Our Privacy Commitment
PLDT Global Corporation (PGC) respects our customers’ fundamental right to privacy, and we commit to take great care in safeguarding your personal data. PGC has developed a privacy statement that aims to ensure that we adopt and observe appropriate standards for personal data protection in compliance with applicable privacy laws and regulations.
While this privacy statement sets out the general principles that govern the collection, use, and disclosure of our customers’ personal data, we have also developed this privacy statement to inform you more specifically about our privacy practices.
Why we collect your personal data
Throughout your use of our services, we collect and maintain some basic information about you. We do so only for the purposes and legal bases described below.
A. We process your personal data to perform our obligations under contract with you.
- To create and nurture a relationship with you, so that we can continuously provide you with our services. For example, when you apply for any of our services, we collect personal data about you, that will allow us to deliver services you order or request under a contract that we have with you, establish a contract for goods or services between you and us, or validate your identity and credit history for purposes of billing and collection of fees for the products and services that you avail from us.
B. We process your personal data based on our legitimate interest to function effectively as a business, but we only do so when your interests and fundamental rights or freedoms do not override our legitimate interest.
- To continuously improve our business and operations. For example, we analyze your usage of our network and facilities to help us manage your account, provide customer care activities, investigate and resolve your service-related requests and concerns, monitor the quality and security of the network, train our staff, and plan for future growth. We may also process your personal contact details and publish them in an internal directory listing, in order to effectively communicate with you and provide you with necessary assistance.
- To continuously improve our products and services. We collect, use, process, and analyze your use of our products and services so that we can understand how to improve them for your benefit. Our analysis may include some information about your usage, such as the volume and frequency of your use of our SMS, voice, and data services, and your historical locational information which we determine based on an analysis of the places where you may have used our products and services in order to generate insights on foot traffic, crowd density, and mobility patterns.
- To understand your needs and preferences so that we can serve you better. We process data to determine your usage profile by maintaining a record of the products and services that you avail from us, and by analyzing other activities such as when you participate in our market research initiatives, when you visit and transact in our stores, and when you visit and use our websites and mobile apps such as Free Bee. We do so in order to gain a better insight about the kinds of offers that would be relevant to your preferences.
- To manage the security of our business operations. We may process your personal data to conduct IT security operations, to manage our assets, to ensure your fair use of our products and services, and for business continuity, disaster recovery, and audit purposes.
C. We process your personal data as you avail of our products and services so that we may be able to create and offer better products and services for you, including through direct marketing. We only carry out these processing activities based on your consent.
- To send you offers, recommendations and promotions. We process your usage profile to send you customized offers and promotions through your contact details using channels such as SMS, voice calls, and e-mail. This includes location-based offers that are exclusively available in areas that you may frequent. For authorized representatives of our business clients, we may also process your data to send you offers and promotions based on our legitimate interest, when appropriate and when consent is not required.
- To provide you requested information and resource materials. We process information such as your mobile number and email address to send you information and resource materials which you may have requested through our social media platforms and websites. We may also provide you information about products and services that may interest you based on your voluntarily submitted survey forms.
- To conduct online marketing. We process information such as your mobile number, e-mail address, and browsing behavior, which we collect through cookies and tags (when you visit our websites) in order to place advertisements about our latest products and promotions on some of the most popular social media platforms and websites that you may visit. Please see our Cookies policy for more details.
- To elaborate your usage profile. We may also collect personal information about you from third-party sources such as our subsidiaries, affiliates, and business partners, to whom you have also given your consent for them to share your information with us. We create this enhanced usage profile about you solely to get a deeper understanding of your preferences so that we can send you even better targeted product recommendations, special offers, and promotions.
D. We process your personal data to comply with legal requirements.
- To assist public authorities. We generate statistical insights based on your usage of our network and facilities to assist public authorities in planning for healthcare, disaster management, and other similar initiatives. When we can, we aggregate and anonymize this information so that you are never identified as an individual.
- To comply with legal requirements. We run credit scoring programs and initiatives, including but not limited to, providing information to the Credit Information Corporation in accordance to Republic Act No. 9501 and the Credit Information System Act. We may also perform other required personal data processing or disclosure to meet other relevant legal and regulatory requirements.
How we collect your personal data
We collect your personal data from several sources.
Information you share with us.
Most of the personal data we retain are information you have shared with us. You provide us with personal data when you:
- Apply for our services by filling out Application Forms, Subscription Agreements, and other similar or related documents through any of our available channels (online, in our stores, or through our Sales representatives);
- Get in touch with us to ask about something, file a complaint or request for service;
- Take part in our research and surveys;
- Become our Partner, Vendor, Contractor or Supplier; and/or
- When you apply for job with us.
Information we collect during our relationship with you
We also collect information as you use our products and services, like when you:
- Use our network, facilities and services – whether it is Mobile, Fixed, Home, or any of our other products, services, and channels;
- Pay your bills or purchase add-on products and services;
- Use our apps, websites, and self-service channels and portals;
- Join our promos, prize raffles, or rewards & loyalty programs;
- Participate in our market research activities; and
- Visit and transact in our stores.
Information we collect from other sources
We also collect information from commercially or publicly available sources like published directories and public documents. We may also obtain your personal information from third parties and from other sources which you have given separate consent for the disclosure of such information relating to you and where otherwise lawfully permitted.
When we disclose your personal data
There are a variety of circumstances where we may need to share some of the information that you have provided to us. In these cases, we ensure that your personal data is disclosed on a confidential basis, through secure channels, and only in compliance with applicable privacy laws and regulations.
We will never share, rent, or sell your personal data to third parties outside of PGC except in special circumstances where you may have given your consent for, and as described in this statement.
In some instances, we may be required to disclose your personal data to our agents, subsidiaries, affiliates, business partners and other third-party agencies and service providers as part of our regular business operations and for the provision of our products and services. This means we might share your information with:
- Our service providers, contractors, and professional advisers who help us provide our products and services. This includes partner companies, organizations, or agencies, and their sub-contractors. For example: our couriers for bill delivery and our customer contact centers for our pre- and post-sales hotline operations;
- Our subsidiaries and affiliates with whom you have also signed-up with. We do so only for the improvement of each other’s legitimate business and operations. For example: we share information with each other about your usage profile so that we can create new offers that bundle our products and services into a single subscription;
- Other companies to whom you have also given consent for us to share your information with. For example, when you sign-up for products and services offered by other companies, they may request for information from us in order for them to validate your identity; and
- Law enforcement and government agencies, but only when required by laws and regulations and other lawful orders and processes.
Please visit http://www.pldt.com/privacy-policy
For a list of our partners, please visit [URL of web site listing recipients of data].
Transfer of your personal data outside the EEA
Unless you are otherwise notified, any transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on an adequacy decision or are governed by the standard contractual clauses (a copy of which can be obtained through the contact information included below). Any other non-EEA related transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards.
How we protect your personal data
The integrity, confidentiality, and security of your information are important to us. That’s why we strictly enforce our privacy statement within PGC and have implemented technical, organizational, and physical security measures that are designed to protect your information from unauthorized or fraudulent access, alteration, disclosure, misuse, and other unlawful activities. These are also designed to protect your information from other natural and human dangers.
We also put in effect the following safeguards:
- We keep and protect your information using a secured server behind a firewall, encryption and security controls;
- We keep your information only for as long as necessary for us to (a) provide the products and services that you avail from us, (b) for our legitimate business purposes, (c) to comply with pertinent laws, and (d) for special cases that will require the exercise or defense of legal claims and for a maximum retention period of five (5) years;
- We restrict access to your information only to qualified and authorized personnel who are trained to handle your information with strict confidentiality;
- We undergo regular audits and rigorous testing of our infrastructure’s security protocols to ensure your data is always protected;
- We promptly notify you and the competent data protection authority, when sensitive personal data that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person;
- We let you update your information securely to keep our records accurate.
What your choices are
You are afforded certain rights in relation to your personal data under applicable data privacy laws and regulations.
You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
- Request access to the personal data we process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data.
- Request a rectification of your personal data: this right entitles you to have your personal data corrected if it is found to be outdated, inaccurate, or incomplete.
- Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, such as in cases where your personal data is no longer necessary to achieve the legitimate business purpose of its use or processing.
- Request the restriction of the processing of your personal data: this right entitles you to request that we only process your personal data in limited circumstances.
- Request portability of your personal data: this right entitles you to receive a copy of personal data that you have provided to us (in a structured, commonly used and machine-readable format). This includes requests for us to transmit a copy of such personal data to another company, on your behalf.
You moreover have a right to object to the processing of your personal data, such as in cases when we process your personal data for purposes related to direct marketing.
To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting our Data Privacy Officer. Please note that this will not affect the lawfulness of the processing that was carried out before you withdrew your consent or PGC’s right to continue parts of the processing based on other legal bases than your consent. If, however we have not provided you with another legal basis justifying the processing of your personal data in this privacy statement, we will stop the processing and delete your personal data.
To exercise these rights, you may get in touch with our Data Privacy Officer through the contact details provided below. In some instances, we may request for supporting documents or proof before we effect any requested changes to your personal data.
If, despite our commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome individuals to come to PGC first to seek resolution of any complaint. You have the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against us with a competent court (either in the country where you live, the country where you work or the country where you deem that data privacy law has been infringed).
PLDT Global Corporation Data Privacy Office
2F Smart Tower 1, Ayala Avenue, Makati City, Philippines
Changes to our privacy statement
From time to time, we may update our privacy statement and practices to comply with changes in applicable laws, to comply with government and regulatory requirements, to adapt to new technologies and protocols, to align with industry best practices, and for business purposes.
You will always be provided notice if these changes are significant and, if we are required by law, we will ensure to obtain your updated consent.
Last updated: June 10, 2021