): newsletters, event invites, product updates; you may opt out anytime.

We do not sell personal data.

6) Cookies & Online Tracking

We use first-party and third-party cookies/SDKs to:

  • enable site functionality (session management, forms),
  • perform analytics and improve user experience,
  • measure campaign performance.

You can control cookies via browser settings. Disabling certain cookies may affect site functionality. Where required, we will obtain consent before setting non-essential cookies.

7) Sharing & Disclosures

We may share personal data with:

  • Service providers/processors (e.g., applicant tracking systems, HR/payroll platforms, cloud hosting, email/IT support, analytics vendors) under data processing agreements that ensure confidentiality and security.
  • Affiliates/related parties assisting in operations, recruitment, or service delivery.
  • Professional advisers (legal, accounting, audit) under confidentiality obligations.
  • Government regulators (e.g., BIR, SSS, PhilHealth, PAG-IBIG, SEC, LGUs) as required by law.
  • Business transactions (merger, acquisition, reorganization) subject to continued protection and notice where appropriate.
  • Legal compliance and protection when required to comply with law, enforce our rights, or protect individuals’ vital interests.

8) Cross-Border Transfers

We may store or process data on servers outside the Philippines (e.g., cloud providers). When transferring data internationally, we implement appropriate safeguards (contractual protections, access controls, encryption, and—where required—consent), ensuring a level of protection consistent with Philippine law and NPC guidance.

9) Data Retention & Disposal

We retain personal data only as long as necessary for the purposes stated or as required by law, considering:

  • statutory retention periods (e.g., tax/employment),
  • the nature of the data and risks involved,
  • potential disputes or legal claims.

When data is no longer needed, we securely dispose of it via deletion, anonymization, or physical destruction per our retention schedule and disposal procedures.

10) Data Subject Rights (DPA/IRR)

You have the following rights, subject to exceptions under law:

  • Right to be informed about processing.
  • Right to object to processing (including direct marketing).
  • Right to access personal data we hold about you.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure or blocking for unlawful processing or when no longer necessary.
  • Right to damages for violations of your data privacy rights.
  • Right to file a complaint with the National Privacy Commission.
  • Data portability, where applicable under NPC rules.

We will respond to verified requests within a reasonable period, not exceeding 30 calendar days. If we need more time, we will inform you of the reason and expected timeline.

How to exercise your rights: Contact our DPO (details in Section 14). We may request information to verify your identity and authority.

11) Security Measures

We implement organizational, physical, and technical safeguards appropriate to the sensitivity, volume, and risk profile of the data, including:

  • role-based access controls and least-privilege principles,
  • secure configuration and encryption in transit/at rest where appropriate,
  • vendor due diligence and contracts with processors,
  • employee training and confidentiality undertakings,
  • device and network security (firewalls, MFA, logging/monitoring),
  • secure development and change management practices,
  • incident response and business continuity plans.

12) Personal Data Breach Management

We operate a breach response process to contain, assess, and remedy data incidents. Where a breach is likely to pose a real risk of serious harm, we will notify affected individuals and the NPC without undue delay and within the timeframes required by NPC issuances (which may be no later than 72 hours from knowledge of the breach where notification is mandated). We will also maintain breach logs and cooperate with regulators as required.

13) Children & Vulnerable Individuals

Our services are not directed at children under 18. We do not knowingly collect their data without parental/guardian consent and lawful basis. If you believe a minor has provided data without proper consent, contact us to request deletion.

14) Our Data Protection Officer (DPO)

Name: Agatha Faith Pecjo
Email: hr@carislemedia.com
Telephone: +639363313048
Address: 145 Corporate Building, Mother Ignacia St. Quezon City

For concerns, rights requests, or complaints, please contact the DPO. You may also file a complaint with the National Privacy Commission (npc.gov.ph).

15) Links, Third-Party Sites, and Social Media

Our websites may contain links to third-party sites or plug-ins (e.g., LinkedIn, TikTok). Processing on those platforms is governed by their own privacy policies. Please review them before sharing your data.

16) Changes to This Policy

We may update this Policy to reflect changes in law, guidance, or our practices. We will post updates on this page with a new “Last updated” date and, when material, may provide additional notice (e.g., email or banners).

17) Department-Specific Notices (Add-Ons)

A. Recruitment Notice (Careers Site)

  • Purpose: evaluate suitability, schedule interviews, conduct assessments, perform background/reference checks (where permitted), and create onboarding records.
  • Lawful basis: consent; steps prior to entering a contract; legal obligations; legal claims; vital interests.
  • Retention: applicant data retained for up to 12–24 months from last interaction to consider you for future roles (unless you request earlier deletion, subject to legal limits).
  • Sharing: with recruiting platforms, assessment vendors, background screeners (with your consent), communications tools, and interviewers.
  • Automated decision-making: we may use tools to screen or schedule interviews; final hiring decisions involve human review.

B. Employee Notice

  • Additional purposes: payroll/benefits administration, performance management, security monitoring, training, compliance, asset management.
  • Retention: as required by tax, labor, and corporate laws; then securely disposed.
  • Monitoring: limited to legitimate business interests and disclosed internal policies.

C. Marketing Notice

  • We send marketing communications only with your consent or as otherwise permitted. You can unsubscribe via the link in our emails or by contacting us

18) How to Contact Us

For any questions about this Policy or our data practices, contact our DPO (Section 14). For general inquiries: hello@carislemedia.com.