PRIVACY STATEMENT FOR PASSENGERS
LRMC is committed to maintaining the accuracy, confidentiality, and security of your personal information. In this Privacy Statement, we explain how we ensure that your data privacy rights are respected and protected.
1. APPLICATION
LRMC has adopted a Privacy Policy with a series of Privacy Statements to address the privacy concerns of certain groups of individuals and some issues on the use of our website. These are all available in our website https://lrmc.com.ph/privacy.
This Privacy Statement in particular applies to passengers of LRT-Line 1. There may be other Privacy Statements that may apply to specific concerns of passengers such as our use of surveillance cameras or CCTVs or the personal information we collect if you avail of your Wi-Fi services. These Privacy Statements are available on our website.
2. POLICY OF COMPLIANCE
It is our policy to comply with Republic Act No. 10173 or the Data Privacy Act of 2012 and its Implementing Rules and Regulations (“DPA”).
3. WHAT IS PERSONAL DATA?
Personal Data includes any personal information which identifies or can identify an individual. Personal information does not include anonymous or non-personal information which cannot be associated with or traced back to a specific individual.
4. WHAT PERSONAL DATA DO WE COLLECT?
We collect and maintain different types of personal information on LRT-Line 1 passengers, including personal information (such as names, contact numbers, e-mails, residence and business address, etc.) contained in:
- applications for senior citizen and other special stored value cards;
- customer complaint or feedback forms;
- other customer service forms;
- Wi-Fi log-in portals;
- surveillance cameras (CCTV);
- records and forms for passenger accidents and incidents (including where the passenger may be the victim of or is alleged to be the perpetrator of a crime);
- forms for reported lost property;
- waivers; and
- application and other forms relating to the availment of promotions and discounts. These include forms for the purchase of single journey tickets or stored value cards with a senior citizens, person-with-disability (PWD), and other discounts.
We will always obtain your express consent when we process special categories of personal information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, or sexual orientation. Your express consent may not be obtained when not required by law or the information is required for your protection in cases of emergency.
If you avail of a discount for our single journey or stored value Beep cards and the basis for the discount is a status of condition that may be considered sensitive or a special category of personal information (for example, PWD, senior citizens, or a discount given to members of a community on account of the anniversary or some other special celebration of that community), your availment or purchase of the Beep card will be deemed consent for the processing of that information for the availment and administration of the discount.
From time to time, we may use the services of third parties and may also receive personal information collected by those third parties in the course of the performance of their services. For example, as the Beep cards are issued by AF Payments, Inc. (“AFPI”), the information we collect in the discounted card application form is shared with AFPI to allow them to produce and issue the card. You can view AFPI’s privacy policy by following the link, https://www.beeptopay.com/privacy-policy.html.
Where we use the services of third parties or receive personal information collected by third parties, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us.
When permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.
5. WHY DO WE COLLECT PERSONAL DATA?
We sometimes need to collect your personal information so that we can provide you with the full range of our services, operate LRT-Line 1 effectively and safely, and carry out our functions and responsibilities in our operating franchise and concession with the government. These uses include:
- safety and security purposes;
- replying to or addressing customer complaints;
- administering or processing passenger injury or incident claims;
- administering the availment of senior citizen discounts and other legal benefits;
- administering promotions and special benefits;
- administering the lost-and-found office;
- administration and availment of Wi-Fi services;
- the production of metadata that allows us to analyse trends in passenger and consumer behaviour and satisfaction with our services; and
- such other purposes as are reasonably required by LRMC.
As a company operating a public utility, we may sometimes need to process your personal information to pursue our legitimate interests, like prevention or detection of crimes.
6. HOW DO WE USE YOUR PERSONAL DATA
We may use your personal information
- for the purposes described in this Privacy Policy; or
- for any additional purposes which we will tell you about and only do so if we get your consent, when your consent is required by law.
We may use your personal information without your knowledge or consent only when we are permitted or required by law or regulations to do so.
If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with details of such purpose and any other relevant information.
7. WHEN DO WE DISCLOSE YOUR PERSONAL DATA?
We will disclose your personal information to third parties only if we are legally obliged to do so or in compliance with our duties to you.
Further, your personal information may be disclosed:
- when necessary to protect LRMC’s rights and property;
- when necessary to protect your safety or other person’s safety during emergency situations;
- when the personal information is publicly available; or
- with your consent, when such consent is required by law.
8. NOTIFICATION AND CONSENT
Privacy laws do not generally require us to obtain your consent before collecting, using or disclosing your personal information.
In addition, we may collect, use or disclose your personal information without your knowledge or consent when we are permitted or required by law or regulations to do so.
Unless you advise us otherwise and to the extent that your consent is required, we will obtain your consent for the collection, use, and disclosure of your personal information for the purposes stated above and any other purposes stated or reasonably implied at the time such personal information was collected from you.
Where your consent was required for our collection, use, or disclosure of your personal information, you may at any time withdraw your consent, subject to legal or contractual restrictions and reasonable notice. All communications as to withdrawal or variation of consent should be in writing and addressed to our Privacy Officer.
9. HOW IS YOUR PERSONAL DATA PROTECTED?
We endeavor to maintain physical, technical, and procedural safeguards that are appropriate to the sensitivity of your personal information. These safeguards are designed to protect your personal information from loss and unauthorized access, copying, use, modification or disclosure.
10. HOW LONG IS YOUR PERSONAL DATA RETAINED?
Except as otherwise permitted or required by law or regulations, we endeavor to retain your personal information only for as long as we believe is necessary to fulfill the purposes for which your personal information was collected (e.g., meeting any legal, accounting or other reporting requirements or obligations). Instead of destroying or erasing your personal information, we may make it anonymous such that it cannot be associated with or traced back to you.
11. UPDATING YOUR PERSONAL DATA
It is important that your personal information found in our records is both accurate and up-to-date. If your personal information happens to change, please keep us informed of such changes.
In some circumstances we may not agree with your request to change your personal information and will instead append an alternative text to the record in question.
12. ACCESS TO AND RECTIFICATION OF YOUR PERSONAL DATA
You have the right to see and access your personal information in our possession. You also have the right to request from us the rectification or deletion of your personal data, the right to restrict processing, the right to object to processing, as well as, in certain circumstances, the right to data portability (or to transfer your personal information from one controller to another).
If you wish to review, verify, delete, or correct your personal information, please contact the office of our Privacy Officer using the contact information set out below. Any such communication to our Privacy Officer must be in writing.
When requesting access to your personal information, you may be required to provide some information to enable us to verify your identity and to search for and provide you with your personal information. To access your personal information, we may charge you with a reasonable fee which you will be informed of in advance. If you require assistance in preparing your request, you may contact the office of our Privacy Officer.
Your rights with respect to your personal information are not absolute. There are instances when laws or regulations allow or require us to withhold from you some or all of your personal information. In addition, the personal information may also be destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons, subject to any legal or regulatory restrictions.
13. INQUIRIES OR CONCERNS?
If you have any questions about our Privacy Policy or concerns about how we manage your personal information, please contact the office of our Privacy Officer by e-mail. We will endeavor to answer your questions and advise you of any steps taken to address your issues and concerns. If you are unsatisfied with our response, you may make a written submission to the National Privacy Commission.
14. PRIVACY OFFICER
We have appointed a Privacy Officer to oversee compliance of our Privacy Policy.
You may contact our Privacy Officer through any of the following:
| Postal address: | Mezzanine, Engineering Building, LRTA Compound, Aurora Boulevard, Pasay City |
| Telephone number: | (02) 5318-5762 loc. 5726 |
| Email address: | dataprivacy@lrmc.com.ph |
15. REVISIONS TO THIS PRIVACY POLICY
We may, from time to time, make changes to our Privacy Policy to reflect changes in our legal obligations or in the manner by which we deal with your personal information. We will communicate any change made to our Privacy Policy.
Any change to our Privacy Policy will be effective from the time they are communicated. However, in cases where your consent is required, any change as to the collection, use or disclosure of your personal information will not apply to you, until we have obtained your consent to such change.
This Privacy Statement was last reviewed on December 3, 2018.
16. INTERPRETATION OF THIS PRIVACY POLICY
Interpretation of this Privacy Policy will be made by our Privacy Officer.
This Privacy Policy includes examples, but is not intended to be restricted in its application to such examples. Therefore, where the word “including” is used, it shall mean including without limitation.
This Privacy Policy does not create or confer upon any individual any right, or impose upon LRMC any right or obligation outside of, or in addition to, rights or obligations imposed by the DPA. Should there be, in a specific case, any inconsistency between this Privacy Policy and the DPA, this Privacy Policy shall be interpreted, in respect of that case, to give effect to, and comply with, the DPA.