PRIVACY NOTICE

INTRODUCTION

First Philippine Industrial Park, Inc., including its affiliates and subsidiaries (the “Company”) values the confidentiality of Personal Information and Sensitive Personal Information (collectively, “Personal Data”). This Privacy Notice (the “Privacy Notice”) details how the Company uses and protects Personal Data in accordance with the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), other issuances of the National Privacy Commission (NPC) and other relevant laws of the Philippines. This Privacy Notice applies to the Locator Portal, the Facilities Access Management, and its related systems (“System” or “Website”) and governs data collection and usage. By using the Locator Portal, you (“User”) consent to the data practices described in this Privacy Notice.

If the User does not consent to the processing of his/her Personal Data, the User is advised NOT to use our Services (as defined in the Terms and Conditions) or access the Locator Portal. Changes to this Privacy Notice will be posted on the https://locatorportal.fpip.com. The Company reserves the right to amend this Privacy Notice at any time.

The terminologies used herein carry the same definition in Clause 2 of the Terms and Conditions.


When will the Company collect Personal Data?

The Company will / may collects Personal Data when such User performs any of the following acts:

●     Register and/or use the Services, access the Locator Portal, or open an account with the System;

●     Submit any form, including but not limited to, application forms or other forms relating to any of its products and services, whether online or by way of a physical form;

●     Enter into any agreement or provide other documentation or information in respect of the User’s interactions with the System, or when the User avails our products and services;

●     Interact with the Company in relation to the System, such as via telephone calls (which may be recorded), letters, face-to-face meetings, social media platforms, e-mail, or by clicking the Company’s advertisement in other websites;

●     Use the System’s electronic services, or interact with us via our website or applications, or use our Services. This includes, without limitation, through cookies which we may deploy when the User interacts with our Website or other services;

●     Carry out transactions through our Services;

●     Provide the Company with feedback, complaints, or other service requests;

●     Submit the User’s Personal Data to us for any other reason.

The above does not purport to be exhaustive and sets out some common instances of when Personal Data about the User may be collected.

The User may also be requested to update his/her Personal Data from time to time. Should the User be unable to supply the required Personal Data, the System may be unable to provide him/her with the requested products and services and updates on the latest offerings. The User may also be unable to participate in Company events, promotions, or other activities.

If the User will provide the Company with Personal Data of other individual/s, the User certifies that he/she has obtained the prior consent of such individual/s, such individual/s is/are aware of this Privacy Notice, gives his/her consent, and agrees to the terms thereof.

The User has the duty to inform the Company of any change in the Personal Data provided, to keep it updated and avoid errors. The Company will not be liable for any outdated data resulting in the User’s failure to update them in a timely manner.

What type of Personal Data does the Company collect and process?

The System will collect and process Personal Data responsibly from its Users through direct inputs and in the course of transactions. Data may include the following:

o   First name

o   Last name

o   Biological sex at birth

o   Birthday

o   E-mail address

o   Contact number(s)

o   TIN

o   Position in the company

o   Profile picture

o   Signature

o   Device used

o   Payment-related data and financial-related data (e.g., Transaction ID, token)

o   Site traffic

o   Behavioral tracking

o   IP Address

It also includes information about:

a)    The data that would help Locator Portal evaluate the User's application, concerns, business details, and other data points whenever applicable;

b)   The location of the User's device, whether desktop, laptop, or mobile devices, as used to access the Website; and

c)    The User's navigation experience when accessing the Website to see activities done on the Website, the pages visited, and the sequence thereof.

Why does the Company collect and process Personal Data?

The Company will be using or processing Personal Data for purposes of providing the service needed by the User within the park, including but not limited to facilities booking management, access management, customer care, notifications and announcements, and other park-related concerns (“Business Purpose”). Specifically, and to the extent permitted or required by law, the Personal Data will be used to improve the Locator experience within the park, specifically for the following:

a)    Facilitation of the transaction to the Company and related parties – Merchant, Payment Gateway, other Third Party Providers.

b)   Respond to, and/or address specific complaints, inquiries, or requests, including but not limited to requests for booking an FPIP facility, display of the Locator information in the Locator Profile page, request for access pass, and other customer care concerns.

c)    Improvement of the Locator Portal based on User insights and trends

d)   Generation of reports, including transmittal of data to Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), Enterprise Asset Management (EAM), Business Intelligence (BI), and/or Supply Chain Management (SCM) solutions

e)    Personalized Marketing, i.e., Mailing List (requires a separate join-in confirmation from the User upon Account Registration), and in-Website advertisements

f)    Verify the User’s identity

g)   Contact the User (for example: e-mail notifications, announcements, mentions, comments, and other direct communication from the FPIP personnel in response to any requests or concerns.)

h)    Enhance the customer experience and improve, develop, and determine customized products to meet customer preferences and needs

i)     Send commercial communications on the products and Services

j)     Improve the service and contents of the service through statistical analysis and market research

k)    Abide by any safety, security, public service or legal requirements and processes

l)     Access, security and traffic control

m)  Process information for statistical, analytical, and research purposes (optional); and

n)    Other specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection of the Personal Information.

Generally, this includes, but is not limited to any of the following purposes:

o   To comply with the Company’s obligations under law and as required by government organizations and/or agencies;

o   To comply with legal and regulatory requirements or obligations;

o   To perform such other processing or disclosure that may be required under law or regulations; and

o   To perform such other processes reasonably necessary or desirable for Business Purposes.

If the Company will require the User’s consent for any specific use of his/her Personal Data, the Company will collect it at the appropriate time.

Does the Company use web analytics?

For its website, the Company engaged a third-party service provider to analyze web traffic data, establish consumer-related trends, and generate business insights. This service uses cookies. The Company reserves the right to engage other such providers, as may be necessary.

Data generated is not shared with any other party. To fully enjoy the visit and browsing experience, only non-identifiable web traffic data are collected and analyzed, including:

o   Search terms used;

o   The pages and internal links accessed on the Website;

o   The date and time the site was visited;

o   Geolocation;

o   The referring site or platform (if any) through which it was clicked through to the Website;

o   IP Address

o   Operating system; and

o   Web browser type.

What about the links to third-party websites?

From time to time, the Website will connect to and/or provide links to third-party websites, or advertisements which contain links to third-party sites. These links are provided as a service and do not provide any Personal Data to these websites or advertisers, and therefore, the Company does not accept responsibility for their privacy practices. These sites are operated by independent entities that have their own privacy policies which should also be reviewed. The Company’s Privacy Notice does not apply to such other sites or to the use that those entities make of the information. The Company has no control over the content displayed on such sites, nor over the measures, if any, that are taken by such sites to protect the privacy of the information.

With whom may the Company share Personal Data?             

As a general rule, the Company does not and will not share Personal Data with a third party except as necessary for the proper execution of processes related to a declared purpose, or the use of disclosure is reasonably necessary, required or authorized by or under law.

This means the Company may provide Personal Data to the following:

o   Existing and prospective business partners, service providers, and contractors, consistent with the purposes discussed above;

o   Affiliates and subsidiaries of the Company; and

o   Law enforcement and government agencies.

However, the foregoing may only use Personal Data for the purpose(s) disclosed in this Privacy Notice and may not use it for any other purpose.

How does the Company protect Personal Data?

The Company strictly enforces its Privacy Notice and takes all reasonable procedures and exerts its best efforts to ensure all Personal Data received shall be kept confidential and secure, whether online or offline. It has implemented technological, administrative, organizational, and physical security measures to protect personal data from loss, misuse, unauthorized modification, unauthorized or accidental access or disclosure, alteration or destruction. The Company uses safeguards such as the following:

o   Use of secured servers and firewalls, encryption on computing devices

o   Restricted access only for qualified and authorized personnel

o   Strict implementation of information security policies. 

The Company may use and amend from time to time various security measures, as new technology becomes available, as appropriate, such as firewalls and data encryption, access controls to data centers. Access to the Personal Data is limited to authorized personnel who have a legitimate interest in them for the purpose of carrying out their contractual duties.

Nevertheless, please understand that the transmission of information through the internet is not completely secure. Although the Company will do its best to protect the User’s Personal Data, it cannot guarantee the security of the User’s Personal Data transmitted through any online means, therefore, any transmission remains at the User’s own risk.

To further secure the privacy of the User’s Personal Data, the Company advises the User to keep any account details confidential at all times. The Company assumes that the User will not share his/her account/ license to any other individual, who should have his/her own account in the System as may be necessary. The Company will not be liable for any data privacy breach arising from the User’s sharing of credentials to third parties.

Where and how long does the Company keep Personal Data?

The Company stores Personal Data in both local and off-shore facilities, such as data centers (on-site and/or the cloud) and document storage facilities. Personal Data collected will be retained in accordance with the Company’s retention standards. Subject to applicable laws, rules and regulations, the User may request Personal Data to be deleted from the Company’s systems, databases and hard copies within a reasonable requested date. Should Personal Data be deleted, the User will no longer be able to access the Locator Portal services.

The Company keeps Personal Data only for as long as necessary and as may be legally required for the fulfillment of the legitimate purposes provided above, or for the establishment, exercise or defense of legal claims, or in compliance with laws, regulations, or lawful court order. Once the User’s Personal Data is no longer necessary for the Services or Purposes, or we no longer have a legal or business purpose for retaining his/her Personal Data, we will take steps to erase, destroy, anonymize, or prevent access or use of such Personal Data for any purpose other than compliance with this Notice, or for purposes of safety, security, fraud prevention and detection, in accordance with the requirements of applicable laws.

What if there are changes in our Privacy Notice?

From time to time, it may be necessary for the Company to change its Privacy Notice. Rest assured, however, that any change will not be retroactively applied and will not alter how the Company handles previously collected Personal Data without obtaining the needed consent, unless required by law.

What are the rights of a User or Data Subject under the Data Privacy Act?

Data subjects have the following rights:

o   Right to be informed;

o   Right to object;

o   Right to access;

o   Right to rectify or correct erroneous data;

o   Right to erase or block;

o   Right to secure data portability

o   Right to be indemnified for damages

o   Right to file a complaint

The Company’s decisions to provide access, consider request for correction, erasure and address objection to process Personal Data as it appears in Company’s records are always subject to applicable and relevant laws and/or the DPA, its IRR and other issuances of the NPC.

Who should the User contact in case of inquiry, feedback or complaints in relation to his/her Personal Data and/or this Privacy Notice?

Should the User have any inquiries, feedback and/or complaints in relation to his/her Personal Data and/or this Privacy Notice, s/he may reach the Company’s Data Protection Officer (DPO) through the following contact details:

Data Protection Officer

First Philippine Industrial Park

6/F Rockwell Business Center Tower 3

Ortigas Ave., Pasig City 1604 Philippines

Tel: (632) 3449-6400

Fax: (632) 3637-8366

[email protected]

The User may also lodge a complaint before the National Privacy Commission (NPC). For further details, please refer to NPC’s website: https://privacy.gov.ph.