DATA PRIVACY STATEMENT

ANKO JV COMPANY, INC.

A. Privacy Statement

Anko JV Company, Inc. (the “Company”, “Us”, “Our” or “We”) is committed to protecting the individual’s right to privacy. Thus, We ensure that all personal data collected from our customers, team members, suppliers (and their employees), partners, employees, agents, people who apply for employment with Us, and other stakeholders, and processed by the Company are protected at all times in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (the “Data Privacy Act”), its corresponding Implementing Rules and Procedure (“IRR”), and the existing Memorandum Circulars and Advisories issued by the National Privacy Commission (“NPC”) (collectively, the “Data Privacy Act and Rules and Regulations”). We also inform individuals from whom We collect such data of our personal data processing activities, and respect and enforce the individual’s rights as data subjects.

B. Scope

This document (the “Policy”) explains how We collect, use, store, share, and dispose of all personal data processed by the Company in accordance with the Data Privacy Act and Rules and Regulations. This document applies, in general, to all personal data processing activities conducted by the Company, including but not limited to the collection use, storage, sharing and disposal of all personal data about our customers, team members, suppliers (and their employees), partners, employees, agents, people who apply for employment with Us, and other stakeholders, subject to their individual right to expressly provide a separate privacy policy. It also explains how to contact Us if you have any questions about the management of your personal information or would like to access the personal information We hold about you.

We maintain the right to amend this Policy at any time by posting the updated version on Our website.

C. Collection and Use of Personal Data

1. Collection of Personal Information

We collect and process the following personal information:

• Identification information, contact details, including home/business addresses, email addresses and telephone numbers of our customers and individuals representing or affiliated with our suppliers, partners, investors and other business contacts;
• Demographic information such as age/date of birth, household information, personal interests and gender;
• Details about purchases, product or service preferences, transaction history and current or pending transactions, browsing and marketing interactions (such as the products viewed or added to your shopping cart) on website, apps, social media;
• Digital information, such as cookies, tags and pixels (which “tag” devices), device type and software versions used, device identifiers (like IP address), location data (where available and not disabled by the user), dates, times, file metadata, referring website/app, data entered, and user activity such as links clicked, app installations, app launches, adding items to a basket, adding items to a wish list, browsing habits within our website or apps and other information as allowed in your device permissions;
• Social media account names or tags (where you have engaged with us on a social media platforms);
• Personal details, credit history, government issued identification, bank account and credit card information of our customers;
• Images from video surveillance, closed-circuit television (CCTV) systems, and other cameras used in and around our stores;
• Information provided in surveys, feedback, complaints or commentary;
• Contact information, employment history, educational background, referee details, biometric information, organizational affiliation, filial relations, gender, date of birth, religion, ethnicity, civil status, citizenship, physical medical history, past criminal and/or administrative records, government issued identifying information (such as Pag-IBIG, SSS, TIN, Philhealth, Professional IDs, Passport, and Birth Certificates), payroll information, company identification of our prospective job applicants, current employees, agents and stakeholders;
• Shareholder information found in publicly available Securities and Exchange Commission (“SEC”) documents.

2. Purpose of Collection

In general, we collect and process personal data for purposes of internal operations, processing the sale of goods, fostering investor relations, communications and administration, human resource and financial management, and compliance with applicable laws, rules and regulations.

• a. Suppliers, Partners, Investors and other Business Contacts
  • For purposes of conducting appropriate and necessary due diligence;
  • For purposes of verification, assessment and accreditations;
  • For purposes of communication and maintenance of business relations;
  • For purposes of exercising or defending any legal claims of the Company;
  • For purposes of fulfilling and enforcing any contractual terms and obligations the Company may have with them.
• b. Shareholders
  • To administer, monitor and manage the relationship between the Company and its shareholders; and
  • To communicate to shareholders all relevant information regarding the Company’s performance, activities, policies, management and operations.
• c. Employees

  We collect and process personal data from and about our employees for administrative and human resource development purposes, and for compliance with applicable regulations and/or laws, including but not limited to identity verification, prequalification and post-qualification assessments, processing of employment compensation and benefits, internal security, protection of lawful rights and interests of the Company in internal administrative and court proceedings, or the establishment, exercise or defense of legal claims of the Company.

• d. Customers

  We collect and process personal data from Our Customers in connection with carrying on Our business, including to provide products and services to you. We may use personal information from customers to:

  • Sell, deliver, administer, improve and personalise Our products and services;
  • Administer Our website and apps and personalise customer experience on them;
  • Provide advice regarding Our products and services to customer;
  • Manage Our stores, supply arrangements and inventory;
  • Consider feedback and remedy complaints that a customer may make to Us, communicate with the customer and operate Our customer service centre;
  • Provide refunds and exchanges and undertake and administer product recalls;
  • Promote and advertise Our products and services (e.g., by including customer feedback in Our marketing activities) and to undertake competitions and events;
  • Personalise marketing activities and content displayed to the customer (including the layout and content of Our website/app, and marketing and promotional materials displayed to the customer on or via third party websites, apps or platforms such as Facebook);
  • Monitor Our sales of products and services and for quality control purposes, including undertaking customer surveys and analysis, or seeking feedback from customers;
  • Assist in determining customer product or service preferences and preferred store locations or to direct the customer to the closest stores when using Our websites or apps;
  • Undertake database compilation and management, data processing, data analysis and matching, market research or trend analysis (including with information obtained from Our Related Companies) to better understand Our customers’ preferences, personalise websites/apps and (where the customer has consented to receiving offers or direct marketing) to offer products or provide services of greater interest to the customer or engage in direct marketing;
  • Derive insights about the customer in order to better understand customer preferences and interests, personalise customer experience, enhance the products and services customer receive, and to tell the customer about products and services that may be of interest to the customer. We may also use Related Companies and trusted service providers to undertake the process of creating these consumer insights.
  • In the case of Our suppliers or service providers, to manage the provision of products and services to Us;
  • Monitor and measure the use of Our websites or apps, including web-based referral channels, data entered and digital behaviour such as links clicked;
  • Assist us in ensuring security, health and safety and customer, employee and team member protection in Our stores;
  • Assist us in administering Our policies, or to investigate complaints in relation to team member conduct;
  • Recruit and assess Our employees or engage contractors;
  • Maintain and update Our records, and for purposes related to any of the above or which are disclosed to the customer at the time the relevant personal information is collected.

3. Manner of Collection of Personal Data

We collect both electronic and physical personal data directly from customers when they avail of any of our products. We may also collect personal information from individuals representing or affiliated with our suppliers, partners, shareholders, and other business contacts when they voluntarily provide us with their contact information to develop business relations and/or complete legitimate transactions with them. Further, we may collect personal information directly from our employees and job applicants through their curriculum vitae, personal information sheets, submitted medical records and government documents, and interview and training assessment results conducted by authorized personnel, and pre-employment health screening and directly from the verification efforts of third-party employee background/screening service providers, job search sites and/or other social media sites and references from previous employers and other third parties. We may also collect personal information from our Related Companies and from trusted third parties. We may also collect deidentified data from (and share deidentified data with) Related Companies for data analysis purposes.

The main ways We collect personal information from customers are:

1. during customer order or purchase of products from Us;
2. when the customer contacts or visits us, including visiting a store, making an inquiry, making a complaint or providing feedback, seeking a refund, attending an event, or if you are a supplier or service provider in connection with the supply of products and services by your business to Us;
3. if a customer accesses our website or apps, including by the use of cookies, tags and pixels, which may track what the customer views on Our website or apps and also other websites/apps that the customer visits. Cookies, tags and pixels may also come from third party services (such as Google and Facebook) for the purpose of collecting data to enable website or app performance measurement and personalised advertising;
4. if the customer interacts with Us via social media platforms;
5. if the customer subscribes to any of Our publications (including any mailing lists) or subscriptions or use any of Our apps;
6. if the customer participates in any competition or promotion that We conduct;
7. through Our security cameras, or other cameras used in our stores;
8. if the customer undertake any of Our induction, safety or compliance processes;
9. if you submit an employment application to Us;
10. from publicly available sources, including internet search platforms and social media platforms such as Facebook;
11. from any person authorised to act on your behalf or authorised to provide your personal information to Us;
12. from anyone sharing information with us for loss prevention and/or law enforcement purposes; and
13. from Our Related Companies.

D. Disclosure of Personal Information

We generally do not sell or disclose the personal data we process to third parties without the consent of data subjects unless We are legally required to do so; if it is necessary to fulfill the purposes for which We process personal data as mentioned above, or if such action is necessary to protect, defend and/or enforce Our rights, property or the personal safety of our employees and other individuals.

We work with a number of third parties in carrying on Our business and allow access to personal data to:

1. third parties to facilitate the provision of products and services to customers (including to facilitate repairs, replacements and customer recalls), such as product manufacturers and suppliers and logistics service providers;
2. marketing, advertising and promotions services providers and event organisers in connection with Our marketing and promotional activities and events;
3. third party platforms who display advertising or content (including personalised advertising) based on customer personal information or preferences (including social media platforms such as Facebook);
4. third parties who provide services to Us in connection with Our business operations, including data monitoring, data analysis and data matching activities, monitoring trends in customer preferences or transactions and the operation and maintenance of Our website/apps;
5. credit reporting agencies, for example if your business is a supplier to Us;
6. third parties who provide other administrative and operational services to Us in connection with Our business, including financial institutions, security services providers, market research or feedback collection companies, IT service providers, payment processers and collectors, mailing houses and card manufacturers;
7. Our professional advisers to enable them to provide services to Us, and other financial, technical and administrative services such as information technology, payroll, accounting, sales administration, procurement, training and other services;
8. third parties necessary to assist us in investigating and preventing any potential, suspected or actual breaches of policy or law, fraudulent activities, loss prevention activities;
9. law enforcement agencies, government agencies or other third parties, where required under or authorised by law;
10. other persons notified to you at the time the relevant personal information is collected;
11. Our Related Companies who may use that information to undertake data analytics and matching to enable them to better understand your requirements and preferences, and (if you interact with that business) to personalise and improve their offer to you and to offer products or providing services to you or send direct marketing to you (where you have consented to receiving offers or direct marketing from them);
12. in special circumstances – for example, if We were to sell our business or part of our business, your information may be disclosed to potential purchasers and their advisers as part of that process;
13. from time to time We may provide aggregated and de-identified information to other business partners for various purposes;
14. automated payroll processing and management to ensure timely and proper compensation and compliance with existing employment regulations;
15. automated human resource database, loans and benefits management systems;
16. cloud storage systems to meet the Company’s storage management requirements;
17. online portal/application based services facilities; and
18. systems integration software for the various business management systems, productivity tools and/or applications, and such other products and/or services;

E. Related Companies

Related Company means a shareholder of the Company, and any other company that directly or indirectly Controls, or is under common Control with, or is Controlled by, such shareholder. For purposes of this definition, “Control” (including the terms “Controlling”, “Controlled by” and “under common Control with”) means in relation to a controlled party, where a person has by equity ownership, contract or otherwise, directly or indirectly through or with another entity: (a) more than 50% of the total issued shares and majority voting rights of the controlled party; or (b) control of selection of the composition of a majority of the board of directors or other governing body of the controlled party.

We may allow access to and combine personal information with our Related Companies (including our joint venture partners) to enable us and them to undertake a range of important functions. The personal information that we allow access to and combine with Our Related Companies includes:

1. details about customer purchases and transaction history with Us and Related Companies, product and service preferences, and details about purchases and transaction history with Us and the Related Companies.
2. information about customer use of the Company and Related Company websites and apps (using cookies, tags and pixels) including customer searches and search history on them, and the products customer has viewed, added to cart and/or purchased;

We may use this personal information (and allow access to it to our Related Companies):

1. to undertake data analytics and matching to enable Us to better understand your requirements and preferences and for insights and strategic and operational decision making;
2. to personalise the appearance of Our website and apps, to invite customer to complete a product review or send customer targeted and personalised news, offers and promotions of Our products and services;
3. to send direct marketing or personalised communications to customer (where customer has consented to receiving direct marketing or personalised communications) and to allow Us to better personalise the communications, offers, surveys and updates that We send;
4. to display targeted marketing materials;
5. for product safety-related matters (including recalls);
6. to develop aggregated insights about the preferences of Our customers;
7. to enable Us to improve product and service offerings, advertising and offers based on member shopping and browsing habits;
8. for other purposes where customer has provided consent to Us; and
9. for other purposes described in this Policy, and Our Related Companies may use it for the similar purposes relating to their operations.

The Company remains responsible for the personal data disclosed to such third parties. Thus, the Company ensures that such third parties are contractually obligated to comply with the requirements of the Data Privacy Act and its Rules and Regulations and shall process your personal data strictly in accordance with the purposes enumerated above. You may request for additional information on the identities of these parties from the Office of the Data Protection Officer.

Transfer of information overseas

Some of Our service providers may be located overseas or may store information (including your personal information) that We provide to them overseas. We may also allow access to your personal information to Company affiliates or shareholders that may be overseas and to our Related Companies that are located overseas.

Marketing activities and customer insights

From time to time, We may also use and disclose the personal information We collect about the customer (including directly from the customer, and also from third parties such as Our Related Companies) to contact the customer or send the customer direct marketing and personalised communications, to personalise the appearance of Our website and apps to the customer, to invite the customer to complete a product review, to send the customer targeted and personalised news, offers and promotions of Our products and services and provide targeted advertising content to the customer (including through third party websites, apps and social media platforms such as Facebook).

Generally, we will provide direct marketing and personalised communications to the customer where the customer has requested or consented to receiving them. If the customer does not wish to receive direct marketing or personalised communications, the customer can opt-out by contacting us at the address listed below, by using the unsubscribe link or opt-out details provided in the direct marketing communication or in the case of online marketing activity by changing your browser options in the digital platforms the customer uses such as Google or Facebook.

The third parties who assist Us in marketing and promoting to the customer or the device the customer uses may use cookies, pixels or tags, to obtain information about his/her preferences when he/she accesses online platforms, apps or websites other than the Company’s website/apps. Customer preferences collected in this manner may be disclosed to Us. Customer can manage his/her preferences regarding targeted online advertising directly through the digital platforms he/she uses, such as Google or Facebook.

Security and storage

We will take reasonable steps to protect the security of your personal information that We hold, from misuse, interference, loss, unauthorised access, modification or disclosure.

F. The Rights of Data Subjects

The Company fully recognizes that under the Data Privacy Act, our customers, employees, suppliers, partners, shareholders and other business contacts, as data subjects, are accorded the following rights:

• Right to be informed: They have the right to demand and be informed of the details about the type of personal data, the purpose of processing, and how they are being processed by the Company, including its sources, recipients, methods, disclosures to third parties and their identities, automated processes, manner of storage, period of retention, manner of disposal and any changes to such processing activities before the same is undertaken.
• Right to access: They have the right to have reasonable access to their personal data, sensitive or otherwise, upon demand. They have the right to review and amend their personal data processed by the Company in case there are errors.
• Right to dispute: They have the right to dispute inaccuracy or error in personal data processed by the Company.
• Right to object: Refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

G. Policy on the Collection and Use of Personal Data

In relation to the rights of Data Subjects, it is the Company’s policy to:

1. Ensure that data subjects affected by the Company’s personal data processing activities are fully and adequately informed of their rights;
2. Ensure that they are fully and adequately informed of all processing activities performed by the Company with respect to their personal data;
3. Ensure that their consent is obtained in accordance with the requirements set forth in the Data Privacy Act and its Rules and Regulations. Where the processing does not require consent from our customers and employees in the instances set forth in Sections 12 and 13 of the Data Privacy Act pertaining to the Criteria for the Lawful Processing of Personal Information and the Criteria for the Lawful Processing of Sensitive Personal Information, respectively, such rules and procedure will ensure that our customers and employees are fully and adequately informed of the bases of such processing other than consent;
4. Ensure that they have the facility to reasonably access, review and amend their personal data and to request for copies thereof in a commonly portable format;
5. Ensure that they have the facility to: dispute any inaccuracy or error in their personal data, object to any changes in the manner and purpose by which they are processed, withdraw consent where applicable, and to suspend, withdraw, block, destroy, or remove any unnecessary, falsely collected or unlawfully processed personal data;
6. Ensure that such personal data are proportional, necessary and limited to the declared, specified and legitimate purpose of the processing;
7. Ensure that such personal data are retained for only a limited period or until the lawful purpose of the processing has been achieved;
8. Ensure that such personal data are destroyed or disposed of in a secure manner;
9. Ensure that they have the facility to lodge complaints to the Company relating to any violations to their rights as data subjects and that such complaints are adequately and timely addressed.

H. Data Protection Officer

To oversee the Company’s compliance efforts, the Company has appointed a Data Privacy Officer (“DPO”) to manage and safeguard the handling of our personal data processing activities. Our DPO is fully committed to protecting the privacy rights of data subjects affected by the Company’s personal data processing activities and to ensuring that the Company as an organization promotes a culture of privacy. Should you have any concerns regarding the Company’s privacy practices and policies, you may reach the DPO through the following contact information: