Privacy Notice

1. PURPOSE AND SCOPE


1.1 Watsons Personal Care Stores (Philippines), Inc. ("Watsons") respects and safeguards the privacy of all Employees' Personal Data as stated in our Policy on Personal Data Governance and complies with the Philippine Data Privacy Act of 2012 (“Data Privacy Law”), and its Memorandum Circulars, Advisories and Advisory Opinions.


1.2 The purpose of this Notice is to be transparent with our current and former employees about the Personal Data (information that directly or indirectly identifies an individual) which we may process, the purposes for doing so, and to provide additional information about how personal information may be treated.


1.3 This Notice is addressed to all who work for Watsons, whether on temporary, fixed term or permanent employment contracts (“Employees”, a term defined and limited to this Notice) and references to “you” refers to each individual Employee. When we refer to Watsons, we” or “us”, we mean your employing company (who you have an employment contract with).


1.4 This Notice does not form part of your contract of employment and we may update it from time to time, as explained in Section 7 below.



2. PROCESSING EMPLOYEE PERSONAL DATA


2.1 Types of Data and our Legal Basis for Processing


    2.1.1 Watsons holds and processes certain Personal Data which identifies you individually as part of its general employee records. That Personal Data (which we refer to as your Personal Data throughout this Notice) may, subject to any applicable legal restrictions, include some of the following types of data:


      (i) your name, address and contact details (including emergency contact details);
      (ii) your date and place of birth and nationality (including copies of your passport or visa);
      (iii) social security number, tax status information and other national ID information;
      (iv) marital status and dependants;
      (v) compensation, bonus or incentive information and social security premiums (including amounts paid, the frequency and currency of payments);
      (vi) benefits information (e.g. car allowance, health insurance, pension contributions) (including amounts paid, the frequency and currency of payments);
      (vii) records of your work and education history (including internal and external work history and references);
      (viii) records of your performance (including working hours history, evaluations and ratings, grievances and disciplinary records);
      (ix) information relating to absences from work;
      (x) general organisational data (such as your department, work location, job title and seniority);
      (xi) CCTV footage and other information obtained through electronic means such as swipecard records; and
      (xii) IT data (e.g. passwords, access rights and usage data).

    2.1.2 We may also collect, store and use certain "special categories" of more sensitive personal information. Please see Section 2.5 (Employee Sensitive Personal Data) below.


2.2 Purpose of Processing Employee Personal Data


    2.2.1 Watsons needs to process your Personal Data primarily in order to perform our contract of employment with you and to enable us to comply with legal obligations, as well as in some cases, to pursue our legitimate interests, through the legal bases set out in sub-section (c) below. We have listed below the relevant purposes for processing your Personal Data:


    a) Necessary for Watsons to perform the employment relationship with you or exercise its rights under an employment contract:


      (i) processing your job application;
      (ii) managing the employment relationship with you, including during and after your employment;
      (iii) normal business practices related to your role and function in the company;
      (iv) providing, maintaining and planning pay and benefits for you and/or your dependent(s);
      (v) carrying out appraisals, performance and salary reviews and providing references;
      (vi) placing you for employment in any department and Business Unit (BU);
      (vii) operating our IT and communications systems, to check for unauthorised use of those systems, and to maintain their security and stability;

    b) Necessary for Watsons to ensure compliance with local legal and regulatory requirements:


      (i) ensuring compliance with Watsons policies to meet legal and regulatory requirements such as record keeping and other legal obligations which may include maintenance and disclosure of records that include personal information and identifiers, and/or information relating to sickness, maternity or parental leave, religious beliefs, or pension and retirement;

    c) Necessary to fulfill Watsons legitimate business interests, including for administration, HR reporting and management, resource planning purposes and to monitor and ensure compliance with human resources policies, codes and guidelines:


      (i) gathering information required to carry out grievance or disciplinary hearings or internal investigations, or for dealing with legal disputes involving you;
      (ii) carrying out succession planning, performance and salary assessments;
      (iii) restructuring of Watsons corporate structure, reorganization, sale, transfer, assignment or similar purposes;
      (iv) facilitating communications between you, the BU and/or Watsons; and

    d) With your explicit and prior consent: for purposes that are not covered by the above, for example in certain situations where we process your health data.


2.3 Employee Monitoring


    2.3.1 The computer network and all associated equipment, including computers, phones and other devices are the property of Watsons. Watsons equipment, systems, and email is made available to you for business use and not for personal purposes. You should not expect privacy in connection with your use of any [BU NAME] equipment, systems, or email, as such infrastructure may be monitored for security and stability purposes, or other legitimate business purposes as permitted by local law. Emails and other communications sent and received using your company contact addresses and may be accessed at any time in accordance with local law.


    2.3.2 To the extent permitted by local law, and subject to any other local notices or policies, we reserve the right to monitor the use of the Watsons network, equipment, and all electronic communication systems accessed via the Watsons network, including original and backup copies of email, instant messaging, text messaging, voicemail, internet use, and computer use activity. We may engage in such activities for the following purposes (“the Purposes”):


      a) Providing IT support and services, including software maintenance, data hosting, and disaster recovery;
      b) Preventing loss or misuse of our confidential information, intellectual property or trade secrets or to investigate suspected misuse of the same;
      c) Ensuring that staff members do not use our facilities or systems for any unlawful purposes or activities that may damage its business or reputation; and
      d) Monitoring and enforcing compliance with our policies and procedures and applicable law.

    2.3.3 Monitoring may be conducted remotely or locally, and related Personal Data collected via monitoring may from time to time need to be shared with other companies in the A.S. Watson Group, or with third party service providers, where necessary for one of the Purposes and only in so far as permitted under local laws and in compliance with Section 4 of this Notice. To the extent that this involves transferring any Personal Data outside your country of employment, we will ensure an adequate level of protection for that data in accordance with applicable laws, as further described at Section 4.2 below.


    2.3.4 Personal Data obtained through monitoring, which is relevant to the Purposes, will be retained for no longer than is necessary to accomplish these Purposes, and in accordance with any limits under applicable law.


    2.3.5 When carrying out monitoring of the use of Watsons' equipment or systems (including emails and phone calls) it will not normally be our intention to access any Personal Data (except where it is relevant and legitimate to the Purposes), and we shall use our reasonable endeavours not to access, copy or use any Personal Data unless absolutely necessary in accordance with the Purposes. If such access occurs inadvertently, and it is not relevant to the purposes, we shall delete such Personal Data as soon as it comes to our attention.


2.4 Automated decision-making


    2.4.1 Automated decision-making takes place when an electronic system uses Personal Data to make a decision without human intervention.


    2.4.2 You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you upfront.


2.5 Employee Sensitive Personal Data ("SPD")


    2.5.1 We may need to process SPD to comply with our legal obligations in connection with your employment. SPD refers to various categories of Personal Data that are subject to additional legal controls over processing, and include racial or ethnic origin, ideology or political beliefs, trade union membership, religious beliefs, physical and mental health and sexual life, among others.


    2.5.2 Below we set out the categories of SPD that Watsons may hold in relation to its Employees. We will ensure that such data is collected and processed in accordance with the Data Privacy Law in all cases.


      (i) Health Information

        (a) Watsons may hold information relating to your health that you provided in your job application form, any medical questionnaire, records of sickness absence, medical certificates and any medical reports which you have provided or have been obtained by us with your consent, in each case because the collection was necessary given your role.

        (b) The purpose of obtaining and retaining this sort of data is to assess eligibility for or administer and pay benefits related to ill-health such as company and statutory sick pay, private medical insurance, long term disability schemes and life insurance. We also need this data to monitor and manage sickness absence and to comply with obligations under health and safety and disability discrimination legislation.

      (ii) Gender, Race and Ethnic Origin
      Watsons holds data relating to your gender and (where permitted) race or ethnic origin which you provided when applying for your role. The purpose of keeping this sort of information is to monitor the effectiveness of our equal opportunities practices.

      (iii) Criminal Convictions
      Watsons may hold information in relation to criminal convictions (if any) as provided by you, as well as the results of any background checks carried out by us, in accordance with applicable law, where such checks are appropriate for your role.

      (iv) Trade Union Membership

      Watsons may hold information in relation to your membership of a trade union if you provide this to us, in order to allow for the deduction of trade union membership fees from your wages, or the provision of benefits to which you may be entitled as a trade union member, in each case in accordance with applicable local law.

    2.5.3 We will not process SPD for purposes incompatible with this Notice except where required by law, the Employee in question has explicitly consented to the processing, or the processing is:


      (i) in the vital interests of the Employee or another person;
      (ii) necessary for the establishment of legal claims or defences;
      (iii) required to provide medical care or diagnosis;
      (iv) necessary to carry out our obligations in the field of employment law;
      (v) related to information that has been made public by the Employee; or
      (vi) necessary for reasons of substantial public interest, on the basis of local law.

    2.5.4 We do not need your consent if we use these SPD in accordance with our written policy, to carry out our legal obligations, or to exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.


2.6 Change of purpose


We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that, as explained above, we may process your Personal Data in some instances for legitimate business purposes without your express knowledge or consent, but only in compliance with the above rules, and where this processing is required or permitted by law.



3. SECURING EMPLOYEE PERSONAL DATA


3.1 We have put in place appropriate security measures to protect your Personal Data against loss or theft, as well as from unauthorised access, disclosure, copying, use or modification, regardless of the format in which it is held.


3.2 Where Personal Data is held in hard copy files, these will be held locally within the relevant Watsons department during your employment and for a defined period after termination. Following this the files will be destroyed in accordance with the ASW Group Policy on Data Retention and Deletion and applicable laws.


3.3 Where Personal Data is held electronically this will be held on the relevant BU NAME's electronic HR database


3.4 Access to your Personal Data is restricted to authorised Employees only. Authorised Employees require access to different amounts of Personal Data to allow them to perform their duties of employment. The level of access to Personal Data is restricted by role and on a need-to-know basis. Authorised Employees will include members of the Human Resources Department, the Finance Department, the Legal Department, IT Department, Store Management, Area Managers and Line Management as applicable.


3.5 We will use appropriate security safeguards to provide necessary protection such as:


    3.5.1 Physical measures (locked filing cabinets, restricting access to offices, alarm systems);


    3.5.2 Technological tools (passwords, encryption or firewalls); and


    3.5.3 Organisational controls (security clearances, limiting access on a "need-to-know" basis, staff training, and confidentiality agreements).


3.6 The above measures are reviewed periodically and upgraded in line with legal and technological developments. In all cases, we will take appropriate steps to ensure that your Personal Data is stored securely and that access is restricted only to those Employees with a legitimate purpose.



4. TRANSFERRING EMPLOYEE PERSONAL DATA


4.1 Watsons is part of the A.S. Watson Group and the multinational conglomerate CK Hutchison Holdings Limited (“CK Hutchison”) and their affiliated companies operating internationally (“CK Hutchison Group”). As such, and given the global nature of our activities, we may transfer Personal Data within the CK Hutchison Group for legitimate business purposes. We may also transfer Employee Personal Data to controllers, or third parties in certain circumstances (e.g. to transfer funds for payroll processing) or to make decisions regarding the Employee Personal Data (e.g., to assess eligibility for a disability benefit). In each case such transfer will be consistent with local applicable legal requirements, including where:


    (i) the transfer is based on a clear business need, such as where the processor of the Employee Personal Data performs services on Watsons’s behalf;
    (ii) the receiving entity provides appropriate security for the Personal Data; and
    (iii) the receiving entity ensures compliance with Watsons' policies for the transfer and any subsequent processing of the Personal Data.

4.2 We may transfer Employee Personal Data to the following internal or external recipients for legitimate business purposes, in accordance with any conditions imposed by local law:


    4.2.1 The CK Hutchison Group: We may share your Personal Data with authorised Employees within the CK Hutchison Group where it is necessary for the purposes described at Section 2.2 above. A list of the CK Hutchison Group entities is available at http://www.ckh.com.hk.


    4.2.2 Pension Providers: We may share your information with authorised personnel from our pension provider who need access for some of the purposes described at Section 2, and for the particular purpose of administering the pension scheme and providing you with benefits and insurance coverage available under the pension scheme.


    4.2.3 Third party service providers: We may share your Personal Data with third party service providers such as:


      (i) payroll administrators, benefits providers and administrators, information technology systems providers, financial institutions, pension plan institutions, insurance companies, consultant and professional advisors;
      (ii) other providers of benefits or insurance; and/or
      (iii) any other service providers involved in the provision of services to employees.

    4.2.4 Local authorities and regulators, internal investigations: We may share Personal Data with local authorities and other parties in accordance with local regulations, or as part of internal investigations within Watsons. Your Personal Data may also be shared to respond to internal or external audit and inquiries, law enforcement requests, requests from administrative or judicial authorities or where required by applicable laws, court orders, or government regulations such as:


      (i) tax authorities, social security services, judicial authorities, employment/labor or other authorities; and
      (ii) independent public accountants, authorised representatives of internal control functions such as auditors, legal and/or corporate security.

4.3 When sharing your Personal Data involves sending it outside the jurisdiction in which you work, we will ensure that such transfer is permitted under local law. We will implement appropriate contractual measures to establish and/or confirm that, prior to receiving any Employee Personal Data, an adequate level of protection for such data will be provided and that appropriate technical and organisational security measures are in place to protect such data against accidental or unlawful destruction, loss or alteration, unauthorised disclosure or access, and against all other unlawful forms of processing. If Watsons has knowledge that a receiving entity is processing Personal Data in a manner contrary to its policies and this Notice, we will take all reasonable steps to prevent or stop the processing.



5. ACCESS RIGHTS AND CHANGES TO PERSONAL DATA


5.1 If certain conditions are met, under applicable Data Protection Law you have the right to:


    5.1.1 Check what Personal Data Watsons holds about you and for what purpose;


    5.1.2 Request access to the Personal Data which Watsons holds about you;


    5.1.3 Require Watsons to correct any Personal Data which is inaccurate;


    5.1.4 Require Watsons to delete any Personal Data which is irrelevant to the purposes of the processing;


    5.1.5 Object to Watsons processing the Personal Data;


    5.1.6 Request the transfer of your Personal Data that you provided to Watsons to another party where technically feasible; and where the transfer does not adversely affect the right and freedoms of others; and


    5.1.7 Ascertain Watsons's policies and procedures in relation to your Personal Data. You can learn more about these rights here: https://privacy.gov.ph/know-your-rights/


5.2 All requests for access to data or correction of data or information regarding policies and the kinds of personal data held should be in writing, dated and signed, and addressed to the Watsons Data Privacy Officer.


5.3 Watsons is not required to give Employees the ability to review your Personal Data when doing so would affect the privacy interests of other individuals and the Personal Data of those individuals cannot be redacted, or when the burden or expense of doing so (including locating the Personal Data) is disproportionate to the risks of the requesting Employee’s privacy in a particular case. We will indicate the specific reason why access has been denied and provide a contact point for further enquiries.


5.4 Watsons will employ reasonable means to keep employee Personal Data accurate, complete, up-to-date and reliable for our intended use. It is important that the Personal Data we hold about you is accurate and current. Each Employee has a responsibility to keep us informed if your Personal Data changes during your working relationship with us.



6. RETENTION OF EMPLOYEE PERSONAL DATA


Watsons will retain your Personal Data for as long as is required by applicable local law(s), for as long as necessary for the purpose(s) for which it was collected, or to satisfy a legitimate business need. Following this period, the Employee Personal Data will be destroyed. Such destruction will be in accordance with the law. For more information about specific retention periods, please refer to the ASW Group Policy on Data Retention and Deletion.



7. QUESTIONS AND UPDATES ABOUT PROCESSING; DATA PROTECTION OFFICER


7.1 Watsons is committed to assisting Employees in protecting your Personal Data and in providing opportunities to raise concerns about the processing of your Personal Data. You can raise any complaint or enquiry about processing of your Personal Data to your:


Data Protection Officer
Watsons Personal Care Stores (Philippines), Inc.
9/F One E-Com Building, Ocean Drive, Mall of Asia Complex,
Pasay City, 1300, Philippines
E-mail: data-privacy@watsons.com.ph
Contact Number: +632 7902 8893

7.2 If the uses of your Personal Data significantly change, or we otherwise need to make changes to this Notice, we will issue an updated Notice and/or take other steps to notify you beforehand of such changes. If you require further information about this Notice, please contact your Data Privacy Officer.