DITO TELECOMMUNITY CORPORATION

PRIVACY STATEMENT FOR DITO LOAD ASSIST

Last updated 16 February 2023

1. What does DITO do? 

   We are a major telecommunications provider in the Philippines. We offer and will be offering a variety of telecommunications services to you, including services related to mobile telephony and the internet of things.

2. What is the purpose and scope of this privacy statement for lead generation? 

   At DITO, we understand that your personal data is very important. To make sure that you understand what we will be doing with your personal data, we made this privacy statement to explain to you the details in a simple and transparent way. We made sure that this would be consistent with the principles of the Data Privacy Act of 2012, its Implementing Rules and Regulations, and the relevant issuances of the National Privacy Commission (“DPA”).

   This privacy statement applies to those who wish to avail of DITO Load Loan service.

3. What are the types of your personal data that we will be processing? 

   Personal data refers to information that identifies or can be linked to you, a natural person. For the purpose of providing you the Load Assist service, we will be needing the following information:
   

   1. 1. Subscriber-related information: mobile station international subscriber directory number or mobile number and whether the mobile number has been registered or not

      2. Service usage information: information related to topping up (balance, amount, and validity) and information related to services products purchased or availed of)
         

4. How will we be collecting your personal data?

   As the personal data we will be processing for this service is mostly network-related information, we will be collecting this through your use of our network.

5. How do we process your personal data and why?

   When we process your personal data, it means that we are collecting, recording, storing, modifying, organizing, using, disclosing, transferring, or deleting it according to the law. We can do these activities through computer media and on paper. Anyway, we will only be processing your personal data:

   1. To determine your eligibility for the load loan. This will also allow us to invite you to avail of the load loan if you are eligible for it.

   2. To validate your requests to get credit and to subsequently give you such credit if you are eligible.

   3. To facilitate the recovery of the credit provided once possible.

   4. To facilitate the reconciliation process in terms of validating the credit and recovery transactions between DITO and its loan service provider.

   You can be assured that we will not process your personal data in a way that is inconsistent with these purposes.

6. Who is the Personal Information Controller? 

   We are considered the Personal Information Controller (“PIC”) under the DPA. This means that we can determine the purposes for which your personal data can be used. In case your personal data is shared (only with your consent) to a third party under a data sharing agreement, this third party will also be considered a PIC.

7. To whom do we disclose your personal data and why?

   We will never share, rent, or sell your personal data to third parties, except in special circumstances where this is required by law or you have given your clear and explicit consent
   
   In some instances, we may need to share your personal data to our agents, subsidiaries, affiliates, partners, and other third parties as part of our operations. This means that we might share your information with:

   1. 1. Our service providers. We may have to share personal data carry out certain activities in the normal course of our business. These service providers, contractors, and professional advisors help us with activities like:

         • Helping us offer the Load Assist service to eligible subscribers;

         • identifying, investigating, or preventing fraud or other misconduct

      2. Government, supervisory, judicial authorities. To comply with our own legal and regulatory obligations, we may disclose your personal data to the appropriate government, supervisory, and
         judicial authorities such as:

         • Public authorities, regulators, and supervisory bodies such as the National Telecommunications Commission and the National Privacy Commission;

         • Judicial and investigative authorities such as the police, public prosecutors, courts, and arbitration and mediation bodies.

8. How long will we be keeping your personal data here? 

   When we keep your personal data, we will be following these principles:

   1. 1. We will only hold your personal data for as long as we do the activities we told you about. Essentially, we will keep your personal data for as long as it is necessary for us:

         • to meet our legitimate business purposes;

         • to comply with our own legal obligations; and

         • to exercise or defend legal claims when the need arises.

            

           Generally, however, we will be keeping your personal data for as long as we need them to meet the purposes for processing that we have shared with you

      2. We think about the type of data we collect, how much we collect, whether it is sensitive or not, and any other applicable legal requirements.

      3. We design our services so that we do not hold your data any longer than we must.

      4. We always think about the potential risk from anyone using or sharing your personal data without permission.

9. How do we protect your personal data?

   We are committed to keeping your personal data safe. To maintain this commitment, we:

   1. 1. design our products and services with your safety in mind;

      2. established a dedicated team to look after the safety and security of your personal data;

      3. use the right organizational, physical, and technical security measures, which includes audits, policies and procedures related to data security, setting up secured servers and firewalls, encryption, and other security controls;

      4. ensure only qualified and authorized staff have access to your personal data, and that our staff are bound to keep your personal data confidential;

      5. use contracts to make sure that third-party service providers that process your personal data for us have the right security measures that will help keep your personal data safe;

      6. notify you and the appropriate privacy regulators in the event of a personal data breach; and

      7. we let you update or correct your personal data to keep our records up to date.

   2. What are your rights in relation to your personal data?

      The Data Privacy Act of 2012, or DPA for short, gives you rights in relation to your personal data. It essentially gives you control on how your personal data is collected and used by companies.

      Below is a list of your rights. We want to make sure that you understand what these
      are, so we are describing each of these rights in a simple and transparent manner:

      1. The right to be informed. When we ask you to share your personal data with us, we give you details of what data we will be using, why we will be using it, and how long we will be keeping it, among other things.

      2. The right to object. This is your right to tell us to stop using your personal data. Please note, however, the DPA still allows us to use your personal data despite the exercise of this right under certain conditions. For example, we will still process your personal data despite your objection if we are legally required to do so or if it is necessary to fulfill our legal obligations to you.

      3. The right to access. This right allows you to ask whether we have personal data on you and, if we do, ask for a copy of that personal data.

      4. The right to rectification. This gives you the right to correct anything that you think is wrong with the personal data we have on file on you.

      5. The right to erasure or blocking. This gives you the right to ask us to delete your personal data. However, there are only certain instances where you can exercise this, such as in a case where you think we are processing your personal data unlawfully.

      6. The right to portability. This right allows you to get a copy of the personal data we have on you in a structure, commonly used, and machine-readable format.

      7. The right to damages. This right allows you to be indemnified for any damages that you may have sustained due to any violation of the DPA.

      8. The right to complain with the National Privacy Commission (“NPC”). In case you feel that any of your privacy rights have been violated, you have the right to file a complaint with the NPC. However, we encourage you to come to us first so we can resolve your complaint.

      While you do have the right to withdraw the consent you have given (which can be done by reaching out to our Data Protection Officer), please note that this withdrawal will not stop us from processing your personal data so long as there are other legal bases to do so. In other words, if you withdraw your consent, we can only stop the processing activities that rely on your consent. If, however, we cannot give you a legal basis to justify the continued processing of your personal data, we will either stop the processing and delete your personal data or anonymize it.

      In any case, to exercise any of these rights, please get in touch with our Data Protection Officer through the contact details we have indicated below. In certain instances, we may ask for supporting documents or proof before we can move forward with your request. In some cases, we may deny your request and, if allowed
      by law, we will notify you of the reason for denial. We may also charge you a reasonable fee to help us process your request.

      
      
      

      1. How can you contact us about your personal data?

         In case you have questions, concerns, or complaints regarding the processing of your personal data, you can contact our Data Protection Officer through the contact details below:

         Addressed to:  The Data Protection Officer

         Office Address:  11th Floor, Udenna Tower, Rizal Drive cor. 4^th Avenue

                                       Bonifacio Global City, City of Taguig

         Email Address: privacymatters@dito.ph

         
         

10. How will you know if there are changes to this privacy statement?

    We update this privacy statement sometimes so we can comply with changes in the law, adopt new technologies, or for some other legitimate reason. If we do make important changes, like how and why we use your personal data, we will let you know through an email. We will also make sure to get your updated consent when necessary.

    This version became effective on 16 February 2023.