Last Update: January 28, 2022
I. Purpose and ScopeThe Capital Markets Integrity Corporation and its parent company, The Philippine Stock Exchange, Inc., (''PSE''), (collectively, ''CMIC'', ''we'', ''us'' or ''our''), are committed to respect and protect its stakeholders' personal data in accordance with the Data Privacy Act of 2012 (''DPA'') and its Implementing Rules and Regulations (''IRR''). We will keep secure and confidential all personal data obtained over the course of performing official functions or that CMIC may collect, unless required to be disclosed by law, court, rules and regulations, or with your authorization.
Personal data refers to all types of personal information or any data about an individual who can be identified from that data, as more specifically defined under the DPA.
- Submit or request document or information or when you download forms from our website;
- Submit comments to any draft rules and regulations, circulars, or other issuances;
- Apply for employment, appointment, or training or are employed or appointed;
- Disclose pursuant to, comply with, or when we enforce compliance with the Securities Regulation Code (''SRC''), 2015 Implementing Rules and Regulations of the SRC ("2015 SRC IRR"), Rules of the CMIC (''CMIC Rules''), Anti-Money Laundering Act (''AMLA''), as amended, 2018 Implementing Rules and Regulations of the AMLA (''2018 AMLA IRR'') and its amendments, PSE Revised Trading Rules, PSE Implementing Guidelines of the Revised Trading Rules, Consolidated Listing and Disclosure Rules of the PSE, PSE Rules on Direct Market Access, and other applicable PSE Rules (collectively, ''PSE Rules''), and other issuances of the CMIC, Securities and Exchange Commission (''SEC''), PSE, and Anti-Money Laundering Council (''AMLC'');
- Trade/buy or sell shares listed with the PSE through your broker dealer or trading participant (''TP'');
- Operate, manage, or own a TP or work in a TP in any capacity;
- When trading transactions involving securities of listed companies (''LC'') or when the TP is under audit, examination, monitoring, market surveillance, official inquiry, or investigation;
- File a complaint, inquiry, or investor's claim against closed TPs;
- Register, participate, or attend any of our trainings, workshops, seminars, webinars, meetings, or other events of the CMIC or organized by the PSE;
- Visit our premises;
- Supply us with your products or services; or
- Visit, fill-up an online form, apply for employment and upload a curriculum vitae (''CV''), or use our website - www.cmic.com.ph
how we use, store, modify, retain, disclose, and process your personal data, our legal bases for processing, cookies that we use, how we protect your personal data, your rights under the DPA, and the means by which you can control, to a certain extent, these processes.
II. Personal Data that CMIC collects and processes
CMIC collects personal data fairly and lawfully. The legal bases for our collection and processing of your personal data will be one of the following:
- To fulfil our contractual obligations to you, for example to allow you to supply us with your products or services or in relation to the performance of our functions;
- To comply with our legal and/or regulatory obligations, for example obtaining your name to enable us to meet our obligations under the SRC, 2015 SRC IRR, CMIC Rules, or various applicable laws such as the Revised Corporation Code of the Philippines or the National Internal Revenue Code of 1997 (''NIRC''), as amended, or as a result of or in order for us to conduct audit, monitoring, examination, official inquiry, or investigation;
- To meet our legitimate interests, for example we want to know how you use our website in order for us to enhance our website, services, or performance of our functions, or to create new ones; to carry out our official functions effectively; to convey to you the issues or concerns relating to our audit, monitoring, examination, official inquiry, or investigation involving you, your trading transactions, or activities or involving your company; to inform you about our seminars, webinars, workshops, or updates of our events that you are interested in; and to maintain our records. When we process personal data based on this ground, we implement necessary safeguards which are designed to protect your privacy interests, freedoms, and fundamental rights protected under the 1987 Constitution;
- When processing of your personal data is provided for by existing laws and regulations such as in relation to your employment, operation and ownership of a TP, or for compliance by CMIC, LCs, and TPs, including by PSE, as applicable, with the SRC, 2015 SRC IRR, AMLA, as amended, 2018 AMLA IRR and its amendments, PSE Rules, CMIC Rules, and other applicable laws and regulations; and
The personal data that CMIC may collect from you depend on the nature and purpose of your interaction, transaction, application, or relationship with CMIC. The personal data consist of, but not limited to, the following:
- Your full name, nickname, addresses (email, office, and residence), contact numbers (work, home, and mobile), title or job title, designation, and biometrics;
- Photograph, video footage through closed-circuit television system (''CCTV''), signature, gender, religion, employee number, company name, and company address;
- Payroll information, payroll history, financial benefits, rank, bank account number, loan records, tax information number, tax status, and other financial information;
- Citizenship/nationality, information indicated in government, company, or school issued identification document/card, birthday, age, education, family background, affiliated organizations, health data, employment history, and other CV related information;
- Government-issued numbers such as, but not limited to, license numbers issued by the SEC (Associated Persons and Salesmen), Social Security System, Land Transportation Office, and by the Professional Regulation Commission, Roll of Attorney's number, and passport information;
- administrative or legal proceedings, cases, or sentences/penalties imposed; and
- Any additional personal data that you may provide through your correspondence(s) with us in connection with your concerns which we shall also consider and treat as personal data.
Your personal data are collected by CMIC either through any of the following instances:
- Directly from you or your duly-authorized representative, or from PSE, external auditor, or third-party service providers (collectively, ''related parties''), collected and disclosed with your consent or authorization,
- From TPs or third-parties such as but not limited to LCs to whom you have given consent to transmit your personal data to CMIC;
- Through contracts, agreements, or other legal arrangements you or your authorized person has with CMIC or its related parties;
- CCTV cameras; or
III. Purposes of the collection, use, storage, processing, and disclosure of personal dataThe CMIC collects, uses, stores, retains, modifies, processes, and discloses your personal data (proportionate to specific purposes) for various lawful and legitimate purposes such as but not limited to:
- Provide you with our services such as seminars, workshops, or webinars, or in order for us to improve said services;
- Conduct of audits of TPs, market surveillance or monitoring, official inquiry, or investigation of market irregularities or complaints;
- Undertake review and evaluation of application/s submitted to CMIC, including the conduct of background checks about you, when necessary or required;
- Convey to you matters pertinent to your relationship with or interest in CMIC or to act on your request/s or applications;
- Fulfil contractual or legal obligations under the contract, agreement, or other legal arrangement entered into between you and CMIC or with PSE;
- Conduct of audit and review of our processes and systems for purposes of managing risks, strategic and action planning, and compliance;
- Protect and enforce contractual and legal rights and obligations of CMIC and to allow CMIC's compliance therewith;
- Comply with applicable laws, rules and regulations, circulars, codes of practice or corporate governance, guidelines, or policies issued by regulatory bodies, or to assist in law enforcement investigations or inquiries by SEC or by relevant authorities, including assistance in court proceedings when there is a subpoena;
- Prevent, detect, and investigate offenses, crimes, or violations of our policies, CMIC Rules, or applicable laws or regulations, including assessment and management of business risks arising from said offenses or violations;
- Manage the safety and security of CMIC's premises, information communication technologies, data, assets, systems, services, personnel, and guests;
- Send you the result of our audit, market surveillance or monitoring, any inquiry or investigation conducted, or about our services or events that may be relevant to you;
- Allow your use, access, or visit of our website;
- Implement and enforce CMIC Rules, PSE Rules, relevant provisions of the SRC, 2015 SRC IRR, AMLA, as amended, and 2018 AMLA IRR and its amendments, memorandum circulars, guidelines, policies, and other issuances of the CMIC, PSE, AMLC, and SEC, and for compliance purposes by TPs and, as applicable, by LCs with the foregoing; or
- Any other purposes necessarily related or incidental to any of the foregoing.
IV. Disclosure of personal dataAs applicable and whenever necessary, we will share your personal data within CMIC or disclose to PSE, Securities Investors Protection Fund, Inc. (''SIPF''), Securities Clearing Corporation of the Philippines, Premier, and/or related parties in order to provide you with our services, to enable us to undertake or carry out our functions, to continue your relationship or transaction with us, as required by the nature of your application or concern, as required by the SRC, 2015 SRC IRR, CMIC Rules, PSE Rules, SCCP Rules and Regulations, or New Rules and Regulations for the Implementation of the SIPF, for information technology support, for security purposes, or with your authorization or consent. Access to your personal data is limited to those employees, officers, directors, agents, and contractors of CMIC who need access to your personal data in order for us to act on your application or request, to perform our functions, and to carry out legal and regulatory obligations of CMIC. Only personal data pertinent or relevant to the purpose is shared.
The CMIC may also share your personal data to third-parties with your consent for the purposes for which the personal data were collected and for any other reasonable purposes relevant or necessary thereto. We use the services of third-party service providers to help us in certain areas, such as but not limited to, physical security, various maintenance needs, storage and records management, health maintenance coverage, insurance, and background checks. Where third-party service providers receive your personal data we will remain responsible for the use of your personal data. We also take appropriate steps to ensure that such third-parties treat your personal data with the same consideration that we do.
As a Self-Regulatory Organization licensed by the SEC and as the independent audit, surveillance, and compliance unit of the PSE, the CMIC may disclose to the public through our website or the website of the PSE, or disclose to the SEC, third-parties, courts, or other government agencies such as the SSS or BIR, as applicable, your personal data pursuant to the SRC, 2015 SRC IRR, CMIC Rules, PSE Rules, when mandated to do so by the SEC or by other government agencies, other applicable laws such as the AMLA, as amended, or NIRC, as amended, upon order of the court, or with your authorization.
We may disclose aggregated information that does not identify, or when combined with other information, does not directly and certainly identify any individual.
If you do not wish to accept cookies in connection with your use of our website, you must stop using our website or you should disable or delete the cookies associated with our website by changing the settings on your web browser. Please be informed however that if you will disable cookies, certain functions and pages on our website will not work in the usual way. To disable cookies, please visit the ''Help'' or ''support'' section of your browser to manage your cookies settings, for example:
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies;
- Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies;
- Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647.
Types of cookies usedOur website uses both persistent and session cookies. A persistent cookie enables our website to remember you on subsequent visits, resulting in faster and more convenient access to the services or functions offered by our website. Persistent cookies stay in your browser until you delete them manually or your browser deletes them on expiry date. Session cookies are temporary cookies that are erased when you close your browser. A session cookie is essential to ensure the correct functioning of our website and it is used to manage registration/login and access to the website's reserved features. A list of the cookies we use is set out in the table below, which list is subject to change from time to time.
List of Cookies
VI. Protection MeasuresWe store personal data collected in electronic and paper formats. The security of your personal data is important to us and we take reasonable and appropriate steps or measures to protect it from misuse, interference, loss, unauthorized access, modification, and unauthorized disclosure by (a) enforcing and establishing limitations, when applicable, on access to personal data; (b) documents storage security policies; (c) security measures to control access to our systems and premises; (d) stringent selection of third-party data processors and agents; (e) non-disclosure clauses in agreements and confidentiality agreements; (f) data privacy trainings of our officers and employees; and (g) technology-based security tools or measures to protect our website, information communication technologies, systems, premises, and data.
We may store your personal data physically or electronically with third-party data storage service providers. For this purpose, we require non-disclosure agreements and make use of contractual arrangements to ensure that those providers will take necessary and appropriate measures to protect that information and to restrict its access or use.
We will not keep personal data longer than is necessary for the purposes for which they were collected, unless required otherwise by the SRC, 2015 SRC IRR, CMIC Rules, and other applicable laws or rules and regulations. We will take reasonable steps to safely destroy or permanently de-identify personal data if it is no longer needed.
VII. Rights as Data Subject under DPAYou have rights as a data subject provided under Section 16 of the DPA and Section 34, Rule VIII of the IRR such as:
- Right to be informed of the processing of your personal data;
- Right to object to its processing, except (i) when it is needed pursuant to a subpoena, or (ii) when processing is for obvious purposes, including when it is necessary for the performance of or in relation to a contract or service or when necessary or desirable in the context of an employer-employee relationship, or (iii) when the information is being collected and processed as a result of legal obligation;
- Right to suspend, withdraw or order the blocking, removal or destruction of personal data from the filing system upon discovery and substantial proof that the personal data is either: (a) incomplete, out-dated, false, unlawfully obtained; (b) being used for unauthorized purposes; (c) personal data is no longer necessary for the purposes for which they were collected; (d) the data subject withdraws consent or objects to the processing and there is no other legal ground or overriding legitimate interest for the processing; (e) when the personal data concerns private information that is prejudicial to data subject, unless justified by freedom of speech, of expression, or of the press or otherwise authorized; (f) processing is unlawful; or (g) when the personal information controller or personal information processor violated the rights of the data subject;
- Right to be indemnified for any damages sustained due to such inaccurate, incomplete, out-dated, false, unlawfully obtained, or unauthorized use of personal data;
- Right to reasonable access to your personal data that we store and process;
- Right to dispute any inaccuracy or error of your personal data in our records and to have it rectified immediately unless the request is vexatious or otherwise unreasonable;
- Right to data portability of your personal data when it is processed by electronic means and in a structured and commonly used format; and
- Right to lodge a complaint before the National Privacy Commission (''NPC'') in case of violation of your rights.
If you want to access, update, or correct inaccuracies in your personal data or have your personal data removed from our databases under any of the grounds provided above, please email us at firstname.lastname@example.org and we will act on your request unless there are practical, contractual, or legal reasons why we cannot process or grant your request. We also reserve the right to refuse requests which, in our opinion, occur with unreasonable frequency or otherwise are unreasonable. You may lodge a complaint before the NPC in case of violation of your rights as data subject. For purposes of your request, kindly use the applicable form provided below:
Request to Access Personal Data
Request to Correct or Delete Personal Data
Request to Cease Processing of Personal Data
You may also contact the National Privacy Commission at:
Email: email@example.com or firstname.lastname@example.org
Address: 5th Floor Delegation Building, PICC Complex, Roxas Blvd, Pasay, Metro Manila 1307