Privacy Policy

  1. Introduction

    Thank you for choosing to be part of our community at Northeast Business Solutions, Inc., operating under the name NBS (“NBS,” “we,” “us,” or “our”). We are dedicated to safeguarding your personal information and ensuring your privacy rights are respected. This Privacy Policy explains how we collect, store, process, disclose, and protect your personal data when you engage with our services.


    If you have any questions or concerns regarding this policy or our data handling practices, please feel free to reach out to us at [email protected].


    This Privacy Policy applies to all information collected through our interactions with you, including our services, sales and marketing materials.


    Please read this Privacy Policy carefully to understand how we handle your personal and sensitive information. This policy will help you make informed decisions about sharing your information with us.


    The following policies is relevant to this document:

    • Information Security Policy
    • Terms and Conditions
    • Access Control Policy
    • Records Retention and Protection Policy

  2. Types of Data Collected

    We may collect the following types of sensitive data to provide, improve, and ensure the security of our services:


    1. Personal Identifiers: This includes your name, address, phone number, email, government identification numbers (e.g., social security numbers, national ID), and other personal details. These are collected to create your account, verify your identity, and provide support.
    2. Financial Information: This may include bank account details, payroll details, etc. We collect this data to process base on the service you avail/ subscribe to us.
    3. Health Information: In cases that our client has requirements related that are related to health or wellness, we may collect data such as medical history, health conditions, or prescriptions. This data is used to provide health information- medical history, healthcare-related services.
    4. Biometric Data: We may collect biometric data, such as fingerprints, facial recognition, or access pins, for secure authentication and to provide personalized services. This data is used exclusively for authentication or some other functions.
    5. Location Data: In cases that our client has a requirement to locate the user’s location, we may collect them using geographical location data (e.g., GPS coordinates). This data is used to provide location-based services as per client needs.
    6. Login Credentials: This includes your usernames, passwords, or any other authentication details you provide to access our services. This data is necessary for secure account management.
    7. Communication Data:We may collect information you provide in communications with us, such as emails, chats, or thru any forms (feedback forms, etc.). This data is used to respond to your inquiries, improve services, and for customer support purposes.
    8. Other Sensitive Information: In certain cases, we may collect other types of sensitive data as required for specific services or in compliance with relevant legal obligations. This will be clearly outlined at the time of collection, and your consent will be sought.

  3. Legal Basis for Data Collection

    We collect and process personal and sensitive information based on several legal grounds to ensure compliance with data protection laws. These legal grounds include:


    1. Consent: In cases where required by law or for certain types of data, we will request your clear and informed consent before collecting and processing your information. You have the right to withdraw this consent at any time.
    2. Compliance with Legal Obligations: We may process your data as necessary to comply with applicable laws, regulations, or legal processes. For example, we may retain certain information for tax purposes, regulatory compliance, or other legal requirements.
    3. Legitimate Interests: We may also process your information based on our legitimate interests, such as improving our services, enhancing security, or conducting general business operations, provided that these interests do not override your privacy rights.

    Each processing activity will align with one of these legal bases, ensuring that we handle your data responsibly and in compliance with relevant data protection laws.

  4. Data Protection and Security Measures

    We are committed to safeguarding your sensitive information by implementing strict data protection and security measures. Our security protocols include:


    1. Encryption: Sensitive data is encrypted both in transit and at rest. This ensures that your information remains secure and unreadable to unauthorized parties during transmission and storage.
    2. Access Controls: Access to sensitive data is restricted to authorized personnel only. We use role-based access controls and require secure authentication methods, ensuring that only those with a legitimate need can view or handle sensitive information.

    3. EmployeeAwareness and Information Security Training:

      • Training programs are conducted to raise awareness among employees about information security risks and best practices.
      • We ensure that employees are familiar with security protocols, phishing risks, and data protection laws to reduce human errors and insider threats.
      • All employees are required to acknowledge and comply with internal information security policies, including confidentiality and non-disclosure agreements.

    4. Effective Risk Assessment Procedure:

      • We continuously assess and manage potential risks to sensitive data through regular risk assessments and audits.
      • Identified risks are evaluated based on their likelihood and impact, with appropriate mitigations and controls implemented to minimize the likelihood of a security incident.

    5. Incident Response Team (IRT):

      • A dedicated Incident Response Team (IRT) is in place to swiftly handle any security incidents, including data breaches or unauthorized access.
      • The IRT is trained to detect, assess, and respond to threats, ensuring that any incidents are promptly addressed, and all stakeholders are notified in compliance with relevant data protection laws (e.g., GDPR, HIPAA).
      • We also conduct regular incident response drills to test the preparedness of the team and improve the response process.

    6. Backup and Data Recovery Procedures::

      • Regular backups are performed to ensure the recovery of critical data in the event of data loss or a system failure.
      • Backup systems are securely stored and periodically tested to ensure quick restoration in case of emergencies.
    7. Regular Audits and Security Assessments: We conduct routine audits and security assessments to identify and address potential vulnerabilities in our systems and processes. This helps us stay proactive in protecting your data against emerging threats.

    These measures are designed to ensure the service resilience, protect your sensitive information and maintain the highest standards of data security in compliance with applicable regulations and industry best practices.

  5. Data Sharing and Disclosure

    We are committed to maintaining your privacy and will not share your sensitive data with third parties, except in the following circumstances:


    1. Service Providers: We may share your data with trusted third-party service providers who assist us in operating our services, such as cloud hosting providers, or customer support platforms. These providers are contractually obligated to safeguard your data and only use it for the purpose of providing the services we have contracted them for.
    2. Legal Requirements: We may disclose your data if required by law, regulation, legal process, or governmental request, such as responding to subpoenas, court orders, or legal inquiries.
    3. Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred as part of that transaction. We will notify you if your data becomes subject to a different privacy policy.
    4. Consent: We may share your data with other parties if we obtain your explicit consent to do so.

    We take steps to ensure that any third party with whom we share data complies with appropriate privacy and security standards to protect your information. These safeguards may include data processing agreements, confidentiality obligations, and industry-standard security protocols.

  6. User Rights

    Under applicable data protection laws, such as the General Data Protection Regulation (GDPR) or the Data Privacy Act in the Philippines, you have the following rights regarding your personal and sensitive data:


    1. Right to Access: You have the right to request information about the personal data we hold about you. Upon request, we will provide a copy of the data we have stored.
    2. Right to Correct: If the data we hold about you is inaccurate or incomplete, you have the right to request a correction of your information.
    3. Right to Delete (Right to be forgotten): You have the right to request the deletion of your personal data. Once your request is verified, we will delete your data as soon as possible unless we are required to keep it for legal purposes.
    4. Right to Restrict Processing: You can request that we restrict the processing of your personal data under specific conditions, such as when you contest the accuracy of the data or object to its processing. During this period, we will not process the data unless there are legitimate grounds.
    5. Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, and machine-readable format, so that you can transfer it to another data controller if needed.
    6. Right to WithdrawConsent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing carried out before the withdrawal.
    7. Right to Object: You have the right to object to the processing of your personal data in certain circumstances, such as when we process it based on legitimate interests. We will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing.
    8. Right to Lodge a Complaint: If you believe that your rights have been violated, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

  7. Data Retention and Deletion

    We retain your personal and sensitive data only for as long as necessary to fulfill the purposes for which it was collected, including legal, contractual, and regulatory requirements. Once the data is no longer needed, we will either securely delete or anonymize it in accordance with our data retention policy.


    1. Retention Period:

      • We retain those data for as long as it is required to provide you with our services, comply with legal obligations, resolve disputes, and enforce our agreements.
      • The retention period may vary depending on the type of data and the applicable legal or regulatory requirements. For example, financial records may need to be retained for several years due to tax and audit obligations, while contact information may be kept only for the duration of the active relationship.

    2. Deletion of Data:

      • When personal data is no longer needed for the purposes it was collected, we will securely delete it from our systems.
      • Deletion processes will include securely erasing the data from our databases and backup systems, making it irretrievable.
    3. Retention Review: We regularly review the data we retain to ensure it is still necessary and relevant. If we determine that certain data is no longer required or outdated, we will delete or anonymize it.

    If you have any questions about our data retention policies, please contact us at [email protected].

  8. International Data Transfers

    In the event that we transfer your personal data internationally, we ensure that these transfers are carried out in compliance with the General Data Protection Regulation (GDPR), which provides the legal framework for protecting your data across borders.


    While we strive to implement appropriate safeguards, including potential Data Processing Agreements (DPAs) and other measures, we currently rely on the applicable provisions of GDPR to ensure that your data is transferred securely and in line with data protection requirements.


    If you have any questions or concerns about how your data is transferred internationally, please contact us for further clarification.

  9. Changes to Privacy Policy

    We may update or modify this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make significant changes to this policy, we will notify you by posting the updated Privacy Policy on our website or through other appropriate means. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. By continuing to use our services after any changes to this Privacy Policy, you acknowledge and accept the updated terms.

Security Policy | Privacy Policy | Data Privacy Manual | Terms and Agreement