Privacy Policy

Who we are

Apo Agua Infrastructura, Inc. is fully committed to comply with the Republic Act 10173 – Data Privacy Act of 2012. We abide by its Implementing Rules and Regulations through the data privacy and protection policies that we have adopted internally.

From time to time, it may be necessary for you to provide personal data in connection with your visits to our company website and portals, our offices, with your direct or indirect dealings with our Company, our officers and employees, and in your browsing activities through any of our website or mobile applications, as a customer, an investor, a shareholder, job applicant or in any relevant capacity.

Our website address is: http://10.127.44.115:9190.

What personal data we collect and why we collect it

We may collect and process personal data from you in the ordinary course of the Company’s business which may include, to the extent necessary to respond to your requests, queries, and concerns, basic information such as your name, residence, and contact details, and sensitive personal information such as your age, marital status, tax identification number, government-issued identification cards, financial information, tax returns, educational background, and work history, among others (collectively, your “Personal Data”).

When you visit our websites or use any of our mobile applications, other information that may also constitute Personal Data, such as your browser type, operating system, IP address, domain name, number of times and dates you visited the website or accessed the mobile application, and the amount of time you spent browsing through the website or mobile application, may be collected via cookies and other tracking technologies, such as transparent GIF files. Aggregate Information or non-personally identifiable and anonymous data, such as how many times you log onto our websites or mobile applications, may also be collected.

How we use cookies and tracking technologies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Cookies allow websites to recognize your computer when you return, enabling it to display personalized settings and other user preferences. It also allows websites to respond to you as an individual. The websites and apps can tailor operations to your needs, likes, and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being visited. This helps us to analyze data about web page traffic and to improve our website in order to tailor it to your needs. We only use this information for statistical analysis purposes after which, the data is removed from the system.

In general, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You will be given the opportunity to accept or reject the use of cookies on our websites in a pop-up box when you first access our website. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Most web browsers, however, automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. You may choose not to accept the cookies, however, this may restrict the services that you can access at our websites. Declining cookies may also prevent you from taking full advantage of our websites.

How we use the personal data we collect

When necessary, we request for your Personal Data for us to understand your needs and provide you with a better service, and in particular for the following purposes:

  1. Creating, managing, and maintaining your account and customer record;
  2. To be used as a reference for concerns related to your customer application process, consumption, billing, collection of payments, and related matters;
  3. For keeping an internal record for confirming, maintaining, verifying, or updating our customer records, statistical analysis, and internal reporting;
  4. For customer relationship management purposes, such as updating you on our activities in connection with our services, and responding to customer concerns;
  5. For marketing-related communications including via email, postal mail, social media platforms, and text or direct messages;
  6. For service and customer care improvement;
  7. Communicating with or contacting you with regard to your account with us;
  8. Facilitating the establishment and exercise of legal claims; 
  9. Complying with all legal and regulatory requirements; and
  10. Complying with and responding to legal processes or lawful orders of any judicial or quasi-judicial bodies.

Security and retention of personal data

We are committed to ensuring that your Personal Data is kept secure. We have implemented suitable and adequate organizational, physical, and technical security measures, policies, and procedures intended to reduce the risks of accidental destruction or loss, or the unauthorized disclosure or access to such information which are appropriate and adequate to the nature of the Personal Data we collect.

We may retain your Personal Data only for as long as necessary for legitimate business purposes, to comply with laws, regulations, or lawful court order, or to establish or defend a legal action and will be disposed thereafter according to the disposal policy.

Disclosure of personal data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

We may share with or disclose your Personal Data to:

  1. Any of our affiliates or subsidiary only for the purposes we have collected your Personal Data;
  2. Any agent, contractor, or sub-contractor performing services related to stockholders’ services;
  3. Any consultant, adviser, auditor, or service provider we engaged to carry out functions or activities related to our legitimate business activities;
  4. Any person to whom we propose to assign or transfer any of its rights and/or duties;
  5. Any court of law or administrative agency of the government pursuant to a lawful order issued in relation to a pending case or proceeding before such court or agency;
  6. Our lenders or creditors, underwriters, as well as the consultant, adviser, or, auditor of the foregoing;
  7. Your lawyer, attorney-in-fact, or duly authorized agent or representative, upon presentation of a duly executed special power of attorney;
  8. Any regulatory, quasi-judicial, or judicial authority, or as otherwise considered necessary or appropriate for our legitimate business purposes.

Any access to Personal Data will be limited to the person who requires your Personal Data to perform the functions for which personal information has been collected, and as required or allowed by law. We do not sell, trade, or otherwise transfer your Personal Data to third parties. If shared, we will, at your request, provide you with details of the companies with whom we have shared your Personal Data.

Notification of changes

We may amend or update this privacy statement from time to time as may be necessary. We recommend that you check this privacy notice every time we advise you of any change.

Requests, access, recourse and questions regarding this privacy statement

You are entitled to request that we:

  1. provide you with a copy of your Personal Data that we hold and inform you of: 
    • the source of your Personal Data;
    • the purposes and methods of processing;
    • the data controller’s identity and
    • the entities or categories of entity with whom your Personal Data may be shared;
  2. cease processing your Personal Data, in whole or in part, as you direct us, for any purpose, save to the extent it is lawful to do so without consent under the Data Privacy Act of 2012;
  3. do not transfer your Personal Data to third parties for the purposes of direct marketing or any other purposes you have not consented to;
  4. correct any errors in your Personal Data; and
  5. update your Personal Data as required

If you have questions, concerns, or complaints regarding our compliance with the Data Privacy Act of 2012 or if you wish to exercise your rights to access, rectification, object, portability, or deletion in instances allowed under the law, you may contact us through our Data Privacy Officer by way of any of the following channels:

If you have questions, concerns, or complaints regarding our compliance with the Data Privacy Act of 2012 or if you wish to exercise your rights to access, rectification, object, portability, or deletion in instances allowed under the law, you may contact us through our Data Privacy Officer by way of any of the following channels:

AIC Data Protection Officer

Mailing Address: NAC Tower, 32nd Street, Bonifacio Global City, Taguig City 1634

Email Address: aicdpo@aboitiz.com

Please use the following subject format:

Inquiry on Data Privacy

We will make every reasonable effort to respond to your request within 30 business days subject to legal and other permissible considerations. Should we need more time or information to fulfill your request, we may have an extension of up to 15 business days. During this time, we will communicate with you the reason for the extension. We will also investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data in accordance with the Data Privacy Act of 2012, its Implementing Rules and Regulations, and other data privacy and protection policies we have put in place. You may bring to the National Privacy Commission any complaint that cannot be resolved with us directly.

Know your rights

  1. Right to be informed

As data subjects, you have the right to be informed whether your personal data shall be, are being, or have been processed, including whether the processing was done through an automated decision-making system or profiling activity.

You can find this information in a privacy statement. This document is a demonstration of the data privacy principle of transparency, upholds your right, and every data subject’s right to information. It serves as a statement to data subjects describing how the organization collects, uses, retains, and discloses personal information.

Keep in mind that a privacy notice is not equivalent to consent. While consent may not be required in certain instances when it is not relied on as the basis for processing personal data, a privacy notice is required at all times in order for data subjects to be informed of the processing of their personal data and their rights as data subjects.

2. Right To Object

You have the right to object to the processing of your personal data if the basis is consent or legitimate interest such as direct marketing, profiling, and automated processing purposes.

In case of any significant change or amendment to the information previously provided to you, you must be notified anew in a reasonable manner. You must also be given an opportunity to object and/or withdraw consent, if consent was previously given for the processing of personal data.

If you expressed your objection, the organization shall stop the processing of personal data and comply with the objection. However, despite your objection, the organization may have other valid grounds to continue processing your personal data. For example, the processing is mandated by law or required in a judicial proceeding. In such instances, the organization must inform the data subject of the lawful basis or compelling reason for the continued processing of their personal data.

3. Right To Access

You have the right to reasonable access and confirm whether or not data relating to you are being processed, and you may request information about any of the following:

  1. The type and category of your personal information processed by the organization;
  2. Sources from which your personal information were obtained, if the data was not collected directly from you;
  3. Purposes of processing;
  4. Manner of processing
  5. Information on automated processing system, especially if the decision will be left solely based on the algorithm of such processing activity;
  6. Names and addresses of recipients of your personal information;
  7. Reasons for the disclosure of your personal information to recipients;
  8. Date when your personal information were last accessed and modified;
  9. Retention period for your personal information; and
  10. The designation, name or identity, and address of the organization’s data protection officer (DPO).

These information are usually found in the privacy notice or consent form that was given to you in observance of the data privacy principle of transparency and to uphold your right to information.

Note that you may only request to have access to your own personal data and other information listed above. You can not request to access information relating to any other individual.

4. Right To Rectification

You have the right to dispute the inaccuracy or error in your personal data and have the organization correct the same within a reasonable period of time. You also have the right to have incomplete personal data completed, including the means of providing a supplementary statement for the completion.

Note however that a request may be denied when obviously it is made with no real purpose other than to harass, cause annoyance, or hamper the delivery and performance of services of the organization.

5. Right To Erasure Or Blocking

You have the right to request for the suspension, withdrawal, blocking, removal, or destruction of your personal data from the organization’s filing systems.

This right may be exercised upon your discovery with substantial proof of any of the following:

  1. The personal data is:

  • incomplete, outdated, false, or unlawfully obtained;
  • used for an unauthorized purpose;
  • no longer necessary for the purpose/s for which they were collected; or
  • concerns private information that is prejudicial to you, subject to certain exceptional circumstance allowed under privacy law;

2. You object to the processing of your personal data and no other laws allow the processing of your personal data;

3. The processing is unlawful; or

4. The organization violated any of your rights as a data subject.

Organizations shall inform, in a reasonable manner, the current and previous recipients or third parties of your request and the erasure of your personal information. Where personal data that is the subject of your request for erasure is publicly available, the organization shall take reasonable and appropriate measures to communicate with other organizations responsible for making your personal information available to the public and request them to erase copies or remove search results or links to your personal data.

  • Right To Data Portability

You have the right to obtain from the organization a copy of your personal data and/or have the same transmitted to another organization in a commonly accepted electronic format that allows further use by the recipient that you choose. In order to exercise this right, processing must be based either on your consent or contract and the personal data must be processed by electronic means in a structured and commonly used format such as spreadsheets and pdf files.

  • Right To Be Indemnified

You have the right to dispute the inaccuracy or error in your personal data and have the organization correct the same within a reasonable period of time. You also have the right to have incomplete personal data completed, including the means of providing a supplementary statement for the completion.

  • Right To Lodge A Complaint

When there is a perceived violation of your rights, you may file a complaint with the National Privacy Commission (NPC). Take note that you must communicate your privacy concern with the concerned organization first and try to resolve the issue prior to escalation to NPC. In cases where you file a complaint for violation of your rights, and for any injury suffered as a result of the processing of your personal data, the NPC may award you indemnity for the damages you sustained.

Exercise your rights

  • WHO MAY EXERCISE THESE RIGHTS?

You as the data subject may exercise your privacy rights.
You may also authorize another person or entity to facilitate the exercise of your rights with specific and documented authorization.
The lawful heirs of a data subject may likewise exercise any of his or her rights, at any time after his or her death, or when he or she is incapacitated or incapable of exercising the same.

  • DO I NEED TO PAY A FEE TO EXERCISE MY RIGHTS?

Generally, organizations shall not charge any fee to fulfill the exercise of your rights, except when the request requires reasonable fees to cover administrative costs such as printing expenses, among others.

DO I NEED TO PAY A FEE TO EXERCISE MY RIGHTS?

Generally, organizations shall not charge any fee to fulfill the exercise of your rights, except when the request requires reasonable fees to cover administrative costs such as printing expenses, among others.

PERIOD TO COMPLY WITH THE REQUEST?

Requests shall be resolved within thirty (30) business days upon receipt of the accomplished request form.

An extension of fifteen (15) business days may be given depending on the nature of the request i.e., complex or numerous. You or your authorized representative will be notified in case of extension and the reason for such.

Requests shall be resolved within thirty (30) business days upon receipt of the accomplished request form.
An extension of fifteen (15) business days may be given depending on the nature of the request i.e., complex or numerous. You or your authorized representative will be notified in case of extension and the reason for such.

  • DENIAL OF REQUEST?

Organizations may deny or limit your requests if:

  1. Information is publicly available. In such case, the organization will point you to the publicly available information;
  2. Your request has been previously granted, unless a reasonable period of time has passed from the previous request;
  3. Your request will entail disproportionate effort;
  4. When your request is made with no real purpose other than to harass, cause annoyance, or hamper the delivery and performance of service;
  5. Your request will contrast the need to fulfill the purpose/s for which the data was obtained;
  6. Your request will violate the organization’s compliance obligation which requires the processing of your personal data;
  7. Your request is contrary to legitimate business purposes of the organization that is consistent with the applicable industry standard for personal
  8. data retention;
  9. Denial or limitation is provided by any existing law, rules, and regulations; and
  10. Your request will adversely affect the rights and freedoms of other data subjects.
  11. When your request is denied, you will be clearly and fully informed of the reason for the limitation or denial.

CONTACT US

You may send your queries to:

AIC Data Protection Officer

Mailing Address: NAC Tower, 32nd Street, Bonifacio Global City, Taguig City 1634

Email Address: aicdpo@aboitiz.com

Please use the following subject format:

Inquiry on Data Privacy