COLLECTION AND USE OF PERSONAL DATA

Throughout our relationship with you, we may collect and use personal data to allow us to continuously provide you with our products and services. When we do so, we will let you know exactly what personal data we are collecting, why, and what criteria under the law we rely on.

Cookies

We collect cookies, web beacons, small data text files, or similar technologies primarily to ensure that the core functions of our website and apps are optimally accessible to you.

SHARING OF PERSONAL DATA

We may outsource the processing of your personal data to external parties including vendors, service providers, and other telecommunications operators who may process your personal data outside the Philippines to fulfill the purposes described in this Privacy Policy.  When we do so, we make sure they can only process your personal data strictly for the purpose stated in our contract with them.  We also require them to protect your personal data with organizational, physical, and technical security measures consistent with our internal policies and ensure they return or dispose of your personal data upon the end of our engagement, or as otherwise specified in our contract.

With your consent, we may share your personal data with our other partners for business analytics, and product development purposes, as well as to allow them to market and extend their products and services to you.  It is our policy to never share your personal data with external parties unless we obtain your consent or are otherwise required or allowed by law to do so.

PROTECTION OF PERSONAL DATA

We secure and protect your personal data with appropriate safeguards to ensure confidentiality and privacy, prevent loss, theft, use for unauthorized purposes, and comply with the requirements of the law.

To detect and mitigate evolving threats to information security and data privacy, we have implemented appropriate organizational, physical, and technical controls to protect your personal data including:

• A state-of-the-art Security Operations Center with a dedicated team that manages, monitors, and protects our network and systems from potential risks to your personal data with fully-documented security incident management procedures;

• Regular review of our collection, processing, storage, retention, and disposal practices including physical and electronic security measures to guard against unauthorized access to our network and systems;

• Contractually-mandated confidentiality among our authorized employees, contractors, and other external parties who may process your personal data;

• External party risk assessment as well as security features against data leakage, unauthorized access or disclosure, and accountability; and

• Identity and access management across GLOBE STT GDC employees and external parties under a “need-to-know” standard.

RETENTION AND DISPOSAL OF PERSONAL DATA

We keep applicable personal data for as long as you are our customer or until the purpose for why it was collected expires. However, it may be necessary for us to keep your personal data for a longer period for legitimate business or legal purposes such as security, fraud prevention, or financial record-keeping. In general, our policy is to retain customer information for a period of up to five (5) years from the date of request, depending on the type of personal data.

We have also established procedures to securely dispose of files that contain your personal data whether in digital or physical form (e.g. shredding, erasure software, degaussing).

YOUR RIGHTS AS A DATA SUBJECT

We recognize your rights under the Data Privacy Act of 2012.

Right to Be Informed

You have the right to be informed of how and why we collect and process your personal data, including where we collected it, with whom we share it and why, how we protect it, how long we keep it, and how we dispose of it, and any changes to our data processing activities before they are implemented.

Right to Object

You have the right to object to the processing of your personal data when the sole criteria for processing is our legitimate interest.  You also have the right to withdraw any consent previously given for the processing and/or sharing of your personal data.

Right to Access

You have the right to request reasonable access to your personal data subject to our procedures.  We, however, reserve the right to seek reasonable fees when providing such data presents certain challenges due to its volume as well as to restrict access to linked data that may be confidential, proprietary, or belong to other individuals.

Right to Data Portability

You have the right to obtain a copy of your personal data or have it transmitted to other entities in a format that is portable and commonly accessible subject to our internal procedures.

Right to Rectify

We keep our records as accurate as possible.  Where there are any errors or inaccuracies to your personal data, we give you ways to dispute and rectify or update it, subject to our internal procedures.

Right to Erasure or Blocking

You have the right to suspend, withdraw, or order the blocking, removal, or destruction of inaccurate, incomplete, outdated, false, or unlawfully obtained personal data, or personal data not necessary for the purpose for which it was collected, and for such other cases provided in the Data Privacy Act of 2012.

Right to Damages

You have the right to be indemnified for damages sustained, if any, due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.

HOW TO REACH US

Should you wish to exercise any of your data subject rights or have any questions or concerns regarding our privacy practices, you may contact our Data Privacy Officer:

Data Privacy Officer

GLOBE STT GDC, INC.

2nd Floor Globe Telecom Plaza Tower 1

Pioneer corner Madison Streets

Barangka Ilaya, 1550 Mandaluyong City

Email: data-privacy@sttelemediagdc.ph