Please read this privacy notice ("Notice") carefully to understand our policies and practices regarding your Personal Data and how we will treat it. This Notice applies to individuals who interact with Nephila Web Technology Inc Moodlemoot Philippines site. This Notice explains how your Personal Data are collected, used, and disclosed by Nephila Web Technology, Inc ("NWTI", "We", "Us"). It also tells you how you can access and update your Personal Data and make certain choices about how your Personal Data are used.
This Notice covers both our online and offline data collection activities, including Personal Data that We collect through our various channels such as websites, apps, third party social networks, client calls, points of sale and events. Please note that We might aggregate personal data from different sources (website, offline event).
If you do not provide necessary Personal Data to us (We will indicate to you when this is the case, for example, by making this information clear in our registration forms), We may not be able to give access to our LMS site. This Notice can change from time to time.
This Notice provides information on the following areas.
Sources of Personal Data
This Notice applies to Personal Data that We collect from or about you, through the methods described below (see Section 2), from the following sources:
NWTI Website.
The official website of Nephila Web. www.nephilaweb.com.ph
NWTI LMS Site.
The Learning Management Site of Nephila Web. https://mootph21.nephilaweb.com.ph/ and lms.nephilaweb.com.ph
E-mail, text and other electronic messages.
Interactions with electronic communications between you and Nephila.
Offline registration forms.
Printed or digital registration and similar forms that We collect via, for example, postal mail and learning events, webinars and other promotions or events.
Advertising interactions.
Interactions with our advertisements (e.g., if you interact with on one of our ads on other 3rd party apps we may receive information about that interaction).
Data We create.
In the course of our interactions with you, we may create Personal Data about you.
Data from other sources.
Third party social networks (e.g. such as Facebook, Google, Twitter), market research (if feedback not provided on an anonymous basis) and other publicly available data.
Collection of Personal Data
Depending on how you interact with Nephila (online, offline, over the phone, etc.), We collect various types of information from you, as described below.
Personal contact information.
This includes any information you provide to Us that would allow Us to contact you, such as your name, postal address, e-mail address, social network details, or phone number.
Account login information.
Any information that is required to give you access to your specific account profile. Examples include your login ID/email address, screen name, password in unrecoverable form, and/or security question and answer.
Demographic information & interests.
Any information that describes your demographic or behavioural characteristics. Examples include your year of birth, age range, gender, geographic location (e.g. postcode/zip code).
Websites/communication usage information.
Our website collects personal data about your computer, including (where available) your IP address, operating system and browser type, for system administration, to filter traffic, to look up user domains, and to report on statistics.
Consumer-generated content.
Any content that you create and then share with Us on third party social networks or by uploading it to one of our Websites or apps, including the use of third party social network apps such as Facebook. Examples include photos, videos, personal stories, or other similar media or content. Where permitted, We collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement, and third party social networking.
Third party social network information.
Any information that you share publicly on a third party social network or information that is part of your profile on a third party social network (such as Facebook) and that you allow the third party social network to share with Us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, etc.) and any other additional information or activities that you permit the third party social network to share. We receive your third party social network profile information (or parts of it) every time you download or interact with a Nephila web application on a third party social network such as Facebook, every time you use a social networking feature that is integrated within a Nephila site (such as Facebook Connect) or every time you interact with Us through a third party social network. To learn more about how your information from a third party social network is obtained by Nephila, or to opt-out of sharing such social network information, please visit the website of the relevant third party social network.
Payment and Financial information.
Any information that We need in order to fulfill an order, or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment (if such are made available). In any case, We or our payment processing provider(s) handle payment and financial information in a manner compliant with applicable laws, regulations.
Sensitive Personal Data.
We do not seek to collect or otherwise process sensitive personal data in the ordinary course of our business. Where it becomes necessary to process your sensitive personal data for any reason, we rely on your prior express consent for any processing which is voluntary (e.g., for marketing purposes). If we process your sensitive personal data for other purposes, we rely on the following legal bases: (i) detection and prevention of crime (including the prevention of fraud); (ii) establishment, exercise, or defense of legal claims; and (iii) compliance with applicable law (e.g. to comply with our diversity reporting)
Use of Personal Data
Customer Service
In order to serve you better, communicate announcements and updates on our services.
Webinars.
To issue certificates, to invite in future webinars that will help the education community in improving their processes.
Third Party Social Networking Sites.
To get your concerns on our products and services. For advertising purposes and to provide general and useful information.
Phone calls and Online Database Registrations.
To know your needs in relation to the services we provide
Disclosure and Sharing of Personal Data
Your personal information such as name, position and company will be shared to your co-participants, sponsors and event organizer on the learning management site.
We will disclose your personal data for legal reasons only.
Storage, Retention and Destruction
Storage.
Your personal information will be stored with security measures in place (see 6)
Retention.
In accordance with applicable laws, We will use your Personal Data for as long as necessary to satisfy the purposes for which your Personal Data was collected (as described in Section 5 above) or to comply with applicable legal requirements.
Destruction.
The data stored on the MootPH21 site will no longer be accessible once the site has shut down. The site will be available only until 30 days after the event. However contact details will be stored for future invites.
You may request to delete your data in the LMS site or on our database.
Security
We implement the following Security measures:
- User Access Control for CRM, Google Drive, LMS, local machine
- SSL
- Vulnerability Assessment / Penetration Testing (VAPT) conducted once a month VAPT
- The Moodle LMS Site has SHA1 encryption
- The Suite CRM has MD5 encryption
- Google Drive encrypts data at rest in the Drive, and data in transit to and from the Drive. Google uses 128-bit or 256-bit AES keys (depending on the type of storage device) to encrypt data at rest in Google Drive, which helps in protecting the confidentiality of the data stored in Google Drive.
- Local Machines have Linux OS Ubuntu Core 20 which uses full disk encryption (FDE) whenever the hardware allows, protecting both the confidentiality and integrity of a device's data when there's physical access to a device, or after a device has been lost or stolen.
Rights of Individuals
Access to Personal Data.
You have the right to access, review and request a physical or electronic copy of information held about you. You also have the right to request information on the source of your Personal Data.
These rights can be exercised by sending Us an e-mail, attaching a copy of your ID or equivalent details, where requested by Us and permitted by law. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected. Please note that any identification information provided to Us will only be processed in accordance with, and to the extent permitted by applicable laws.
Additional rights (e.g. modification, deletion of Personal Data).
Where provided by law, you can (i) request deletion, the portability, correction or revision of your Personal Data; (ii) limit the use and disclosure of your Personal Data; (iii) revoke consent to any of our data processing activities; and (iv) object to the processing of your Personal Data, including the right to lodge a complaint with the National Privacy Commission.
Please note that, in certain circumstances, We will not be able to delete your Personal Data without also deleting your user account. We may be required to retain some of your Personal Data after you have requested deletion, to satisfy our legal or contractual rights and/or obligations. We may also be permitted by applicable laws to retain some of your Personal Data to satisfy our business needs.
Where available, our Websites have a dedicated feature through which you can review and edit the Personal Data that you have provided. Please note that We require our registered consumers to verify their identity (e.g. login ID/email address, password) before they can access or make changes to their account information. This helps prevent unauthorised access to your account.
We hope that We can satisfy queries you may have about the way we process your Personal Data. However, if you have unresolved concerns you also have the right to complain to competent data protection authorities.
DPO Contact Information
Jennie May V. Alvarez, CPA
Data Protection Officer
Philippine Social Science Center, Commonwealth Ave.
Diliman, Quezon City, Philippines
T: (+632) 8285-7450
M: +63 9175878851
E: dpo@nephilaweb.com.ph
