Privacy Policy

This document outlines m360, Inc’s (“M360”) Policy in relation to the collection, use, and protection of Personal Data processed through our products and services and in relation to our legitimate business interests and administrative requirements. From time to time, we may update our Privacy Policy to reflect changes in our processing practices and developments in applicable privacy laws, rules and/or regulations.

1. Information We Collect and Process

m360 is a messaging solutions provider that allows clients to broadcast messages and other types of content to their specified recipients through Short Messaging Services (SMS) or rich media channels such as Viber or Facebook Messenger.

We also provide two-way messaging services that allow our clients to interact with target recipients and to manage/monitor their responses, including marketing surveys and polls. As an added feature and depending on client requirements, we also provide account creation and management in relation to client-featured products and services, data analytics and tracking services that generate information about target recipients so that clients can get to know more about them.

  1. How We Collect Personal Data

  2. In the provision of our products and services, we only collect and/or process Personal Data for and on behalf of our clients. This means that we do so based only on our contractual obligations to clients, their documented instructions, and under their control and supervision. We collect and/or process Personal Data through the following channels:

    • Client-provided Personal Data through the use of products and services featured in the m360 platform; and
    • Recipient responses to and interactions with client-designed content including messages, initiatives, programs, promotions and/or campaigns deployed and managed through the m360 platform.

    There are also instances where we collect from our clients Personal Data about them, in cases of sole proprietorships, and/or their authorized representatives and agents when they:

    • Submit application forms or other forms relating to any of our Products and Services;
    • Use our services, for example, websites and apps including establishing any online accounts with us;
    • Internal credit and/or risk management;
    • Use our customer service and after-sales channels;
    • Engage third-party services through us; and
    • Join our contact list or subscribe to our notifications in relation to prospective m360 promotions, marketing campaigns and/or initiatives.

  3. Types of Personal Data and Their Purposes

    • Recipients of Client-Designed Content Through m360 Products and Services

    • We collect and process the Personal Data of recipients of client-designed content communicated through m360 products and services strictly for the provision thereof for and on behalf of our clients. These may include, among others:

      • Basic identifiers and contact information such as full names, dates of birth, addresses, telephone/mobile numbers, sex, e-mail addresses, and proofs of identification; and
      • Recipient responses to and interactions with such client-designed content, whether via SMS or rich media channels, including recipient behavior, preferences, rate of activity, device information and location, network performance, diagnostics, and performance issues.

      The purposes for which such Personal Data may be collected and used varies depending on the products and services subscribed by the client, which may include simple broadcast messaging, the conduct of marketing initiatives, surveys, and campaigns, and/or account creation and management relative to a client’s ongoing programs, products, and services.

      Nevertheless, inasmuch as we collect and process such Personal Data under the control and supervision of our clients, we contractually obligate them to ensure that the purposes for which they use our products and services are strictly in accordance with applicable laws, rules, and regulations, including the need to obtain informed consent from recipients, where applicable, and to comply with the criteria for lawful processing of Personal Data under the Philippine Data Privacy Act.

      Beyond the legitimate purposes of our clients, we only use recipient Personal Data to fulfill administrative requirements such as security, fraud prevention or financial record-keeping and legal compliance.

    • Clients and Their Authorized Representative and Agents

    • We also collect and process basic identifiers and contact information of our clients, in cases of sole proprietorships, and/or their authorized representatives and agents for the following legitimate purposes:

      • To formalize and facilitate our service agreements with clients within the requirements of the law;
      • To provide and communicate with clients the products and services asked for, including m360 platform account creation and management, client verification, client aftersales care and technical support, client relationship management, third-party services, and billing;
      • To communicate to clients, additional products, services and/or benefits including promotions, marketing campaigns, loyalty and reward programs from m360;
      • Leads generation and management for marketing m360’s products and services;
      • To communicate to clients relevant services and/or advisories, as well commercial and promotional alerts, advertisements, and surveys, all from m360, even though, at times, they are in partnership with third parties;
      • To managing the administrative and business operations of m360 and complying with internal policies and procedures, including credit checks and internal risk management;
      • To monitor communications from phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification purposes; and
      • To comply with applicable laws, rules and/or regulations and other legal obligations binding upon m360.

      Such Personal Data is collected and processed as part of a client’s business information. As such, we require clients, in the case of sole proprietorships, to authorize us to process such data, where required, or to warrant that any Personal Data about their authorized representatives, agents and/or other third parties, was obtained and disclosed on the basis of informed consent or any of the criteria for lawful processing of Personal Data under the Philippine Data Privacy Act.

    • Cookies and Trackers

    • We collect cookies, web beacons, small data text files or similar technologies primarily to ensure that the core functions of our website and apps are optimally accessible to its users. However, depending on your preferences, we may also collect and use such information for behavioral analytics to tailor-fit our marketing campaigns and to improve our products and services.

      For more information, please see our Cookie and Tracker Policy.

2. Profiling and Automated Decision-Making

We may process recipient Personal Data for and on behalf of our clients, to create recipient/user profiles that reflect insights on recipient preferences and client content response and interaction, depending on client requirements. We also use automated processes to produce these insights and to meet client requirements and objectives.

While this is done under the supervision and control of our clients, we contractually obligate them to ensure that recipients are properly informed of the use of these processing methods, whether in the context of informed consent or a client’s reliance on other criteria for lawful processing of Personal Data under the Philippine Data Privacy Act.

3. Information We Share

We outsource or contract the processing of Personal Data to third parties, such as but not limited to, vendors, service providers, partners, or other telecommunications operators, to fulfill any of the products and services we provide clients, including platform infrastructure, platform data, and log storage services, application to person gateways (A2P) of telecommunications operators, SMS delivery services, over-the-top service delivery, outbound international SMS services, and social media message delivery and compliance with government requirements.

They are only authorized to use Personal Data for such contracted purposes. They may have access to Personal Data for a limited time under reasonable contractual and technical safeguards to limit their use of such data. We require them to protect Personal Data consistent with this Policy.

Save for the disclosures that we make in line with the preceding paragraphs, it is our policy never to share Personal Data to any third-party unless we are authorized by our clients or are otherwise required/allowed by law to do so. In any case, we disclose to our clients exactly what we are sharing, why, and what basis under the law we rely on, before we do so.

4. How We Protect Personal Data

We secure and protect Personal Data with proper safeguards to ensure confidentiality and privacy; prevent loss, theft, or use for unauthorized purposes; and to comply with the requirements of the law.

To detect and mitigate evolving threats to information security, we’ve implemented appropriate physical, technical, and organizational security measures to protect Personal Data including:

  1. A state-of-the-art Security Operations Center complete with a dedicated team that manages, monitors and protects our network and systems from potential risks to your information under fully documented security incident management procedures.

  2. Regular review of our information collection, storage, and processing practices, including physical and electronic measures to guard against unauthorized access to our network and systems.

  3. Contractually obligated confidentiality among our authorized employees, contractors and other third-parties who may have access to your information.

  4. Third-party risk assessment as well as contractually mandated minimum-security features against data leakage, unauthorized access, or disclosure, and accountability.

  5. Access management across m360 employees, contractors and other parties under a “need to know” standard.
5. How Long We Keep Personal Data

We only keep Personal Data in our records in accordance with our contractual obligations with our clients unless it is necessary to keep such information longer to fulfill the purposes for which it was collected, or for legitimate business or legal purposes such as security, fraud prevention, financial record-keeping, and legal compliance. Upon request, we may provide our clients with our data retention schedule in keeping with the principle of transparency.

When disposing of Personal Data, we have established procedures for securely disposing files that contain Personal Data whether the same is stored on paper, film, optical or magnetic media, Personal Data stored offsite, and computer equipment, such as disk servers, desktop computers and mobile devices at end-of-life.

6. Data Subjects Rights

m360 fully recognizes the rights of Data Subjects under the Data Privacy Act of 2012, namely:

  1. The right to be informed

  2. The right to Withdraw Consent Anytime

  3. Right to Dispute/Rectify

  4. Right to Indemnity

  5. Right to Object

  6. Right to Access and Data Portability

  7. Right to Suspend/Block/Erase

As such, we contractually obligate our clients to respond to any request or complaint by data subjects for the exercise of privacy rights. Conversely, we are contractually obligated to notify our clients if we receive any such complaints or requests from data subjects and to provide our clients with reasonable assistance in their response.

7. How to Reach Us

For any questions or concerns regarding our privacy practices, you may contact our Data Protection Office as follows:

Data Protection Office

m360, Inc.

2/F Globe Telecom Plaza, Tower 1, Pioneer Street corner Madison

Barangka Ilaya, City of Mandaluyong

NCR, Second District, Philippines


This Privacy Policy was last updated on March 18, 2022.