Privacy Policy — PHINMA Insurance Brokers, Inc.

In compliance with the Data Privacy Act 2012, PHINMA Insurance Brokers, Inc. (formerly: T-O Insurance Brokers, Inc ) (“Company”) issues this Personal Data Protection Notice (“Notice”). This Notice sets our Company’s practice and procedure in collecting, processing and storing personal data about you when you avail of Company’s products and services, including but not limited into entering into a contract, participating in any activity, accessing its website and applying for a job.

This Notice, may from time to time be amended by the Company without any prior notice.

1. Collection of Personal Data

In the regular course of business, the Company will request that you provide certain personal information elements to enable us to enter into transactions with you or to deliver the necessary goods, services and/or communications in connection with such transactions. This information that may be collected are your name, age, date of birth, nationality, civil status, mailing address, email address, phone number, Passport No., Tax Identification Number or any other government-issued ID Nos., occupation, company/office information or any other personal details to help you with your experience. Similar information might be collected from your designated beneficiaries or persons you authorized to transact with the company on your behalf.

2. Use and Processing of Personal Data

The Company may use and process the personal data collected about you to allow us to assist you in complying with the requirements of your account, or for you to participate in the activity, other similar events to be held by the Company, including the publication of your name should you win the same, and other discounts, promos, sales, advertisements, marketing activities and commercial communications of the Company, including direct marketing. At all times, your personal data shall not be used or processed for any purpose that is contrary to law, morals, or public policy.

3. Sharing of Personal Data

The Company may share personal data with its affiliated entities to enable them to provide you personalized Services. The Company may also share personal data with vendors, consultants, marketing partners, and other service providers who need access to such information to carry out work on behalf of the Company. If and when it becomes necessary, a data sharing agreement shall cover any sharing of data between and among the Company and/or its vendors, consultants, marketing partners, and other service providers. The Company may also share information in accordance with any order from any relevant government agency as provided by law.

Medical Information Database (For Life, Medical and Personal Accident Insurance Policyholders)

Prior to the passage of DPA, life insurance companies have already been sharing medical information, including yours*, among themselves through an existing Medical Information Bureau (“MIB”) administered by the Philippine Life Insurance Association (“PLIA”). The sharing of medical information is being done in order to enhance risk assessment and prevent fraud.

In accordance with the Insurance Commission’s Circular Letter No. 2016-54 (to view, please visit www.insurance.gov.ph), your medical information, including those previously collected by the MIB, will be uploaded to a Medical Information Database (“MID”) accessible to life insurance companies for the purpose of enhancing risk assessment and preventing fraud. Once uploaded, all life insurance companies shall have limited access to your information in order to protect your right to privacy in accordance with the law.

• This refers to medical information and other relevant information of any previous application/s submitted to and/or policy/ies issued through the Company by our life insurance company partners, which have been the basis to decline, postpone, or rate the said application/s and/or policy/ies.

4. Storage and Protection of Personal Data

The Company has instituted policies and procedures which intend to protect personal data which it has collected and continues to collect. These include securing any document containing personal data, requiring the execution of non-disclosure agreements by its employees, consultants, vendors, suppliers and contractors, among others.

The Company’s websites are scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to said website as safe as possible. The Company also uses regular Malware Scanning. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the personal data confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. The Company implements a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information. All transactions are processed through a gateway provider and are not stored or processed on our servers.

While there will always be a risk of unauthorized disclosure of personal data, the Company believes that the foregoing safeguards are sufficient to prevent the occurrence of such risk and is committed to updating and improving such safeguards in order to protect your personal data in compliance with the Data Privacy Act.

5. Use of Cookies

Please note that in visiting the Company’s websites, cookies are utilized. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, the Company uses cookies to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved Services. The Company also uses cookies to help it compile aggregate data about site traffic and site interaction so that the Company can offer better site experiences and tools in the future.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies. If you turn cookies off, some features will be disabled. Some of the features that make your site experience more efficient and may not function properly.

6. Your Rights under the Data Privacy Act

As a data subject, you have the following rights under the Data Privacy Act:

You have the right to be informed of the collection and processing of your personal data, the purpose for which they will be processed, among others. Thus, you are required to read this privacy policy before giving your consent to the collection and processing of your personal data. If you have questions, please do not hesitate to ask us questions or clarifications and you may also contact our Data Protection Officer;
You have the right to object to the processing of your personal data. You will be given an option or opportunity to withhold your consent to the processing of your personal data whenever the Company communicates with you or by notifying our Data Protection Officer;
You have the right to have reasonable access to your personal data by notifying our Data Protection Officer;
You have the right to rectify or correct any inaccuracy or error in your personal data by submitting your request for rectification or correction to our Data Protection Officer;
You have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data in accordance with the requirements of the Data Privacy Act. Please notify our Data Protection Officer if you wish to exercise this right;
You have the right to obtain a copy of your data in an electronic or structured format if the same is processed by electronic means and in a structured and commonly used format by submitting your request to our Data Protection Officer; and
You have the right to be indemnified if you incur damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal data.

7. Contacting Us

If there are any questions regarding this privacy policy, you may contact our Data Protection Officer with the following contact details: