Last Update: June 15, 2020
I. Purpose and ScopeThe Capital Markets Integrity Corporation and its parent company, The Philippine Stock Exchange, Inc., ("PSE"), (collectively, "CMIC", "we", "us" or "our"), are committed to respect and protect its stakeholders' personal data in accordance with the Data Privacy Act of 2012 ("DPA") and its Implementing Rules and Regulations ("IRR"). We will keep secure and confidential all personal data obtained over the course of performing business activities or that CMIC may collect, unless required to be disclosed by law, court, rules and regulations, or with your authorization.
Personal data refers to all types of personal information or any data about an individual who can be identified from that data, as more specifically defined under the DPA.
- submit document or information or request data or documents;
- apply for employment, appointment, or training or are employed, elected, or contracted;
- your trades or your company is under audit, monitoring, or investigation;
- file investor complaint or inquiry;
- participate or attend any of our trainings, workshops, seminars, meetings, or other events;
- visit our premises;
- supply us with your products or services; or
- visit or use our Website - www.cmic.com.ph
II. Personal Data that CMIC collects and processes
CMIC collects personal data fairly and lawfully. The legal bases for our collection and processing of your personal data will be one of the following:
- to fulfil our contractual obligations to you, for example to allow you to supply us with your products or services or use our services;
- to comply with our legal and/or regulatory obligations, for example obtaining your name to enable us to meet our obligations under the Securities Regulation Code ("SRC");
- to meet our legitimate interests, for example we want to know how you use our Website in order for us to enhance our services or to create new ones; to convey to you the issues or concerns relating to our audit, monitoring, or investigation involving you or your company; to inform you about our seminars or updates of our events that you are interested in; to maintain our records; and to review and plan our marketing and business development programs. When we process personal data based on this ground, we implement necessary safeguards which are designed to protect your privacy interests, freedoms, and fundamental rights protected under the 1987 Constitution;
- when processing of your personal data is provided for by existing laws and regulations such as in relation to your employment or for compliance by trading participants ("TP"), PSE, or by us with the SRC, 2015 Implementing Rules and Regulations ("2015 SRC IRR"), and our Rules; and
The personal data that CMIC may collect from you depend on the nature and purpose of your interaction, transaction, or application with CMIC. The personal data consist of, but not limited to, the following:
- your name, nickname, addresses (email, office, and residential), contact numbers (work, home, and mobile), title or job title, designation, and biometrics;
- photograph, video footage through closed-circuit television system, signature, gender, religion, employee number, and company name and address;
- payroll information, payroll history, financial benefits, rank, bank account number, loan records, tax account number, tax status, and other financial information;
- citizenship/nationality, information indicated in company ID, date and place of birth, age, blood type, civil status, education, health data, employment history, and other curriculum vitae related information;
- government-issued numbers such as license numbers issued by Securities and Exchange Commission ("SEC"), Social Security System ("SSS"), and Professional Regulation Commission, driver's license, Roll of Attorney's numbers, and passport information; and
- any additional personal data that you may provide through your correspondence(s) with us in connection with your concerns which we shall also consider and treat as personal data.
Your personal data are collected by CMIC either through any of the following instances:
- directly from you or from your duly-authorized representative, PSE, external auditor, or third-party service providers (collectively, "related parties") collected and disclosed with your consent or authorization, or CMIC may receive your personal data from third-parties such as but not limited to TPs or settlement banks to whom you have given consent to transmit your personal data to CMIC;
- through contracts, agreements, or other legal arrangements you or your authorized person has with CMIC or its related parties; or
III. Purposes of the collection, use, storage, and disclosure of personal dataCMIC collects, uses, stores, and discloses your personal data for various lawful and legitimate purposes such as but not limited to:
- provide you with our services or in order for us to improve said services;
- conduct of audits of TPs, market surveillance, and investigation of market irregularities or complaints;
- undertake review and evaluation of application/s submitted to CMIC, including the conduct of background checks about you when necessary or required;
- convey to you matters pertinent to your relationship with or interest in CMIC or to act on your request/s;
- fulfil contractual or legal obligations under the contract, agreement, or other legal arrangement entered into between you and CMIC or with PSE;
- conduct audit and review of our processes and systems for purposes of managing risks, strategic and action planning, and compliance;
- protect and enforce contractual and legal rights and obligations of CMIC;
- comply with applicable laws, rules and regulations, circulars, codes of practice or corporate governance, guidelines, or policies issued by regulatory bodies, or to assist in law enforcement and investigations by relevant authorities, including court proceedings;
- prevent, detect, and investigate offenses, crimes, or violations of our policies, Rules, or laws, including assessment and management of business risks arising from said offenses or violations;
- manage the safety and security of CMIC's premises, information communication technologies, data, systems, services, personnel, and guests;
- send you information about our services or events that may be relevant to you;
- allow your use or visit of our Website;
- allow your visit of our premises;
- implement and enforce our Rules, memorandum circulars, guidelines, policies, and other issuances; or
- any other purposes related to any of the foregoing.
IV. Disclosure of personal dataWe may share your personal data within CMIC, Securities Investors Protection Fund, Inc., PSE, Securities Clearing Corporation of the Philippines, Premier Software Enterprise, Inc., and/or related parties in order to provide you with our services, to enable us to undertake our principal functions, or to continue your relationship or transaction with us. Access to your personal data is limited to those employees, agents, and contractors of CMIC who need access to your personal data in order to provide you with our services, to allow us to undertake our principal activities, and to carry out legal and regulatory obligations of CMIC. Only personal data pertinent or relevant to the purpose is shared.
CMIC may also share your personal data to third-parties with your consent for the purposes for which the information was collected and for any other reasonable purposes relevant thereto. We use the services of third-party service providers to help us in certain areas such as, but not limited to, physical security, various maintenance needs, storage and records management, health maintenance coverage, insurance, and background checks. Where third-party service providers receive your personal data we will remain responsible for the use of your personal data. We also take appropriate steps to ensure that such third-parties treat your personal data with the same consideration that we do.
As a Self-Regulatory Organization licensed by the SEC and as the independent audit, surveillance, and compliance unit of the PSE, CMIC may disclose to the public through our Website or the website of the PSE, or disclose to SEC, third-parties, courts, or other government agencies such as the SSS your personal data pursuant to the SRC, 2015 SRC IRR, our Rules, when mandated to do so by the SEC or by other government agencies, other applicable laws, upon order of the court, or with your authorization.
We may disclose aggregated information that does not identify, or when combined with other information, does not directly and certainly identify any individual.
If you do not wish to accept cookies in connection with your use of our Website, you must stop using our Website or you should disable or delete the cookies associated with our Website by changing the settings on your web browser. Please be informed however that if you will disable cookies, certain functions and pages on our Website will not work in the usual way. To disable cookies, please visit the "Help" or "support" section of your browser to manage your cookies settings, for example:
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies;
- Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies;
- Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647.
Types of cookies usedOur Website uses both persistent and session cookies. A persistent cookie enables our Website to remember you on subsequent visits, resulting in faster and more convenient access to the services or functions offered by our Website. Persistent cookies stay in your browser until you delete them manually or your browser deletes them on expiry date. Session cookies are temporary cookies that are erased when you close your browser. A session cookie is essential to ensure the correct functioning of our Website and it is used to manage registration/login and access to the Website's reserved features. A complete list of the cookies we use is set out below, which list is subject to change from time to time.
List of Cookies
VI. Protection MeasuresWe store personal data collected in electronic and paper formats. The security of your personal data is important to us and we take reasonable and appropriate steps or measures to protect it from misuse, interference, loss, unauthorized access, modification, and unauthorized disclosure by (a) enforcing and establishing limitations, when applicable, on access to personal data; (b) documents storage security policies; (c) security measures to control access to our systems and premises; (d) stringent selection of third-party data processors and agents; (e) non-disclosure clauses in agreements and confidentiality agreements; (f) data privacy trainings of our officers and employees; and (g) technology-based security tools or measures to protect our Website, information communication technologies, systems, and data.
We may store your personal data physically or electronically with third-party data storage service providers. For this purpose, we require non-disclosure agreement and make use of contractual arrangements to ensure those providers to take necessary and appropriate measures to protect that information and to restrict its access or use.
We will not keep personal data longer than is necessary for the purpose for which they were collected, unless required otherwise by the SRC, 2015 SRC IRR, our Rules, other applicable laws, or rules and regulations. We will take reasonable steps to safely destroy or permanently de-identify personal data if it is no longer needed.
VII. Rights as Data Subject under DPAYou have rights as a data subject provided under Section 16 of the DPA and Section 34, Rule VIII of the IRR such as:
- right to be informed of the processing of your personal data;
- right to object to its processing, except (i) when it is needed pursuant to a subpoena, or (ii) when processing is for obvious purposes, including when it is necessary for the performance of or in relation to a contract or service or when necessary or desirable in the context of an employer-employee relationship, or (iii) when the information is being collected and processed as a result of legal obligation;
- right to suspend, withdraw or order the blocking, removal or destruction of personal data from the filing system upon discovery and substantial proof that the personal data is either: (a) incomplete, out-dated, false, unlawfully obtained; (b) being used for unauthorized purposes; (c) personal data is no longer necessary for the purposes for which they were collected; (d) the data subject withdraws consent or objects to the processing and there is no other legal ground or overriding legitimate interest for the processing; (e) when the personal data concerns private information that is prejudicial to data subject, unless justified by freedom of speech, of expression, or of the press or otherwise authorized; (f) processing is unlawful; or (g) when the personal information controller or personal information processor violated the rights of the data subject;
- right to be indemnified for any damages sustained due to such inaccurate, incomplete, out-dated, false, unlawfully obtained or unauthorized use of personal data;
- right to reasonable access to your personal data that we store and process;
- right to dispute any inaccuracy or error of your personal data in our records and to have it rectified immediately unless the request is vexatious or otherwise unreasonable;
- right to data portability of your personal data when it is processed by electronic means and in a structured and commonly used format; and
- right to lodge a complaint before the National Privacy Commission in case of violation of your rights.
If you want to access, update, or correct inaccuracies in your personal data, or have your personal data removed from our databases under any of the grounds provided above, please email us at firstname.lastname@example.org and we will act on your request unless there are practical, contractual or legal reasons why we cannot process your request. We also reserve the right to refuse requests which, in our opinion, occur with unreasonable frequency or otherwise are unreasonable. For purposes of your request, kindly use the applicable form provided below:
Request to Access Personal Data
Request to Correct or Delete Personal Data
Request to Cease Processing of Personal Data
You may also contact the National Privacy Commission at:
Email: email@example.com or firstname.lastname@example.org
Address: 5th Floor Delegation Building, PICC Complex, Roxas Blvd, Pasay, Metro Manila 1307