TRAZE Contact Tracing is a nationwide and unified contact tracing app that automates manual contact tracing by using QR code scanning such that the tracing process done in several days can now be achieved in just few minutes.
An in-app notification will be sent to Traze Contact Tracing registered individuals who may have come in contact with an identified Covid-19 positive patient so that they can observe precautions and start self-isolation if symptoms occur to protect their families and loved ones.
Traze Contact Tracing is a project of the Philippine Ports Authority (PPA) in cooperation with Cosmotech Philippines Inc. PPA is the Data Controller, while Cosmotech Philippines Inc as the developer of the apps, is the Data Processor.
TRAZE Contact Tracing aims for full transparency about the personal data that it processes when you use this application. Pursuant to the Republic Act No. 10173 (Data Privacy Act), this Privacy Statement explains, among other things, what information we collect, why we collect it, and how we use the information.
The Privacy Statement applies to all end users of TRAZE Contact Tracing App: Individuals, government agencies, barangay, delivery crew, public transportation and other establishments.
1. WHAT DATA WE COLLECT
DATA RELATING TO END USERS
Some of the information we process may be considered personal data under applicable privacy legislation. This personal information includes:
PARTNERS, ESTABLISHMENTS, GOVERNMENT AGENCIES, DELIVERY CREW AND BARANGAY
LAND TRANSPORTATION, AIRPLANES, TRAINS AND SHIP/VESSEL
AIRPORTS AND SEAPORTS
2. WHY WE PROCESS PERSONAL DATA AND THE LEGAL BASIS FOR OUR PROCESSING
We only process your data for purposes that are objectively justified by TRAZE Contact Tracing application and only as stated in this Privacy Statement. We process this data with respect to your right to privacy, including the need to protect personal integrity and private life and to ensure that your personal data is adequately protected against the risk of loss, misuse and unintended alteration.
Unless you are offered the option to provide prior consent to our use of your data, we process your data, pursuant to Mandatory Reporting of Notifiable Diseases and Health Events of Public Health Concern Act , RA 11332, and Privacy Act (DPA) RA 10173 - Section 12. Criteria for Lawful Processing of Personal Information. We collect data for the contact tracing of individuals and all the persons whom he got in contact with, given that they are registered under the Traze Contact Tracing App.
END USERS (INDIVIDUALS)
For end users, we collect data to :
PARTNERS, ESTABLISHMENTS, GOVERNMENT AGENCIES, DELIVERY CREW, BARANGAY AND TRANSPORTATION
For our partners, we collect data to:
3. HOW WE COLLECT DATA
Generally, we collect data:
When we collect your data at end user level, we saved your critical information locally such as the your QR Code, your picture, history of scanned individuals, establishments, transportation, delivery crew, barangays, etc. We save the collected data in TRAZE Contact Tracing server which are then used for Contact Tracing process. This string equivalent of your collected data are encrypted when transferred to our TRAZE Contact Tracing server.
We ask the following permissions specifically to get your ID picture that will be saved locally in your mobile phone.
Captured image via phone's camera upon the individual's permission or copied image from phone's photo file, also upon the individual's approval, will be saved locally to individual's phone together with his generated QR Code and personal profile. Traze Contact Tracing retains the captured ID picture or image locally in the individual's phone for his identification. ID picture or uploaded image is not part of the file data in the server that Traze kept for contact tracing.
4. INFORMATION SECURITY – HOW WE PROTECT YOUR DATA from unauthorized access
In order to prevent unauthorized access or disclosure, we have put in place suitable technical handling to safeguard and secure the information we collect online. We have implemented organizational and technical procedures and measures that will ensure that your personal data is not compromised, not unintentionally changed, and available when required. Such measures include data encryption when we save your information, one time password (OTP) during your registration, user password during system log in, access restrictions and controls, back up routines, and disaster recovery routines.
We review and update our working procedures regularly to improve your privacy and ensure that our internal policies are followed. We strive to promptly correct any non-conformance with these policies.
- Individual photo that is captured by the camera upon his permission is not part of the personal information that Traze kept for thirty days (30) during contact tracing. This is locally saved in individual mobile phone for his personal identification with QR Code.
5. HOW WE SHARE YOUR DATA
We may share your data:
6. RETENTION AND DELETION
We retain personal data only as long as necessary for processing it in accordance with the purposes described in this statement, or as otherwise necessary to comply with applicable laws. We retain the history of your scanning transactions for only (30) thirty days. When your data is no longer necessary or relevant for our purposes, or required by applicable laws, we take steps to have it deleted.
7. ACCESS, CORRECTION AND DELETION OF PERSONAL DATA
You have the right to access the personal data you have registered about you. For profile information, if any of the information you have registered is incorrect, we encourage you to make changes to your profile (Last Name, First Name, Email, Location/ City/ Country, Cellphone number, Nickname). You may also withdraw any consents you have given at any time. Feel free to contact us for assistance at telephone number (02) 8403-98-11 or email us at TRAZE@cosmotech.com.ph.
Personal Information of Individual will be retained in the Masterfile until the individual deletes its own personal record via mobile app. Personal Information of the individual together with his scanning history shall be deleted locally in his mobile app immediately upon deletion of his record. However, his personal record and corresponding scanning transactions will be retained in the server for thirty (30) days which will be used by the organization or agency for contact tracing. His record will be automatically deleted from the server after thirty (30) days from the date of its deletion from the mobile app.
Individual scanning transactions will be retained for thirty (30) days and will be automatically deleted by the system after thirty days.
8. YOUR RIGHT TO FILE A COMPLAINT
If you believe that we process your data in violation of your rights, you have the right to complain. You may always contact us directly at telephone number (02) 8403-98-11 before sending a complaint to the National Privacy Commission (NPC) office, so that we can try to solve or clarify the issue.
9. CONTROLLER, PROCESSOR AND CONTACT INFORMATION
Philippine Ports Authority (PPA) is the Data Controller, while Cosmotech Philippines, Inc. as the developer of the apps, is the Data Processor.
Philippine Ports Authority is located at PPA Bonifacio Drive South Harbor, Port Area 1018, Metro Manila with Contact Number: (02) 8527- 8356; while
Cosmotech Philippines, Incorporated is located at 7761 Saint Paul Street, San Antonio Village, Makati City; Contact Number with (02) 8403-9811
If you have any questions about the Privacy Statement or any other questions regarding our privacy practices, please contact us at: TRAZE@cosmotech.com.ph