m360 Data Privacy Policy

Throughout our relationship with you, we collect and use your personal data to allow us to continuously provide you with our products and services. When we do so, we will let you know exactly what personal data we are collecting, why, and what criteria under the law we rely on.

Subscriber Information - refers to personal information relating to the subscriber such as name, age, contact number, address, etc.
Account Information - any information relating to the account, including but not limited to usage and history, preferences, etc.
Service Information - refers to information on the service/s procured or received

Cookies

We collect cookies, web beacons, small data text files, or similar technologies primarily to ensure that the core functions of our website and apps are optimally accessible to you. However, depending on your preferences, we may also collect and use this information for behavioral analytics to personalize our marketing campaigns.

We process your personal data through automated operations to create customer profiles that reflect insights on your preferences and usage activity. This enables us to communicate relevant products and services to you, and to maintain, regulate, and improve your network quality and access.

We may outsource the processing of your personal data to external parties including vendors, service providers, and other telecommunications operators who may process your personal data outside the Philippines to fulfill the purposes described in this Privacy Policy. When we do so, we make sure they can only process your personal data strictly for the purpose stated in our contract with them. We also require them to protect your personal data with organizational, physical, and technical security measures consistent with our internal policies and ensure they return or dispose of your personal data upon the end of our engagement or as otherwise specified in our contract.

With your consent, we will share your personal data with our Partners for scoring, business analytics, and product development purposes as well as to allow them to market and extend their products and services to you. It is our policy to never share your personal data with external parties unless we obtain your consent or are otherwise required or allowed by law to do so.

We secure and protect your personal data with appropriate safeguards to ensure confidentiality and privacy, prevent loss, theft, use for unauthorized purposes, and comply with the requirements of the law.

To detect and mitigate evolving threats to information security and data privacy, we have implemented appropriate organizational, physical, and technical controls to protect your personal data including:

- A state-of-the-art Security Operations Center with a dedicated team that manages, monitors, and protects our network and systems from potential risks to your personal data with fully-documented security incident management procedures;
‍
- Regular review of our collection, processing, storage, retention, and disposal practices including physical and electronic security measures to guard against unauthorized access to our network and systems;
‍
- Contractually-mandated confidentiality among our authorized employees, contractors, and other external parties who may process your personal data;
‍
- External party risk assessment as well as security features against data leakage, unauthorized access or disclosure, and accountability; and
‍
- Identity and access management across our employees and external parties under a “need-to-know” standard.

We keep your personal data for as long as you are our subscriber or until the purpose for why it was collected expires. However, it may be necessary for us to keep your personal data for a longer period for the fulfillment of the declared, specified and legitimate purpose; for the establishment, exercise or defense of legal claims; for legitimate business or legal purposes consistent with applicable industry standards such as security, fraud prevention, or financial record-keeping or for cases as may be required by law. In general, our retention and disposal schedule is as follows:

- Subscriber Information - 3 months up to one (1) year from termination of services provided that the subscriber has no outstanding obligations or up to sixty (60) days from the end of a promo or event

- Account Information - 3 months up to one (1) year from termination of services provided that the account has no outstanding obligations

- Service Information - 3 months up to one (1) year from termination of services provided that the subscriber/account has no outstanding obligations
 
Provided further that in the above 3 instances, the duration shall be dependent upon the need to fulfill the purpose of collection.

The amount of subscriber, account, and service information that is retained may range from six (6) months to one (1) year from the date of request depending on the type of personal data.

We have also established procedures to securely dispose of files that contain your personal data whether in digital or physical form (e.g. shredding, erasure software, degaussing).

We recognize your rights under the Data Privacy Act of 2012.

Right to Be Informed
You have the right to be informed of how and why we collect and process your personal data, including where we collected it, with whom we share it and why, how we protect it, how long we keep it, and how we dispose of it, and any changes to our data processing activities before they are implemented.

Right to Object
You have the right to object to the processing of your personal data when the sole criteria for processing is our legitimate interest. However, this may result in the termination of your product or service when the processing of personal data objected to is necessary for its delivery.
You also have the right to withdraw any consent previously given for the processing and/or sharing of your personal data.

Right to Access
You have the right to request reasonable access to your personal data subject to our internal procedures. We, however, reserve the right to seek reasonable fees when providing such data presents certain challenges due to its volume as well as to restrict access to linked data that may be confidential, proprietary, or belong to other individuals.
 
Right to Data Portability
You have the right to obtain a copy of your personal data or have it transmitted to other entities in a format that is portable and commonly accessible subject to our internal procedures.
 
Right to Rectify
We keep our records as accurate as possible. Where there are any errors or inaccuracies to your personal data, we give you ways to dispute and rectify or update it, subject to our internal procedures.

Right to Erasure or Blocking
You have the right to suspend, withdraw, or order the blocking, removal, or destruction of inaccurate, incomplete, outdated, false, or unlawfully obtained personal data, or personal data not necessary for the purpose for which it was collected, and for such other cases provided in the Data Privacy Act of 2012.
 
Right to Damages
You have the right to be indemnified for damages sustained, if any, due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.

Should you wish to exercise any of your data subject rights or have any questions or concerns regarding our privacy practices, you may contact our Data Protection Officer:

Data Protection Officer
M360, Inc.
3/F Globe Telecom Plaza, Tower 1, Pioneer St. corner Madison,
Barangka Ilaya, Mandaluyong City,
Metro Manila, Philippines
Email: dpoteam@m360.com.ph