Privacy Statement for shareholders
We value the privacy of every individual shareholder of Meralco and their authorized representatives as well as the officers, employees, attorneys-in-fact, trustees, and authorized representatives of juridical entities that own Meralco shares. We make sure that copies of personal data that we either receive directly from our shareholders through subscription agreements or sourced from regulatory disclosures are maintained in secure storage spaces, whether physical or electronic. Whenever we are required by law to disclose information about our shareholders in reportorial requirements, in view of Meralco’s capacity as a publicly listed company, we only share information to government agencies and the general public that are specifically stated in the applicable rules and regulations.
We collect your personal data in the course of, or incidental to the conduct of, our business with you. These data include any other information that you voluntarily provide to us for any legitimate purpose declared at the point of collection as well as information about you that we received from third parties and other sources where the disclosure was subject of a consent that you gave separately or a legal requirement.
We will be collecting the following information from you:
Information you submit to us when you become a shareholder of or while being a shareholder of MERALCO like your name, address, contact details, marital status, government-issued identification information, bank account information, and if applicable, details of your authorized representative and heir/s;
Information provided to us by your broker or by the Company’s stock transfer agent.
We store, process, and/or analyze the personal data collected for some legitimate purpose, related or incidental to the conduct of our business, including maintaining safety and security within the Company premises.
Specifically, we may store, process, and/or analyze your personal data for the following and any other legitimate purposes related to the fulfillment thereof:
To manage investor relations. We process your personal data to maintain your account and our relationship, to administer the shareholder register, to facilitate payment of your dividend or any other amounts related to your shareholdings, to coordinate with your broker or our stock transfer agent for your concerns, and to comply with legal or disclosure requirements.
To improve our stakeholder engagement. We process your data to facilitate communications with you, including responding to your queries and requests, sending notices of general meetings, annual reports, and shareholder circulars to you, registering shareholders at general meetings and shareholders’ events including without limitation to verification of your identity and/or your proxy.
1Data Subject - vendors, suppliers or contractors, and consultants
2 As needed / as applicable
3 When applicable, data sharing or outsourced processes are covered by DSA, NDA, and/or OAs
Note: Privacy Notice is process specific while the Privacy Statement is a public commitment to data privacy
Employees, Authorized Representatives, Trainees, and Consultants
We ensure that our employees and trainees commit to observe the privacy policies of the Company. We require our Authorized Representatives and Consultants to sign a Non-Disclosure Agreement (NDA), to ensure that they process your data confidentially in a manner consistent with the purpose of their employment or engagement.
Contractors, and Business Partners, including Auditors
We require our contractors, subsidiaries, and business partners, through a Data Processing, Data Sharing, or Outsourcing Agreements, as applicable, and/or Non-Disclosure Agreement (NDA), to secure and keep your data confidential. We take your privacy seriously so punitive or legal action will be initiated in case of proven misdeed. Moreover, we do not allow our contractors, subsidiaries, and business partners to disclose or share your data to others, or to use it for their own purposes, without your consent.
Your information may also be disclosed to government entities pursuant to and in compliance with applicable laws and regulations, subpoena or court order.
Unless you provide specific consent or except in instances allowed under the Data Privacy Act, we will not:
Share your personal data with our business partners and other third parties for their own commercial purpose or benefit;
Use your personal data to enable third-party targeted advertisements which are not related to our business.
In case data sharing, including cross-border transfer, is allowed, we shall ensure the protection of your data through appropriate Data Sharing Agreements and commit to give you prior notice to any such transfer and processing of your data.
We are committed to ensure the integrity, confidentiality, availability, and security of your information. We implement reasonable organizational, physical, and technical security measures in collecting, processing, transmitting, storing, and disposing your personal data such as using secure servers, firewalls and security controls and ensuring regular conduct of audit and testing of our security protocols.
For an enhanced online experience, our services are available through compatible devices, such as laptops, PCs, tablets, and mobile phones. For your added security, we recommend that you install anti-virus software on any such device before accessing the internet.
You are responsible for the security of your information once it reaches you or your representative in any medium, including but not limited to written correspondences, bills, emails, system applications, and on-line accounts. You should take appropriate measures to ensure that any medium or device you use to monitor or manage your account is secure and not accessible to anyone without permission.
We keep your personal data only for as long as necessary:
for the fulfillment of the declared, specified, and legitimate purposes provided above, or when the processing relevant to the purpose has been completed or terminated;
for the establishment, exercise, or defense of legal claims; or
for other business purposes, that are consistent with standards established or approved by regulatory agencies governing Meralco.
Thereafter, your personal data shall be disposed of or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public.
Since the outbreak of the coronavirus disease in 2019 (COVID-19), Meralco has actively cooperated and coordinated with government authorities in containing the spread of the virus and ensuring the safety and well-being of the persons it services, employs, and otherwise transacts with. The occupational safety of its employees and the general well-being of its data subjects are now among the primary concerns of Meralco, which prompted the Company to formulate policies and develop solutions for health monitoring of all its data subjects, as necessary. In collecting health information from its data subjects, Meralco shall always inform them about why, how, and where they will be used and shared, as discussed below.
We will be collecting the following health information from you as well as other relevant information:
Information you provide in Health Declaration Forms and Contact Tracing Forms as required by the Department of Trade and Industry (DTI) and Department of Labor and Employment (DOLE) Joint Memorandum Circular (JMC) No. 20-04-A Series of 2020, such as your full name, complete address, contact information, signature, COVID-19 exposure, health conditions, and travel history;
Information you provide in interviews to determine close contacts of a probable or confirmed COVID-19 case, including yourself; and
Information you give us when you visit the establishment or when you engage with Meralco and/or any of our representatives, through attendance records, CCTV footages, calendar of client meetings, and logbooks in facilities of exposure
We store, process, and/or analyze your personal data for the following purposes:
To conduct effective contact tracing and prevention and management of the spread of COVID-19 and other infectious diseases in Meralco offices and establishments;
To assist the government in providing effective response during the COVID-19 pandemic and other health crises that may be declared as a cause for state emergency including case investigations, treatment, and control and containment; and
To provide accurate and timely health information about notifiable diseases, and health-related events and conditions.
DTI-DOLE JMC No. 20-04-A
The DTI-DOLE JMC No. 20-04-A requires all private establishments to implement all necessary workplace safety and health programs, including COVID-related programs, at no cost to the employees. This includes remote management of cases and close contacts, isolation and referral, contact tracing, COVID-19 testing, occupational safety and health committees, notification and reporting, and disinfection and closure of buildings/workplaces.
Republic Act No. 11332
Under RA 11332, all public and private physicians, allied medical personnel, professional societies, hospitals, clinics, health facilities, laboratories, institutions, workplaces, schools, prisons, ports, airports, establishments, communities, other government agencies, and NGOs are required to accurately and immediately report notifiable diseases and health events of public health concern as issued by the DOH.
Republic Act No. 11058
RA 11058 requires all establishments, projects, sites, and all other places where work is being undertaken in all branches of economic activity to ensure a safe and healthful workplace for all working people by affording them full protection against all hazards in their work environment. This includes submitting all safety health reports, and notifications prescribed by the DOLE.
Unless you provide specific consent or except in instances allowed under the DPA, we will not:
Department of Health (DOH) and its partner agencies
We will share your information with DOH and its partner agencies for purposes of conducting contact tracing or management of probable, suspected, and confirmed COVID-19 patients. Meralco is mandated to report COVID-19 test results in the workplace in accordance with DOH Administrative Order No. 2020-0013, entitled “Revised Guidelines for the Inclusion of COVID-19 in the List of Notifiable Diseases for Mandatory Reporting to the Department of Health.”
Local government units (LGUs) or other authorized persons
We will also share your information to the local health office having jurisdiction over the workplace and the Barangay Health Emergency Team (BHERT) of your place of residence, in accordance with DOH DM No. 2020-0189.
We submit monthly reports of illness, diseases and injuries in the workplace to the Regional Office of the DOLE in accordance with the DTI-DOLE Interim Guidelines on Workplace Prevention and Control of COVID-19 using the Work Accident/Illness Report (WAIR) COVID-19 form.
We may share your information to our affiliate hospitals if, during health screening prior to your entry to any of the Company’s establishments or at any point that you voluntarily declare your health condition to us, we determine that you may need immediate medical assistance.
We may collect personal data and other information electronically through digital or online forms with privacy notices that provide a link to this Statement or a copy thereof placed at the point of data collection in a readable font and in an easy-to-understand presentation.
All personal data collected for contact tracing shall be retained only for the period allowed by existing government issuances. The DTI-DOLE JMC provides that personal data collected through the health declaration form or the contact tracing form shall be stored only for thirty (30) days from date of accomplishment.
All other personal data collected for the management of probable, suspected, and confirmed COVID-19 patients shall be stored only for as long as necessary or when the purpose for processing still exists. Thereafter, your personal data shall be disposed of or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public.
As an individual whose information we collect and store to fulfill our legitimate purposes, you have rights as a data subject under the DPA.
You have the right to be informed about how and why we collect your personal data. You also have the right to access a copy of your personal information in our possession; the right to withdraw consent that you previously gave; the right to have your information corrected if you believe that it is inaccurate or incomplete; and the right to erase or block your information from our databases.
We also recognize your right to data portability, also known as your right to obtain and electronically move, copy, or transfer personal data for further use. Furthermore, we also respect your right to file a complaint with the National Privacy Commission and your right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal information.
If you wish to request for a copy of your personal data, or have it corrected or deleted, or to exercise your rights as data subject, you may reach out to us through our Data Privacy Office. Meralco DPO will promptly respond to your request or questions, and also review any feedback that you may have about our Privacy Statement.
Data Privacy Office
Office: Lopez Building, Meralco Center, Ortigas Avenue, Brgy. Ugong, Pasig City, 1600
We uphold your right to be informed whenever we provide a link to or a copy of this Statement prior to collecting your personal data or as soon as reasonably practicable after collection. In processing your data for the specific purposes we discussed in this Statement and those that may be related to such purposes, we shall endeavor to prepare privacy notices that remind you how we collect, use, disclose, and process your personal data in the manner described in this Statement, including our procedures relating to cookies, IP addresses and log files. As to any other purpose that you may not find or cannot infer from this Statement, we shall take all reasonable efforts to obtain your permission through a separate consent form that may either require your signature or contain a button that you could click as proof of your consent.
From time to time, we may update this Statement to comply with applicable laws, rules, and regulations; to reflect any changes to the foregoing; to align with industry practices; or for other legitimate purpose.
You may view past versions of the Statement here.
This Statement shall be reviewed annually or as necessary, in light of the following:
changes to the DPA and its IRR
new issuances from the NPC
changes to the Company’s data processing activities
others that may impact this Statement