PRIVACY NOTICE

This Privacy Notice explains how CN Lifestyle (doing business as Christy Ng) referred to as the “Company” collect, use, store, share, and protect personal data in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and issuances of the National Privacy Commission (NPC).

1.     Personal Data Collected, Purpose, and Legal Basis

The Company may collect personal data such as names, contact details, identification information, employment data, transaction records, and other information necessary for business operations.
Processing is based on legal obligation, contractual necessity, legitimate interest, and consent, where applicable.

2.     Primary and Secondary Use

Personal data is primarily used for business operations, employment administration, customer transactions, service delivery, regulatory compliance, and security. Secondary uses may include internal analytics, quality improvement, training, and business development, subject to applicable safeguards.

3.     Storage of Personal Data

Personal data is stored in secured physical files and electronic systems with controlled access. Data is retained only by authorized personnel and protected by appropriate organizational, physical, and technical security measures.

4.     Data Sharing and Disclosure

Personal data may be shared with authorized third parties, such as regulators, auditors, service providers, banks, insurers, and IT vendors, strictly for legitimate business and legal purposes. Data sharing is governed by contracts, confidentiality clauses, and data protection agreements.

5.     Retention Period

Personal data is retained only for as long as necessary to fulfill the stated purposes, comply with legal and regulatory requirements, and address audit or contractual obligations, after which it is securely disposed of.

6.     Secure Disposal

Upon expiration of the retention period, personal data is disposed of securely through shredding, deletion, anonymization, or other approved methods that prevent unauthorized retrieval or reconstruction.

7.     Risks in Data Processing

Risks may include unauthorised access, loss, misuse, or disclosure of personal data due to human error, system failure, or cyber incidents.

8.     Protection Measures

The Company implements privacy-by-design and security-by-default measures, including access controls, encryption, security policies, staff training, incident response procedures, and regular risk assessments to mitigate identified risks.

9.     Automated Processing

Certain systems may use automated tools for access control, transaction processing, or reporting. These systems are monitored and subject to safeguards to ensure fairness, accuracy, and security.

10.  Data Protection Officer (DPO)

For questions, concerns, or requests regarding personal data, you may contact the Company’s Data Protection Officer at:
Email: dpo@christyng.com.ph
Address: BA Lepanto Building,8747 Paseo De Roxas, Makati City

11.  Data Subject Rights

Data subjects have the right to be informed, access, object, correct, erase or block, data portability, file a complaint, and seek damages. Requests may be submitted in writing to the DPO and will be acted upon within the period prescribed by law.

The Company respects your privacy and is committed to protecting your personal data.