A. Data Privacy Act or DPA refers to Republic Act No. 10173 or the Data Privacy Act of 2012 and its implementing rules and regulations.
B. Data Subject refers to an individual whose Personal Information, Sensitive Personal Information, or Privileged Information is processed.
C. Company refers to AB Capital Securities, Inc.
D. Personal Data refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
E. Sensitive Personal Information refers to Personal Data:
1. About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
2. About an individual’s health, education, genetic or sexual life, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
3. Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
4. Specifically established by an executive order or an act of Congress to be kept classified.
II. DATA PRIVACY STATEMENT
The Company respects its customers’ (“You”, “Your”) privacy and will keep secure and confidential all Personal Data and/or Sensitive Personal Information that You may provide to the Company, and/or those that the Company may collect from You.
This privacy statement (“Statement”) provides for the Personal Data We obtain through our Customer Account Information Form or for those You may provide through this website, www.abcapitalsecurities.com.ph ("Website"), and the standards we observe in collecting, using, processing, keeping, securing, and disclosing said Personal Data.
This statement provides you with notice as to why your personal data is collected, how it is intended to be used, to whom your personal data may be transferred to, how to access, review and amend your personal data. By using this website, you are accepting the practices and policies in this privacy statement. If you object to any practices and policies in this statement, please do not use this website to submit your personal information to the Company.
The Statement may be updated from time to time to reflect change(s) in applicable/relevant laws and/or the Company’s internal standards.
A. Collection of Data and their Use
The Company collects from its customers certain Personal Data such as:
- Those data that You provide by filling in forms on our website. This includes names, addresses, contact details, sources of income, and other financial information among others. Pages that collect this type of personal data may provide further information as to why Your personal data are needed and how it will be used;
- A record of that correspondence, if You contact us; and
- Details of Your visits to the Website (e.g., traffic data, location data, logs, and other communication data, and the resources that you access and use on the Website); and
- Any postings, comments or other content that You upload or post to Our website.
We collect such Personal Data in order to:
a) facilitate the opening of and maintenance of customer accounts;
b) comply with the requirements of regulatory bodies such as the Philippine Stock Exchange, the Capital Markets Integrity Corporation, the Securities and Exchange Commission, and the Anti-Money Laundering Council among others;
c) implement industry standard procedures in conducting due diligence and Know Your Customer “KYC” processes; and
d) serve as contacts for advisories about the Company’s products or services, and other opportunities that may be of interest to You
When You navigate through and interact with the Website, We may use automatic data collection technologies (for example: cookies, web beacons, small data text files or similar technologies) to obtain certain information about Your equipment, browsing actions, and patterns, such as:
- Information about Your computer/device and internet connection, as well as IP address, operating system, and browser type (collectively, “Collected Data”).
The Collected Data are mostly statistical data but may include other Personal Data, and we may maintain or associate these with the Personal Data that we ask You to provide to the Company in connection with Your account.
B. Retention of Personal Data
In retaining Your Personal Data, the Company shall observe relevant guidelines as mandated by the Securities and Exchange Commission (through its Securities Regulation Code), Data Privacy Act of 2012, and other relevant laws and regulations. We shall retain such Data when your account remains active, and for a maximum period of 5 years after your account has been closed.
C. Security of your Personal Data and the Collected Data
The Company has implemented technical, organizational, and physical measures designed to protect the confidentiality, integrity, and availability of your Personal Data and secure such data from destruction, unauthorized access, alteration, disclosure, fraudulent misuse and/or any other unlawful processing, as well as other natural and human dangers.
The Company protects your Personal Data by using advanced security measures currently available. We have protocols, controls, and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of Personal Data and the processing we undertake.
All online transactions are encrypted and are routed from the Company’s Internet server through a "firewall" that limits access to the online trading server. The Company uses a 256-bit encryption protection through Secure Socket Layer (SSL) to ensure that transmissions to and from the Company’s “Online Trading Site” and / or Website are protected against unauthorized access or intrusion.
The Company has likewise complied with the National Privacy Commission’s IT security guidelines which include:
- That our Partner/Vendor/Provider be ISO: IEC 27018 compliant (for Personal Data stored in the Cloud); and
- 256-bit AES for data at rest and in transit (for digitized Personal Data).
Access to the Company’s “On Line Trading Site” and/or Website is restricted through distinct/unique customer “Username” and “Password” combinations.
The Company permits access to your Personal Data only to authorized employees. Employees who violate our policy in handling such Data will be subject to the Company’s disciplinary processes.
The Company continually evaluates its Internet systems, services, and software used in its operations to ensure that they meet the highest industry standards with regards to Information Security.
D. Disclosure and Sharing of Personal Data and Collected Data
The Company may disclose and share Personal Data, subject to compliance with Data Privacy Act of 2012, other relevant laws and regulations, internal policies of the Company, and in cases only for legitimate business purposes, such as but not limited to credit/business reporting and risk management.
As such, we may disclose and or share Personal Data:
- To our affiliates, related entities and various reputable parties;
- To service providers, and other third parties We engage to support our business, and who are bound by contractual obligations to conform to the Company’s privacy standards; to keep such Data confidential, and use it only for the purposes for which We disclose it to them;
- To government and law enforcement agencies and regulatory bodies;
- To comply with orders of courts, government agencies, regulatory bodies, and with applicable laws and regulations;
- If We believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company and its affiliates, officers, employees, or other third parties;
- To conduct investigations of breaches of the Company’s internal policies, laws and regulations, enforce appropriate sanctions and pursue legal actions if necessary; and
- For the furtherance of any other similar circumstances
E. Accessing and Correcting Your Personal Data
The Company recognizes that You are entitled to certain rights as Data Subjects including the right to access, right to rectification or correction of your Personal Data being processed if it is inaccurate or incomplete, right to ensure or blocking, right to object to the processing if the Company no longer processes your personal data, and the right to lodge a complaint before the National Privacy Commission in case of violation of such rights.
You may send us an e-mail at email@example.com to request access to, correct and/or delete any Personal Data that you have provided to us. Please be advised, however, that we cannot delete your Personal Data without restricting or removing our ability to effectively open and/or manage your accounts.
We may also not accommodate a request to correct and/or delete Personal Data if we believe the same would violate any law or legal requirement or cause the Personal Data to be incorrect.
The lawful heirs and assigns of the Data Subject may invoke the rights of the Data Subject to which he or she is an heir or assignee, at any time after the death of the Data Subject, or when the Data Subject is incapacitated or incapable of exercising his/her rights.
The Company will be responsible for the privacy standards of its own site only. Since our Website may contain links to other Web sites, we will not be responsible for the privacy practices or the content of such Web sites.
G. Amendments to this Privacy Statement
The Company reserves the right, at any time and without notice, to add to, change, update or modify this privacy statement, simply by posting the change, update or modification in this Website. If we decide to change our personal data policy, those changes will be notified on our website so that you are always aware of what information we collect, how we use the information and under what circumstances the information is disclosed. Any such change, update or modification will be effective immediately upon posting.
By continuing to access this Website, You are hereby deemed to have read and understood this Privacy Statement, and to have freely given your consent to the collection, processing, and sharing of your Personal Data and/or Sensitive Information based on the terms and conditions as stated in this Statement. This Consent is hereby given pursuant to and in compliance with the Data Privacy Act of 2012 and any of its implementing rules and regulations.
I. Contact Information
Should you have any questions and/or concerns regarding this Statement, the Company’s use of your Personal Data or your rights in relation thereto under the Data Privacy Act of 2012, please do not hesitate to contact the Company’s Data Protection Officer at the following: (E-mail: firstname.lastname@example.org /Tel. No. 632-898-7532).
Last update, May 24, 2018