The Selah Garden Hotel, Inc., including its subsidiaries, affiliates, sister companies, member companies,
such as but not limited to Selah Pods Hotel Inc., Selah Lofts Hotel Manila, My Cabin by Selah, The
Ravine Natural Farm, Koinonia Realty Corporation, including its directors, management, officers,
employees and representatives (collectively, “ONE SELAH”) is committed to providing its employees,
clients, debtors, and Data Subjects with the highest levels of professional service. This includes
protecting their privacy as the ONE SELAH understands the importance of privacy of their Personal Data
and Personal Information.
By communicating with the ONE SELAH’s personnel, office, branches, email address, website, interacting
with any of its social media accounts, requesting its hotel, resort, accommodation and hospitality services,
applying for a job with ONE SELAH, asking ONE SELAH to provide hotel, resort, accommodation and
hospitality services, or other ancillary or related services, or otherwise providing ONE SELAH with your
personal data, all employees, clients and Data Subjects will need to consent to their personal data being
whose personal data is collected from clients or other third parties, job applicants and prospective
employees) who provides ONE SELAH with their personal data.
PURPOSE OF THE POLICY
daily operations and enable ONE SELAH to protect the integrity and security of personal data which has
been entrusted to ONE SELAH by its clients, employees, and business partners. It sets out the basic
obligations of ONE SELAH personnel regarding personal data.
all personal data in accordance with the directions in it.
particular action or conduct that is observed to have been in breach of this Manual, please seek legal
advice from the designated or retained lawyers of ONE SELAH or ONE SELAH’s Data Privacy Officer as
Data Privacy Act of 2012 (i.e. Data, Personal Information, Sensitive Personal Information, Data Sharing
Agreement, etc); including any terms defined or referred to by any implementing rules or regulations
issued by the Philippine National Data Privacy Commission shall be understood to have been adopted
DATA PROTECTION PRINCIPLES
All ONE SELAH personnel must adhere to the following general principles when collecting, using,
disclosing, processing or otherwise handling Personal Information, Sensitive Personal Information and
The consent of an individual must be obtained, in accordance with the applicable Philippine data privacy
laws, before collecting, using, or disclosing his personal data for a purpose. An individual also has a right
to withdraw his consent, by giving reasonable notice.
Before embarking on a new business project or initiative that requires the collection of Personal Data,
consider each category of Personal Data that is proposed to be collected and assessed whether the
“Personal information controller” or “PIC” (such as this ONE SELAH) is able to perform the project or
initiative without it. One should only collect the minimum Personal Data it requires for the legitimate
purpose it is required for.
Personal Data may only be collected, used or disclosed for legitimate purposes that a reasonable person
would consider appropriate in the circumstances. Fresh consent must be sought if any purposes for which
consent was obtained differ from the original purpose communicated and agreed to by the individual.
Before using any Personal Data for a new purpose, all ONE SELAH personnel must ensure that the new
ONE SELAH must notify individuals of the purpose(s) for which it intends to collect, use or disclose his
Personal Data on or before ONE SELAH’s collection, use or disclosure of such Personal Data. If ONE
SELAH will be collecting Personal Data for a new purpose (as above), ONE SELAH will need to provide
fresh notification to the individuals.
Upon request by an individual, he or she must be provided with his/her Personal Data possessed or
controlled by ONE SELAH, unless prohibited by Philippine Data Privacy laws or regulations or other
applicable laws or regulations in the country. Once ONE SELAH received the request, ONE SELAH will
need to understand internally how the individual’s Personal Data has been used, processed or disclosed by ONE SELAH.
ONE SELAH need to ensure that it log all activities in relation to the access and extraction of Personal Data held by it.
Unless the aforesaid laws or regulations provide otherwise, such personal data must be provided as soon
as practicable and no later than thirty (30) days after the individual’s first request for such personal data.
An individual may also request ONE SELAH to correct any inaccuracies in her/his personal data which is
in ONE SELAH’s possession or control. Unless Philippine laws or regulations provide otherwise, such
personal data must be corrected or erased as soon as practicable, but no later than thirty (30) days after
the individual’s first request for such correction.
Reasonable efforts must be made to ensure that personal data collected by or on behalf of ONE SELAH
is accurate and complete. This obligation applies at the time of collection and throughout the period
during which such personal data is in ONE SELAH’s possession or control.
Where the data is more sensitive (e.g. tax identification numbers, mobile numbers), ONE SELAH must
ensure that there are additional testing and checking performed to address any mistakes made during the
point of data entry. For example, a second person should double check the records to ensure accuracy.
Personal Data in ONE SELAH’s possession or under its control must be protected by reasonable security
arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal
or similar risks.
ONE SELAH personnel should take note of the following basic guidelines when sending Personal Data:
- Before sending a communication (e.g. email, Messenger, Viber, other social messaging
applications, written or electronic message/attachment) containing Personal Data, ensure that the
recipient address (e.g. email address, fax number, other details) is correct and matches that of
the intended recipient and that the right files are attached prior to sending.
- Perform regular housekeeping of auto-complete email list and double check recipient’s email
addresses before sending out emails or documents containing Personal Data.
- Where possible, implement automated processing of documents or communications containing
Personal Data (e.g. merging content or populating fields from various sources). Ensure the
accuracy and reliability of the automated process by checking it regularly.
- Require ONE SELAH employees handling and sending Personal Data to be bound by
confidentiality obligations in their employment agreements.
- Store hardcopy documents containing Personal Data in locked storage systems.
- Ensure that the computer networks being utilized by ONE SELAH to access, store or process
Personal Data are secure.
- Install appropriate computer security software and use suitable computer security settings.
Unless Philippine laws or regulations provide otherwise, the retention of documents containing personal
data must cease, or the means by which the personal data can be associated with particular individuals
must be removed (for e.g., anonymization of data) as soon as:
- it is reasonable to assume that the purpose for which the personal data was collected is no longer being served by retention of such personal data; and
- retention is no longer necessary for legal or business purposes.
ONE SELAH personnel shall ensure proper disposal of Personal Data which should no longer be retained by ONE SELAH.
Printed Personal Data should be shredded and digital documents containing such Personal Data should be permanently deleted.WHAT PERSONAL DATA DO ONESELAH COLLECT?
ONE SELAH collect personal data (including sensitive personal information and privileged information, for
example: government ID numbers) that is necessary for it to provide clients, business partners or
employees with the hotel, resort, accommodation and hospitality services they request, and for managing
said requests, and to improve its business, its affiliates’ businesses and its partners businesses. Such
personal data usually includes a person’s name, date of birth, address, email, and telephone numbers.
In addition, we may collect the following personal data:
- For recruitment purposes: an employee’s previous work history, performance appraisals,qualifications, information about incidents in the workplace, health information, personal history, opinions from referees or previous employers, information in relation to absences from work due to leave, illness or other causes and our assessment of you as a prospective candidate for recruitment including any psychometric or skills testing.
- For payroll purposes: an employee’s personal and employment details, Tax Identification Number, bank account details, and other ancillary information that is required to fulfil contractual, legislative, filing, and reporting obligations (including the payment of salary and wages).
- For client purposes: Complete Name, Mobile Number, Complete Address, government issued ID for identification purposes, Bank details for payment through online banking, bank to bank deposit or other electronic payment purposes, all other personal, sensitive personal and privileged information data from ATM information, property details and other relevant documents related to hotel, resort, accommodation and hospitality services or other ONE SELAH purposes.
HOW DOES ONE SELAH COLLECT
In general, ONE SELAH collects personal data from its data subject through the following mediums or
1. Social Media Applications – Facebook, Instagram, Tiktok, Twitter, etc.
2. Social Messaging Applications/ Chat Applications - Viber, Messenger, Whatsapp, Telegram
3. SMS /Mobile- Text, calls
4. Online Conference Applications- Zoom, Google Meet, etc.
5. Face-to-Face Interactions – Interviews, physical interactions
6. Website - a fill out form is located in our website. Once filled, it will be sent and fulfilled to our
7. Electronic mail (“Email) - a few customers directly inquire through our the email indicated in our
Before ONE SELAH collect and process personal data, it will first ask for a Data Subject’s consent as
evidenced by written, electronic, or recorded means. ONE SELAH will also notify the Data Subject of its
purpose for processing his/her personal data. The data subject consent procurement process may be
integrated already into the system, website, social media interface that ONE SELAH operates in.
When possible, ONE SELAH will directly collect personal data from a Data Subject (for example in
person, over the telephone, by email, via social media, or when said person set up an account with ONE
SELAH or complete one of its online or hard copy application form).
ONE SELAH may also obtain personal data from third parties such as its clients, a Data Subject’s
referees, educational institutions, and current and former employers.
For the provision of payroll services, ONE SELAH will collect personal data from personnel who has
contracted ONE SELAH to provide recruitment and placement services.
ONE SELAH may also automatically collect certain information when you visit its website, some of which
may personally identify a Data Subject. Such information includes the type of browser a Data Subject is
using, the type of operating system he/she is using, the Data Subject’s IP address, and how he/she use
ONE SELAH’s website.
If a person intends to provide ONE SELAH with personal data about another individual, before doing so
WHY DOES ONE SELAH COLLECTPERSONAL DATA AND HOW DOESIT USE SAID DATA?
- represent and warrant that they have that individual's consent to provide their personal data to ONE SELAH in accordance with the relevant Philippine laws.
ONE SELAH collect a Data Subject’s personal data or personal information and use it for the declared
and specified purpose for which it was provided to said Data Subject. ONE SELAH may also use a Data
Subject’s personal data for other related legitimate and legal purposes (and, in the case of sensitive
information, only for specific and directly related purposes which you have consented to) or as permitted
or required by law. Such purposes include:
- Providing our clients and/or the Data Subject with ONE SELAH’s services;
- Marketing the services of ONE SELAH’s services to its clients or potential clients;
- Evaluating the services of ONE SELAH’s services to its clients for purposes of improvement via suggestion and reactions;
- Facilitating recruitment opportunities for job applicants, including assessing a Data Subject’s
application for employment with ONE SELAH and verifying his/her information;
- Providing Data Subject or clients with information about ONE SELAH and its activities (such
as new services) that are of relevance to them (if they have consented to receiving said
- Uploading to Meta for purposes of availing the lookalike audience feature;
- For marketing and advertising purposes but only limited to the services being offered by ONE
SELAH only unless otherwise stated in its Data Privacy Consent form;
- To improve ONE SELAH’s business or strategy;
- In the payroll context, fulfilling contractual commitments to provide payroll services for its
clients. The information collected from its payroll clients is used solely for the purpose of
- To be used for future businesses, expansion plans, studies, campaigns, marketing strategies,
for data analysis, algorithm, technological derivative, research, and other uses, related to any
and all services, actions, or transactions as may be deemed necessary by ONE SELAH, and;
- Any other purpose identified at the time of collecting a Data Subject’s personal data for which
he/she are notified separately.
WHEN DOES ONE SELAH
DISCLOSE PERSONAL DATA?
Any personal data a Data Subject provide to ONE SELAH shall NOT BE DISCLOSED by the ONE
SELAH unless it first asks for the Data Subject ‘s consent. However, ONE SELAH as a general rule will
not share personal data outside its umbrella group of companies and its systems. Said umbrella group
includes the subsidiaries, affiliates, sister companies, member companies, directors, management,
officers, employees and representatives of ONE SELAH.
By way of exception, it is also possible, though unlikely, that ONE SELAH might be forced to disclose
personal data in response to legal process or when we believe in good faith that the law requires it, for
example, in response to a court order, in compliance with tax rules before the Bureau of Internal Revenue
of the Philippines, subpoena, or a law enforcement agency's request.
ONE SELAH will only disclose your sensitive information (for example, health information) for the
purposes for which it was initially collected, other directly related purposes or purposes to which a Data
Subject otherwise consent.
What is a Data Breach?
A data breach includes the following scenarios:
- The unauthorized access, publication, dissemination, sharing or use of ONE SELAH’s protected
Personal Data or Personal Information; or
- ONE SELAH’s protected Personal Data or Personal Information has been deleted or lost, without authorization. Personal Data or Personal Information includes Sensitive Personal Information and Confidential Personal Information.
Data breaches may occur due to intentional acts or omissions, or as a result of an accident, human error
or software malfunction. Examples of a data breach include:
WHO SHOULD I CONTACT IN THEEVENT OF A SUSPECTED ORACTUAL DATA BREACH?
- Hacking or illegal access to databases
- Theft or accidental loss of ONE SELAH’s laptops, devices, thumb drives or hard disks containing personal information or personal data
- Phishing or scams that trick account users into providing their passwords or Personal Information or Personal Data
- Sending protected Personal Data or Personal Information to a wrong e-mail or physical address,disclosing protected Personal Data or Personal Information to a wrong recipient
- Unauthorized access to protected Personal Data or Personal Information by employees without proper authority
- Improper disposal of protected Personal Data or Personal Information (e.g. hard disks, storage media or paper documents containing Protected Information are sold or discarded)
Immediately notify ONE SELAH’s Data Privacy Officer.
At the earliest opportunity once you have understood the situation, please send an email to the Data
Privacy Officer (contact details below). The email should contain the following information:
- Description of the breach or suspected breach, including a list of the Protected Information affected
- Estimated number of individuals affected by the breach
- Any action taken to address or stop the breach
- Outcome of the action
Upon receiving the notification, ONE SELAH’s Data Privacy Officer shall immediately convene the Data
Breach Response Team.
WHAT WILL THE DATA BREACH
RESPONSE TEAM DO?
ONE SELAH has developed a Data Breach Response Plan. In the event of a data breach, the Data
Breach Response Team headed by the Data Privacy Officer will execute the Response Plan. The
Response Plan sets out the actions to be taken in the event of an actual or suspected data breach. It is
designed to urgently:
1) stop and contain the data breach (if it is ongoing);
2) immediately report the breach to the Philippine National Privacy Commission in compliance
with its data breach protocols and rules under the law
3) assess the scope of the data breach;
4) mitigate damage from the data breach;
5) comply with our legal and regulatory obligations arising from the data breach such as making
the proper mandated notification to the affected individuals and the proper government
agency within the proper timeframe as may be required by your local law
6) apply lessons learnt to our policies and procedures
The Response Plan enables ONE SELAH to account to its clients, employees and other
individuals/entities who have entrusted ONE SELAH with their Personal Information or Personal Data.
Executing the Response Plan mitigates the risk of serious loss or reputational harm to ONE SELAH as a
result of a data breach.
privacy principles under the Data Privacy Act of 2012, they can contact ONE SELAH by using the contact
details below. The complainant will need to provide ONE SELAH with sufficient details regarding his/her
complaint as well as any supporting evidence and/or information.
ONE SELAH will refer your complaint to our Data Privacy Officer who will investigate the issue within a
reasonable time frame, which is usually 30 days but may be longer if the matter is complex. ONE
SELAH’s Data Privacy Officer will determine the steps (if any) that we will undertake to resolve the
complaint. Such steps may include discussing the options for resolving the complaint with the person,
notifying relevant employees the subject of a complaint, and seeking their input or escalation to its
President or external legal counsels.
ONE SELAH or its Data Privacy Officer will contact the complainant if any additional information is
required. They will also notify the complainant in writing of the outcome of our investigation. If the
complainant is not satisfied with ONE SELAH’s resolution, the complainant can contact ONE SELAH’s
Data Privacy Officer to discuss his/her concerns or complain to the National Privacy Commission via
Data Subjects and require them to consent before proceeding.
DATA PRIVACY OFFICER:
SELAH GARDEN HOTEL MANILA
Address: 2715 Park Avenue San Rafael St., Pasay City, Metro Manila
Email address: email@example.com