Privacy Policy
This Privacy Policy explains how [LEGAL ENTITY NAME] ("Ardent OnPoint", "we", "us") collects, uses, stores, and protects personal data within the Ardent OnPoint operating system (the "System"), available at on-point.com.ph. The System is an internal business platform used by our authorised staff to run the agency. We are committed to processing personal data fairly, lawfully, and securely, in accordance with the Philippines Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and applicable issuances of the National Privacy Commission (NPC).
1. Who we are (Data Controller)
The personal information controller responsible for your data is:
- [LEGAL ENTITY NAME]
- [REGISTERED BUSINESS ADDRESS]
- Data Protection Officer: [DPO NAME] — [dpo@on-point.com.ph]
2. Who this policy covers
The System processes personal data relating to:
- Staff users — employees and authorised personnel who log in to the System.
- Business contacts — representatives of clients, vendors, and partners we work with.
- Creators / influencers — individuals whose publicly available professional profiles we evaluate for talent sourcing and campaigns.
3. What personal data we process
| Account & authentication | Name, username, email address, role, and a securely hashed password. We never store passwords in plain text. |
|---|---|
| Activity & security logs | Sign-in events and key actions, with the associated user, timestamp, IP address, and browser/device information, recorded for security and accountability. |
| Human-resources (HRIS) data | For staff: employment records, compensation and salary details, leave, performance/KPI, and related HR information. |
| Business-relationship data | Contact details and records for clients, vendors, partners, contracts, deliverables, and financial documents (e.g. proposals, job orders, invoices). |
| Creator / influencer data | Publicly available professional information such as display name, platform handle, follower counts, engagement metrics, category, and country — obtained through third-party data providers for talent discovery. |
| Content you create | Messages, meeting information, calendar events, tasks, notes, and files you upload to the System. |
| Cookies | Strictly necessary cookies only: a secure, HTTP-only session/refresh cookie to keep you signed in and a cookie used to prevent cross-site request forgery. We do not use advertising, profiling, or third-party analytics cookies. |
4. Why we process it and our lawful basis
We process personal data for the following purposes:
- To operate the System, authenticate users, and control access (necessary for our legitimate business operations and to perform our obligations as an employer/service provider).
- To manage HR, payroll, clients, vendors, projects, and finances (performance of a contract and compliance with legal obligations such as tax and labour law).
- To source and evaluate creators/influencers for campaigns (our legitimate interests in running the agency, balanced against the limited, professional, publicly available nature of the data).
- To protect the security and integrity of the System (legitimate interest in preventing fraud and unauthorised access).
Where the law requires your consent for a specific processing activity, we will obtain it, and you may withdraw it at any time.
5. How we protect your data
We apply organisational and technical safeguards, including:
- Passwords hashed with a strong, memory-hard algorithm (Argon2id) — never stored or logged in plain text.
- Encryption of data in transit over HTTPS/TLS.
- Authentication tokens kept in secure, HTTP-only cookies (not accessible to browser scripts), with cross-site request forgery protection.
- Role-based access control, so users see only what their role permits.
- Audit logging of sensitive actions, parameterised database queries to prevent injection, and a strict Content Security Policy.
- Regular database backups and least-privilege access to systems.
6. Sharing and third-party processors
We do not sell personal data. We share data only with service providers who process it on our behalf, under appropriate confidentiality and data protection terms, including:
- Our web hosting and database providers, which store the System and its data.
- Our email (SMTP) provider, used to send notifications and messages you initiate.
- The third-party influencer-data provider used by the Creator Discovery feature to return public creator profiles.
We may also disclose data where required by law, regulation, court order, or a lawful request by a public authority.
7. International transfers
Some of our providers may process or store data outside the Philippines. Where this happens, we take steps to ensure the data continues to be protected to a standard consistent with the Data Privacy Act, including through contractual safeguards with those providers.
8. How long we keep data
We retain personal data only for as long as necessary for the purposes above, to comply with our legal, tax, and accounting obligations, and to resolve disputes. Deleted records are first deactivated ("soft-deleted") and then purged according to our retention schedule. Backups are rotated and overwritten over time.
9. Your rights
Under the Data Privacy Act, subject to legal limits, you have the right to:
- be informed about how your data is processed;
- access the personal data we hold about you;
- have inaccurate or outdated data corrected (rectification);
- object to or restrict certain processing;
- have your data erased or blocked where grounds exist;
- data portability, where applicable;
- be indemnified for damages from unlawful processing; and
- lodge a complaint with the National Privacy Commission.
To exercise any of these rights, contact our Data Protection Officer at [dpo@on-point.com.ph]. We will respond within the period required by law. Creators or other individuals who wish to access, correct, or request removal of their information may use the same contact.
10. Children
The System is an internal business tool and is not intended for use by children. We do not knowingly collect personal data of minors except where strictly necessary and lawful in a business context.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, notify users through the System.
12. Contact us
Questions about this policy or your personal data can be sent to our Data Protection Officer at [dpo@on-point.com.ph], or by post to [REGISTERED BUSINESS ADDRESS].