DITO TELECOMMUNITY CORPORATION

DITO BUSINESS

PRIVACY STATEMENT

Last updated 09 January 2024

  1. I. What is DITO’s privacy promise to you?

    1. Why are we making a promise?

      As a telecommunications company, DITO Telecommunity Corporation (“DITO,” “we,” “us,” or “our”) provides a public service. Therefore, everything we do must benefit you.

      We can provide and improve our products and services for and to you if we understand you better. To do that, we may ask you to sign i to some of our products and services. Doing so gives us some of your data, which we promise to use in two (2) main ways:

      As a provider of public service, we need to make sure that you get the best out of the products and services we provide. It helps to understand who and why they are using these products and services so that we can:

      1. Create a more personal and relevant DITO for you.

        Your personal data will help make DITO more personal for you. A more personal DITO means being able to:

        • let you know about things that we think you will like;
        • give you content that is relevant to your preferences; and
        • ensure you can use things that are appropriate for your age.
      2. Provide a better DITO for everyone.

        As a provider of public service, we need to make sure that you get the best out of the products and services we provide. It helps to understand who and why you are using these products and services so that we can:

        • make sure that you have a great experience with DITO; and
        • know more about what you love so we can make more of the things you love.

        By giving us a bit of your data, you are helping us achieve these things. We assure you that we will keep your personal data safe and secure while we do these things.

    2. What does our privacy promise say?

      Our privacy promise to you talks about how we treat your personal data and how we give you control as to what happens to it. Our privacy promise rests on three (3) principles, namely:

      1. Transparency

        We will always explain what personal data we are collecting from and about you and why. Generally, we will only use and process the personal data we need to:

        • improve our products and services;
        • make your experience with DITO better; and
        • fulfill our legal obligations.
      2. Choice

        Because we will be needing some of your personal data to ensure that we can provide our products and services to you, we will help you make informed decisions about your personal data. You can find out more about what we are doing with your personal data here.

      3. Trust

        Your trust is important to us, so we promise to keep your personal data safe and secure. Except when required by law or where you have given your clear and explicit consent, we promise to never sell your personal data to anyone and to use it only for purposes that we will identify in our privacy statement.

        You can find out more about why we are processing your personal data here.

  2. II. What does DITO do?

    We are a major telecommunications provider in the Philippines. We offer and will be offering a variety of telecommunications services to you, including services related to mobile telephony and the internet of things.

  3. III. What is the purpose and scope of our privacy statement?

    At DITO, we understand that your personal data is very important. To make sure that you understand what we do with your personal data, we made this privacy statement to explain to you the details in a simple and transparent way. We made sure that this would be consistent with the principles of the Data Privacy Act of 2012, its Implementing Rules and Regulations, and the relevant issuances of the National Privacy Commission (“DPA”).

    This privacy statement applies to:

    • All past, present, and prospective subscribers or customers of DITO who are individuals. This includes one-person businesses, legal representatives, or contact persons acting on behalf of our corporate customers; and
    • Non-DITO subscribers. These could include anyone that visits a DITO website, channel, branch, or office, as there may be transactions with non-DITO subscribers that may need personal data.

  4. IV. What are the types of your personal data that we process?

    Personal data refers to information that identifies or can be linked to you, a natural person. The personal data that we process incudes:

    1. Identification data, such as name, gender, salutation, date and place of birth, ID type and number, tax identification number, customer segment, nationality, email address, home address, province, city or municipality, district, ZIP code, mobile and telephone number, and specimen signature;
    2. Employment data, such as company name or employer, office address, province, city or municipality, district, ZIP code, office telephone number, occupation, job title, position, and years in employment;
    3. Financial data, such as proofs of billing and other proofs of financial capacity;
    4. Transaction data, such as preferred billing address, subscription type (whether prepaid or postpaid), and plan type;
    5. Service data, such as details of calls, SMS, and data usage;
    6. Network data, such as your network performance experience, diagnostic information, signal strength, dropped calls, data failures, and other network performance issues;
    7. Device data, such as the IP address of your mobile device or the computer you use, the IMEI of your mobile device, device brand and model, operating software or system version, and the pages you visit on our websites and apps;
    8. Data about what you love and need that you give us through surveys, our contact or call centers, or through any other channel that you use to contact us;
    9. Know our customer data as part of customer due diligence to prevent fraud;
    10. Location data if you are using location-based services;
    11. Audio-visual data, such as security footage at DITO stores and offices, or recordings of phone or video calls or chats with us where applicable and allowed by law; and
    12. Your interactions with us on social media and through our channels, such as Facebook, Twitter, Instagram, other social media platforms, our website, and live chat.

  5. V. How do we collect your personal data?

    We collect your personal data when you:

    1. fill out application forms, sign contracts or agreements, or accomplish any other similar documents through any of our channels, may it be through our online channels, stores, or through our sales representatives or specialists;
    2. reach out to us to ask about something, file a complaint, or make a request for service;
    3. participate in our research and surveys;
    4. use our network, facilities, and services;
    5. pay your bills or buy our products and services;
    6. join our promos, raffles, or rewards and loyalty programs; and
    7. visit and transact in our stores, apps, and websites.

    We may also collect your personal data from our subsidiaries, affiliates, and business partners, if you gave them consent to share your personal data with us.

  6. VI. How do we process your personal data and why?

    When we process your personal data, it means that we are collecting, recording, storing, modifying, organizing, using, disclosing, transferring, or deleting it according to the law. The processing that we do will be done only with your consent or if justified through our legitimate business interests. We can do these activities through computer media and on paper.

    Anyway, we only process your personal data:

    1. To perform our contractual obligations to you. We use data about you, such as your name and contact details, when you sign a contract with us or we must contact you. We also analyze your data to see whether you are eligible for specific products and services.
    2. To improve our business and our operations. We analyze and process data related to your usage of our network and facilities to help keep our services going, manage your account, provide you with customer care activities, receive, investigate, and resolve your service-related requests and concerns, monitor and maintain the quality and security of our network, train our staff, and plan for our future.
    3. To improve our products and services. We analyze and process how you use and interact with our products and services so we can know how to improve them for you. For instance:
      • We study specific details about your usage, such as how often you use our SMS, voice, and data services.
      • We look at historical locational information on your use of our products and services, which will give us information on foot traffic, crowd density, and mobility patterns.
      • Sometimes, we analyze your personal data using automated processes, such as algorithms, to speed up decisions regarding credit limits on your postpaid plans.
      • We also look at the data on transactions between you and our third-party service providers or suppliers so we can give them advice on how transactions can be improved. When we process personal data for this purpose, we may give aggregated data to these service providers and suppliers. Note that you cannot be identified using this aggregated data.
    4. To secure your data and our operations. We have a duty to protect your personal data, as well to prevent, detect, and contain any possible data breaches. Moreover, we also have a duty to make sure that our operations remain secure. To do this, we process your personal data to perform IT security operations, business continuity operations, disaster recovery, and auditing.
    5. To develop our relationship with you. We ask you for feedback about our products and services, or record your conversations with us through telephone, live chat, or social media. We may share this with certain members of our staff to improve or customize our products and services for you. We may send you newsletters, emails, calls, or mobile notifications to let you know about these products and services. While you will be given a chance to opt in to these notifications just before we begin sending out personalized offers, you may later opt out if you no longer want to receive these offers or notifications.
      • To provide products, services, and marketing tailored just for you. We use your data for our legitimate business interests, which includes the development and improvement of our products and services, segmentation, and profiling of customers, and targeted and untargeted marketing. We do this because we want to make sure that our products and services meet what you want and need from us, and we want to let you know once these are ready for you. Of course, while you will be given a chance to opt in to this just before we begin sending out personalized offers, you may later opt out if you no longer want to receive these personalized offers.
    6. To assist public authorities. We may process your personal data to generate statistics based on your use of our network and facilities to help public authorities in the areas of healthcare, disaster management, and other similar projects. As much as possible, we anonymize this information so you can never be identified as an individual.
    7. To comply with our legal obligations. We process your data to comply with our obligations under the law and to the government regulators. This may include processing your data to comply with the Free Mobile Disaster Alerts Act, the Mobile Number Portability Act and providing information to the Credit Information Corporation in accordance with the Credit Information Systems Act.
    8. To establish, exercise, or defend legal claims. We may process your data to prosecute or defend a legal claim.

      9. You can be assured that we will not process your personal data in a way that is inconsistent with these purposes.

  7. VII. Who is the Personal Information Controller?

    We are considered the Personal Information Controller (“PIC”) under the DPA. This means that we can determine the purposes for which your personal data can be used. In case your personal data is shared with your consent to a third party under a data sharing agreement, this third party will also be considered a PIC.

  8. VIII. To whom do we disclose your personal data and why?

    To ensure that we offer you the best possible service and that we remain competitive in our business, we may share data externally, i.e., outside of DITO, with third parties. Whenever we do so, we ensure that this is shared on a confidential basis and only through secure means. All disclosures will always follow applicable privacy laws and regulations.

    We will never share, rent, or sell your personal data to third parties, except in special circumstances where this is required by law or you have given your clear and explicit consent.

    In some instances, we may need to share your personal data to our agents, subsidiaries, affiliates, partners, and other third parties as part of our operations and for the continued provision of products and services. This means that we might share your information with:

    1. Our service providers, contractors, and professional advisors. We may have to share personal data carry out certain activities in the normal course of our business. These service providers, contractors, and professional advisors help us with activities like:
      • designing, developing, maintaining, debugging, and optimizing our products, services, systems, tools, and applications;
      • providing application or infrastructure services;
      • marketing activities or events and managing customer communications, including mobile attributions and the generation of analytics;
      • preparing reports and statistics, printing materials, and designing products;
      • creating and placing advertisements on apps, websites, social media, and other modes of communication;
      • performing legal, auditing, or other special services provided by lawyers, notaries, auditors, or other professional advisors;
      • identifying, investigating, or preventing fraud or other misconduct; and
      • facilitating payment and transfer of funds;
    2. Our subsidiaries and affiliates with whom you have also signed up with. We do so only to improve our operations as well those of our subsidiaries and affiliates. For example, we can study your use of our products and services as well as that of our subsidiaries and affiliates to create product and service bundles that would meet your needs.
    3. Other companies to whom you have also given consent for us to share information with. For example, when you sign up for products and services by other companies, they may request your data from us in for them to validate your identity; and
    4. Government, supervisory, judicial authorities. To comply with our own legal and regulatory obligations, we may disclose your personal data to the appropriate government, supervisory, and judicial authorities such as:
      • Public authorities, regulators, and supervisory bodies such as the National Telecommunications Commission and the National Privacy Commission;
      • Judicial and investigative authorities such as the police, public prosecutors, courts, and arbitration and mediation bodies.

    If you want to know our partners, you can make a request through our Data Protection Officer using the contact details below.

    When using our products and services, you may happen to interact with the products and services of Over the Top (“OTT”) services providers, like media streaming services. They will be collecting personal data through their own products and services. This is governed by their own privacy policies, statements, or notices, so we highly encourage you to read them.

  9. IX. How long do we keep your personal data?

    When we keep your personal data, we will be following these principles:

    1. We will only hold your personal data for as long as we do the activities we told you about. Essentially, we will keep your personal data for as long as it is necessary for us:
      • to continue providing you with the products and services you get from us;
      • to meet our legitimate business purposes;
      • to comply with our own legal obligations; and
      • to exercise or defend legal claims when the need arises.

      Generally, however, we will be keeping your personal data for a maximum period of ten (10) years after termination of service.

    2. We think about the type of data we collect, how much we collect, whether it is sensitive or not, and any other applicable legal requirements.
    3. We design our services so that we do not hold your data any longer than we must.
    4. We always think about the potential risk from anyone using or sharing your personal data without permission.

    For the actual handling of your personal data:

    1. Physical copies of the forms you submit to us will be stored in secure storage areas.
    2. Physical forms and documents that contain your personal data will be digitized and stored on our secure databases. Electronic copies of these forms will also be stored in our secure databases.

    In any event, once your personal data has reached the end of the retention period or if we no longer have any legal justification to keep it, your data will either be deleted securely or anonymized (if in an electronic format) or shredded (if in a physical format).

  10. X. How do we protect your personal data?

    We are committed to keeping your personal data safe. To maintain this commitment, we:

    1. design our products and services with your safety in mind;
    2. established a dedicated team to look after the safety and security of your personal data;
    3. use the right organizational, physical, and technical security measures, which include, but not be limited to:
      • physical barriers and controls to prevent unauthorized access, such as intruder detection systems;
      • access control monitoring and management, including, but not limited to, the maintenance of logbooks, the regular review of access rights, and the revocation of such rights when necessary;
      • audits and policies and procedures related to data security;
      • setting up secured servers and firewalls; and
      • encryption, and other security controls;
    4. ensure only qualified and authorized staff have access to your personal data, and that our staff are bound to keep your personal data confidential;
    5. regularly review our collection, storage, and processing practices;
    6. use contracts to make sure that third-party service providers that process your personal data for us have the right security measures that will help keep your personal data safe;
    7. notify you and the appropriate privacy regulators in the event of a personal data breach; and
    8. let you update or correct your personal data to keep our records up to date.

  11. XI. What are your rights in relation to your personal data?

    The Data Privacy Act of 2012, or DPA for short, gives you rights in relation to your personal data. It essentially gives you control on how your personal data is collected and used by companies.

    Below is a list of your rights. We want to make sure that you understand what these are, so we are describing each of these rights in a simple and transparent manner:

    1. The right to be informed. When we ask you to share your personal data with us, we give you details of what data we will be using, why we will be using it, and how long we will be keeping it, among other things.
    2. The right to object. This is your right to tell us to stop using your personal data. Please note, however, the DPA still allows us to use your personal data despite the exercise of this right under certain conditions. For example, we will still process your personal data despite your objection if we are legally required to do so or if it is necessary to fulfill our legal obligations to you.
    3. The right to access. This right allows you to ask whether we have personal data on you and, if we do, ask for a copy of that personal data.
    4. The right to rectification. This gives you the right to correct anything that you think is wrong with the personal data we have on file on you.
    5. The right to erasure or blocking. This gives you the right to ask us to delete your personal data. However, there are only certain instances where you can exercise this, such as in a case where you think we are processing your personal data unlawfully.
    6. The right to portability. This right allows you to get a copy of the personal data we have on you in a structure, commonly used, and machine-readable format.
    7. The right to damages. This right allows you to be indemnified for any damages that you may have sustained due to any violation of the DPA.
    8. The right to complain with the National Privacy Commission (“NPC”). In case you feel that any of your privacy rights have been violated, you have the right to file a complaint with the NPC. However, we encourage you to come to us first so we can resolve your complaint.

    While you do have the right to withdraw the consent you have given (which can be done by reaching out to our Data Protection Officer), please note that this withdrawal will not stop us from processing your personal data so long as there are other legal bases to do so. In other words, if you withdraw your consent, we can only stop the processing activities that rely on your consent. If, however, we cannot give you a legal basis to justify the continued processing of your personal data, we will either stop the processing and delete your personal data or anonymize it.

    In any case, to exercise any of these rights, please get in touch with our Data Protection Officer through the contact details we have indicated below. In certain instances, we may ask for supporting documents or proof before we can move forward with your request. In some cases, we may deny your request and, if allowed by law, we will notify you of the reason for denial. We may also charge you a reasonable fee to help us process your request.

  12. XII. How can you contact us about your personal data?

    In case you have questions, concerns, or complaints regarding the processing of your personal data, you contact our Data Protection Officer through the contact details below:

    Addressed to: The Data Protection Officer
    Office Address:

    16th Floor, Udenna Tower, Rizal Drive cor. 4th Avenue
    Bonifacio Global City, City of Taguig
    Email Address:

    privacymatters@dito.ph

  13. XIII. How will you know if there are changes to this privacy statement?

    This privacy statement will be updated from time to time to comply with changes in the law, adopt new technologies, or for some other legitimate reason. If we do make important changes, like how and why we use your personal data, we will let you know through a notice, email, SMS, or a message in our app. We will also make sure to get your updated consent when necessary.

    This version became effective on 09 January 2024.

DITO TELECOMMUNITY CORPORATION

DATA PRIVACY STATEMENT FOR ENTERPRISE SERVICES

Last updated 08 June 2023

Your privacy is important to us, which is why DITO Telecommunity Corporation (“DITO,” “We,” “us,” or “our”) has security measures to protect your Personal Data. Our commitment to your privacy is consistent with the principles of the Data Privacy Act of 2012, its Implementing Rules and Regulations, and the relevant issuances of the National Privacy Commission (“DPA”).

In order to provide you with our enterprise services, DITO will need to collect and process Personal Data for the purposes stated in this Data Privacy Statement for Enterprise Services (“Privacy Statement”). Consistent with DITO’s commitment to transparency, DITO processes and protects your Personal Data only in accordance with what has been indicated here.

  1. I. What does DITO do?

    DITO is a major telecommunications provider in the Philippines. It offers and will offer a variety of telecommunications services to consumers, including services related to mobile telephony and the internet of things.

    When you use our postpaid services, you will be covered by DITO’s General Privacy Statement that can be accessed through https://dito.ph/privacy-policy. You can also see this on our DITO App.

  2. II. What are the types of Personal Data that DITO collects and processes?

    DITO may collect and process both your personal and sensitive personal information. For the purposes of this Privacy Statement, these shall be collectively referred to as “Personal Data.”

    If you are getting our Business Mobile Postpaid Service, the following are the categories of Personal Data that DITO will be collecting and processing:

    1. Identification data: full name (of the Authorized Company Signatory, Company Representative, and Company Assignee)
    2. Contact information: primary mobile number and email addresses (for Company Representative) and email address (for Company Assignee)
    3. Corporate Information: business name, head office address (unit, floor, building name, street, and street number), telephone number, SEC registration number, BIR number, company incorporation date, designation (of the Authorized Company Signatory, Company Representative, and Company Assignee)
    4. Location: address (including longitude and latitude) and billing address
    5. Government-issued or valid ID: Government-issued ID Number or Company ID Number

    If you are getting our 5G Enterprise FWA, the following are the categories of Personal Data that DITO will be collecting and processing:

    1. Identification data: full name (of the Authorize Company Signatory, Company Representative, and Company Assignee) 
    2. Contact information: primary mobile numbers and email addresses (for Company Representative) and email address (for Company Assignee)
    3. Corporate Information: business name, head office address (unit, floor, building name, street, and street number), telephone number, SEC registration number, BIR number, company incorporation date, designation (of the Authorized Company Signatory and Company Representative)
    4. Government-issued ID information: type of ID presented and ID number
    5. Location: address (including longitude and latitude), preferred installation address, and billing address
    6. Government-issued or valid ID: Government-issued ID Number or Company ID Number

  3. III. How does DITO collect your Personal Data?

    We collect your Personal Data from any documents or communications that you may have directly submitted to us, such as through application forms, contracts, the DITO App or through our other channels, physical or otherwise.

    We may also collect your Personal Data through our business intelligence platforms, which will allow us to see how you interact with our products and services.

    You may inform us of the specific Personal Data that you do not want to be processed beyond the purposes specified in the Privacy Statement. We will respect your request as far as it still allows us to meet the purposes for which your Personal Data was collected.

  4. IV. How does DITO process your Personal Data?

    Your Personal Data may be processed both by way of computer media and on paper, in compliance with the rules in relation to data protection and data security. Your Personal Data shall be collected, organized, stored, updated, retrieved, used, consolidated, or destroyed in line with the purposes for processing set out below.

  5. V. Why does DITO process your Personal Data?

    Your Personal Data shall be processed for the following purposes:

    1. General Purposes for Processing
      1. To perform our contractual obligations to you; 
      2. To comply with the SIM Registration Act;
      3. To determine your monthly service fee and credit limit, if applicable; 
      4. To receive and analyze customer feedback based on your experience, if any; 
      5. To comply with statutory and regulatory requirements, including directives, issuances by, or obligations of DITO to any competent authority, regulator, supervisory body, enforcement agency, exchange, court, quasi-judicial body, or tribunal;
      6. To establish, exercise, or defend legal claims;
      7. To facilitate aftersales services;
    2. If you’re getting our Business Mobile Postpaid Service
      1. To provide you with our Business Mobile Prepaid Service and to help you manage the accounts of assignees under this service;
      2. To facilitate the issuance of the mobile postpaid devices;
    3. If you’re getting our Business Enterprise Fixed Wireless Access Service
      1. To provide you with our Business Enterprise Fixed Wireless Access Service and to help you manage the accounts of assignees under this service;
      2. To facilitate the delivery and installation of the FWA units
    4. To fulfill any other purposes directly related to the above-stated purposes.

    DITO will not process your Personal Data in ways incompatible with the above-stated purposes and will only process such data for purposes directly related to those stated above.

    Please note that users of our enterprise services will be covered by DITO’s General Privacy Statement as well.

  6. VI. Who is the Personal Information Controller?

    DITO is a Personal Information Controller (“PIC”) under the DPA, which means that it determines the purposes for which the Personal Data it holds will be used for. It may also be that your Personal Data is disclosed to third parties pursuant to a data sharing agreement. In which case, such third parties are also the personal information controllers of your Personal Data.

    However, since the use of our Enterprise Services may require you or your organization to share personal data of others that you are already processing for your own purposes, you or your organization will also be considered as a Personal Information Controller under the DPA. For this purpose, you or your organization, as the PIC is obligated to obtain the valid consent of the relevant data subjects before you share the same with us. You should also be prepared to provide proof of such consent should we ask for it.

  7. VII. To whom does DITO disclose your Personal Data and why?

    The following are the third parties to whom your personal data may be shared or disclosed:

    1. Information technology services providers
    2. Over the Top (“OTT”) service providers
    3. Suppliers
    4. External auditors
    5. External counsel
    6. External fulfillment teams

    Your Personal Data may be disclosed to third parties for the following purposes:

    1. To help us deliver and install the relevant devices covered under by the applicable Enterprise Service; 
    2. To respond to law enforcement authority or other government regulatory bodies’ requests;
    3. To help us determine the maximum allowable monthly service fee and credit limit for you; 
    4. To generate insights on how DITO’s systems are used, with such data being used for further streamlining and improvement of the systems; 
    5. To prevent physical harm or financial loss;
    6. To conduct audits, including operational, risk, compliance, financial, and anti-fraud, and corruption audits, and/or investigate a complaint or security threat;
    7. To comply with DITO’s business and management responsibilities and policies, which are necessary for the continued operations of DITO;
    8. To establish, exercise, or defend legal claims; and
    9. To fulfill any other purposes related to the above-stated purposes.

    When the processing of your Personal Data is outsourced by DITO to a third party, the processing will be subject to written agreements between DITO and the third parties processing the data. These written agreements specify the rights and obligations of each party and will provide that the third party has adequate security measures in place and will only process your Personal Data on the specific written instructions of DITO.

    DITO may also transfer your Personal Data to third parties as required by law or legal instrument, to protect DITO’s rights or assets and in emergencies where the health or safety of a person is endangered. 

    DITO will not sell, rent, share, trade, or disclose any of your personal data to any other party without your prior written consent, with the exception of any third-party service providers that DITO has engaged, whose services necessarily require the processing of your personal data.

  8. VIII. DATA RETENTION

    Your personal data will be retained or stored for as long as the purposes for which it is being processed have not been satisfied. DITO will retain and use your Personal Data as necessary to comply with its legal obligations, resolve disputes, and enforce its agreements:

    1. Forms that contain your Personal Data will be digitized and stored and maintained on DITO’s database hosted by a secure cloud provider. Forms, documents, and information submitted electronically shall be maintained by the same provider or in DITO’s servers.
    2. DITO shall ensure, using contractual and other reasonable means, that the third-party service providers implement proper safeguards to ensure the confidentiality, integrity and availability of the personal data processed, prevent its use for unauthorized purposes, and comply with the requirements of the DPA, its Implementing Rules and Regulations, and other applicable laws for processing of personal data, and other issuances of the National Privacy Commission.

    In any event, once your personal data has reached the end of the retention period or if we no longer have any legal justification to keep it, your data will either be deleted securely or anonymized (if in an electronic format) or shredded (if in a physical format).

  9. IX. How does DITO protect your Personal Data?

    We are committed to keeping your personal data safe. To maintain this commitment, we:

    1. Design our products and services with your safety in mind;
    2. Established a dedicated team to look after the safety and security of your personal data;
    3. Use the right organizational, physical, and technical security measures, which includes audits, policies and procedures related to data security, setting up secured servers and firewalls, encryption, and other security controls;
    4. Ensure only qualified and authorized staff have access to your personal data, and that our staff are bound to keep your personal data confidential;
    5. Regularly review our collection, storage, and processing practices;
    6. Use contracts to make sure that third party service providers that process your personal data for us have the right security measures that will help keep your personal data safe;
    7. Notify you and the appropriate privacy regulators in the event of a personal data breach; and
    8. Let you update or correct your personal data to keep our records up to date.

  10. X. What are your rights regarding your Personal Data?

    As a data subject, you have certain rights under the DPA. You may exercise the following rights to your discretion:

    1. The right to access Personal Data

      Under the DPA, it is possible for individuals to request access to any of their Personal Data held by DITO, subject to certain restrictions. A request for disclosure of such information is called a subject access request. Any such requests should be addressed to DITO’s Data Protection Officer through the contact information below.

    2. The right to make corrections to Personal Data

      The DPA requires DITO to take reasonable steps to ensure that any Personal Data it processes is accurate and updated. It is your responsibility to inform DITO of any changes to the Personal Data that you have supplied to us during your relationship with DITO.

    3. The right to object to the processing of Personal Data

      You have the right to object to the processing of your Personal Data. You shall also be notified and be given an opportunity to withhold consent to the processing in case of changes or any amendment to the information made known to you in this Privacy Statement.

      Please note that some of the Personal Data you have provided to us is necessary for us to comply with statutory and regulatory requirements, as well as DITO’s administrative policies. Hence, the collection and processing of these pieces of Personal Data is mandatory.

    4. The right to erasure or blocking of Personal Data

      You have the right to suspend, withdraw or order the blocking, removal, or destruction of your Personal Data from our filing system. However, the exercise of this right is subject to certain conditions as specified by the DPA.

    5. The right to be informed of the existence of processing of your Personal Data

      You have the right to be informed whether Personal Data pertaining to you shall be, is being, or have been processed, including the existence of automated decision-making and profiling.

    6. The right to damages

      Upon presentation of a valid decision, DITO recognizes your right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your Personal Data, taking into account any violation of your rights and freedoms as a data subject.

    7. The right to lodge a complaint before the National Privacy Commission

  11. XI. How will you be informed of any changes to this Privacy Statement?

    This Privacy Statement may be updated from time to time. The data subject will be notified through the appropriate portal should there be any amendments or changes to this Privacy Statement.

  12. XII. How can you contact DITO if you have questions about this Privacy Statement?

    In case you have questions, concerns, or complaints regarding the processing of your Personal Data, you may address them to DITO’s Data Protection Officer:

    Addressed to: The Data Protection Officer
    Office Address:

    11th Floor, Udenna Tower, Rizal Drive cor. 4th Avenue
    Bonifacio Global City, City of Taguig
    Email Address:

    privacymatters@dito.ph

  13. XIII. For how long shall your consent be valid?

    Once you agree to the processing of your Personal Data according to the terms of this Privacy Statement, your consent and authorization shall remain valid and subsisting for a limited period consistent with the purposes stated above or until otherwise revoked or cancelled in writing in accordance with the DPA.