Privacy Notice and Policy

The personal data we collect from you will be used in some or all the following ways:

• • To process your orders and to provide you with services and information offered through our Rustan’s Sites or Rustan’s Stores.
    
    
  • To deliver the products you have purchased from the Rustan’s Sites and Rustan’s Stores.
    
    
  • To update you on the delivery of the product and for customer support and services purposes.
    
    
  • To provide you with relevant product or service information and promotions via email or SMS, if so allowed, or when you contact us in our official social media accounts or in our Rustan’s Sites.
    
    
  • To manage or administer your account(s) with us, or our relationship with you, such as but not limited to: notifying you about changes to our terms and conditions, services, response to your comments, complaints, and other feedback on our services.
    
    
  • To carry out earning and redemption of loyalty points, where appropriate.
    
    
  • To verify and carry out secure financial transactions in relation to payments you make online.
    
    
  • To audit the downloading of data from our website.
    
    
  • To improve the layout and/or content of the pages of our website and customize them for users.
    
    
  • To study visitors on our website.
    
    
  • To carry out market research, and product and service development and improvement based on our users' demographics using Rustan’s analytics tools. You can unsubscribe from marketing information at any time by using the unsubscribe function.
    
    
  • To manage customer loyalty programs, inventory, sales performance, and website performance.
    
    
  • For compliance, audit, legal, and security purposes, such as but not limited to use of CCTV systems and card payment fraud detection and prevention systems.

Rustan’s also collects personal data of our employees and job applicants. The personal data of job applicants is collected through Rustan’s official forms, authorized email accounts, and job sites, and are being used in accordance with employment application processes. While the pieces of personal data of Rustan’s employees are collected and used based on their consent and compliance with labor laws and regulations and other applicable laws.

Rustan’s may collect the personal data of the minors in relation to the purchase of necessaries (e.g., clothing, etc). Consent of the minor’s parent or legal guardian may be required depending on the type of purchase of goods or services availed of and the categories of personal data involved unless the consent was warranted by the minor with sufficient proof.

Rustan’s process your personal data following the principles of legitimate purpose, proportionality, and transparency. Rustan’s consent forms (physical and electronic forms) are evidence of your voluntary decision to consent to Rustan’s collection, use, and processing of your personal data. Rustan’s may also process your personal information without your consent provided that such is within the scope of its legitimate interests. To communicate such, a privacy notice clause is available in the relevant Rustan’s forms and documents and this document.

The other grounds for Rustan’s to process your personal data are: for compliance with contractual obligations when you are a party such contract with Rustan’s; for compliance with Rustan’s legal obligation or when such is prescribed by existing laws and regulations; when it is necessary to protect your vitally important interests including your life and health; when it is necessary for Rustan’s to respond to national emergency or to comply with the requirements of public order and safety; when Rustan’s processing is necessary for the fulfillment of the mandates of a public authority e.g., law enforcers, courts; and other government agencies, or protection of lawful rights and interests.

Rustan’s implements reasonable and appropriate organizational, physical, and technical security measures to protect the privacy of your personal data. Only Rustan’s authorized employees and third-party service providers, who satisfy our data privacy and protection requirements, can process your data.

You may access your personal data by logging into your account on Rustans.com or Adora.PH. Here you can view the details of your orders that have been completed, those which are open, and those which are shortly to be dispatched, and administer your address details, bank details, and any newsletter to which you may have subscribed.

For Member Sites, you may access member information, points, and transactions, by logging into your account and entering your credentials. Do not share your Beauty Addict or Frequent Shopper’s card number and personal identification number. You are responsible for the confidentiality and integrity of your access credentials. We cannot assume any liability for loss or misuse of passwords. Please report immediately to our authorized representatives your lost or compromised credentials.

Some of your personal data may be updated and corrected by logging in to your account on the Rustan’s Sites and Member Sites. Should you experience difficulties, you may request to correct such information by talking to one of our Customer Service personnel.

There are a variety of circumstances, depending on the services you have availed of, where Rustan’s may need to share or disclose your data to business partners or third-party service providers that you have provided to us. In these cases, our business partners or third-party service providers are contractually bound to securely use your personal data in accordance with the data processing or sharing agreements with them, and all laws and regulations applicable to their operations.

With your consent, your personal data may be shared with other members of Rustan’s Group of Companies for the use of your Rustan's loyalty customer account in other member-companies, and with other accredited partners and third parties, acting on our behalf, for necessary services.

In exceptional circumstances, Rustan's may be required to disclose personal data, such as when there are grounds to believe that the disclosure is necessary and with lawful grounds.

Under the DPA, you have the following rights:

1. 1. Right to be informed. Rustan’s will inform you about how your personal data is being processed or have been processed, including the existence of automated decision making and profiling systems. At the very least, Section III summarizes how Rustan’s process your personal data.
      
      
   2. Right to object. You may suspend, withdraw, and remove your personal data in certain further processing (e.g., direct marketing, analytics, survey, etc), upon demand, which include your right to opt-out to any communication from Rustan’s.
      
      
   3. Right to access. Upon written request, you may access information on the processing of your personal data which may include the following, contents and categories of personal data, the manner of processing, sources where they were obtained, recipients and reason of disclosure, if applicable.
      
      
   4. Right to rectification (dispute and/or correct). Upon written request, may dispute inaccuracy or error in your personal data and have Rustan’s to correct the same.
      
      
   5. Right to data erasure. Upon written request and based on reasonable grounds, you have the right to suspend, withdraw or order blocking, removal or destruction of your personal data from the Rustan’s filing system, without prejudice to the Rustan’s continuous processing for commercial, operational, legal, and compliance purposes.
      
      
   6. Right to data portability. You have the right to obtain from Rustan’s your personal data in an electronic or structured format that is commonly used and allows for further use.
      
      
   7. Right to be indemnified for damages. As data subject, you have every right to be indemnified for any damages sustained due to such violation of your right to privacy through inaccurate, false, unlawfully obtained or unauthorized use of your personal data.
      
      
   8. Right to file a complaint. You may file your complaint or any concerns with our Data Protection Officer and/or with the National Privacy Commission through www.privacy.gov.ph.
      
      
   9. Transmissibility of rights. Rustan’s can accommodate the processing of personal data on-behalf of an incapacitated or deceased data subject provided that there is a legal notice such as Special Power of Attorney or any evidence to back any claims.

In exercising your data privacy rights, you may email Rustan’s Data Protection Officer at dpo@rustans.com.

Please make sure to include your name, username, and other details and supported with appropriate identification documents, if a lawful representative or heir is requesting on behalf of the data subject.

Rustan's reserves the right to refuse unreasonable requests. A request shall be complied with without undue delay, provided, that the period will not exceed thirty (30) working days after receipt of the request and/or the necessary supporting or additional documentation: provided further, that if a request is complex or numerous, compliance with such request may be extended, with notice to the data subject, for a period not exceeding another fifteen (15) working days.

Rustan’s strictly enforces data privacy and information security policies. It implements technical, organizational and physical security measures to protect your personal data against loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction.

However, this does not guarantee absolute protection against certain risks involving the processing of personal data, such as when systems are exposed to targeted cyberattacks, malware, ransomware, and computer viruses or when manual records are accessed without authority. To ensure appropriate security incident management in line with existing NPC policies, circulars, and other issuances, we put safeguards such as the following:

• • Maintaining or engaging partners with technology products to prevent unauthorized computer access such as PCI Level 1 security compliance and ISO certification;
    
    
  • Securely destroying your personal information when it is no longer needed for record retention purposes; and
    
    
  • Using physical, technical, and organizational procedures and security features to protect your information.
    
    
  • Limiting access to your personal data among our employees and agents on a need-to-know basis and subject to strict contractual confidentiality obligations when processed by third-parties.

Note, however, that Rustan's cannot guarantee the security of the internet or telecommunications network used to access the Site.

Rustan’s keep your data as long as it is necessary: a) for the fulfillment of the declared, specified, and legitimate purposes, or when the processing relevant to the purposes has been terminated; b) for the establishment, exercise or defense of legal claims; or c) for legitimate business purposes, which shall be in accordance with the standards of the NPC.

Financial data and documents which indicate taxable transactions, data shall be preserved for ten (10) years per BIR regulation.

Pursuant to Section I until the termination of your account to Rustans, the retention period of five (5) years from the date of termination of your account or your last transaction, relationship, or communication with Rustans. All other transactions and accounts that are defined here in, the retention period of five (5) years from the date of from the termination of your account or your last transaction, relationship, or communication, except where specific laws and/or regulations require a different retention period, in which case, the longer retention period is observed.

For inquiries and concerns, you may address them to Rustan’s Data Protection Officer through email at dpo@rustans.com.

Emails and letters should clearly state that you are making a data protection query, request, or complaint in the subject line to ensure the matter is dealt with urgency. We will strive to deal with any query, request, or complaint promptly and fairly.

Rustan's reserves the right to modify and change the Policy. Any changes to this policy will be published on our Site.

By clicking "Agreed" on our Cookie and Policy pop-up; ticking any web form referring to the current Policy on any of our online platforms; submitting your personal data to us such as in signing up for an account on the Sites or in making requests, or ordering any of our products and services; or when you provide your personal information by filling-out In-store forms, you are agreeing to the terms of the Policy.

You are encouraged to visit the Sites from time to time to ensure that you are well-informed of our latest data protection and privacy policies.

This Policy and your use of this Site shall be governed in all respects by the laws of the Philippines.