Updated as of 22 August 2022
We take our responsibilities under the Philippines’ Data Privacy Act 2012 (the “DPA”) seriously. We also recognize the importance of the Personal Data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your Personal Data.
As the Personal Information Controller (“PIC”) of the Personal Data collected under this Policy, we strive to ensure that your Personal Data is processed in accordance with the general data privacy principles of transparency, legitimate purpose and proportionality.
By sharing your Personal Data with us or otherwise communicating or interacting with us, you agree to our use of your Personal Data as described in this Policy.
This Policy applies to all internet sites (“Websites”) and mobile applications (“Apps”) operated by or on behalf of Ikano (Philippines), Inc. including www.ikea.ph and the Ikea Shopping App. It also applies to Personal Data we collect (i) through our products and services; (ii) when you visit our Store/s or contact us through phone or email or (iii) otherwise interact with us, online or offline, including through social media channels. This Policy applies to any Websites, Apps, products or services that display or link to this Policy.
However, it does not apply to websites, mobile applications or platforms that are not operated by Ikano (Philippines), Inc., and plugins from social media platforms and other third parties. We may in certain instances provide these links and plugins but in doing so do not imply any endorsement of the activities or content of the related websites, apps, or social media platforms, nor any association with their operators. Please refer to their privacy policies to learn about the information collected by these third-party websites, apps, and plugins,. We urge you to review privacy policies for the websites, apps, and social media platforms you visit before using them or providing Personal Data.
Definition of Terms
Unless otherwise provided in this Policy or the context otherwise requires, the capitalized terms herein shall have the same meaning as provided in the DPA.
"Person" means any natural or juridical person.
"Personal Data" means Personal Information and Sensitive Personal Information.
"Personal Information" refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information or when put together with other information, would directly and certainly identify an individual;
"Processing" refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating, or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system.
"Sensitive Personal Information" refers to personal information:
(a) about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
(b) about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
(c) issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; or
(d) specifically established by an executive order or an act of Congress to be kept classified.
Personal Data We Collect
The categories of Personal Data we collect are summarized below:
Personal Information including your name, gender, civil status, date of birth, government-issued identification;
Contact information including your address, telephone number, mailing and email addresses;
Transaction information including billing and shipping addresses, payment method (debit or credit card information), items purchased, your eligibility for certain rewards, discounts and/or refund, related services you availed of including home delivery, assembly/installation services, sewing services and so on;
Financial data such as your bank account or credit card details;
Demographic information such as your ZIP code, housing information such as household size, type of home and living situation and other information demographic information tied to personal information that identifies you;
Account information including your account credentials, log-in ID, password and other information about your profile or account;
Membership information and details of any membership that you have with us, such as IKEA Family and/or IKEA Småles;
Video recordings or photographic images from your visits to our Store/s or when you upload or provide photographs to us (for instance in the context of a job application or in your emails to us);
Voice recordings in relation to calls you make to our customer service team;
Chat transcript data from customer support calls and live chat sessions on our Apps or other platforms;
Location or geolocation information you provide directly or through our Websites or Apps where your device settings grant permission for us to collect it;
Transaction history and product preference information including items in your online shopping cart, Shopping List and similar information;
Job Application data including your employment history, educational background, curriculum vitae, photographs, identification, compensation and benefits;
Other information you voluntarily share with us including feedback, reviews, comments, uploaded documents, files sent through email, communications using our online or manual forms, interactions with us during promotions, competitions, contests, lucky draws, special events, surveys and other types of research and social media behavior (such as when you tag or mention us on social media platforms), and all other correspondence.
You may, in certain circumstances, provide us with Personal Data relating to third parties (for example, your next-of-kin or any person who may receive delivery of your purchased item on your behalf or, any person whom you have nominated as your referee if you are a candidate for employment). When this happens, you are deemed to have represented and confirmed to us that you have obtained the consent of such third party to provide his/her Personal Data to us for Processing.
How We Collect Personal Data
Personal Data You Provide Directly
Ikano (Philippines), Inc. processes Personal Data you provide us directly for example, when you place an order through our Websites or Apps, email our customer service team, sign up for our membership programs, or interact with personnel in-store.
We collect Personal Data from you directly:
- when you register for an account on the Website, Apps or in-store;
- when you subscribe to any of our membership programs, i.e. IKEA FAMILY and/or IKEA småles;
- when you shop with us or make a purchase on our Websites, Apps, or at our Store/s;
- when you communicate with us directly in relation to our products and services, promotions, events or job postings (in person via our customer service team or via our co-workers in our Stores, by email, telephone or any other means);
Personal Data We Collect using Automated Technologies
We may also collect your Personal Data through automated means, for instance, and when you visit our Websites or use our Apps, or otherwise interact with us online, we may use technologies to collect information sent to us by your device or computer.
If you want to delete and control any cookies already on your computer, please refer to your browser vendor’s instructions by clicking "Help" in your browser menu.
Personal Data We Collect from Third-Party Sources
We may also receive your Personal Data from third-parties including social media platforms or marketing partners.
You can use and browse the Websites or the Apps without directly disclosing your Personal Data to us. This provision of your Personal Data is voluntary. But, if you do not provide your Personal Data to us, we may not be able to provide the products and services that you require of us.
Purposes for Collection, Use, Disclosure and Processing of Personal Data
The Personal Data which we collect from you may be collected, used, disclosed and/or processed for various purposes, depending on the circumstances for which we may/will need to process your Personal Data, including:
- to provide you with access to our Websites or Apps and to secure both including to create and update your accounts, memberships or profiles
- to respond, notify or otherwise communicate with you including when you place an order, reach out to us with feedback, questions or comments, enter a contest, complete a survey, engage us through social media, request a refund, or when we notify you of the availability of an item, of product recalls or of updates to the Apps
- to provide you with products, services and/or facilities including to fulfill your orders, facilitate your purchases, ship and deliver your products, process your payments, refunds and/or other requests, award you points under our membership programs, check your eligibility for and/or grant you discounts, conduct credit reference checks and establish your creditworthiness, where necessary when providing you with products, services and/or facilities, provide you free wi-fi at our Store/s
- to establish your identity and background, and other information relevant to our interactions with you, including to carry out verification and background checks as may be provided by law, as part of any recruitment and selection process in connection with your application for employment with us
- for safety and security purposes including to manage the security of our Store/s, facilities, networks and systems
- to develop, improve and optimize the functions of our Websites and Apps and our products and services
- for direct marketing, advertising and promotional purposes including to send you marketing and advertising material (whether general or tailored to your interests) via SMS, phone call, email, fax, mail, social media and/or any other appropriate communication channels, to facilitate your participation in, and our administration of, any events including contests, surveys promotions or campaigns, or if you are a member of any of our loyalty programs e.g. IKEA Family and småles, in accordance with your consent
- to personalize your experiences in our Store/s, Websites or Apps, and offer and provide personalized content
- for analytics purposes including to understand your preferences and needs including your browsing and shopping preferences, the devices you use to access our Websites and Apps
- to implement our membership programs including to enroll members and manage existing accounts
- for business purposes such as to operate our business, maintain and update our internal recordkeeping and risk management processes, hire personnel or engage third-party service providers, detect, investigate and prevent fraudulent, prohibited or illegal activities, detect and prevent fraud or misuse of our Websites, Apps and facilities, enable us to perform our obligations and enforce our rights under any agreements or documents that we are a party to, improve our products, services and programs, strengthen our relationships with customers, vendor and other third parties, implement our internal administrative processes, undergo finance, accounting, audit and other reporting procedures, for insurance purposes, in case of business reorganization, business takeover or merger and acquisition or to transfer or assign our rights, interests and obligations under any agreements entered into with us and for other business purposes
- for legal and regulatory purposes including to protect and secure our company, customers, personnel, Store/s, third-parties and stakeholders, defend legal claims or preserve our rights, respond to court orders, subpoenas and government requests, initiate or undergo legal proceedings, make a disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular or code applicable to us and for legal and regulatory compliance such as to conduct internal audits and investigations
- for other purposes required to operate, maintain and better manage our business and your relationship with us; which we notify you of at the time of obtaining your consent.
As the purposes for which we may/will collect, use, disclose or process your Personal Data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose(s) at the time of obtaining your consent, unless we are permitted by the DPA or any other applicable law to process your Personal Data without your consent.
When We Share Personal Data
We may share your Personal Data with third parties including our parent company, affiliates and other members of our worldwide organization, service providers, business partners, individuals and third parties for any of the purposes mentioned in this Policy, including:
The third parties to whom we may share your Personal Data may be situated inside or outside of the Philippines.
The Personal Data we collect may be stored, transferred or otherwise processed in any or all of the countries which host the cloud services we utilize.
The third parties with whom we conduct business are only authorized to use your Personal Data to perform the service for which they were hired. As part of our agreement with them, they are required to adhere to the DPA and any policies that we provide, and to take reasonable measures to ensure your Personal Data is secure.
We respect the confidentiality of the Personal Data that you provide to us. We do not sell Personal Data to any third party.
Security Measures for Protection and Destruction of Personal Data
We have implemented appropriate technical, organizational and physical measures designed to prevent unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your Personal Data.
However, we cannot assume responsibility for any unauthorized use of your Personal Data by third parties which are wholly attributable to factors beyond our control.
We have physical and digital systems in place to secure your Personal Data.
We limit physical access to our data centers and facilities and allow users access to our systems only to those authorized or entitled to do so.
We use technology controls such as firewalls, user verification, high-level encryption technology and other security tools. Unfortunately, no system or online transmission of data can be guaranteed to be 100% secure and we cannot guarantee the security of information provided over the Internet and will not be responsible for breaches of security beyond our reasonable control. You should always take appropriate security measures to protect your Personal Data, including ensuring you have updated antivirus software.
We proactively monitor our systems for possible weaknesses and endeavor to see what can be improved in the attainment of a robust information security management system.
It is our policy to ensure that Personal Data is only retained for a limited period as may be required by applicable law or until the purpose of the Processing is achieved. To this end, we have put in place measures to ensure that any of your Personal Data that is in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that:
(a) the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; and
(b) retention is no longer necessary for any other legal or business purposes.
Thereafter, your Personal Data is disposed of in a secure manner that would prevent further processing and unauthorized access by, or disclosure, to any other party.
We endeavor to protect the security of our Store/s, facilities, networks and systems and the safety of our customers, visitors, personnel and other individuals.
To this end, we use and operate a CCTV system that captures video and photographic information of our customers, visitors, personnel and other individuals in our Store/s to provide a safe and secure environment for everyone, protect our property, monitor security-related incidents, detect or deter fraud or crime and otherwise handle emergencies or other crises.
The access or disclosure of CCTV footage shall be subject to applicable laws, this Policy, and our applicable CCTV Policy setting forth, among others, our request protocols and approval procedures.
Click here to view our CCTV Policy.
Data Subject Rights
Under the DPA, you have the following rights as a data subject:
- Right to object. As a data subject, you have the right to indicate your refusal to the collection and Processing of your Personal Data, including processing for direct marketing, automated processing, or profiling. You also have the right to withhold your consent to further processing in case there are any changes or amendment to information given to you. Once you have notified us of the withholding of your consent, further processing of your personal data will no longer be permitted, unless:
- the Processing is required pursuant to a subpoena, lawful order, or as required by law; or
- there are other lawful bases or criteria under the DPA for the collection and Processing of your Personal Data.
- Right to access. This right entitles you to request access to Personal Data we process about you, as well as certain information on such Processing.
- Right to rectification. This right entitles you to request rectification or completion of any Personal Data that would be inaccurate or incomplete. Upon your request, and after correction has been made, we will inform any recipient of your Personal Data of its inaccuracy and the subsequent rectification that was made.
- Right to erasure or blocking. In the absence of any other legal ground or overriding legitimate interest for the lawful Processing of your Personal Data, or when there is substantial proof that your Personal Data is incomplete, outdated, false, or has been unlawfully obtained, you may request us to suspend, withdraw, or order the blocking, removal, or destruction of your personal data from our filing system.
- Right to damages. You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your Personal Data, taking into account any violation of your rights and freedoms as a Data Subject, as provided by law.
- Right to lodge a complaint. This right entitles you to lodge a complaint with the National Privacy Commission.
- Right to data portability. This right entitles you to receive a copy of Personal Data that you have provided us, in such electronic or structured format for your further use, subject to the guidelines of the National Privacy Commission with regard to the exercise of such right.Upon your passing, or in case of your incapacity or incapability to exercise your legal rights, your lawful heirs and assigns may invoke your data subject rights in your place.
Your rights as a Data Subject under this clause are subject to limitations provided by law.
You may address your requests, queries, complaints and other communication to the Data Protection Officer using the contact details provided below.
Access/Correction Requests, Withdrawal of Consent and Complaints
For a request to access Personal Data we will provide you with the relevant Personal Data within thirty (30) working days from such a request being made, except as otherwise provided in this Policy.
For CCTV-related access requests, we will, subject to the provisions of, and limitations under, applicable privacy laws, regulations and issuances, act on your request for a copy within fifteen (15) working days after receipt of the request and/or the necessary supporting or additional documentation to confirm identity and/or authority of the requesting party, and other details related to the requested footage. Where the request is merely for viewing, we will act on your request within five (5) working days after receipt of the request and/or the necessary supporting or additional documentation. Where a request cannot be complied with within the above time frame, we will inform you of the reasonably soonest time in which we will respond. For a request to correct Personal Data, we will:
(a) correct your Personal Data as soon as practicable after the request has been made unless we have reasonable grounds not to do so; and
(b) subject to the immediately succeeding paragraph, we will send the corrected Personal Data to every other organization to which the Personal Data was disclosed by us within a year before the date the correction was made unless that other organization does not need the corrected Personal Data for any legal or business purpose.
We may, if you so consent, send the corrected Personal Data only to specific organizations to which the Personal Data was disclosed by us within a year before the date the correction was made.
Depending on the scope and nature of the work required to process your access request, we may be required to impose a fee to recover our administrative costs. This will be assessed on a case-by-case basis by our Data Protection Officer. Where such a fee is to be imposed, we will provide you with a written estimate of the fee for your consideration and will only process your request once you have agreed to the payment of the fee. In certain cases, we may also require a deposit from you before we process the access request. You will be notified if a deposit is required when we provide you with the written estimate of the fee, if any.
You understand that we are reliant on you to provide us with accurate and complete Personal Data and with updates if there are any changes to your Personal Data. We will not be responsible for relying upon or using any inaccurate or incomplete Personal Data where you have provided with such Personal Data and/or have failed to update us of any changes in your Personal Data.
In case of withdrawal of consent, we will process your request within a reasonable time from such request being made, and will thereafter not collect, use and/or disclose your Personal Data in the manner stated in your request. Your withdrawal of consent may result in certain consequences. For example, it may mean that we will not be able to provide you with certain products or services that you have requested or that we will not be able to continue with your existing relationship with us. We will inform you of such consequences after we receive your request for withdrawal. However, you understand that notwithstanding your withdrawal of consent, we will still be entitled to collect, use or disclose your Personal Data if we are required or authorized to do so under the DPA or any other applicable law.
We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
We have a designated Data Protection Officer responsible for managing our Personal Data Processing activities. Any and all requests, queries, complaints and other communication in relation to this Policy must be addressed to:
Data Protection Officer
IKEA Pasay City
Marina Way, Mall of Asia Complex
Brgy. 76 Zone 10, CBP-IA,
1300 Pasay City, Metro Manila, Philippines
Contact number +63 2 5417216
or by email to: firstname.lastname@example.org
Lawful Basis and Consent
Where you have provided us with your Personal Data, you agree and consent to our collection, use, disclosure, storage and other processing of your Personal Data for the purposes, in the manner, and under the terms set forth in this Policy. This does not affect the existence of lawful bases nor supplant or replace any consent you have previously granted to us for the processing of your Personal Data.
Amendments to this Policy
As part of our efforts to ensure that we properly manage, protect and process your Personal Data, we will be reviewing our policies, procedures and processes from time to time.
We reserve the right to amend the terms of this Policy at our absolute discretion. Any amended Policy will be posted on the Website and can be viewed at www.ikea.ph. No individual notice will be sent to you.
You are deemed to have acknowledged and agreed to any amended version of this Policy if you continue to use the Website after the changes have taken place. As such, you are encouraged to visit the above website from time to time to ensure that you are well informed of our latest policies in relation to Personal Data protection.
Last Updated on 22 August 2022