Our Privacy Commitment

We value and respect the privacy right of our customers as Data Subjects under Data Privacy Act of 2012. The objective of this policy is to disclose how the company collects, uses, retains and dispose the personal information of our customers. We provide this policy outlining our practices and security measures to ensure to the Data Subject that appropriate guidelines are in-place in handling their personal information.

Purpose for Collection, Storage, Access, Sharing, Processing, Retention and Disposal of Personal Data

To process your application or accommodate your request, the primary requirement is collection of personal information through the system. No other personal information will be collected apart from what is required. Your personal information will be processed as long as your account is active, and will be retained as required. Disposal of your personal information regardless of media are made in a secure manner that would prevent further processing, unauthorized access and disclosure.

Disclosure and Transfer of Personal Data

With your full consent, there may be cases where we may need to disclose or entrust your personal information to our parent company, subsidiaries, affiliates, agents, contractors and partners (herein collectively referred to as “Service Group”), among others. Any personal information entrusted with such parties shall also be covered by the appropriate agreement contract, security requirements and annual monitoring and security checks to ensure that all personal information is adequately safeguarded in their possession.

Our Commitment to Personal Information Security

Our company ensures the security and protection of your personal information against risk of data loss, unauthorized access and disclosure, alteration and unlawful processing. Aside from establishing policies, rules, procedures and guidelines, our company also ensures all information are secured and protected within the scope of the organization. Our company also has undertaken procedures to conduct Privacy Impact Assessment to evaluate and manage the impact of privacy of a particular project, program and process. Our company also ensures that a Personal Data Breach Management is in place.

Our company uses various appropriate and reasonable measures to safeguard your personal information, such as the following:

1. Organizational measures: appointment of Data Protection Officer, access control policy, security awareness training, among others.
2. Physical measures: security on data centers, card storage, biometric devices, among others.
3. Technical security measures: encryption, anti-virus software, among others.

Personal Information We Collect

In order for the company to process your application for accreditation, SMRI may require you to provide personal information, such as but not limited to the following:

• Name
• Address
• Contact number
• Email Address
• First 6 digits of your debit Card (if Debit Card was used for the transaction)
• Last 4 digits of your Credit card (if Credit Card was used for the transaction)
• Valid ID with signature
• Official receipt (OR) number
• Total purchase amount

Should you choose not to provide and agree on the above personal information, our company may not be able to process your application, accommodate your request or offer its services.

Use of Cookies

Our website use cookies. Cookies are text files containing small amounts of information which are automatically downloaded to your computer or device when you visit a website. Cookies send data back to the originating website on each subsequent visit. Cookies are useful to you because they allow a website to recognize your device and browsing habits in order to give you a seamless and smooth browsing experience. We will not use cookies to collect personally identifiable information about you.

The Right of the Data Subject

As data subject you have the right to be informed, to object, to access, to rectify, to erasure or blocking, to damages, to data portability and to complain in relation to your personal information under the Data Privacy Act of 2012. If you wish to correct or update your personal information, we may ask some information in order to verify and ensure the identity to avoid unwanted disclosure of personal information. We have included here contact information that can be used to voice clarifications and complaints relative to your personal information. Any complaint should be made in writing, clearly state the material facts, specify your contact information and include supporting evidence.

Data Protection Officer [email protected] SM Retail, Inc.
Bldg. F, SM Corporate Offices, J.W. Diokno Boulevard, Mall of Asia Complex, Pasay City
The owner of this Privacy Policy is the Data Protection Officer. Reviewing and updating of this document shall be the responsibility of the owner. Updating of Privacy Policy

Our company shall review and update of this Privacy Policy in case there is a change in data processing on the website to align with regulatory requirements and industry best practices, revamp of the website to adapt with new technologies and protocols, or to comply with government and regulatory requirements, among other legitimate purposes. As Data Subject, our company will ensure that you will be notified if changes in the Privacy Policy is extensive and will cause undue intrusion into your privacy.