Our Privacy Statement
Smart Communications, Inc. (“SMART”) respects our customers’ fundamental right to privacy, and we commit to take great care in safeguarding your personal data. SMART has developed a privacy statement that aims to ensure that we adopt and observe appropriate standards for personal data protection in compliance with applicable privacy laws and regulations.
While this privacy statement sets out the general principles that govern the collection, use, and disclosure of our customers’ personal data, we have also developed this privacy statement to inform you more specifically about our privacy practices.
Why we collect your personal data
Throughout your use of our services, we collect and maintain some basic information about you. We do so only for the purposes and legal bases described below.
- We process your personal data to perform our obligations under contract with you.
We process your personal data based on our legitimate interest to function effectively as a business, but we only do so when your interests and fundamental rights or freedoms do not override our legitimate interest.
- To create and nurture a relationship with you, so that we can continuously provide you with our services. For example, when you apply for any of our services, we collect personal information about you that will allow us to validate your identity and credit history for purposes of billing and collection of fees for the products and services that you avail from us.
We process your personal data as you avail of our products and services so that we may be able to create and offer better products and services for you, including through direct marketing. We only carry out these processing activities based on your consent.
- To continuously improve our business and operations. For example, we analyze your usage of our network and facilities to help us manage your account, provide customer care activities, investigate and resolve your service-related requests and concerns, monitor the quality and security of the network, train our staff, and plan for future growth. We may also process your personal contact details and publish them in an internal directory listing, in order to effectively communicate with you and provide you with necessary assistance.
- To continuously improve our products and services. We collect, use, process, and analyze your use of our products and services so that we can understand how to improve them for your benefit. Our analysis may include some information about your usage, such as the volume and frequency of your use of our SMS, voice, and data services, and your historical locational information which we determine based on an analysis of the places where you may have used our products and services in order to generate insights on foot traffic, crowd density, and mobility patterns.
- To understand your needs and preferences so that we can serve you better. We process data to determine your usage profile by maintaining a record of the products and services that you avail from us, and by analyzing other activities such as when you participate in our market research initiatives, when you visit and transact in our stores, and when you visit and use our websites and mobile apps.
- We do so in order to gain a better insight about the kinds of offers that would be relevant to your preferences.
- To manage the security of our business operations. We may process your personal data to conduct IT security operations, to manage our assets, to ensure your fair use of our products and services, and for business continuity, disaster recovery, and audit purposes.
We process your personal data to comply with legal requirements.
- To send you offers, recommendations and promotions. We process your usage profile to send you customized offers and promotions through your contact details using channels such as SMS, voice calls, and e-mail. This includes location-based offers that are exclusively available in areas that you may frequent.
- To assist public authorities. We generate statistical insights based on your usage of our network and facilities to assist public authorities in planning for healthcare, disaster management, and other similar initiatives. When we can, we aggregate and anonymize this information so that you are never identified as an individual.
- To comply with legal requirements. We run credit scoring programs and initiatives, including but not limited to, providing information to the Credit Information Corporation in accordance to Republic Act No. 9501 and the Credit Information System Act. We may also perform other required personal data processing or disclosure to meet other relevant legal and regulatory requirements.
How we collect your personal data
We collect your personal data from several resources.
Information you share with us
Most of the personal data we retain are information you have shared with us. You provide us with personal data when you:
- Apply for our services by filling out application forms, subscription agreements, and other similar or related documents through any of our available channels (online, in our stores, or through our sales representatives);
- Get in touch with us to ask about something, file a complaint or request for service;
- Take part in our research and surveys; and/or
Information we collect during our relationship with you
We also collect information as you use our products and services, like when you:
- Use our network, facilities and services - whether it is Mobile, Fixed, Home, or any of our other products, services, and channels;
- Pay your bills or purchase add-on products and services;
- Use our apps, websites, and self-service channels and portals;
- Join our promos, prize raffles, or rewards & loyalty programs;
- Participate in our market research activities; and
- Visit and transact in our stores.
When we disclose your personal data
There are a variety of circumstances where we may need to share some of the information that you have provided to us. In these cases, we ensure that your personal data is disclosed on a confidential basis, through secure channels, and only in compliance with applicable privacy laws and regulations.
We will never share, rent, or sell your personal data to third parties outside of SMART except in special circumstances where you may have given your consent for, and as described in this statement.
In some instances, we may be required to disclose your personal data to our agents, subsidiaries, affiliates, business partners and other third-party agencies and service providers as part of our regular business operations and for the provision of our products and services. This means we might share your information with:
- Our service providers, contractors, and professional advisers who help us provide our products and services. This includes partner companies, organizations, or agencies, and their sub-contractors. For example: our couriers for bill delivery and our customer contact centers for our pre- and post-sales hotline operations;
- Other companies to whom you have also given consent for us to share your information with. For example, when you sign-up for products and services offered by other companies, they may request for information from us in order for them to validate your identity; and
- Law enforcement and government agencies, but only when required by laws and regulations and other lawful orders and processes.
For the list of our partners, please visit our list of affiliates .
Transfer of your personal data outside the EEA
Unless you are otherwise notified, any transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on an adequacy decision or are governed by the standard contractual clauses (a copy of which can be obtained through the contact information included below). Any other non-EEA related transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards.
How we protect your personal data
The integrity, confidentiality, and security of your information are important to us. That’s why we strictly enforce our privacy statement within SMART and have implemented technical, organizational, and physical security measures that are designed to protect your information from unauthorized or fraudulent access, alteration, disclosure, misuse, and other unlawful activities. These are also designed to protect your information from other natural and human dangers.
We also put in effect the following safeguards:
- We keep and protect your information using a secured server behind a firewall, encryption and security controls;
- We keep your information only for as long as necessary for us to (a) provide the products and services that you avail from us, (b) for our legitimate business purposes, (c) to comply with pertinent laws, and (d) for special cases that will require the exercise or defense of legal claims and for a maximum retention period of twelve (12) from your service's permanent deactivation.
- We restrict access to your information only to qualified and authorized personnel who are trained to handle your information with strict confidentiality;
- We undergo regular audits and rigorous testing of our infrastructure’s security protocols to ensure your data is always protected;
- We promptly notify you and the competent data protection authority, when sensitive personal data that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person;
- We let you update your information securely to keep our records accurate.
What your choices are
You are afforded certain rights in relation to your personal data under applicable data privacy laws and regulations.
You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
- Request access to the personal data we process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data.
- Request a rectification of your personal data: this right entitles you to have your personal data corrected if it is found to be outdated, inaccurate, or incomplete.
- Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, such as in cases where your personal data is no longer necessary to achieve the legitimate business purpose of its use or processing.
- Request the restriction of the processing of your personal data: this right entitles you to request that we only process your personal data in limited circumstances, including with your consent.
- Request portability of your personal data: this right entitles you to receive a copy of personal data that you have provided to us (in a structured, commonly used and machine-readable format). This includes requests for us to transmit a copy of such personal data to another company, on your behalf.
You moreover have a right to object to the processing of your personal data, such as in cases when we process your personal data for purposes related to direct marketing.
To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting our Data Privacy Officer. Please note that this will not affect the lawfulness of the processing that was carried out before you withdrew your consent or SMART’s right to continue parts of the processing based on other legal bases than your consent. If, however we have not provided you with another legal basis justifying the processing of your personal data in this privacy statement, we will stop the processing and delete your personal data.
To exercise these rights, you may get in touch with our Data Privacy Officer through the contact details provided below. In some instances, we may request for supporting documents or proof before we effect any requested changes to your personal data.
If, despite our commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome individuals to come to SMART first to seek resolution of any complaint. You have the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against us with a competent court (either in the country where you live, the country where you work or the country where you deem that data privacy law has been infringed).
SMART Data Privacy Office
6799 Ayala Ave., Makati City, 1226, Philippines
Changes to our privacy statement
From time to time, we may update our privacy statement and practices to comply with changes in applicable laws, to comply with government and regulatory requirements, to adapt to new technologies and protocols, to align with industry best practices, and for business purposes.
You will always be provided notice if these changes are significant and, if we are required by law, we will ensure to obtain your updated consent.
This Privacy Statement is effective July 1, 2019.