Privacy Statement for prospective and existing customers, including customers with terminated services
We value your data
We value the privacy of our individual customers and their authorized representatives, as well as the officers, employees, attorneys-in-fact, and authorized representatives of our corporate customers.
Collecting your personal data
From where we collect your data. We collect personal data through various channels, including:
- Business centers - during service application, request for service modifications (e.g., transfer, disconnection, reconnection), bill payments or billing inquiries, submission of concerns or feedback, account information updates, and availing of customer assistance programs.
- Official social media accounts of MERALCO – for sending inquiries or service requests, participating in customer engagement campaigns or surveys, and reporting service interruptions or concerns.
- Digital platforms – such as, but not limited to, My Meralco, for digital services like those processed in business centers, including service applications, account management, bills payment, outage reporting, concern management, and other customer interactions conducted through web-based services, chatbot platforms, and email support.
This data includes any other information you voluntarily provide for a legitimate purpose declared at the point of collection, as well as information about you that we received from third parties and other sources where the disclosure was subject to a consent that you gave separately, as the result of a legal requirement, or any legitimate purpose made known to you.
Transparency in processing. Whenever we collect personal data, we provide just-in-time privacy notices and consent forms, when applicable, at the point of collection.
Data minimization. The data we collect is only as much as is relevant and necessary to meet our processing purpose. We collect this personal data in the course of or incidental to our business with you.
The data we collect. Generally, we collect the following information:
- Information you provide to us when you apply for service, such as your name, address (i.e. postal address, geographical coordinates, and open location codes), phone number, email address, Tax Identification Number (TIN), government-issued identification information, evidence of authority to occupy (e.g., contract of lease, Transfer Certificate of Title, Special Power of Attorney (SPA), Undertaking / Authorization from owner of the premises) and, if applicable, details of your authorized representative and other documentary requirements.
- Information you provide in relation to the conduct of our business, such as regarding retail electricity supply or embedded generation.
- Billing and payment information used to process payment for your electric consumption and other liabilities, such as your banking (for auto debit arrangement) and credit card (for auto charge arrangement) information. However, details of the payment instrument (like prepaid card, debit card, credit card) used to pay your bills via the MERALCO Customer Portal are captured and processed by the payment gateway service provider.
You may view the privacy notice of Bayad Center, MERALCO’s payment processor, by clicking this link: Bayad Privacy Policy - Information to determine your eligibility and creditworthiness to participate in certain energy programs or services, such as peak-off-peak rates (POP), net metering, Interruptible Load Program (ILP), demand side management (DSM), etc.
- Information you provide us when you visit or use our company website, mobile and online applications, as well as our official social media accounts, such as when you contact us to lodge your concerns, register at our customer portal, or avail of our online application, outage notifications, and billing and/or payment services, including information generated through such activities or, more specifically, your device details: location, internet protocol address, transaction time stamp, device identification, device type, network identification, browser type, and operating software type.
- Information you give us when you communicate with MERALCO and/or any of our representatives, whether in our business centers (e.g. Relationship Managers), through our hotline (e.g. Call Center Representatives) or through our official social media accounts (e.g. Digital Agents), such as with respect to inquiries and concern details on the quality and reliability of electric service.
- Meralco-related information that you post in your social media accounts, such as your posts in X (previously Twitter), Facebook, YouTube, etc., that talk about your experience in transacting with Meralco and/or any of our representatives.
- Responses you or your representative provide when you participate in our customer surveys, promos, and loyalty programs, and when you interact with posts published in Meralco’s official social media accounts.
- Information you provide for verification purposes (e.g., to facilitate refunds), such as photocopy of a valid / government-issued identification card.
- Information you provide when you visit or use the Certified by Meralco (CBM) Platform to reach out to and tap energy service providers, contractors, developers, and designers to assist you in complying with various technical requirements before Meralco energizes your premises.
Purpose of Processing
We store, process, and analyze the collected personal data for legitimate purposes related to, or incidental to, our business operations, including maintaining safety and security within the company premises.
Specifically, we may store, process, and analyze your personal data for the following and any other legitimate purposes related to the fulfillment thereof:
- To perform our contractual and legal obligations to you. We process your personal data to evaluate your eligibility and creditworthiness for electric and other related services; to provide you quality, reliable and regular supply of electricity; and to continuously improve our business and operations as well as our products and services.
- To enhance your customer experience. We process your personal data to respond to your inquiry, concern, or complaint; to provide you information about our programs, service offerings, and other programs or promos that may interest you; to provide you assistance in complying with various technical requirements for energization; to send you messages related to your services including outage notifications, updates, alerts, and other information that you request; to understand your needs and preferences by analyzing your use of our products and services, your participation in our surveys and research activities, and your browsing behavior in our mobile and digital applications, company website, including its webpages, and official social media accounts; to address root causes of common concerns by analyzing Meralco-related information that you post in your social media accounts, so we can serve you better. Information collected from social media will not be used against you or to hold you in a negative light, except if the social media activity promotes fraud or any illegal act that can hurt others.
- To manage your account with us. We process your data to administer and update your customer data; to compute your electric consumption and facilitate your payment or claims, including acceptance of bill payments according to your enrolled payment mode (e.g., automatic debit from your bank account); to verify your identity when you access your account through the various customer engagement channels (e.g., e-mail, website, mobile application, via phone call, walk-in) and/or your eligibility to our programs, or entitlement to refunds and other claims; and to conduct meter-reading and meter installation. For our non-portal enrolled customers, we process your data to facilitate non-portal service notifications, including bill notifications, payment confirmation, payment reminders (Due Date, Overdue, Disconnection Notice), and outage notifications through your preferred engagement channel/s.
- To comply with applicable laws & regulations. We collect and process your personal data to comply with the existing laws, rules and regulations, as well as ordinances, issued or mandated by the government, all or any of its agencies and instrumentalities, national or local, e.g., submit reportorial requirements to regulatory bodies; initiate and/or facilitate various electricity programs; cooperate with law enforcement; and commit to the legal obligation of the Company in the protection of its customers: industrial, commercial, and residential, including those still applying for electric service. We shall, if summoned, disclose necessary information, subject to careful review by Company authorities and as mandated by law.
- To manage risks and prevent fraud. We collect and process personal data, including billing and payment history, to uphold the integrity of our operations and protect against fraudulent activities. This includes validating payment instruments, monitoring billing and payment behavior, and temporarily restricting check payments in cases of returned checks. These measures help prevent non-compliant transactions, ensure adherence to payment terms, and safeguard Meralco and its customers from financial and operational risks.
Where necessary, we may share relevant data with authorized parties to support these efforts. All processing activities are conducted to fulfill contractual obligations and protect our legitimate business interests, in accordance with applicable data privacy laws. These are subject to internal review and oversight to ensure fairness, proportionality, and accountability.
How do we process your personal data
1 Data Subject - Prospective, Existing, and Terminated Customers
2 As needed / as applicable
3 When applicable, data sharing or outsourced processes are covered by DSA, NDA, and/or OAs
Note: Privacy Notice is process specific while the Privacy Statement is a public commitment to data privacy
Sharing your personal data
Unless you provide specific consent or in instances allowed under law, we do not share your personal data with our business partners or other third parties for their own commercial purposes or benefit.
Additionally, we do not use your personal data to enable third-party targeted advertisements that are unrelated to our business.
When data is shared, especially across borders and jurisdictions, we ensure your data is protected through appropriate Data Sharing Agreements.
In the processing of your personal information, we may have to disclose your data to parties acting as personal information processors, which may fall across these broad categories:
- Authorized Representatives and Consultants. We ensure that our authorized representatives and consultants adhere to the same standards as our employees and trainees, and require them to commit to observing the company’s privacy policies. We require our Authorized Representatives and Consultants to sign a Non-Disclosure Agreement (NDA) to ensure that they process your data confidentially in a manner consistent with the purpose of their employment or engagement.
- Contractors and Business Partners, including Auditors. We require our contractors, subsidiaries, and business partners to secure and keep your data confidential through appropriate contractual and operational controls. We do not allow our contractors, subsidiaries, or business partners acting as personal information processors to disclose or share your data with others or use it for their own purposes. We take punitive or legal action in cases of proven misconduct.
In the processing of your personal information, such personal information may nonetheless be disclosed when legally required or when necessary to complete our commitment to provide services to you.
These entities to whom your personal data may be disclosed include:
- Government entities. Your information may also be disclosed to government entities pursuant to and in compliance with applicable laws and regulations, subpoena or court order.
- Homeowners’ Association (HOAs) and Building Administrators. We may share redacted field or work orders with HOAs and Building Administrators, strictly upon formal request and only when necessary. Prior to disclosure, documents are reviewed to ensure they do not contain any personal data such as names, contact details, or account numbers. Only information relevant to facilitate access, coordination, or compliance with property and security protocols of the subdivisions, condominiums, establishments, or other premises is shared in accordance with applicable data privacy laws.
Keeping your data secure
We are committed to ensuring the integrity, confidentiality, availability, and security of your information. We implement reasonable organizational, physical, and technical security measures in collecting, processing, transmitting, storing, and disposing your personal data such as using secure servers, firewalls and security controls and ensuring regular conduct of audit and testing of our security protocols. We only store your personal data in Meralco-owned and/or controlled data storage solutions.
For an enhanced online experience, our services are available through compatible devices, such as laptops, PCs, tablets, and mobile phones. For your added security, we recommend that you install anti-virus software on any such device before accessing the internet.
You are responsible for the security of your information once it reaches you or your representative in any medium, including but not limited to written correspondences, bills, emails, system applications, and on-line accounts.
You should take appropriate measures to ensure that any medium or device you use to monitor or manage your account is secure and not accessible to anyone without permission.
Retaining your personal data
We keep your personal data only for as long as necessary to fulfill the declared, specified, and legitimate purposes outlined above, or until the processing relevant to those purposes has been completed or terminated. We may also retain your data for the establishment, exercise, or defense of legal claims, or for other business purposes that align with standards established or approved by regulatory agencies governing Meralco.
For further information on our retention rules for documents with personal data, you may refer to our Retention and Disposal Rules for Service Application and Billing-Related Documents with Personal Data and Retention and Disposal rules for Payments-Related Documents with Personal Data.
Thereafter, your personal data shall be disposed of or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public.
Your data subject rights
If you wish to request a copy of your personal data, or have it corrected or deleted, or to exercise your rights as data subject, you may reach out to us through our Data Privacy Office (DPO). Meralco DPO will promptly respond to your request or questions and also review any feedback that you may have about our Privacy Statement.
Office:
Meralco Center Ortigas Avenue
Brgy. Ugong, Pasig City, 1600
We uphold your right to be informed whenever we provide a link to or a copy of this Statement prior to collecting your personal data or as soon as reasonably practicable after collection. In processing your data for the specific purposes we discussed in this Statement and those that may be related to such purposes, we shall endeavor to prepare privacy notices that remind you how we collect, use, disclose, and process your personal data in the manner described in this Statement, including our procedures relating to cookies, IP addresses and log files. As to any other purpose that you may not find or cannot infer from this Statement, we shall take all reasonable efforts to obtain your permission through a separate consent form that may either require your signature or contain a button that you could click as proof of your consent.
About this Statement
From time to time, we may update this Statement to comply with applicable laws, rules, and regulations; to reflect any changes to the foregoing; to align with industry practices; or for other legitimate purposes.
You may view past versions of the Statement here.
