EASTERN TELECOMMUNICATIONS PHILIPPINES, INC.'S PRIVACY POLICY (Rev. March 2024)

Eastern Telecommunications Philippines, Inc. ("Eastern Communications", "We", "Us", or "Our") respects and values the data privacy rights of its Partners ("You" or "Your"). For avoidance of doubt and for purposes of this Policy, the term "Partners" include Customers, Prospective Customers, Employees, Employment Applicants, Suppliers, and other third persons with whom Eastern Communications have contractual relations with and their respective authorized representatives, or with individuals who have agreed to be involved in Our activities.

This Data Privacy Policy ("Policy") describes how We collect, use, disclose, retain and dispose of Your Personal Information and Sensitive Personal Information (collectively “Personal Data”), which We have collected and processed during Our contractual relationship.

Types of Personal Data Collected

In collecting and processing Personal Data, We adhere to and comply with the provisions and policies embodied in Republic Act No. 10173, also known as the Data Privacy Act of 2012, its Implementing Rules and Regulations, and other relevant laws and policies, including the issuances of the National Privacy Commission.

The types of Personal Data that We collect depend on the service that You availed or intended to avail from us or, otherwise, depend on Our contractual relationship, including but not limited to:

  • Full name, place of birth, residential/permanent address;
  • Employment or business information and position;
  • Your contact details, including telephone number, mobile number, and email address; and
  • Payment details, including credit card and banking information (Customers and suppliers only).

For employees and employment applicants, in addition to the foregoing, we may also collect the following Personal Data:

  • Employment background, including compensation details;
  • Employment performance, assignments, movements, and job profiles;
  • Employment benefits utilization and availment;
  • Compensation and Payroll Bank Account Details;
  • Training and Development Data; Family background; and
  • Character references.

We will collect your Sensitive Personal Information only with your consent and when allowed or required by law or regulation. To process your application for Our Service, accredit you as Our Supplier, or evaluate your employment application, We also collect Your Sensitive Personal Information as follows:

  • Government-issued identification cards, such as passport, SSS/GSIS, driver's license;
  • Taxpayer Identification Number (TIN), Social Security System (SSS) number, PhilHealth number, and other government issued numbers;
  • Gender, educational background, nationality, date of birth and age;
  • Tax returns;
  • Civil, criminal or administrative case records, if any (suppliers, employees and employment applicants only); and
  • Health condition and medical certificates (employees and employment applicants only).

In the course of Our relationship and/or of providing You Our Services, we may collect, process and store additional Personal Data, to the extent allowed by law, including your transactions, payment history, account history, and inquiries about Our services.

We also collected Your Personal Data when You applied for Our Services or when You applied for employment or applied to accredited as Our supplier, filled-out Our form, or when you gave us a call, sent us an email or any communication, attended Our marketing events or job fairs, joined Our promotions, responded to Our customer or employee survey, or accessed Our websites, mobile applications, various communications and other Eastern Communications owned, operated, or commissioned websites (collectively, the "Sites").

We may collect Your Personal Data from other organizations, such as credit bureaus, professional organizations and other associations, and various marketing and promotions with which we partner and have executed a Data Sharing Agreement as required by law.

We may also collect other relevant information when:

  1. Creating an Account –- Your username, password, birth place, nationality, email address, contract details and other relevant information.
  2. Availing of Services - the type Services availed, the installation address, the amount billed and paid for the Services, how frequently the Services was used, rewards or loyalty points earned, and rewards or loyalty points redeemed, name and position of Your authorized representative and his or her contract details
  3. Card or Voucher Registration - the card or voucher number, card or voucher transactions, including card or voucher activation, load details, and others relevant information.
  4. Surveys and other Online Interactions - demographics information, comments, feedbacks, questions or suggestions, information relevant to the survey and other information on subjects that may interest You.

We may automatically collect the Personal Data you provided when You visit Our Sites. This Information may include information about Your Internet service provider, Your operating system, browser type, domain name, Internet protocol (IP) address, Your access times, the website that referred You to Us, the Webpages You request, and the date and time of those requests. Our collection of online use Information may involve the use of cookies and Web beacons. Cookies are small data files stored on Your hard drive by a website. Among other things, cookies help Us improve Our Sites and Your experience. We use cookies to see which areas and features are popular and to count visits to Our Sites. Web beacons are electronic images that may be used on Our Sites or in Our emails. We use Web beacons to deliver cookies, count visits, understand usage and campaign effectiveness and to tell if an email has been opened and acted upon.

You can usually choose to set Your browser to warn You when a cookie is being sent or to remove or reject cookies. Each browser is a little different, so look at Your browser Help menu for the correct way to modify Your cookie settings. If You choose to remove or reject cookies, it will affect many features or services on Our Sites

We may also collect aggregated data or anonymized data that does not directly identify You. We may combine information We collect about You with information We receive from third parties.

Use of Information

We may use Information about You for purposes described in this Policy or disclosed to You on Our Sites or with Our Services or in the course of providing goods and services to Supplier or Your employment, whichever is applicable. We may use information about You to:

  1. For Customers
    1. Verify Identity or Authority of Your authorized representatives.
    2. Daily operation or provision of services, products, facilities and other Eastern Communication Services to You
    3. Process and manage Your availment or use of Our Services, including Your accounts and program participation, Your use of the Sites.
    4. Respond to Your Customer Experience inquiries, post Your comments or statements on any blog or other online forum maintained on Our Sites, or take other actions in response to Your inquiries or other Site activities.
    5. Create personalized promotions by combining Your Information with non- personal information about You, such as the types of Services You availed, the amounts You paid for Our Services, the websites that You frequently visited or any benefits You receive through Our Services or programs.
    6. Communicate with You by post, telephone, email and SMS about the Services, Your accounts and program participation, a contest or promotions You joined, and Your requests for information.
    7. Communicate with You by post, telephone, email and SMS about Our products and Services, events or other promotional purposes, including co-branded offers and affiliate and partner offers.
    8. Determine the services that are relevant to You and Your business, contact You about marketing events and Our services that we believe may interest You, and to carry out aggregated and anonymized research on telecommunication service needs.
    9. Conduct background checks relevant to the Services You intend to avail.
    10. Comply with regulatory requirements such as but not limited to tax and credit standing submissions.

  2. For Employees or Employment Applicants:
    1. Evaluate Your employment application
    2. Process Your salary and benefits,
    3. Monitor your attendance
    4. Evaluate Your performance
    5. Assess and determine Your employment assignment or movement
    6. Propose or require training and developmental activities relevant to Your role
    7. Comply with governmental requirements.

  3. For Suppliers
    1. Process Your application for accreditation
    2. Evaluate your performance
    3. Implement contracts and process payments
    4. Comply with governmental requirements.

Storage and Retention of Personal Data

We ensure that Personal Data collected both in physical and electronic formats including databases that are shared between Eastern Communications’ different departments, sub-units and third party providers, are securely handled and stored.

For physical copies of Personal Data, these will be stored in secured facilities. Electronic copies of your personal information will be stored in secured database, servers, cloud storage, and data centres that follows global standards and implements strict security controls ensuring the confidentiality, integrity and availability of Personal Data we handled.

To provide you with improved experience with our products and services, we may use third party cloud applications to store Personal Data outside the Philippine, when we do, we ensure that technical, physical and organizational security measures are in place and necessary and pertinent provisions of the data privacy pursuant to DPA of 2012 and EU GDPR are included in the Main Service Agreement with Our third party service providers.

We only store Your Personal Data for a reasonable period and only in accordance with the foregoing purposes, which is not for period longer than ten (10) years from the time of cessation of Our contractual relationship or for such period as may be necessary to show compliance with government requirements. We keep certain Personal Data of employees for a period not to exceed 45 years from collection in order to show compliance with mandatory government contributions.

Unless otherwise provided by law or by applicable Eastern Communications internal policies, we will retain your relevant personal data as long as it is necessary to carry out our contractual obligation, legitimate interest and business operations.

Sharing or Disclosure of Personal Data with Third Parties

Eastern Communications respect Your right to privacy. However, to improve Our Service and Your experience or relationship with us, we may share Your Personal Data in limited ways.

To provide You with improved experience with Our products and services, we may disclose your Personal Data to our third party service providers or other entities within or outside Eastern Communications. Where we do, we ensure that Personal Data is shared in any means that is secured and with full confidentiality. We ensure that our staff and third-party service providers comply with strict requirements based on our internal procedures, policies and applicable privacy laws about the proper and secured ways of handling, management, and protection of your Personal Data.

  1. We may share Personal Data about You with others with Your consent.
  2. We may share Personal Data with Our subsidiaries, Our parent and other affiliated companies with your consent.
  3. We may also share Personal Data with companies that provide support services to Us (such as call centers, banks, credit card processors or other payment services providers, mailing houses or website hosts, payroll service provider, insurance and health providers) and that help Us market Our products and Services (such as email vendors). These companies may use Personal Data about You to perform their functions on Our behalf.
  4. We may share Personal Data with Our third party service providers, including the providers of network, technologies, and IT services necessary for the delivery and fulfilment of Our products and services.
  5. We may disclose specific Personal Data (i) upon lawful request, in response to legal process, and when required to comply with laws, (ii) to enforce Our agreements, corporate policies, and terms of use or (iii) to protect Our rights, properties and/or safety and that of Our affiliates, parent and other affiliated companies, Our employees, agents, customers, and others.
  6. If You participate in any blog or other online forum on Our Sites, any Personal Data that You post on Our Sites may be shared with other forum participants and Site visitors.
  7. In the event of a merger, acquisition, financing, or sale of assets or any other situation involving the transfer of some or all Our business assets, We may disclose Personal Data to those involved in the negotiation or transfer.

We may also share aggregated or anonymized information that does not directly identify You.

Protection and Disposal Security of your Personal Data

We take secured means of ensuring that Your Personal Data can only be seen, used, processed, stored and disposed by authorized employees and third party service providers who need it to do and fulfil their jobs based on the declared purpose stated in our policies and contract with them.

We take reasonable and appropriate steps to maintain appropriate organizational, physical, technical and security and breach incident measures to help prevent loss, misuse, unauthorized access, disclosure or modification of Personal Data that we store in paper and/or electronic formats, by establishing and enforcing:

  1. Implementation of our internal processes and activities with the view to protecting your data privacy rights;
  2. Requirement to maintain confidentiality amongst our employees and Personal Information Processor or those who collects, processes and stores Personal Data in our behalf;
  3. Policies on document storage, security measures such as firewalls and data encryption, and restricted access to our records, systems and premises
  4. Limitations on access to Personal Data; and
  5. Strict selection of third party data processors and partners.

While We take these reasonable efforts to safeguard Your Personal Data, no system or transmission of data over the Internet or any other public network can be guaranteed to be 100% secure.

We implement and instruct our employees and third party service providers for the secure destruction or disposal of any physical or electronic documents containing your Personal Data (e.g. by means of shredding of hard copy, purging or deletion of electronic files and execution of our various data sanitation techniques like data erasure, resetting to factory settings, physical destruction, etc.) when no longer in use, upon the end of our engagement or as stated in Our contract.

We maintain strict monitoring and perform audits of Our systems, service providers and employees to ensure that Your Personal Data is used, stored, disposed properly and adequately protected.

Third Parties’ Personal Data

In the event that You disclose third parties' (including your authorized representatives) Personal Data to Us, You shall ensure that those third parties have been notified that their Personal Data will be disclosed and processed by Eastern Communications pursuant to this Privacy Policy. You shall ensure that You have obtained of the consent of such individual to the collection, processing, and disclosure of their Personal Data by Eastern Communication as described under this Policy.

Use of Personal Data for Marketing, Promotions and Surveys

With your consent, we may use Your Personal Data to let you know about products and services that we believe may be of interest to you, including products and services from Our related companies.

Such marketing activities may be via mail, telephone, SMS, email, or any other electronic means. We may also market Our products to you through third party channels (such as social media sites), or via other companies who assist us to market Our products and services.

You can let us know at any time if you no longer wish to receive direct marketing offers.If You opt out of receiving promotional communications from Us, We may still send You non-promotional communications such as emails about Your accounts or Our ongoing business relations.

Know Your Rights with Respect to Your Personal Data

Under the Data Privacy Act of 2012 (DPA of 2012) also known as Republic Act 10173 You are entitled with the following rights with respect to Your Personal Data. This enables You to make decisions and gives You control on how Your Personal Data is handled and managed by companies.

The right to access: You may request access to the Personal Data we use and process about You. This right provides you with details on whether we hold Personal Data about You and, if we do, to acquire information on and a copy of that Personal Data

The right to rectify: You may request rectification of your Personal Data. This right allows You for the correction of Your Personal Data if it is inaccurate, incomplete, or not updated. We offer choices for You to request to update or change Your Personal Data for You to ensure its accuracy and completeness and how We communicate with You. Here are some of the ways You can request changes or communicate any concern:

  • Follow the opt-out instructions in any promotional emails We send You
  • For employees, log in to Your online account through Our Sites manage Your contact information (e.g., SMS text, email and postal address) preferences and to update Your Personal Data.
  • For customers, contact us through call, email, Viber, messenger, or other official communication channel, or through the account manager or our Customer Experience
  • Contact Us at the information set forth at the end of this document.
  • The right to erasure or blocking: This right enables You to request the erasure or removal of Your Personal Data in our network, storage, system, database, or cloud such as in cases where your Personal Data is no longer necessary to achieve the legitimate business purpose of its use or processing; or if you believe that we implement unlawful processing of your Personal Data.

    The right to portability: This right enables You to get a copy of your Personal Data we hold or in Our custody in a structured, commonly used, and machine-readable format. You can request to be given a copy of Your Personal Data through the contact information set forth at the end of this document.

    The right to damages: This right enables you to be indemnified or compensated for any damages or costs that You may have incurred due to any violation of the DPA of 2012.

    The right to complain with the National Privacy Commission (NPC): In cases where You believe that any of Your privacy rights have been violated, You have the right to file a complaint with the NPC. However, we encourage You to contact us first for the resolution of Your complaint.

    The right to object: this is your right to inform us to stop any usage or processing of Your Personal Data, for example You may object when we process your Personal Data for purposes related to any direct marketing activities.

    Please note, that under certain circumstances, the DPA of 2012 still allows Us to use Your Personal Data despite the exercise of this right. For example, if You wish to exercise Your right to object, we will still use Your Personal Data if it is necessary to fulfil our legal obligations and contractual obligations to You.

    Contact Us

    For You to exercise Your rights or if You have any comments, questions or privacy concerns within Eastern Communications or this Policy, You may contact our Data Protection Officer through the below contact details:

    Email: DPO@etpi.com.ph

    Telephone No.: +63 2 5300-2180

    Address:

    6F Telecom Plaza
    316 Sen. Gil Puyat Ave., Salcedo Village
    Makati City Philippines

    Privacy Policy Updates

    We will update this Policy from time to time by posting a new Policy on Our Sites.

    We encourage You to check the date of Our Policy when You visit this Site for any updates or changes.

    This Privacy Statement is effective March 20, 2024.