PRIVACY NOTICE AND GENERAL CONSENT FORM
ACCI respect your fundamental right to privacy and commits to take great care in safeguarding your personal data. Throughout your use of our services and attendance to our event, we collect and maintain some basic information about you. In accordance with applicable privacy laws, we share with you the general principles that govern how we collect, use, and share your personal data, as well as our privacy practices.
Why we collect your personal data
When we process your personal data, we do so under the following legal bases and for the purposes set out below:
A. We process your personal data to perform our obligations under contract with you.
- To create and nurture a relationship with you, so that we can continuously provide you with our services and events. For example, when you attend our events, we collect personal data about you, that will allow us to validate your identity for purposes of billing and collection of fees for the services that you avail from us.
B. We process your personal data based on our legitimate interest to function effectively as a business, but we only do so when your interests and fundamental rights or freedoms do not override our legitimate interest.
- To continuously improve our operations. For example, we analyze your usage of our service and facilities to help us manage your account, provide customer care activities, investigate and resolve your service-related requests and concerns, monitor the quality and security of our event, train our staff, and plan for future growth. We may also process your personal contact details and publish them in an internal directory listing, in order to effectively communicate with you and provide you with necessary assistance.
- To continuously improve our services. We collect, use, process, and analyze your use of our services so that we can understand how to improve them for your benefit. Our analysis may include some information about your usage, such as the volume and frequency of your use of our services, and your historical usage information which we determine based on an analysis of the services you have availed in order to generate insights on our services.
- To understand your needs and preferences so that we can serve you better. We process data to determine your usage profile by maintaining a record of the services that you availed from us, and by analyzing other activities such as when you participate in our market research initiatives, when you visit and transact in our booths and workshops, and when you visit and use our websites and mobile apps such as the ACC Meeting Scheduler. We do so in order to gain a better insight about the kinds of services that would be relevant to your preferences.
- To manage the security of our operations. We may process your personal data to conduct IT security operations, to manage our assets, to ensure your continued use of our services, and for business continuity, disaster recovery, and audit purposes.
C. We process your personal data to comply with legal requirements.
- To assist public authorities. We generate statistical insights based on your usage of our services to assist public authorities in planning for healthcare, disaster management, and other similar initiatives. When we can, we aggregate and anonymize this information so that you are never identified as an individual.
When we disclose your personal data
In some instances, we may be required to disclose your personal data to our agents, business partners and other third-party agencies and service providers as part of our regular Service operations and for the provision of our services.
This means we might share your information with:
- Our service providers, contractors, and professional advisers who help us provide our products and services. This includes partner companies, organizations, or agencies, and their sub-contractors. For example: accommodation partners and transport companies, and our customer contact centers for hotline operations;
- Other companies to whom you have also given consent for us to share your information with. For example, when you sign-up for services offered by other companies, they may request for information from us in order for them to validate your identity; and
- Law enforcement and government agencies, but only when required by laws and regulations and other lawful orders and processes.
In these cases, we ensure that your personal data is disclosed on a confidential basis, through secure channels, and only in compliance with applicable privacy laws and regulations. We will never share, rent, or sell your personal data to third parties outside of the ACCI, except in special circumstances where you may have given your consent for, and as described in this statement.
For a list of our partners, please visit
Transfer of your personal data outside the EEA
Unless you are otherwise notified, any transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on an adequacy decision or are governed by the standard contractual clauses (a copy of which can be obtained through the contact information included below). Any other non-EEA related transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards.
How we protect your personal data
The integrity, confidentiality, and security of your personal data are important to us. That’s why we strictly enforce our privacy statement within ACCI and have implemented technical, organizational, and physical security measures that are designed to protect your information from unauthorized or fraudulent access, alteration, disclosure, misuse, and other unlawful activities. These are also designed to protect your information from other natural and human dangers.
We also put in effect the following safeguards:
- We keep and protect your information using a secured server behind a firewall, encryption and security controls;
- We keep your information only for as long as necessary for us to (a) provide the services that you avail from us, (b) for our legitimate business purposes, (c) to comply with applicable laws, and (d) for special cases that will require the exercise or defense of legal claims, and for a maximum retention period of ten (10) years;
- We restrict access to your information only to qualified and authorized personnel who are trained to handle your information with strict confidentiality;
- We undergo regular audits and rigorous testing of our infrastructure’s security protocols to ensure your information is always protected;
- We promptly notify you and the competent data protection authority, when sensitive personal data that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person; and
- We let you update your information securely to keep our records accurate.
What your choices are
You are afforded certain rights in relation to your personal data under applicable data privacy laws and regulations. You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
- Request access to the personal data we process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data.
- Request a rectification of your personal data: this right entitles you to have your personal data corrected if it is found to be outdated, inaccurate, or incomplete.
- Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, such as in cases where your personal data is no longer necessary to achieve the legitimate business purpose of its use or processing.
- Request the restriction of the processing of your personal data: this right entitles you to request that we only process your personal data in limited circumstances, including with your consent.
- Request portability of your personal data: this right entitles you to receive a copy of personal data that you have provided to us (in a structured, commonly used and machine-readable format). This includes requests for us to transmit a copy of such personal data to another company, on your behalf.
You moreover have a right to object to the processing of your personal data, such as in cases when we process your personal data for purposes related to personal profiling and direct marketing.
To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting our Data Privacy Officer through the contact details provided below. Please note that this will not affect the lawfulness of the processing that was carried out before you withdrew your consent or ACCI’s right to continue parts of the processing based on other legal bases than your consent. If, however, we have not provided you with another legal basis justifying the processing of your personal data in this privacy statement, we will stop the processing and delete your personal data.
To exercise any of these rights, you may get in touch with our Data Privacy Officer through the contact details provided below. In some instances, we may request for supporting documents or proof before we effect any requested changes to your personal data.
If, despite our commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome individuals to come to ACCI first to seek resolution of any complaint. You have the right at all times to register a complaint directly with the relevant data protection authority or to make a claim against us with a competent court (either in the country where you live, the country where you work or the country where you deem that data privacy law has been infringed).
ACCI Data Privacy Office
9F PLDT MGO Bldg. Legaspi St. corner Dela Rosa St.,
Makati City, 1229 Philippines