Big Glass Privacy Policy

This privacy policy outlines our commitment to businesses serviced by Big Glass in respect of the collection, processing, use, sharing disposal and destruction of Personal Data.

DEFINITION OF TERMS

Big Glass refers to Big Glass Infrasture, Inc. a growing data service and managed infrastructure provider and is the data controller.

Customer or Data Subject refers to business and individuals whose Personal Information, including Sensitive Personal Information or Privileged Information is Processed by Big Glass.

Data Privacy Act of 2012 refers to Republic Act No. 10173 and its implementing rules and regulations.

Data Protection Officer refers to an individual assigned by Big Glass who shall oversee the compliance of Big Glass with the Data Privacy Act, its Implementing Rules and Regulations, and other related policies, including the conduct of a privacy impact assessment, implementation of security measures, security incident and data breach protocol, and the inquiry and complaints procedure.

Personal Data refers to all types of Personal Information, including Privileged Information in the custody of Big Glass.

Personal Data Breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.

Personal Information refers to any information, whether recorded in a material form or not from which the identity of an individual is apparent, from which identity can be reasonably or directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

Privileged Information refers to any and all forms of data which, under the Rules of Court and other pertinent laws, constitute privileged communication.

Processing refers to any operation or any set of operations performed upon Personal Information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation use, consolidation, blocking, erasure or destruction of data

Sensitive Personal Information refers to Personal Information:

• About individual’s race, ethnic origin, marital status, age, color and religious, philosophical, or political affiliations;
• About individual’s health, education, genetic or sexual life, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
• Issued by government-issued peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
• Specifically established by an executive order or an act of Congress to be kept classified.

Security Incident refers to an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity, and confidentiality of Personal Data.

SECURITY MEASURES

Big Glass needs to collect, and hold Personal Information of Customers in order to provide Services. We treat this information with care, and in order to protect it from unauthorised disclosure, we take the following data security measures:

Data Protection Officer

A Data Protection Officer (DPO) shall be appointed by Big Glass at such time that this becomes a requirement of the Data Privacy Act. Until a DPO is appointed a Compliance Officer will fulfill the duties of the DPO.

Data Privacy Principles

The Processing of Personal Data within Big Glass will be conducted in compliance with the following data privacy principles as indicated in the Data Privacy Act:

PHYSICAL SECURITY MEASURES

Big Glass has developed and implemented policy and procedures to monitor electronic storage and/or filing cabinets which contain Personal Data and ensure that these facilities are accessible only by authorized personnel of Big Glass.

TECHNICAL SECURITY MEASURES

Big Glass shall continuously develop and evaluate our security policy with respect to the Processing of Personal Data to make sure that the Personal Information is secured or processed in accordance with the Data Privacy Act.

PROCESSING OF PERSONAL DATA

The kinds of Personal Information that Big Glass collects and holds

In order for Big Glass to provide services, we need to collect and hold Personal Information. That information may include Customer names, addresses, telephone numbers, including mobile numbers, email addresses, copies of government-issued identification, bank account or credit card details, password details for accessing Big Glass services. Details of your authorised representative may also be required in which case you must ensure that you have obtained their consent to Big Glass collecting and holding their Personal Information.

How Big Glass collects and holds Personal Information

Big Glass collects Personal Information from Customers when they apply for services, request technical assistance or request that their details be updated. This can occur over the telephone, through an online process, or through completion of a form.

Personal Information will be held in secure electronic databases and/or secure filing cabinets. Big Glass will use all reasonable endeavours to ensure that Personal Information is accessible only to appropriately authorised employees.

The purposes for which Big Glass collects, holds, uses and discloses Personal Information

Big Glass uses Personal Information for the following purposes:

• verification of identity;
• provide and develop services;
• administer and manage those services including charging, billing, obtaining payment, fault management, complaint handling and debt collection;
• communicate with Customers directly, via email, phone, SMS and by other means of communication about service usage, service charges, events, marketing material, Big Glass products and services, complaint and fault management, and other ways the service provided to you could be improved;
• conduct appropriate checks for credit worthiness and for fraud;
• as required or authorised by law; and
• to comply with requests for information issued to Big Glass by agencies and courts that are entitled to obtain the information.

The aforementioned uses may require disclosure of the Personal Information to third parties including:

• service providers who provide services to Big Glass;
• credit reporting agencies;
• third parties where Customer has given consent to the disclosure; and
• government, law enforcement and national security agencies and regulatory bodies where this is necessary for Big Glass to comply with our legal obligations.

Disclosure of Personal Information to overseas recipients

Big Glass may disclose your Personal Information to organisations located outside the Philippines in countries which do not have the same or substantially similar privacy laws, but only to the extent necessary to meet underlying business requirements in order to provide you with services detailed in a valid Service Agreement. Overseas organisations will be subject to their own laws and may be required to disclose information that we share with them. In those instances, Big Glass will not be responsible for that disclosure.

Big Glass may also store Personal Information in cloud storage or other types of networked or electronic storage. It is not always practicable to know in which country this information may be held, for example, when the Personal Information is stored in cloud storage infrastructure.

Storage, Retention and Destruction of Personal Information

Big Glass will ensure that Personal Data in the custody of Big Glass is protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful Processing. Big Glass will implement appropriate security measures in storing collected Personal Information, depending on the nature of the information. All information gathered shall not be retained for a period longer than necessary and/proportionate, subject to applicable requirements of the Data Privacy Act and other relevant laws and regulations. All hard and soft copies of Personal Information shall be disposed and destroyed, through secured means.

Big Glass will provide Customers access to their own Personal Information and Customers may request that such information be updated or corrected.

Big Glass will take all reasonable steps to ensure that Personal Information which we collect, use or disclose is accurate, complete and up-to-date. Customers may access and correct some of the Personal Information (such as contact details) that we hold by securely logging in to our website. Customers may also request that incorrect information be corrected or deleted by contacting Support.

PRIVACY RIGHTS OF THE CUSTOMER

Right to Be Informed

The Customer has a right to be informed whether Personal Data pertaining to him or her shall be, are being, or have been processed, including the existence of automated decision-making and profiling.

The Customer shall be notified and furnished with information indicated hereunder before the entry of his or her Personal Data into the processing system of the Big Glass, or at the next practical opportunity:

1. Description of the Personal Data to be entered into the system;
2. Purposes for which they are being or will be Processed, including Processing for direct marketing, profiling or historical, statistical or scientific purpose;
3. Basis of Processing, when Processing is not based on the consent of the Data Subject;
4. Scope and method of the Personal Data Processing;
5. The recipients or classes of recipients to whom the Personal Data are or may be disclosed;
6. Methods utilized for automated access, if the same is allowed by the Data Subject, and the extent to which such access is authorized, including meaningful information about the logic involved, as well as the significance and the envisaged consequences of such Processing for the Data Subject;
7. The identity and contact details of the Personal Data controller or its representative;
8. The period for which the information will be stored; and
9. The existence of their rights as Data Subjects, including the right to access, correction, and object to the Processing, as well as the right to lodge a complaint before the Commission.

Right to Object

The Data Subject shall have the right to object to the Processing of his or her Personal Data, including Processing for direct marketing, automated Processing or profiling. The Data Subject shall also be notified and given an opportunity to withhold consent to the Processing in case of changes or any amendment to the information supplied or declared to the Data Subject in the preceding paragraph.

When a Data Subject objects or withholds consent, the Personal Information Controller shall no longer Process the Personal Data, unless:

1. The Personal Data is needed pursuant to a subpoena;
2. The collection and Processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which the Data Subject is a party, or when necessary or desirable in the context of an employer-employee relationship between the collector and the Data Subject;
3. The information is being collected and processed as a result of a legal obligation.

Right to Access

The Data Subject has the right to reasonable access to, upon demand, the following:

1. Contents of his or her Personal Data that were processed;
2. Sources from which Personal Data were obtained;
3. Names and addresses of recipients of the Personal Data;
4. Manner by which such data were processed;
5. Reasons for the disclosure of the Personal Data to recipients, if any;
6. Information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the Data Subject;
7. Date when his or her Personal Data concerning the Data Subject were last accessed and modified; and
8. The designation, name or identity, and address of the Personal Information Controller

Right to Rectification

The Data Subject has the right to dispute the inaccuracy or error in the Personal Data and have the Personal Information Controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the Personal Data has been corrected, the Personal Information Controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by the intended recipients thereof: Provided, That recipients or third parties who have previously received such processed Personal Data shall be informed of its inaccuracy and its rectification, upon reasonable request of the Data Subject.

Right to Erasure

The Data Subject shall have the right to suspend, withdraw or order the blocking, removal or destruction of his or her Personal Data from the Personal Information Controller’s filing system.

1. This right may be exercised upon discovery and substantial proof of any of the following:

   1. The Personal Data is incomplete, outdated, false, or unlawfully obtained;
   2. The Personal Data is being used for purpose not authorized by the Data Subject;
   3. The Personal Data is no longer necessary for the purposes for which they were collected;
   4. The Data Subject withdraws consent or objects to the Processing, and there is no other legal ground or overriding legitimate interest for the Processing;
   5. The Personal Data concerns private information that is prejudicial to Data Subject, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;
   6. The Processing is unlawful;
   7. The Personal Information Controller or Personal Information processor violated the rights of the Data Subject.
2. The Personal Information Controller may notify third parties who have previously received such processed Personal Information.

Right to Damages

The Data Subject shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Data, taking into account any violation of his or her rights and freedoms as Data Subject.

Transmissibility of Rights of the Data Subjects

The lawful heirs and assigns of the Data Subject may invoke the rights of the Data Subject to which he or she is an heir or an assignee, at any time after the death of the Data Subject, or when the Data Subject is incapacitated or incapable of exercising the rights as enumerated in the immediately preceding section.

Right to Data Portability

Where his or her Personal Data is processed by Big Glass through electronic means and in a structured and commonly used format, the Data Subject shall have the right to obtain a copy of such data in an electronic or structured format that is commonly used and allows for further use by the Data Subject. The exercise of this right shall primarily take into account the right of Data Subject to have control over his or her Personal Data being processed based on consent or contract, for commercial purpose, or through automated means. The DPO shall ensure that it regularly monitor and implement the NPC’s guidelines specifying electronic format referred to above, as well as the technical standards, modalities, procedures and other rules for their transfer.

DATA BREACHES & SECURITY INCIDENTS

Data Breach Notification

All employees of Big Glass involved in the Processing of Personal Data are tasked with regularly monitoring for signs of a possible Personal Data Breach or Security Incident. In the event of Personal Data Breach or Security Incident or such signs are discovered, the employee shall immediately report the facts and circumstances to the DPO within twenty-four (24) hours from discovery to determine whether or not such breach requires notification under the Data Privacy Act. If it has been determined that such breach requires notification, the DPO shall notify the Commission and the affected Data Subject(s) pursuant to the requirements and procedures prescribed under the Data Privacy Act.

The notification to the NPC and the affected Data Subject(s) shall at least describe the nature of the breach, the Personal Data possibly involved, and the measures taken by Big Glass to address the breach. The notification shall also include measures taken to reduce the harm or negative consequences of the breach, and the name and contact details of the DPO from whom the affected Data Subject(s) can obtain additional information about the breach, and any assistance to be provided to the affected Data Subjects.

Breach Reports

All Personal Data Breaches and Security Incidents shall be documented through written reports including those not covered by the notification requirements. In the case of Personal Data Breaches, a report shall include the facts surrounding an incident, the effects of such incident, and the remedial action taken by Big Glass. In other Security Incidents not involving Personal Data, a report containing aggregated data shall constitute sufficient documentation. These reports shall be made available when requested by the NPC. A general summary of the reports shall be submitted to the NPC annually.

Questions or making a complaint related to Privacy

If Customers have questions, concerns, or would like further information regarding their Personal Information, or if they wish to make a complaint about our privacy practices, they can contact the Big Glass Compliance Department.

Compliance Department

Big Glass Infrastructure, Inc

GF, Crown 7 I.T. Centre, Pope John Paul II Ave.
Kasambagan, Cebu City, 6000,
Cebu, Philippines
Email: compliance@openaccess.ph

Policy Updates

Big Glass is continuously improving and enhancing its products and services to our clients and we may update this Privacy Policy from time to time. Any changes to this policy will be updated on this page on the Big Glass website.

By continuing to use Big Glass products and services, you signify that you have read, understood, and consented to the collection and use of your Personal Information, in accordance with this Privacy Policy.

This Big Glass Privacy Policy shall be effective from the 18 November 2020.

The kinds of Personal Information that Big Glass collects and holds

In order for Big Glass to provide you services, we will need to collect, and hold, some of your Personal Information. That information may include your name, your address, your telephone numbers, including your mobile number, email addresses, copies of government-issued identification, bank account or credit card details, password details for accessing Big Glass services. You may also choose to provide similar details of your authorised representative. You must ensure that you have obtained the consent of such persons to Big Glass collecting and holding their Personal Information.

If you are unwilling to provide Big Glass with some details, we may not be able to supply you with services that you wish to acquire. It is not possible to acquire services from Big Glass under a pseudonym.

How Big Glass collects and holds Personal Information

Big Glass collects Personal Information when you apply for a service, request technical assistance, or provide us with updated information. This can occur either over the telephone, email, through an online process, through completion of a form or in writing. Big Glass may also collect Personal Information about you in accordance with its obligations to adopt and observe appropriate standards for Personal Data protection in compliance with Republic Act No. 10173 or the Data Privacy Act.

Personal Information will be held in secure electronic databases or secure filing cabinets. Big Glass will use all reasonable endeavours to ensure that Personal Information is accessible only to appropriately authorised employees.

The purposes for which Big Glass collects, holds, uses and discloses Personal Information

Big Glass will only use your Personal Information for the following purposes:

• To verify your identity;
• To provide and develop the services that you require;
• To administer and manage those services including charging, billing, obtaining payment, fault management, complaint handling and debt collection;
• To communicate with you directly, via email, phone, SMS and by other means of communication about service usage, service charges, events, marketing material, Big Glass products and services, complaint and fault management, and other ways the service provided to you could be improved;
• To conduct appropriate checks for credit worthiness and for fraud;
• As required or authorised by law; and
• To comply with requests for information issued to Big Glass by agencies and courts that are entitled to obtain the information.

The above uses may require disclosure of the Personal Information to third parties including:

• to service providers who provide services to Big Glass;
• to credit reporting agencies;
• to third parties where you have given consent to the disclosure; and
• to government, law enforcement and national security agencies and regulatory bodies where this is necessary for Big Glass to comply with our legal obligations.

Disclosure of Personal Information to overseas recipients

Big Glass may disclose your Personal Information to organisations located outside the Philippines in countries which do not have the same or substantially similar privacy laws, but only to the extent necessary to meet underlying business requirements in order to provide you with services detailed in a valid Service Agreement. Overseas organisations will be subject to their own laws and may be required to disclose information that we share with them. In those instances, Big Glass will not be responsible for that disclosure.

Big Glass may also store your information in cloud or other types of networked or electronic storage. It is not always practicable to know in which country your information may be held, for example, when your Personal Information is stored in cloud infrastructure.

Storage, Retention and Destruction of Personal Information

Big Glass will ensure that Personal Data in the custody of Big Glass is protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful Processing. Big Glass will implement appropriate security measures in storing collected Personal Information, depending on the nature of the information. All information gathered shall not be retained for a period longer than necessary and/proportionate, subject to applicable requirements of the Data Privacy Act and other relevant laws and regulations. All hard and soft copies of Personal Information shall be disposed and destroyed, through secured means.

How you may access Personal Information and seek the correction of such information

Big Glass will take all reasonable steps to ensure that your Personal Information which we collect, use or disclose is accurate, complete and up-to-date. You can access and correct some of the Personal Information (such as contact details) that we hold about you by securely logging in to our website. You can also request that incorrect information about you be corrected or deleted.

Questions or Complaints about your privacy

If you have any questions or concerns regarding your Personal Information with us or if you have any complaints about our privacy practices or would like further information, please contact the Big Glass Compliance Department.

Compliance Department

Big Glass Infrastructure, Inc

GF, Crown 7 I.T. Centre, Pope John Paul II Ave.
Kasambagan, Cebu City, 6000,
Cebu, Philippines
Email: compliance@openaccess.ph