Ask DITO

NPC Seal of Registration 2025

 

Privacy Statement

DITO TELECOMMUNITY CORPORATION

Last updated 11 March 2025



DITO Telecommunity Corporation (“DITO,” “we,” “us,” or “our”) respects your privacy and your data privacy rights, as well as employs reasonable measures to protect your personal data in accordance with Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and the various issuances of the National Privacy Commission (NPC) (collectively, the Data Privacy Regulations). Our goal is to protect your personal data on the channels you interact with us – through our website, our applications, mobile sites, in our stores and offices, offline registration forms, and e-mail, text and other electronic messages.

Please read this privacy statement carefully to understand our policies and practices regarding your personal data and how we will treat it. This statement explains how your personal data is collected, used, and disclosed by us. It also tells you how you can access and update your personal data and make certain choices about how your personal data are used.

  1. What is DITO’s privacy promise to you?

  1. Why are we making a promise?

We can provide and improve our products and services for and to you if we understand you better. To do that, we may ask you to sign up for some of our products and services. Doing so gives us some of your data, which we promise to use in two (2) main ways: 

  1. Create a more personal and relevant DITO for you

    Your personal data will help make DITO more personal for you. A more personal DITO means being able to:
     
    • let you know about things that we think you will like;
    • give you content that is relevant to your preferences; and
    • ensure you can use things that are appropriate for your age.
     
  2. Provide a better DITO for everyone.

We strive to make sure that you get the best out of the products and services we provide. It helps to understand who and why you are using these products and services so that we can: 

  • make sure that you have a great experience with DITO; and
  • know more about what you love so we can make more of the things just like it. 

By giving us a bit of your data, you are helping us achieve these things. In return, we assure you that we will keep your personal data safe and secure. 

     b. What does our privacy promise say?

Our privacy promise to you describes how we treat your personal data and how we give you control as to what happens to it. Our privacy promise rests primarily on three (3) principles, namely: 

    1. Transparency

We will always explain what personal data we are collecting from and about you and why. Generally, we will only use and process the personal data we need to: 

  • improve our products and services;
  • make your experience with DITO better; and
  • fulfill our legal obligations. 

    2. Choice 

Because we will need some of your personal data to ensure that we can provide our products and services to you, we will help you make informed decisions about your personal data.

   3. Trust

Your trust is important to us, so we promise to keep your personal data safe and secure. Except when required by law or where you have given your clear and explicit consent, we promise to never share your personal data with anyone and to use it only for purposes that we have identified in this privacy statement. 

     II. What does DITO do?

We are a major telecommunications provider in the Philippines. We offer and will be offering a variety of telecommunications services to you, including services related to mobile telephony and the internet of things. 

     III. What is the scope of our privacy statement? 

This privacy statement applies to:

  • All past, present, and prospective subscribers or customers of DITO who are natural individuals. This includes one-person businesses, legal representatives, or contact persons acting on behalf of our corporate customers;

  • Non-DITO subscribers. These could include anyone that visits a DITO website, channel, branch, or office, as there may be transactions with non-DITO subscribers that may need personal data;  

  • Children under the age of 18. We do not knowingly collect and process personal data from children under the age of 18. If we discover that we have mistakenly collected personal data from a child under 18, we will remove that child’s personal data from our database immediately. With that said, DITO may collect personal data about such children from the parent or guardian directly, and with that person’s explicit consent. If you believe that we might have any information from a child under the age of 18, please contact us through the channels provided in Part XII below. We recommend that anyone under the age of 18 obtain their parents’ permission before submitting information over the Internet.

This privacy statement does not apply to any website, product or service of any third-party entity even if the website links to (or from) our website. Do make sure to read and review the privacy policies of other third-party entities before agreeing to provide them with any personal data.

     IV. What are the types of personal data that we process? 

Personal data refers to information that identifies or can be linked to you, a natural person. The personal data that we process includes: 

  1. Identification data, such as name, gender, salutation, date and place of birth, ID type and number, tax identification number, customer segment, nationality, email address, home address, province, city or municipality, district, ZIP code, mobile and telephone number, and specimen signature;

  2. Employment data, such as company name or employer, office address, province, city or municipality, district, ZIP code, office telephone number, occupation, job title, position, and years of employment;

  3. Financial data, such as proofs of billing and other proofs of financial capacity;

  4. Transaction data, such as preferred billing address, subscription type (whether prepaid or postpaid), and plan type;

  5. Service data, such as details of calls, SMS, and data usage;

  6. Network data, such as your network performance experience, diagnostic information, signal strength, dropped calls, data failures, and other network performance issues;

  7. Device data, such as the IP address of your mobile device or the computer you use, the IMEI of your mobile device, device brand and model, operating software or system version, and the pages you visit on our websites and apps;

  8. Data about what you love and need that you give us through surveys, our contact or call centers, or through any other channel that you use to contact us;

  9. Know our customer data as part of customer due diligence to prevent fraud;

  10. Location data if you are using location-based services;

  11. Audio-visual data, such as security footage at DITO stores and offices, or recordings of phone or video calls or chats with us where applicable and allowed by law; and

  12. Your interactions with us on social media and through our channels, such as Facebook, Twitter, Instagram, other social media platforms, our website, and live chat.

     V. How do we collect your personal data?

We collect your personal data when you: 

  1. fill out and submit application forms, sign contracts or agreements, or accomplish any other similar documents through any of our channels, may it be through our online channels, stores, or through our sales representatives or specialists;

  2. reach out to us to ask about something, file a complaint, or make a request for service;

  3. participate in our research and surveys;

  4. use our network, facilities, and services;

  5. pay your bills or buy our products and services;

  6. are captured via closed-circuit television cameras (CCTVs) or other equipment or devices while you are within our premises;

  7. join our promos, raffles, or rewards and loyalty programs;

  8. visit and transact in our stores, apps, and websites;and

  9. submit your personal data to us for any other reason.

We may also collect your personal data from our subsidiaries, affiliates, and business partners, if you give them consent to share your personal data with us. 

    VI. How do we process your personal data and why?

When we process your personal data, it means that we are collecting, recording, storing, modifying, organizing, using, disclosing, transferring, or deleting it in accordance with the law. The processing that we do will be done only with your consent, or if justified by our legitimate business interests. We can do these activities through either software or paper-based mechanisms. 

We only process your personal data: 

  1. To fulfil our contractual obligations to you. We use data about you, such as your name and contact details, when you sign a contract with us, or at the times when we must contact you. We may also analyze your data to see whether you are eligible for specific products and services.

  2. To improve our business and our operations. We analyze and process data related to your usage of our network and facilities to help keep our services going, manage your account, provide you with customer care activities, receive, investigate, and resolve your service-related requests and concerns, monitor and maintain the quality and security of our network, train our staff, and plan for our future.

  3. To improve our products and services. We may analyze and process how you use and interact with our products and services so we can know how to improve them for you. For instance:
    • We may study specific details about your usage, such as how often you use our SMS, voice, and data services.

    • We may also look at historical locational information on your use of our products and services, which will give us information on foot traffic, crowd density, and mobility patterns.

    • Sometimes, we may analyze your personal data using automated processes, such as algorithms, to speed up decisions regarding credit limits on your postpaid plans.

    • We also look at the data on transactions between you and our third-party service providers or suppliers so we can give them advice on how transactions can be improved. When we process personal data for this purpose, we may give aggregated data to these service providers and suppliers. Please do note that you cannot be identified using said aggregated data.


  4. To secure your data and our operations. We have a duty to protect your personal data, as well as to prevent, detect, and contain any possible data breaches. Moreover, we also have a duty to make sure that our operations remain secure. To do this, we may also process your personal data to perform IT security operations, business continuity operations, disaster recovery, and auditing. 

  5. To develop our relationship with you. We ask you for feedback about our products and services, or, in certain situations, record your conversations with us through telephone, live chat, or social media. We may share this with certain members of our staff to improve or customize our products and services for you. We may send you newsletters, emails, calls, or mobile notifications to let you know about these products and services. While you will be given a chance to opt into these notifications just before we begin sending out personalized offers, you may later opt out if you no longer wish to receive these offers or notifications.

  6. To provide products, services, and marketing tailored just for you. We use your data for our legitimate business interests, which includes the development and improvement of our products and services, segmentation, and profiling of customers, and targeted and untargeted marketing. We do this because we want to make sure that our products and services meet what you want and need from us, and we want to let you know once these are ready for you. Again, you will be given a chance to opt into this just before we begin sending out personalized offers, but you may also opt out later if you no longer want to receive personalized offers. 

  7. To assist public authorities. We may process your personal data to generate statistics based on your use of our network and facilities to help public authorities in the areas of healthcare, disaster management, and other similar projects. As much as possible, we anonymize this information so you can never be identified as an individual.  

  8. To comply with our legal obligations. We process your data to comply with our obligations under the law and to the government regulators. This may include processing your data to comply with the Free Mobile Disaster Alerts Act, the Mobile Number Portability Act and providing information to the Credit Information Corporation in accordance with the Credit Information Systems Act.

  9. To maintain safety. We may process your data to prevent, detect, investigate a crime, and manage the safety and security of our premises and services (including but not limited to conducting security checks and installing CCTV surveillance).

  10. To establish, exercise, or defend legal claims. We may process your data to prosecute or defend a legal claim. 

    VII. Who is the Personal Information Controller? 

We are considered the Personal Information Controller (“PIC”) under the DPA. This means that we can determine the purposes for which your personal data can be used. In case your personal data is shared with your consent to a third party under the appropriate data transfer agreement, this third party will also be considered a PIC or a Personal Information Processor (“PIP”) depending on the terms contained therein. 

    VIII. To whom do we disclose your personal data and why?

To ensure that we offer you the best possible service and that we remain competitive in our business, we may share data externally, i.e., outside of DITO, with third parties. Whenever we do so, we ensure that this is shared on a confidential basis and only through secure means. All disclosures will always follow applicable privacy laws and regulations. 

We will never share, rent, or sell your personal data to third parties, except in special circumstances where this is required by law, or you have given your clear and explicit consent. 

In some instances, we may need to share your personal data with our agents, subsidiaries, affiliates, partners, and other third parties as part of our operations and for the continued provision of products and services. This means that we might share your information with: 

  1. Our service providers, contractors, and professional advisors. We may have to share personal data to carry out certain activities in the normal course of our business. These service providers, contractors, and professional advisors help us with activities like:
    •  designing, developing, maintaining, debugging, and optimizing our products, services, systems, tools, and applications;

    • providing application or infrastructure services;

    • marketing activities or events and managing customer communications, including mobile attributions and the generation of analytics;

    • preparing reports and statistics, printing materials, and designing products;

    • creating and placing advertisements on apps, websites, social media, and other modes of communication;

    • performing legal, auditing, or other special services provided by lawyers, notaries, auditors, or other professional advisors;

    • identifying, investigating, or preventing fraud or other misconduct; and

    • facilitating payment and transfer of funds. 

  2. Our subsidiaries and affiliates with whom you have also signed up with. We do so only to improve our operations as well as those of our subsidiaries and affiliates. For example, we can study your use of our products and services as well as that of our subsidiaries and affiliates to create product and service bundles that would meet your needs.

  3. Other companies to whom you have also given consent for us to share information with. For example, when you sign up for products and services by other companies, they may request your data from us for them to validate your identity; and

  4. Government, supervisory, judicial authorities. To comply with our own legal and regulatory obligations, we may disclose your personal data to the appropriate government, supervisory, and judicial authorities such as: 
    • Public authorities, regulators, and supervisory bodies such as the National Telecommunications Commission and the National Privacy Commission;

    • Judicial and investigative authorities such as the police, public prosecutors, courts, and arbitration and mediation bodies. 

If you want to know our partners, you can make a request through our Data Protection Officer using the contact details outlined in Part XII below.

When using our products and services, you may happen to interact with the products and services of Over the Top (“OTT”) services providers, like media streaming services. They will be collecting personal data through their own products and services. This is governed by their own respective privacy policies, statements, or notices, so we highly encourage you to read them.

     IX. How do we store and dispose of your personal data? 

When we keep your personal data, we will be following these principles: 

  1. We will retain personal data only according to operational needs and in compliance with legal and regulatory purposes. In general, we shall only retain your personal data for ten (10) years after the processing relevant to the purpose has expired or has been otherwise terminated.

  2. However, we may retain your personal data for longer when it is necessary for us:
    • to continue providing you with the products and services you get from us;

    • to meet our legitimate business purposes;

    • to comply with our own legal obligations; and

    • to exercise or defend legal claims when the need arises.

For the actual handling of your personal data: 

  1. Physical copies of the forms you submit to us will be stored in secure storage areas.

  2. Electronic copies of these forms will also be stored in our secure databases.  

    X. How do we protect your personal data?

We are committed to keeping your personal data safe. To maintain this commitment, we:

  1. design our products and services with your safety in mind;

  2. established a dedicated team to look after the safety and security of your personal data;

  3. use sufficient organizational, physical, and technical security measures, which includes audits, policies and procedures related to data security, setting up secured servers and firewalls, encryption, and other security controls;  

  4. ensure only qualified and authorized staff have access to your personal data, and that our staff are bound to keep your personal data confidential;

  5. regularly review our collection, storage, and processing practices;

  6. use contracts to make sure that third-party service providers that process your personal data for us have the right security measures that will help keep your personal data safe;

  7. notify you and the appropriate privacy regulators in the event of a personal data breach; and

  8. let you update or correct your personal data to help keep our records up to date.

On your end, please ensure that personal data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

Additionally, you should inform us immediately of any change of facts or circumstances which may render any information or personal data previously provided inaccurate, untrue, or incorrect and provide any information or documentation DITO may reasonably require for the purposes of verifying the accuracy of the updated information or personal data

    XI. What are your rights in relation to your personal data? 

The DPA gives you rights in relation to your personal data. It essentially gives you control over how your personal data is collected and used by companies. 

Below is a list of your rights. We want to make sure that you understand what these are, so we are describing each of these rights in a simple and transparent manner: 

  1. The right to be informed. When we ask you to share your personal data with us, we give you details of what data we will be using, why we will be using it, and how long we will be keeping it, among other things.

  2. The right to object. This is your right to tell us to stop using your personal data. Please note, however, the DPA still allows us to use your personal data despite the exercise of this right under certain conditions. For example, we will still process your personal data despite your objection if we are legally required to do so or if it is necessary to fulfill our legal obligations to you.

  3. The right to access. This right allows you to ask whether we have personal data on you and, if we do, ask for a copy of that personal data. You also have the right to request information about the source of your personal data.

  4. The right to rectification. This gives you the right to correct anything that you think is wrong with the personal data we have on file on you.

  5. The right to erasure or blocking. This gives you the right to ask us to delete your personal data. However, there are only certain instances where you can exercise this, such as in a case where you think we are processing your personal data unlawfully.

  6. The right to portability. This right allows you to get a copy of the personal data we have on you in a structure, commonly used, and machine-readable format.

  7. The right to damages. This right allows you to be indemnified for any damages that you may have sustained due to any violation of the DPA.

  8. The right to complain with the National Privacy Commission. In case you feel that any of your privacy rights have been violated, you have the right to file a complaint with the NPC. However, we encourage you to come to us first so we can duly and swiftly resolve your complaint. 

While you do have the right to withdraw the consent you have given, please note that this withdrawal will not stop us from processing your personal data so long as there are other legal bases to do so. In other words, if you withdraw your consent, we can only stop the processing activities that rely on your consent. If, however, we cannot give you a legal basis to justify the continued processing of your personal data, we will either stop the processing and delete your personal data or anonymize it. 

In any case, to exercise any of these rights, please get in touch with our Data Protection Officer through the contact details we have indicated in Part XII below. In certain instances, we may ask for supporting documents or proof before we can move forward with your request. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected. Please note that any identification information provided to us will only be processed in accordance with, and to the extent permitted by applicable laws. In some cases, we may deny your request and, if allowed by law, we will notify you of the reason for denial. We may also charge you a reasonable fee to help us process your request.

    XII. How can you contact us about your personal data?  

In case you have questions, concerns, or complaints regarding the processing of your personal data, you contact our Data Protection Officer through the contact details below: 

Addressed to: The Data Protection Officer

Office Address: 16th Floor, Udenna Tower, Rizal Drive cor. 4th Avenue Bonifacio Global City, City of Taguig

Email Address: privacymatters@dito.ph

    XIII. How will you know if there are changes to this privacy statement?  

This privacy statement will be updated from time to time to comply with changes in the law, adopt new technologies, or for some other legitimate reason. If we do make important changes, like how and why we use your personal data, we will let you know through a notice, email, SMS, or a message in our app. We will also make sure to get your updated consent when necessary. 

This version became effective on 11 March 2025.