Dear valued IKEA customers and guests,
1. Ikano (Philippines), Inc. ("us", "we", "our") is the operator of IKEA Philippines store(s) (the “Store”) and www.ikea.ph (the "Website"). It is the Personal Information Controller (“PIC”) of the Personal Data collected under this Policy. We take our responsibilities under the Philippines’ Data Privacy Act 2012 (the "PDPA") seriously. We also recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your Personal Data.
3. Unless restricted by the PDPA or any other applicable law, you agree that we may process your Personal Data in the manner, and for the purposes set out in the terms described in paragraph 2 above.
Definition of Terms
4. Unless otherwise provided in this Policy or the context otherwise requires, the capitalized terms herein shall have the same meaning as provided in the PDPA.
"Person" means any natural or juridical person.
"Personal Data" means Personal Information and Sensitive Personal Information.
"Personal Information" refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information or when put together with other information, would directly and certainly identify an individual;
"Processing" refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating, or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system.
"Sensitive Personal Information" refers to personal information:
(a) about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
(b) about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
(c) issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; or
(d) specifically established by an executive order or an act of Congress to be kept classified.
How Personal Data is collected
5. Here are examples of situations where we collect your Personal Data:
(a) when you register for an account on the Website, apps or kiosks;
(b) when you complete purchase orders, requests or applications for our products or services (by telephone, in person, snail mail or electronically);
(c) when you make a purchase in our on the Website or at our Stores;
(d) when you communicate with us directly in relation to our products and services (in person via our customer service center or via our co-workers in our Stores, by email, telephone or any other means);
(e) when you use services that are made available on the Website or at our Stores; such as Småland, home delivery, assembly/installation services, sewing services, etc.;
(f) when you conduct certain types of transactions such as refunds;
(g) when you enter, and when you interact with us during promotions, competitions, contests, lucky draws or special events;
(h) when you apply for employment with us;
(i) when you subscribe to any of our membership programs, i.e. IKEA FAMILY and/or IKEA småles; or
(j) when you participate in surveys and other types of research.
When Personal Data is Collected and What is Collected
6. You can use and browse the Website without disclosing your Personal Data. The provision of your Personal Data is voluntary. But, if you do not provide your Personal Data to us, we may not be able to provide the products and services that you require of us.
7. We collect Personal Data through registration, placement of orders, completion of forms, emails, inquiries, requests, and other situations where you have chosen to provide Personal Data to us.
8. If you are a candidate for employment, we will collect Personal Data that you provide to us during the recruitment process, including Personal Data that is contained in your resume and in any application form that we require you to fill up. Such Personal Data may include your employment history and working eligibility rights.
9. The types of Personal Data which we may collect about you include:
(a) contact information such as names, addresses, telephone numbers, and email addresses;
(b) housing information such as household size, type of home and living situation;
(c) billing information such as billing address and credit card information;
(d) unique information such as ID or passport number, photograph, contact preferences, and date of birth;
(e) details of any membership that you have with us, such as IKEA Family and/or IKEA Småles;
(f) details of your visits to the Website, such as traffic data, location data, and the resources that you access on the Website; and
(g) your transaction history.
Purposes for Collection, Use, Disclosure and Processing of Personal Data
10. The Personal Data which we collect from you may be collected, used, disclosed and/or processed for various purposes, depending on the circumstances for which we may/will need to process your Personal Data, including:
(a) to communicate with you;
(b) to maintain and improve customer relationship;
(c) to assess, process and provide products, services and/or facilities to you;
(d) to administer and process any payments (including refunds) related to products, services and facilities requested by you;
(e) to establish your identity and background;
(f) to respond to your inquiries or complaints and resolve any issues and disputes which may arise in connection with any dealings with us;
(g) to provide you with services or assistance that you have requested;
(h) to provide you with information and/or updates on our products, services, upcoming promotions offered by us and/or events organized by us and selected third parties which may be of interest to you from time to time;
(i) for direct marketing purposes via SMS, phone call, email, fax, mail, social media and/or any other appropriate communication channels, if you are a member of any of our loyalty programs e.g. IKEA Family and småles, in accordance with your consent;
(j) to facilitate your participation in, and our administration of, any events including contests, promotions or campaigns;
(k) to award points in a loyalty or rewards program;
(l) to maintain and update internal record keeping;
(m) for internal administrative purposes;
(n) to send you seasonal greetings messages from time to time;
(o) to send you an invitation to join our events and promotions and product launch events;
(p) to monitor, review and improve our events and promotions, products and/or services;
(q) to conduct credit reference checks and establish your creditworthiness, where necessary, when providing you with products, services and/or facilities;
(r) to administer, process and fulfill your commercial transactions with us (such as a purchase on the Website, a tender award, contract for service or tenancy agreement);
(s) to process any payments related to your commercial transactions with us;
(t) to conduct market research or surveys, internal marketing analysis, customer profiling activities, analysis of customer patterns and choices, planning and statistical and trend analysis in relation to our products and/or services;
(u) to share any of your Personal Data with the auditor for our internal audit and reporting purposes;
(v) to share any of your Personal Data pursuant to any agreement or document which you have duly entered with us for purposes of seeking legal and/or financial advice and/or for purposes of commencing legal action;
(w) to share any of your Personal Data with our business partners to jointly develop products and/or services or launch marketing campaigns;
(x) to share any of your Personal Data with financial institutions necessary for the purpose of applying and obtaining credit facility(ies), if necessary;
(y) for audit, risk management and security purposes;
(z) for detecting, investigating and preventing fraudulent, prohibited or illegal activities;
(aa) for enabling us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;
(bb) in case of business reorganization, business takeover or merger and acquisition or to transfer or assign our rights, interests and obligations under any agreements entered into with us;
(cc) for meeting any applicable legal or regulatory requirements and making a disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us;
(dd) to enforce or defend our rights and your rights under, and to comply with, our obligations under the applicable laws, legislation and regulations;
(ee) to carry out verification and background checks as part of any recruitment and selection process in connection with your application for employment with us; and/or
(ff) for other purposes required to operate, maintain and better manage our business and your relationship with us; which we notify you of at the time of obtaining your consent.
11. You may, in certain circumstances, provide us with Personal Data relating to third parties (for example, your next-of-kin or any person who may receive delivery of your purchased item on your behalf or, any person whom you have nominated as your referee if you are a candidate for employment). When this happens, you are deemed to have represented and confirmed to us that you have obtained the consent of such third party to provide his/her Personal Data to us for Processing in the manner set out in paragraph 2 above.
12. As the purposes for which we may/will collect, use, disclose or process your Personal Data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose(s) at the time of obtaining your consent, unless we are permitted by the PDPA or any other applicable law to process your Personal Data without your consent.
Specific Issues for the Disclosure of Personal Data to Third Parties
13. As a global organization, we have global systems in relation to customer relations, logistics, finance, etc and your Personal Data may thus be transferred to our parent company, affiliates and other members of our worldwide organization including to Inter IKEA Systems B.V., other IKEA franchisees and our related corporations and affiliates either in the Philippines or overseas in such countries as Singapore.
The disclosure of your Personal Data is for Purposes of group financial and other government reporting, as well as other operational purposes.
14. In order to smoothly conduct our business operations or to fulfill our obligations to you, we may also disclose the Personal Data that you have provided to us to our third-party service providers, agents, advisors, consultants and other entities who may be situated inside or outside of the Philippines, for one or more of the Purposes stated in or notified to you under the Purposes for Collection, Use, Disclosure and Processing of Personal Data section. We will also disclose your Personal Data to government regulators or authorities in order to comply with any laws, rules, guidelines, regulations or schemes that apply to us.
15. Examples of third parties that we disclose your Personal Data to include:
(a) data entry service providers;
(b) professional advisors, consultants and/or external auditors;
(c) storage and warehousing facility providers (which may include data storage and processing servers located overseas);
(d) third party service providers who provide administrative or operational services in connection with our business such as telecommunications, information technology, logistics, delivery, assembly, installation, printing and postal services or services relating to marketing and promotional activity;
(e) joint venture/business partners, insurance companies, banks and financial institutions;
(f) to third-party credit reporting or employment agencies as part of the recruitment and selection process and/or otherwise in connection with your application for employment with us; and
(g) relevant government regulators or authorities.
16. The third parties with whom we conduct business are only authorized to use your information to perform the service for which they were hired. As part of our agreement with them, they are required to adhere to the PDPA and any policies that we provide, and to take reasonable measures to ensure your Personal Data is secure.
17. We respect the confidentiality of the Personal Data that you provide to us. We do not sell Personal Data to any third party.
Security Measures for Protection and Destruction of Personal Data
18. We will put in place reasonable security arrangements to ensure that your Personal Data is adequately protected and secured. In particular, reasonable security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your Personal Data. However, we cannot assume responsibility for any unauthorized use of your Personal Data by third parties which are wholly attributable to factors beyond our control.
19. It is our policy to ensure that Personal Data is only retained for a limited period as may be required by applicable law or until the Purpose of the Processing is achieved. To this end, we have put in place measures to ensure that any of your Personal Data that is in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that:
(a) the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; and
(b) retention is no longer necessary for any other legal or business purposes.
Data Subject Rights
20. Under the PDPA, you have the following rights as a data subject:
- Right to object. As a data subject, you have the right to indicate your refusal to the collection and Processing of your Personal Data, including processing for direct marketing, automated processing, or profiling. You also have the right to withhold your consent to further processing in case there are any changes or amendment to information given to you. Once you have notified us of the withholding of your consent, further processing of your personal data will no longer be permitted, unless:
- The Processing is required pursuant to a subpoena, lawful order, or as required by law; or
- There are other lawful bases or criteria under the DPA for the collection and Processing of your Personal Data.
- Right to access. This right entitles you to request access to Personal Data we process about you, as well as certain information on such Processing.
- Right to rectification. This right entitles you to request rectification or completion of any Personal Data that would be inaccurate or incomplete. Upon your request, and after correction has been made, we will inform any recipient of your Personal Data of its inaccuracy and the subsequent rectification that was made.
- Right to erasure or blocking. In the absence of any other legal ground or overriding legitimate interest for the lawful Processing of your personal data, or when there is substantial proof that your personal data is incomplete, outdated, false, or has been unlawfully obtained, you may request us to suspend, withdraw, or order the blocking, removal, or destruction of your personal data from our filing system.
- Right to damages. You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your rights and freedoms as a data subject, as provided by law.
- Right to lodge a complaint. This right entitles you to lodge a complaint with the National Privacy Commission.
- Right to data portability. This right entitles you to receive a copy of Personal Data that you have provided us, in such electronic or structured format for your further use, subject to the guidelines of the National Privacy Commission with regard to the exercise of such right.
- Upon your passing, or in case of your incapacity or incapability to exercise your legal rights, your lawful heirs and assigns may invoke your data subject rights in your place.
Your rights as a data subject under this clause are subject to limitations provided by law.
21. You may address your requests, queries, complaints and other communication to the Data Protection Officer using the contact details provided in paragraph 28.
Access/Correction Requests, Withdrawal of Consent and Complaints
22. For a request to access Personal Data, we will provide you with the relevant Personal Data within fifteen (15) days from such a request being made. Where a request cannot be complied with within the above time frame, we will inform you of the reasonably soonest time in which we will respond. For a request to correct Personal Data, we will:
(a) correct your Personal Data as soon as practicable after the request has been made unless we have reasonable grounds not to do so; and
(b) subject to paragraph 23 below, we will send the corrected Personal Data to every other organization to which the Personal Data was disclosed by us within a year before the date the correction was made unless that other organization does not need the corrected Personal Data for any legal or business purpose.
23. We may, if you so consent, send the corrected Personal Data only to specific organizations to which the Personal Data was disclosed by us within a year before the date the correction was made.
24. Depending on the scope and nature of the work required to process your access request, we may be required to impose a fee to recover our administrative costs. This will be assessed on a case-by-case basis by our Data Protection Officer. Where such a fee is to be imposed, we will provide you with a written estimate of the fee for your consideration and will only process your request once you have agreed to the payment of the fee. In certain cases, we may also require a deposit from you before we process the access request. You will be notified if a deposit is required when we provide you with the written estimate of the fee, if any.
25. You understand that we are reliant on you to provide us with accurate and complete Personal Data and with updates if there are any changes to your Personal Data. We will not be responsible for relying upon or using any inaccurate or incomplete Personal Data where you have provided with such Personal Data and/or have failed to update us of any changes in your Personal Data.
26. In case of withdrawal of consent, we will process your request within a reasonable time from such request being made, and will thereafter not collect, use and/or disclose your Personal Data in the manner stated in your request. Your withdrawal of consent may result in certain consequences. For example, it may mean that we will not be able to provide you with certain products or services that you have requested or that we will not be able to continue with your existing relationship with us. We will inform you of such consequences after we receive your request for withdrawal. However, you understand that notwithstanding your withdrawal of consent, we will still be entitled to collect, use or disclose your Personal Data if we are required or authorized to do so under the PDPA or any other applicable law.
27. We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
28. We have a designated Data Protection Officer responsible for managing our Personal Data Processing activities. Any and all requests, queries, complaints and other communication in relation to this Policy must be addressed to:
If you want to delete and control any cookies already on your computer, please refer to your browser vendor’s instructions by clicking "Help" in your browser menu.
Amendments to this Policy
30. As part of our efforts to ensure that we properly manage, protect and process your Personal Data, we will be reviewing our policies, procedures and processes from time to time.
31. We reserve the right to amend the terms of this Policy at our absolute discretion. Any amended Policy will be posted on the Website and can be viewed at www.ikea.ph. No individual notice will be sent to you.
32. You are deemed to have acknowledged and agreed to any amended version of this Policy if you continue to use the Website after the changes have taken place. As such, you are encouraged to visit the above website from time to time to ensure that you are well informed of our latest policies in relation to Personal Data protection.
Last Updated on 16th December 2020