Last updated 10 May 2022


        I.            What does DITO do?


We are a major telecommunications provider in the Philippines. We offer and will be offering a variety of telecommunications services to you, including services related to mobile telephony and the internet of things.


      II.            What is the purpose and scope of this privacy statement for lead generation?


At DITO, we understand that your personal data is very important. To make sure that you understand what we will be doing with your personal data, we made this privacy statement to explain to you the details in a simple and transparent way. We made sure that this would be consistent with the principles of the Data Privacy Act of 2012, its Implementing Rules and Regulations, and the relevant issuances of the National Privacy Commission (“DPA”).


This privacy statement applies to people who signed up to be updated about our 5G Home WiFI service. In other words, this only applies to this instance of generating leads for DITO.


    III.            What are the types of your personal data that we will be processing?


Personal data refers to information that identifies or can be linked to you, a natural person. To keep you updated about our products and services, we will just be needing your first name, last name, mobile number, email address, address, and preferred DITO Experience Store.


    IV.            How will we be collecting your personal data?


For this instance, we will be collecting your personal data via our online forms.

      V.            How do we process your personal data and why?


When we process your personal data, it means that we are collecting, recording, storing, modifying, organizing, using, disclosing, transferring, or deleting it according to the law. We can do these activities through computer media and on paper. Anyway, we will only be processing your personal data:


a.       To sign up for updates on our DITO 5G Home WiFi. We process your data so we can check whether you are eligible for our 5G Home WiFi service. If we find out that you are not yet eligible for our services, we will offer you our other products and services that you may interest you.


b.      To comply with our legal obligations. We process your data to comply with our obligations under the law and to the government regulators.

c.       To establish, exercise, or defend legal claims. If necessary, we may process your data to prosecute or defend a legal claim.


You can be assured that we will not process your personal data in a way that is inconsistent with these purposes.


    VI.            Who is the Personal Information Controller?


We are considered the Personal Information Controller (“PIC”) under the DPA. This means that we can determine the purposes for which your personal data can be used. In case your personal data is shared (only with your consent) to a third party under a data sharing agreement, this third party will also be considered a PIC.


  VII.            To whom do we disclose your personal data and why?


We will never share, rent, or sell your personal data to third parties, except in special circumstances where this is required by law or you have given your clear and explicit consent.


In some instances, we may need to share your personal data to our agents, subsidiaries, affiliates, partners, and other third parties as part of our operations. This means that we might share your information with:


a.       Our service providers, contractors, and professional advisors. We may have to share personal data carry out certain activities in the normal course of our business. These service providers, contractors, and professional advisors help us with activities like:


·         marketing activities or events and managing customer communications, including mobile attributions and the generation of analytics;


·         preparing reports and statistics;


·         creating and placing advertisements on apps, websites, social media, and other modes of communication;


·         identifying, investigating, or preventing fraud or other misconduct; and


·         performing legal, auditing, or other special services provided by lawyers, notaries, auditors, or other professional advisors.


b.      Government, supervisory, judicial authorities. To comply with our own legal and regulatory obligations, we may disclose your personal data to the appropriate government, supervisory, and judicial authorities such as:


·         Public authorities, regulators, and supervisory bodies such as the National Telecommunications Commission and the National Privacy Commission;


·         Judicial and investigative authorities such as the police, public prosecutors, courts, and arbitration and mediation bodies.


VIII.            How long will we be keeping your personal data here?


When we keep your personal data, we will be following these principles:


a.          We will only hold your personal data for as long as we do the activities we told you about. Essentially, we will keep your personal data for as long as it is necessary for us:


·         to meet our legitimate business purposes;


·         to comply with our own legal obligations; and


·         to exercise or defend legal claims when the need arises.


Generally, however, we will be keeping your personal data for as long as we need them to meet the purposes for processing that we have shared with you.


b.         We think about the type of data we collect, how much we collect, whether it is sensitive or not, and any other applicable legal requirements.


c.          We design our services so that we do not hold your data any longer than we must.


d.         We always think about the potential risk from anyone using or sharing your personal data without permission.


For the actual handling of your personal data, physical forms and documents that contain your personal data will be digitized and stored on our secure databases. Electronic copies of these forms will also be stored in our secure databases.


    IX.            How do we protect your personal data?


We are committed to keeping your personal data safe. To maintain this commitment, we:


a.          design our products and services with your safety in mind;


b.         established a dedicated team to look after the safety and security of your personal data;


c.          use the right organizational, physical, and technical security measures, which includes audits, policies and procedures related to data security, setting up secured servers and firewalls, encryption, and other security controls;


d.         ensure only qualified and authorized staff have access to your personal data, and that our staff are bound to keep your personal data confidential;


e.          use contracts to make sure that third-party service providers that process your personal data for us have the right security measures that will help keep your personal data safe;


f.           notify you and the appropriate privacy regulators in the event of a personal data breach; and


g.         we let you update or correct your personal data to keep our records up to date.


      X.            What are your rights in relation to your personal data?


The Data Privacy Act of 2012, or DPA for short, gives you rights in relation to your personal data. It essentially gives you control on how your personal data is collected and used by companies.


Below is a list of your rights. We want to make sure that you understand what these are, so we are describing each of these rights in a simple and transparent manner:


a.          The right to be informed. When we ask you to share your personal data with us, we give you details of what data we will be using, why we will be using it, and how long we will be keeping it, among other things.


b.         The right to object. This is your right to tell us to stop using your personal data. Please note, however, the DPA still allows us to use your personal data despite the exercise of this right under certain conditions. For example, we will still process your personal data despite your objection if we are legally required to do so or if it is necessary to fulfill our legal obligations to you.


c.          The right to access. This right allows you to ask whether we have personal data on you and, if we do, ask for a copy of that personal data.


d.         The right to rectification. This gives you the right to correct anything that you think is wrong with the personal data we have on file on you.


e.          The right to erasure or blocking. This gives you the right to ask us to delete your personal data. However, there are only certain instances where you can exercise this, such as in a case where you think we are processing your personal data unlawfully.


f.           The right to portability. This right allows you to get a copy of the personal data we have on you in a structure, commonly used, and machine-readable format.


g.         The right to damages. This right allows you to be indemnified for any damages that you may have sustained due to any violation of the DPA.


h.         The right to complain with the National Privacy Commission (“NPC”). In case you feel that any of your privacy rights have been violated, you have the right to file a complaint with the NPC. However, we encourage you to come to us first so we can resolve your complaint.


While you do have the right to withdraw the consent you have given (which can be done by reaching out to our Data Protection Officer), please note that this withdrawal will not stop us from processing your personal data so long as there are other legal bases to do so. In other words, if you withdraw your consent, we can only stop the processing activities that rely on your consent. If, however, we cannot give you a legal basis to justify the continued processing of your personal data, we will either stop the processing and delete your personal data or anonymize it.


In any case, to exercise any of these rights, please get in touch with our Data Protection Officer through the contact details we have indicated below. In certain instances, we may ask for supporting documents or proof before we can move forward with your request. In some cases, we may deny your request and, if allowed by law, we will notify you of the reason for denial. We may also charge you a reasonable fee to help us process your request.


    XI.            How can you contact us about your personal data?


In case you have questions, concerns, or complaints regarding the processing of your personal data, you can contact our Data Protection Officer through the contact details below:


Addressed to: The Data Protection Officer

Office Address: 11th Floor, Udenna Tower, Rizal Drive cor. 4th Avenue

Bonifacio Global City, City of Taguig

Email Address:

XII.            How will you know if there are changes to this privacy statement?


We update this privacy statement sometimes so we can comply with changes in the law, adopt new technologies, or for some other legitimate reason. If we do make important changes, like how and why we use your personal data, we will let you know through an email. We will also make sure to get your updated consent when necessary.


This version became effective on 10 May 2022.