Privacy Notice

INTRODUCTION

First Philippine Holdings Corporation, including its affiliates and subsidiaries (the “Company”) values the confidentiality of personal data. This Privacy Notice (the “Privacy Notice”) details how the Company uses and protects personal data in accordance with the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), other issuances of National Privacy Commission (NPC) and other relevant laws of the Philippines. This Privacy Notice applies to this website (the “Website”) and governs data collection and usage. By using the Website, you consent to the data practices described in this Privacy Notice.

What type of personal data does the Company collect and generate?

The Company will collect the following personal data when you submit to us your complaints, inquiries or requests:

  • First name
  • Last name
  • E-mail address
  • Category (e.g. FPH shareholder, LPZ shareholder, press, Lopez group employee, and others)


Why does the Company collect personal data?

The Company collects, uses, processes, stores and retains the foregoing personal data solely to reply to and/or address your complaints, inquiries or requests, to be accessed by the Company’s authorized representatives or personnel.

In general, the Company will be using personal data for any of the following purposes:

  • To comply with the Company’s obligations under law and as required by government organizations and/or agencies;
  • To comply with legal and regulatory requirements or obligations;
  • To perform such other processing or disclosure that may be required under law or regulations; and
  • To perform such other processes reasonably necessary or desirable for business purposes.

 

When accessing our website, social media sites, or email:

  • To respond to or address specific complaints, inquiries or requests ; and
  • To provide other information in relation to any complaint, inquiry or request.


Does the Company use web analytics?

For its website, the Company engaged a third-party service provider to analyze web traffic data. This service uses cookies. The Company reserves the right to engage other such providers, as may be necessary.

Data generated is not shared with any other party. To fully enjoy the visit and browsing experience, only non-identifiable web traffic data are collected and analyzed, including:

  • IP address;
  • Search terms used;
  • The pages and internal links accessed on the Website;
  • The date and time the site was visited;
  • Geolocation;
  • The referring site or platform (if any) through which it was clicked through to the Website;
  • Operating system; and
  • Web browser type.


What about the links to third-party websites?

From time to time, the Website will provide links to third-party websites, or advertisements which contain links to third-party sites. These links are provided as a service and do not provide any personal data to these websites or advertisers, and therefore, the Company does not accept responsibility for their privacy practices. These sites are operated by independent entities that have their own privacy policies which should also be reviewed. The Company’s Privacy Notice does not apply to such other sites or to the use that those entities make of the information. The Company has no control over the content displayed on such sites, nor over the measures, if any, that are taken by such sites to protect the privacy of the information.

With whom may the Company share personal data?             

As a general rule, the Company does not and will not share personal data with a third party except as necessary for the proper execution of processes related to a declared purpose, or the use of disclosure is reasonably necessary, required or authorized by or under law.

This means the Company might provide personal data to the following:

  • Existing and prospective business partners, service providers, and contractors, consistent with the purposes discussed above;
  • Affiliates and subsidiaries of the Company; and
  • Law enforcement and government agencies.

However, the foregoing may only use personal data for the purpose(s) disclosed in this Privacy Notice and may not use it for any other purpose.

How does the Company protect personal data?

The Company strictly enforces its Privacy Policy. It has implemented technological, organizational and physical security measures to protect personal data from loss, misuse, unauthorized modification, unauthorized or accidental access or disclosure, alteration or destruction. The Company uses safeguards such as the following:

  • Use of secured servers and firewalls, encryption on computing devices
  • Restricted access only for qualified and authorized personnel
  • Strict implementation of information security policies


Where and how long does the Company keep personal data?

The Company stores personal data in both local and off-shore facilities, such as data centers (on-site and/or the cloud) and document storage facilities. Personal data collected will be retained in accordance with the Company’s retention standards. Subject to applicable laws, rules and regulations, the data subject may request personal data to be deleted from the Company’s systems, databases and hard copies within a reasonable requested date.

The Company keeps personal data only for as long as necessary and as may be legally required for the fulfillment of the legitimate purposes provided above, or for the establishment, exercise or defense of legal claims, or in compliance with laws, regulations, or lawful court order.

What if there are changes in our Privacy Policy?

From time to time, it may be necessary for the Company to change its Privacy Notice. Rest assured, however, that any change will not be retroactively applied and will not alter how the Company handles previously collected personal data without obtaining the needed consent, unless required by law.

What are the rights of a Data Subject under the Data Privacy Act?

Data subjects have the following rights:

  • Right to be Informed;
  • Right to Object;
  • Right to Access;
  • Right to Rectify or Correct erroneous data;
  • Right to Erase or Block;
  • Right to secure Data Portability
  • Right to be indemnified for Damages
  • Right to File a Complaint

The Company’s decisions to provide access, consider request for correction, erasure and address objection to process personal data as it appears in Company’s records are always subject to applicable and relevant laws and/or the DPA, its IRR and other issuances of the NPC.

Who should you contact in case of inquiry, feedback or complaints?

Should you have any inquiries, feedback and/or complaints, you may reach the Data Protection Officer (DPO) through the following contact details:

Data Protection Officer
First Philippine Holdings Corporation
6F Rockwell Business Center Tower 3
Ortigas Ave., Pasig City 1604 Philippines
Tel: (632) 449-6400
Fax: (632) 637-8366
[email protected]  

You may also lodge a complaint before the National Privacy Commission (NPC). For further details, please refer to NPC’s website: https://privacy.gov.ph .