Privacy Policy

Home » Privacy Policy

Investor news

ACEN 2023 NPC seal of registration

ACEN CORPORATION (“ACEN”) values each individual’s right to privacy. As such, ACEN ensures that all personal data collected from its customers, vendors, partners, employees, agents and other stakeholders, and processed by the organization, its subsidiaries and affiliates are protected at all times in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (“Data Privacy Act”), its corresponding Implementing Rules and Procedures (“IRR”), and the existing Memorandum Circulars and Advisories issued by the National Privacy Commission (“NPC”). Likewise, ACEN informs individuals from whom it collects such data of ACEN’s personal data processing activities and respects and enforces their rights as data subjects.

Scope

This document sets out ACEN’s organizational policy in relation to the collection, use, storage, sharing and disposal of all personal data processed by the organization in accordance the Data Privacy Act, its IRR, and all related issuances of the NPC.

ACEN maintains the right to amend and/or modify this document to comply with any future developments in local and/or foreign data privacy regulations where applicable and to reflect any changes in the organization’s policies and/or personal data processing activities.

This document applies, in general, to all personal data processing activities conducted by ACEN, its subsidiaries and affiliates including, but not limited to, the collection, use, storage, sharing and disposal of all personal data about our customers, vendors, partners, employees, agents and other stakeholders subject to their individual right to expressly provide a separate privacy policy.

Definition of terms

  1. Data Subject refers to any individual whose personal data is processed.
  2. Data Sharing refers to the disclosure or transfer to a third party of personal data under the control or custody of a personal information controller. The term excludes outsourcing, or the disclosure or transfer of personal data by a personal information controller to a personal information processor.
  3. Processing refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
  4. Personal Information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
  5. Personal Information Controller refers to any person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.
  6. Personal Information Processor refers to any natural or juridical person qualified to act as such to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.
  7. Sensitive Personal Information refers to personal information (a) about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; (b) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; (c) issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; or (d) specifically established by an executive order or legislative act to be kept classified.
  8. Personal Data collectively refers to all categories of personal information.

Collection and use of personal data

1. What type of information we collect and for what purpose

We collect and process the following types of personal data, among others:

Contact Information and employment and/or business affiliation of our customers and individuals representing or affiliated with our vendors, partners, investors and other business contacts;

Personal details, credit history, government issued identification, bank account and credit card information of our customers and suppliers;|

Shareholder information found in publicly available Securities and Exchange Commission (“SEC”) documents

Contact information, employment history, educational background, biometric information, organizational affiliation, filial relations, gender, date of birth, religion, ethnicity, civil status citizenship, physical medical history, past criminal and/or administrative records, government issued identifying information (such as Pag-IBIG, SSS, TIN, PhilHealth, Professional IDs, Passport, and Birth Certificates), payroll information, company identification of our prospective job applicants, current employees, agents and stakeholders

Social media behavior when you tag, mention, or post photographs of any development of ACEN and its subsidiaries publicly on any social media account (e.g., Facebook, Twitter, Instagram, LinkedIn, etc.)

2. What type of information we collect and for what purpose

In general, we collect and process personal data for purposes of service fulfilment, the achievement of strategic corporate objectives and development, fostering investor relations, internal operations, communications and administration, human resource and financial management, and compliance with applicable laws, rules and regulations.

Vendors, Partners, Investors and other Business Contacts

to conduct appropriate and necessary due diligence;

to verify, assess and accredit;

for effective communication and to maintain business relations;

to exercise or defend any legal claims of the organization; and

to fulfill and enforce any contractual terms and obligations.

Shareholders

To administer, monitor and manage the relationship between ACEN and its shareholders, including the protection of their rights under the applicable laws and regulations;

To verify your identity for purposes of stockholder voting in absentia, voting via remote communication, including the identity of your nominated proxy;

To communicate to shareholders all relevant information regarding the organization’s performance, activities, polices, management and operations.

Employees

We collect, process personal data from and about our employees for administrative and human resource development purposes as well as in compliance with applicable regulations and/or laws, including, but not limited to: identity verification; pre-qualification and post-qualification assessment; processing of employment compensation and benefits; internal security; compliance with regulatory requirements; for the protection of lawful rights and interests of the organization in internal administrative and court proceedings, or the establishment, exercise or defense of legal claims of the organization.

2. How we collect your data

We collect both electronic and physical personal data from the following sources:

a. Directly from customers when they avail of any of our products and/or services. We also collect such information when customers, among others, contact us through our agents and representatives, and sign up to receive communications from us, respond to our surveys, participate in our events, and/or receive queries, requests and complaints from them; and indirectly through third-party sources such as social media sites, publicly available databases and government repositories and/or from other customers.

b. We also obtain such information when customers visit our website and social media profiles as well as when they use our digital platforms and/or mobile applications.

c. When individuals representing or affiliated with our vendors, partners, investors and other business contacts voluntarily provide us with their contact information in order to develop business relations and/or complete legitimate transactions with them.

d. Directly from our employees and job applicants through their curriculum vitae, personal information sheets, submitted medical records and government documents, and interview and training assessment results conducted by authorized personnel, and pre-employment health screening and indirectly from the verification efforts of third-party employee background/screening service providers, job search sites and/or other social media sites and references from previous employers and other third parties.

Disclosure of information

ACEN does not disclose personal data to third parties without the consent of data subjects unless it is legally required to do so; it is necessary to fulfill the purposes for which ACEN processes personal data as mentioned above; or if such action is necessary to protect, defend and/or enforce ACEN’s rights, property or the personal safety of its employees and other individuals.

We allow access to personal data by authorized third-party service providers, suppliers, subcontractors and consultants who provide outsourced functions including, among others:

  1. Automated payroll processing and management to ensure timely and proper compensation as well as compliance with existing employment regulations;
  2. Automated human resource database, loans and benefits management systems;
  3. Cloud storage systems to meet the company’s storage management requirements;
  4. Online Portal/Application-based services facilities;
  5. Systems integration software for the various business management systems, productivity tools and/or applications, and such other products and/or services;
  6. External professional advice and consultation including audits, legal assessments, comparative compensation studies and evaluations; and

    Other financial, technical, architectural and administrative services such as information technology, payroll, accounting, sales administration, procurement, training and other services.

ACEN remains responsible over the personal data disclosed to such third parties. As such, we ensure that such third parties are contractually obligated to comply with the requirements of the Data Privacy Act and shall process your data strictly in accordance with the purposes enumerated above. You may request for additional information on the identities of these parties from the Office of the Data Protection Officer.

The rights of data subjects

ACEN fully recognizes that under the Data Privacy Act, its customers, employees vendors, partners, investors, shareholder and other business contacts and employees, as data subjects, are accorded the following rights:

1. Right to be informed

They have the right to demand and be informed of the details about the type of personal data, the purpose of processing, and how they are being processed by ACEN, including its sources, recipients, methods, disclosures to third parties and their identities, automated processes, manner of storage, period of retention, manner of disposal and any changes to such processing activities before the same is undertaken.

2. Right to access

They have the right to have reasonable access to their personal data, sensitive or otherwise, upon demand. They have the right to review and amend their personal data processed by ACEN in case there are errors.

3. Right to dispute

They have the right to dispute inaccuracy or error in personal data processed by ACEN.

4. Right to object

They have the right to refuse to consent, as well as the choice to withdraw consent, as regards collection and processing of their personal data.

5. Right to erasure or blocking

They have the right to suspend, withdraw, or order the blocking, removal or destruction of his or her personal data from the company’s filing system upon discovery and substantial proof that the personal data is incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes, or are no longer necessary for the purpose/s for which they were collected.

6. Right to rectify

They have the right to dispute any inaccuracy or error in the personal data processed, and to have the company correct it immediately.

7. Right to data portability

They have the right to obtain and electronically move, copy, or transfer their personal data for further use.

Disclosure of information

In relation to the rights of Data Subjects, it is ACEN’s policy to:

  1. Ensure that data subjects affected by the organization’s personal data processing activities are fully and adequately informed of their rights;
  2. Ensure that they are fully and adequately informed of all processing activities performed by ACEN with respect to their personal data;
  3. Ensure that their consent is obtained in accordance with the requirements set forth in the Data Privacy Act, its Implementing Rules and Regulations, and Memorandum Circulars issued by the NPC where applicable. Where the processing does not require consent from our customers and employees in the instances set forth in Sections 12 and 13 of the Data Privacy Act pertaining to the Criteria for the Lawful Processing of Personal Information and the Criteria for the Lawful Processing of Sensitive Personal Information, respectively, ensure that our customers and employees are fully and adequately informed of the basis of such processing other than consent;
  4. Ensure that they have the facility to reasonably access, review and amend their personal data and to request for copies thereof in a commonly portable format;
  5. Ensure that they have the facility to: dispute any inaccuracy or error in their personal data, object to any changes in the manner and purpose by which they are processed, withdraw consent where applicable, and to suspend, withdraw, block, destroy, or remove any unnecessary, falsely collected or unlawfully processed personal data;
  6. Ensure that such personal data are proportional, necessary and limited to the declared, specified and legitimate purpose of the processing;
  7. Ensure that such personal data are retained for only a limited period or until the lawful purpose of the processing has been achieved;
  8. Ensure that such personal data are destroyed or disposed of in a secure manner;
  9. Ensure that they have the facility to lodge complaints to ACEN relating to any violations to their rights as data subjects and that such complaints are adequately and timely addressed.

Data protection officer

Personal data security policy

1. Storage and access to personal data

ACEN ensures that all personal data stored by the organization, whether in manual or electronic form, are kept in secure data centers with appropriate physical, technical and organizational security measures and accessed in accordance with the data security standards of the organization.ACEN adopts appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal data, username, password, transaction information and data stored and processed by ACEN, including appropriate encryption tools, firewalls and security incident management systems and procedures. Transfers of personal data internally and externally shall only be made in accordance with strict security protocols and under modes of transfer compliant to the requirements and standards of the Data Privacy Act, its Internal Rules and Regulations, and the relevant issuances of the NPC. ACEN also ensures that only authorized individuals within the organization shall be allowed to process personal data in accordance with ACEN’s access control policies and procedures.

2. Retention and disposal of data

ACEN ensures that personal data is only retained for a limited period or until the lawful and legitimate purpose of the processing is achieved. To that effect, ACEN has established procedures for securely disposing files that contain personal data whether the same is stored on paper, film, optical or magnetic media, personal data stored offsite, and computer equipment, such as disk servers, desktop computers and mobile phones at end-of-life.

3. Third-party disclosures

a. Personal information processors
ACEN shall ensure, in instances where any processing of personal data is outsourced to a third- party processor, that such third party shall be compliant with the organization’s security standards through the appropriate contractual documents and that it regularly conducts due diligence efforts on such third party’s data processing activities through appropriate independent certification and verification procedures.

b. Personal information controllers
ACEN shall ensure that any disclosures or transfers of personal data controllers shall be governed by legally compliant data sharing agreements and in accordance with the rights of data subjects. Data subjects shall be duly informed and consent from them obtained, where applicable, before such data sharing activities are performed.

c. Human resource policy
ACEN implements periodic and mandatory training for all its personnel, representatives, and agents training on privacy and data protection in general and in areas reflecting job-specific content. Likewise, it will ensure that all employees, representatives, and agents exposed to personal data pursuant to their function are adequately bound by strict confidentiality.

d. Internal data transfer
While ACEN generally does not transfer its personal data outside of the Philippines, the organization, its subsidiaries and affiliates utilize cloud technology in the storage and processing of personal data resulting in transfers of such data-to-data centers outside of the country. To ensure the protection of such data, we’ve made it a point to instruct our cloud service providers to limit the location of data servers housing the personal data we process in countries with similar data protection standards and regulations.

e. Web browsing cookies
Our website may use cookies to enhance your experience. Your web browser places cookies on your device for record-keeping purposes and sometimes to track information about your use of our website. You may choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the website may not function properly.