PRIVACY STATEMENT

SM Investments Corporation and its service group (“SM Investments”, “SMIC”, “we”, “us” or “our”) are committed to protect the privacy and rights of our stakeholders (“Data Subjects”) through its compliance with the Data Privacy Act of 2012, its implementing rules and regulations (“DPA Legislation”) and through the protection policies it has adopted internally.

I. What are Covered by this Privacy Notice?

This Privacy Statement has been crafted to inform and explain how we collect, use, retain, dispose and protect the personal data of Data Subjects when you transact with us, avail of our services, including when you visit our website (https://www.sminvestments.com/), social media sites and/or the pages (“Sites” collectively) that we control. By accessing and using these Sites, you agree to this Privacy Policy and any future amendments and additions thereof.

II. What are not covered by this Privacy Notice?

This Privacy Notice DOES NOT cover the processing for:

1. Recruitment and employment purposes. Such is covered by the corresponding Privacy Notice in the applicable careers website(s) and in the respective employment contracts with our employees.

2. Sourcing and accreditation of vendors. Such is covered by the relevant data privacy provisions in their respective contracts with us and by a separate Privacy Notice made accessible to them.

3. Subscription or purchase of shares. Such is covered by the relevant data privacy policies of the brokers and the stock transfer office, including the relevant provisions of the subscription agreements between the subscriber, their brokers.

The respective data protection policies and practices by our affiliates or related companies relating to consumers or customer data they collect in the course of their commercial operations may be accessed through this link.

III. Definition of Terms:

In order to have a better understanding of this Policy, the following words shall be defined as follows:

1. “Data Subject” – refers to an individual whose personal or sensitive personal information is collected, used, shared or otherwise processed.

2. “DPA Legislation” – shall refer to the Philippine Data Privacy Act of 2012 (R.A No. 10173), its implementing rules and regulations, its amendments and such other issuances of relevant government agencies on data privacy.

3. “Process”, “Processes”, “Processing” or “Processed” – shall have the meaning as defined by existing and future DPA Legislation.

4. “Personal Data” – any data, from which an individual person can be identified or ascertained; or from that data and other information which may be accessed. It includes personal information or sensitive personal information.

IV. The Information We Collect:

Depending upon the Site and context, SMIC may collect or receive all or some of the following personal information from you:

  • When you enter our premises, we may collect the following categories of personal information:

Personal identifiers such as your full name, address and contact number. CCTV Footage. Videos and snapshots of your likeness may be captured inside our premises.

  • When you use our website or social media pages under our control, we may collect the following categories of personal information:

Technical Data. Technical data such as cookies, web beacons and other similar technologies for storing information may be used to collect your Internet Protocol (IP) address, computer / mobile device operating system information, type of web browser used, Unique Device Identifier (UDID) or mobile equipment identifier (MEID) and browsing behavior.

Social media websites and platforms are hosted by third parties. Your interactions with these websites are governed by privacy policies of the companies which operate the same. We may be able to view your username and photo, as the case maybe, when you interact with us through our official social media accounts.

  • When you submit inquiries through our “Contact Us” portal found in our website, we may collect the following personal information:

Personal identifiers such as name, mobile number and email address.

V. How Do We Use Your Personal Information?

We will use your information only for the following any or all of the following legitimate purposes (“Purposes”):

  • To facilitate or fulfill the information or service which you have requested;
  • To provide informative or educational materials to you;
  • To maintain customer relationships;
  • To communicate with you;
  • For internal business operations, including the improvement of our Sites and services, for data analytics and profiling for statistical, marketing, analytical and research purposes;
  • To ensure the security of our website;
  • To comply with security protocols to ensure safety of our premises and the safety of our personnel and visitors;
  • To prevent, detect and/or investigate a crime;
  • To pursue or defend our legal claim/s, if any;
  • Complying with the legal requirements and legal proceedings, if any;
  • To carry out other legitimate business purposes.
VI. Data Subject’s Consent and Other Bases of Processing:

Consent: We will process your personal data after obtaining your consent. In giving your consent or, when you continue using our services or Sites, you agree that SMIC may collect, store or process personal data obtained from you for any or all of the purposes provided herein. You may withdraw or limit the scope of the consent given by contacting the SMIC Data Protection Officer (DPO) through the contact details provided in this Policy.

We may also process your personal information based on the other following legal grounds:

Contractual Obligation: If you have entered into an agreement with us, we may process your personal information to fulfill our obligations under that contract. This includes providing the services or products you’ve requested and managing the associated transactions.

Legal or Regulatory Obligation: In certain situations, we may need to process your personal information or sensitive personal information to comply with legal or regulatory requirements, such as tax or labor regulations, or responding to lawful requests from government authorities.

Legitimate Interests: We may process your personal information when it’s necessary for our legitimate interests, provided those interests are not overridden by your rights and interests. This could include improving our services, conducting marketing activities, or ensuring the security of our systems.

VII. Sharing and Disclosure of Personal Data:

SMIC ensures that your personal information shall be shared only in a manner that respects your privacy and in compliance with the requirements of the DPA. We may share your personal information to the following in certain circumstances:

Our Affiliates and Authorized Personnel:

We may share your personal information to our affiliates and our authorized personnel in relation to the Purposes declared in this Privacy Notice.

Service Group:

Our service group may access and/or use your personal information. These may include our marketing partners, consultants, technology partners, service providers, hosting providers, courier service providers, and those that help us with our business activities. Through the execution of data privacy agreements or similar contracts, we require our service providers to keep your personal information secure and we prohibit them from using or sharing your personal information for any purpose other than the purposes declared in this Privacy Statement.

Government Agencies:

We may also share your personal data in compliance with applicable laws or when required by a competent court, relevant government office or agency pursuant to DPA legislation and other applicable rules and regulations pertaining to data privacy.

VIII. Retention and Disposal of Personal Data:

SMIC will retain and store your personal data for as long as the purpose(s) of its processing subsists or in accordance with prescribed retention periods under relevant regulations (e.g. BIR, DOLE, etc.). We may also retain your personal data in order to enforce our legal rights or whenever it is required under DPA Legislation or upon lawful order of a competent court or relevant government agency.

Your personal data will be disposed of with proper security protocols when the purpose for which it was collected is fulfilled. Electronic files shall be erased, while physical records shall be shredded for disposal. When appropriate, anonymization techniques may be performed to permanently remove identifiable information from our records. In all cases, we will make sure that the personal information is destroyed in a way that prevents unauthorized people from accessing, processing, or retrieving it.

IX. Risks:

Risk is the chance that a harmful incident may happen. In the context of personal data, risk refers to the chance that someone might collect, use, disclose, or access your personal data in an unauthorized manner or in a way that may cause you harm. In order to ensure that the risks to your personal information are minimized, we employ various measures to safeguard your personal information. However, this does not guarantee protection against all threats such as when systems are exposed to targeted cyberattacks, malware, ransomware, and computer viruses or when manual records are accessed without authority. In case a security incident occurs, we’re prepared to respond and manage such incidents in line with our policies and in accordance with the regulations.

X. Where Do We Store Your Personal Information?

Your personal data are stored in a secure facility in the Philippines or in other countries where we or our service providers have facilities. When we transfer your personal information to other countries, we comply with the requirements of DPA Legislation or relevant regulation for such transfer and take steps to ensure that your personal information is protected and processed in accordance with this Privacy Statement.

XI. How Do We Protect Your Personal Information?

We implement industry-standard security measures to protect the confidentiality, integrity, and availability of the personal data that we process. These security measures include the following:

A. Organizational Security Measures:

Appointing a Data Protection Officer. Conducting data privacy training and periodic refresher sessions across the organization. Instituting policies and procedures to safeguard personal data against any unauthorized or malicious access, alteration and disclosure.

B. Physical Security Measures:

Storing physical records of personal data in a locked and secure place accessible only to authorized personnel. Securely destroying records or files of personal data when such is no longer needed for any legal or business purpose.

C. Technical Security Measures:

Implementing role-based access on our systems to ensure that only authorized

personnel are granted access on a need-to-know basis. Performing periodic reviews of access rights. Deploying firewall equipment and similar network devices to protect our systems and network.

Storing your electronic data in a secure IT infrastructure and utilizing up-to-date technology products to prevent unauthorized computer access Regularly running vulnerability scans on our systems and websites and performing other maintenance activities to ensure that your personal information is secure; and Ensuring sensitive personal information are transmitted through secure channels and implementing encryption methods, whenever suitable.

XII: Do We Use Cookies?

Our website collects device cookies to enable you to browse our website and to enable us to address your concerns and inquiry better. Cookies are small text files that are stored on your device when you visit our websites or use our apps. We utilize various cookies as described below.

Necessary cookies: These cookies are essential for the website to function properly. Without these cookies, our site will not work the way it should.

Analytics cookies: These cookies collect information about how you use our website, such as the pages you visit and the links you click. This information is used to improve our website and to make it more user-friendly.

Functional cookies: These cookies remember your preferences, such as your language and font size. This allows us to provide you with a more personalized experience.

Performance cookies: These cookies collect information about how our website is performing, such as how many visitors we have, and which pages are the most popular. This information is used to improve the performance of our website.

Advertisement cookies: These cookies are used to deliver advertising content that is relevant to you. The purpose is to provide you with customized ads based on your interest, search and browsing behavior.

Third-Party Cookies: Third-party cookies, such as those from Google Analytics and Facebook Pixel, are also utilized for measurement, analytics, and ad personalization purposes. These cookies help us gain insights into user behavior and enhance our services. For more details, please refer to the respective third-party websites.

Consent on Cookies:

You may withdraw your consent by choosing the opt-out function in our cookie setting. However, by opting out of these third-party cookies, your browsing experience may be affected. You may also later opt-out from said third-party cookies after giving your consent by clearing your cookies and other site data in your browser settings.

XIII: What if You are a Minor?

SMIC shall not knowingly collect the personal data of a person below 18 years old without any legal basis or consent of the minor’s parent/s or legal guardian. Should it come to our attention that the personal data of minors was provided without a legal basis or consent of the minor’s parent/s or legal guardian, such personal data shall be destroyed or deleted in a secure manner.

Minors are advised not to provide any personal data, such as their name, age, gender, email address, contact information, among others, and should consult their parent(s) or guardian(s).

XIV: What are Your Rights and Obligations?

You are responsible for ensuring that the personal data you provide is accurate and up-to-date and that you are of legal age when you submit any data to us.

We encourage you to use the latest version of web browsers for your own safety and security. Updated web browsers are normally equipped with security features that provide anti-phishing protection, improved parental controls, and tools to prevent malware and other privacy threats. We will not be liable for any damage, loss, injury, or claim that may result when you fail to comply with these obligations.

Please set and maintain your communication preferences so that we send communications to you in accordance with your preferences. You are not licensed or otherwise allowed to add other users to our mailing list (email or physical mail) without their express consent. You should not send any messages which contain spam, spyware or virus via the Website. If you would like to report any suspicious messages, please contact us at our email address below.

XV. Rights as a Data Subject:

As provided under the DPA, you have the following data privacy rights:

Right to be informed. You have the right to be informed of the collection and processing of your personal data, the purpose for which they will be processed, among others. Thus, you are required to read this privacy statement before giving your consent to the collection and processing of your personal data.

Right to object. You have the right to object to the processing of your personal data. You will be given an option or opportunity to withhold your consent to the processing of your personal data whenever SMIC communicates with you.

Right to access your information. It is your right to obtain confirmation on whether or not data relating to you are being processed as well as other relevant information about the processing involved.

Right to updating or rectification. You have the right to rectify or correct any inaccuracy or error in your personal data by submitting your request for rectification or correction.

Right to erasure or blocking. You have the right to the erasure or blocking of your personal data in accordance with the requirements of the DPA, subject to restrictions imposed by other regulations.

Right to damages. You have the right to be indemnified if you incur damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal data.

Right to data portability. You have the right to obtain a copy of your data in an electronic or structured format if the same is processed by electronic means and in a structured and commonly used format by submitting a proper request.

Right to file a complaint. If you have reason to believe that your personal information has been misused, maliciously disclosed, or improperly disposed of or that your data privacy rights have been violated, you have the right to file a complaint.

If you intend to exercise any of your above-mentioned data privacy rights, you may contact our Data Protection Officer (DPO).

XVI. How Can You Contact the DPO?

For inquiries regarding the processing of personal data, as well as any concerns or complaints regarding data privacy, or should you want to exercise your rights as a Data Subject, you may contact the DPO in the details below at:

The Data Protection Officer
10th Floor One E-Com Center,
Ocean Drive, Mall of Asia Complex,
CPB-1A, Pasay City 1300, Philippines
Tel: (632) 8857-0296
Email: dataprivacy@sminvestments.com

 

We encourage you to submit your inquiry and/or concerns in writing for proper documentation and tracking.

XVII. Changes in the Privacy Policy:

SMIC may change this Privacy Policy from time to time without prior notice. Revised versions of this Privacy Policy will be posted on this page, together with an updated effective date.

September 2024 version

Please click here to view our Seal of Registration from the National Privacy Commission (NPC).

Scroll to Top
Skip to content