1. a. Introduction

The current notification is designed to inform you about the processing of your personal data and your rights relating to such processing in accordance with the Data Privacy Act of the Philippines and General Data Protection Regulations (“GDPR”) of Europe. Hereby you are explained how the processing of your personal data by KMA takes place and where we ensure these are processed in a responsible manner.

    1. b. Personal Information Controller

KMA, in accordance with the legislation in force is a Personal Information Controller. You can find below the contact details of KMA’s Data Protection Officer, whom you can contact for questions or requests about processing of your data.

KMA and its partners take very seriously the security of your data. Compliance with the legislation on personal data protection and good practice in the field, as well as ensuring a climate of transparency, security and trust is a priority for which the employees, partners, suppliers, and KMA’s management firmly declare their support.

    1. c. Data Protection Officer

You can contact the Data Protection Officer at any time using the following contact details:

Randy P. Magnaye
Klaveness Maritime Agency Inc.
5/F Five E-Com Center, Mall of Asia Complex, Pasay City 1300
CP number: + 63 917 1034477


The personally identifiable information processed by KMA is obtained directly from you and is of the following types:

a. Personal Information: last name; first name; gender; birth date; citizenship; video recordings; contact details, employment history

b. Sensitive Personal Information: Age; SSS Number, TIN, Philhealth Number, PAGIBIG Number, medical record, NBI/Police/Court Clearance and Biodata including biometrics. information about your family members and kinship relations, criminal records (where required by embassies), professional profile (references, employer assessments) banking data; completed studies, certificates and professional certificates and information in your identity papers (date of issue, expiration date, place of birth, etc.);

c. Privileged Information: Data received within the context of a protected relationship – doctor and patient; Data received within the context of a protected relationship – attorney and client


The source of your personal data is yourself!

KMA does not collect personal data except through the employment / application forms that each candidate fills in and submits personally or electronically via e-mail; these are either KMA standard forms or a candidate’s chosen format.


The legal basis for collecting and processing your personal data is:

  • your consent
  • the employment / application form (legitimate interest of the controller / processor)
  • the employment contract you are part of
  • a legal obligation to communicate, upon request, to public authorities
  • the legitimate interest of KMA in solving any disputes that may arise from the employment contract


The purposes for processing your personal data are:

  • to register in the potential candidates pool for a contract of employment through KMA
  • for interviewing and testing in view of potential employment
  • for pre-employment medical check-up
  • for checking of professional background with previous employers
  • for employment purposes
  • for financial management of an employment contract (payroll, taxes, etc)
  • for travel arrangements, including obtaining visas (and criminal records where required)
  • for professional training sessions
  • for a marketing campaign in which you are informed of any job offers
  • to fulfil a legal obligation of communication, upon request, to public authorities
  • to formulate requests and defenses before public authorities and other entities that settle disputes
  • to conduct surveys, debriefings and ask questions to you to get your opinion
  • for video surveillance at KMA headquarters


KMA does not disclose your personal data to other companies or organizations except in business specific situations.

Unfortunately, it is not possible at this point to provide accurate information about the exact identity of all possible recipients of your data because they cannot be pre-established for each potential candidate, but you can find the categories of such recipients below:

  • your potential employers
  • service providers directly / indirectly involved in the employment contract (insurers, travel agents, transport companies, medical clinics, embassies, training centres, international state authorities
  • public authorities in any area at their request or at the initiative of KMA in accordance with the applicable law (e.g. international maritime administrations)
  • accountants, auditors, lawyers and other external professional consultants of KMA, from Philippines or abroad; they will be bound by a law or by the contract concluded with KMA to keep the confidentiality of your data
  • natural or legal persons acting as authorized persons for KMA in various areas anywhere in the world who will be required to comply with the requirements of the law that protects your rights – they provide certain services to KMA (for example: agents)
  • any person, agency or relevant court in the Philippines or any other State – to the extent necessary to establish, exercise or defend a right of KMA in court.


KMA will transfer your personal data to potential employers or companies outside of the Philippines.

For such transfers, KMA will ensure that the country in question is included in the European Commission’s Decision of Adequacy or, failing that, will sign Standard Contract Clauses to ensure that the transfer of personal data is regulated by the same level of security and strictness as transfers within the European Community.


The length of time for storing your personal data is:

    1. – 1 year from the date of receiving your application, if an employment contract was not executed
    1. – 10 years from the date of termination of the last employment contract After the expiration of these periods, all your personal data will be deleted.

To store your data, KMA uses secured servers (both network-based and cloud-based of specialized
companies (i.e. Microsoft Azure ) with a high degree of security.


KMA implemented the following measures to ensure the security of personal data:

  • by adopting and reviewing policies dedicated to data processing
  • by minimizing the amount of processed personal data
  • by restricting access to personal data
  • by specific technical measures to secure access to personal data
  • by ensuring the accuracy of personal data
  • by training the staff on how data is processed and the related risks
  • by deleting or anonymizing the data so that the person to whom it relates can no longer be identified
  • by control of providers by introducing contractual clauses on the protection of personal data


Right to be Informed. You have the right to be informed on your data or copies thereof; Basis of processing when processing is not based on your consent; scope and method of the personal data processing.

Right to Object: You have the right to object to the processing of your personal data, including automated processing or profiling. You will be notified and given and opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied.

Right to Access: You have the right to access your data or copies thereof.

Right to rectification: You have the right to dispute the inaccuracy or error in the personal data and have the personal information controller correct it immediately and accordingly.

Right to erasure of blocking: You have the right to suspend, withdraw or order the blocking, removal, or destruction of your personal data from KMA.

Right to Damages: You will be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal data.

Transmissibility of Rights of the Data Subject: The lawful heirs and assigns by you may invoke your rights to which he or she is an heir or an assignee, at any time after your death, or when you are incapacitated or incapable of exercising your rights.

The right to data portability. You have the right to obtain a copy of your personal data in electronic format.

Right to withdrawal of consent. In cases where your data is processed under your consent, you have the right to withdraw your consent; you can do this at any time, at least as easy as you first granted consent; withdrawing consent will not affect the lawfulness of processing your data that was made prior to withdrawal. You can withdraw your consent by sending an email to

The right to lodge a complaint with the supervisory authority. You have the right to file a complaint with the National Privacy Commission for Personal Data Processing regarding irregularities in the processing of your data by KMA or on behalf of KMA. This can be done directly on the website by going to or using the contact details.

For the exercise of these rights, as well as for any further questions regarding this notice or in connection with the use of personal data by KMA, please contact us by choosing any of the communication modalities described in Chapter 1 under “Data Protection Officer”.


You are not required to provide the personal data mentioned in this notification. In this respect, if you choose not to provide this data, KMA will not be able to provide you with its services.


KMA has no automatic data processing processes in place, and all personal data processing is done manually by KMA staff.


The Supervising Authority for Personal Data Processing: an independent public authority which, according to the law, has powers related to supervising the personal data protection legislation. In the Philippines, this authority is the National Privacy Commission

Special categories of personal data (sensitive data): personal data revealing racial or ethnic origin, political opinions, religious confession or philosophical beliefs or trade union membership; genetic data; biometric data to uniquely identify an individual; data on the health, sex or sexual orientation of a natural person; data on the history of possible criminal convictions of a person; performance data and workplace assessments

Consent of the data subject: any manifestation of the free, specific, informed, and unambiguous will of the data subject by which he or she accepts, through an unequivocal statement or action, that the personal data concerning him or her is processed.

Personal data: any information about an identified or identifiable individual. A natural person is identifiable if it can be identified, directly or indirectly, in particular by reference to an identification element, for example: name, identification number, location data, online identifier, one or more elements, specific to the physiological, genetic, psychological, economic, cultural or social identity of that person. For example, in the notion of personal data, the following are included: first and last name; address of domicile or residence; Email Address; phone number; Personal Identification Number, medical data (sensitive data). The categories of personal data about you that we process are listed above.

Consignee: The natural or legal person, public authority, agency or other body to whom personally identifiable information is disclosed regardless of whether or not it is a third party.

Breach of personal data security: a security breach that accidentally or unlawfully leads to the unauthorized destruction, loss, amendment or disclosure of personal data transmitted, stored or otherwise processed or to unauthorized access thereto.

Controller: a natural or legal person who decides why (for what purpose) and how (by what means) personal data is processed. According to the law, the responsibility for complying with the legislation on personal data rests primarily with the controller.

Third party: a natural or legal person, a public authority, an agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to transfer personal data

Partners / providers: legal entities with which KMA has signed a collaboration agreement.

Processor: any natural or legal person who processes personal data on behalf of the controller other than the controller’s employees.

Processing of personal data: any operation or set of operations performed on personal data, with or without the use of automated means; for example: collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing, disseminating or making available in any other way alignment or combination, restriction, deletion or destruction of those personal data. These are just examples. Practically, processing means any operation on personal data, whether by automatic or manual means.

© Copyright - Klaveness Maritime Agency, Inc.