The Company respects and values the data privacy rights of its clients, users, employees, service providers, contractors, and any other third persons who have transactions with the Company. The Company makes sure that all personal data collected from them are processed in adherence to the Data Privacy Laws and the general principles of transparency, legitimate purpose, and proportionality.
The Company guarantees that it has implemented the relevant security measures and technologies to maintain the confidentiality and integrity of the personal and sensitive personal information, as defined herein. Further, the Company continues to monitor and update its security measures and technologies, whenever necessary, in order to ensure the protection of the data privacy rights of its clients, users, employees, service providers, contractors, and any other third persons who have transactions with the Company.
This Policy shall constitute as an integral part of and subject to the Company’s Terms and
Any matter not otherwise covered under this Policy, but is covered by the Data Privacy Laws or any subsequent issuance by the applicable regulatory bodies, shall be deemed incorporated into this Policy.
II.DEFINITION OF TERMS
(a)“ATC System” shall refer to the mobile application with the name ATC Remittance Mobile APP (“ATC Remittance Application”), and the websites with the domain name www.atcremit.ph; and the mobile application with the name ATC Exchange, and the website with the domain name www.atcex.ph.
(b)“Clients” refers to persons who have transacted with or availed of the services of the Company, including but not limited to the ATC System.
(c)“Commission” refers to the Philippine National Privacy Commission.
(d)“Company” refers to Atomtrans Tech Corp.
(e)“Consent of the Data Subject” refers to any freely given, specific, informed indication of will, whereby the Data Subject agrees to the collection and processing of Personal Information about and/or relating to him or her.
(f)“Data Protection Officer” refers to the person who the Company shall authorize to oversee the compliance of the Company with the Data Privacy Laws and other related policies and ensure the Company’s compliance with the latter.
(g)“Data Subject” refers to a natural person to whom personal data relate.
(h)“Data Privacy Laws” refers to Republic Act No. 10173 or the Data Privacy Act of 2012, its implementing rules and regulations, and such other applicable laws and issuances.
(i)“Person” refers to either a natural or juridical person as defined by law.
(j)“Personal Information” or “Personal Data” refers to any information relating to an identified or identifiable natural person, who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. For purposes of this Policy, Personal Information may include Sensitive Personal Information, and the
(k)“Processing” refers to any operation or set of operations which is performed upon personal information, whether or not by automatic means, such as: collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
(l)“Sensitive Personal Information” refers to personal information revealing or concerning (directly or indirectly) a person’s age, marital status, racial or ethnic origin, political opinions, religious or philosophical beliefs, criminal record, trade union membership, and health or sex life.
(m)“User” refers to the visitors of the ATC System, Company’s website, apps, and other digital properties of the Company, and may include potential customers, Clients, third party service providers, contractors, consultants, stockholders, Board of Directors, officers, employees, agents and/or representatives of the Company.
III. SCOPE AND LIMITATIONS
All Clients and Users, and any and all third parties who shall henceforth deal, transact, or otherwise engage in business with the Company, shall be subject to the terms set out in this Policy, in accordance with the terms herein set forth.
IV. PERSONAL INFORMATION OTHER THAN YOUR OWN
When the Client and/or the User discloses to the Company another person’s Personal Information (i.e. money remittance recipients, your spouse, beneficiary, children, and/or parents, and/or agents or representatives), the Client and/or the User attest that consent has
been obtained from that person to disclose and process personal information in accordance with law and this Policy.
V. PROCESSING OF PERSONAL DATA
A. COLLECTION AND METHOD OF USE
The Company only collects personal data it needs in order to provide the services and/or information that the Company’s visitors, Users, Clients, third party service providers, contractors and consultants have asked for or that it needs in relation to its dealings with the Company.
When dealing with Personal Information and/or Sensitive Personal Information, the Company will state the purpose of collection of the information and seek the Data Subject’s consent before using such information.
Unless otherwise specified, the data collected shall be used for identification, verification, confirmation purposes and compliance with laws especially the
The Company collects pertinent Personal Information and Sensitive Personal Information in the following cases:
1.When a Client or User registers with the ATC System.
2.When a Client or User pays the fees to be able to register and use the ATC System.
3.When a Client or User uses the ATC System, including but not limited to the purchase and sell of virtual currencies, and remittance of virtual currencies.
4.When a Client or User purchases or avails of ATC’s products, services, promos, marketing activities and events.
5.When a Client or User deals or interacts with ATC, its sales agents, reservation officers or specialists in whatever means.
6.When a Client or User submits information through manual and/or online form on the ATC System or contacts the latter through any of its social media accounts.
7.When a Client or User provides information in connection with inquiries, requests, suggestions and complaints.
8.When a Client or User agrees to participate in surveys, promotions and other marketing and sales activities of ATC.
9.When a Client or User submits Personal Data for any other purposes.
Unless otherwise specified, the data collected shall be used for the following purposes:
1.For identification, verification, and confirmation purposes, pursuant to the Company’s
2.For compliance with laws, such as but not limited to Republic Act No. 9160, also known as the
regulations issued by the BSP; and legal proceedings, and for compliance with legal obligations, to prevent imminent harm to the public, and to ensure public security or order;
3.For the prevention, detection and investigation of crime, including fraud, money- laundering, terrorist financing activities, and to analyze and manage other commercial risks;
4.For the personalization, maintenance, and improvement of the services of the Company, to enable communication between Users and the Company, and to provide notice to the User regarding the Company’s marketing and promotional materials.
5.For the efficient and effective use of the ATC System, which may be subject to fees and charges as relayed to the Client through the relevant platforms. The ATC System includes the following services and features:
a.For ATC Remittance Platform
The Clients may avail of the Company’s services and facility to conduct, manage and control digital and
c)Remittance – conversion of ATCP to Fiat Currency and transfer to Client’s preferred account duly made known to ATC.
b.For ATC Exchange Platform
The Clients may avail of the Company’s services offered in the ATCEx System, such as the exchange, buy and sell of virtual currencies. In relation to the foregoing, the Client may avail of the following services:
a)The Client has the right to browse the
b)The Client has the right to view information under the member accounts on the ATCEx System to apply the functions and features available in the ATCEx System.
B. STORAGE, RETENTION, ACCESS, AND SECURITY
The Company ensures that Personal Information and Sensitive Personal Information, including the Virtual Currency Wallets and Client’s
encrypted with the latest security measures, free from access by unauthorized persons, viruses, and other factors that can corrupt data. Only authorized persons or representatives of the Company are allowed to have access to the data stored within its system.
The Company secures and protects the Personal Information and Sensitive Personal Information, including the Virtual Currency Wallets and Client’s
a.Client personal data:
ii.Permanent and current addresses
ix.Other Client personal information as may be indicated in the Company’s KYC Policy
x.Client Identification Documents/Cards (IDs)
xi.Client login information
xii.Risk ranking, in accordance with the Company’s AML Policy
b.Client order details:
c.Client transaction/exchange data:
The Company employs a database audit function, which is used in
The database audit system is used to conduct a comprehensive and accurate audit trail of all the behavior of logging in and accessing the Data, and the traceability can be tracked quickly when any abnormal access occurs. Using a database access system,
The Company uses a database firewall, which is used to defend against external SQL injection attacks directed on the Database. Data desensitization is used to desensitize the data designed for personal basic information in the production system, to meet the needs of business system development and testing, while protecting Sensitive Data. Data encryption is used to prevent hackers from dragging libraries. At the outermost layer by the firewall, IPS, WAF, network access and other security systems ensure network boundary security.
ATC websites shall be deployed using HTTPS to ensure that encrypted communication between Users and websites is maintained, to prevent hackers from listening, and to ensure the security of data transmission.
From the aspects of physical security, network security, system security, application security, data security and so on, a comprehensive and
Physical security: Water cooling and air conditioning are used to control the room temperature at room temperature below 16 degrees Celsius, to ensure that the room is
Network security: Intranet interaction is used between servers, reverse proxy and load balancing are used to hide the real IP of
Application security: 24/7 personnel are put on monitoring duty. Alarm response time is 10 minutes. All applications adopt distributed active and standby deployment to ensure that the application can withstand high load and high availability.
Data security: Data is deployed with
Moreover, the ATC System uses blockchain technology. Therefore, Data confirmed and input into the ATC System cannot be modified. This is because the system works as a decentralized network, wherein information is validated across millions of computers. A collection of data is stored in a single block containing a unique signature, called the “Hash,” which is then used in the algorithm to produce the unique signature of the next block. This makes hacking into the system, and unlawful and unauthorized access to the Personal Information, Sensitive Personal Information, and Data, nearly impossible, because tampering with one block will affect the signature of that block and the succeeding blocks
Nevertheless, the Company shall use an intrusion detection system to monitor security breaches. The system shall be programmed in a way that it will alert the Company of any attempt to interrupt or disturb the system. Moreover, the Company shall first review and evaluate software applications before the installation thereof in the computers and devices of
the Company and that of its employees, to ensure the compatibility of security features with overall operations.
The Company reviews security policies, conducts vulnerability assessments, and performs penetration testing on a regular basis being prescribed or as required by, or to be required by the Commission.
The Data Subject’s Personal Information and Sensitive Personal Information may be stored in the region where the Company maintains servers and facilities and the Company ensures that such storage is also compliant with the applicable data privacy laws in that state.
The Company utilizes standard manual and computerized methods and systems to file, store and process Personal Information. Collection and Processing of Personal Information will be undertaken in accordance with the principles set out in this Policy and as required by law.
The Company will only retain Personal Information and Sensitive Personal Information as long as necessary for the fulfillment of those purposes specified by the Company under this Policy, subject to the provisions of existing laws of the applicable jurisdiction. Generally, if practicable, they will be stored in a database for the required number of years (after inquiries, requests, complaints, etc. are acted upon) after which physical records shall be disposed of through shredding, while digital files shall be anonymized.
The Company uses external tools to improve the performance and functionality of the site. These tools are provided by a third party, who only collects
C. DISCLOSURE AND SHARING
Recipients of Personal Information and Sensitive Personal Information that the Company collects include persons within the Company or its principals, directors, officers, stockholders, employees or representatives, service providers, contractors, consultants and other persons involved in the business or operations of the Company (including any affiliates or related companies), and third parties to whom the Company has outsourced or may outsource certain business or operating activities, advisers, and service providers, in order to achieve the purposes. The Company may also disclose information, whether intended to be kept confidential or not, upon lawful request by a governmental authority, in response to a court order, or when required by applicable law.
Personal Information and Sensitive Personal Information, obtained by the Company from the Client shall only be available to the following third parties, who are also bound to protect the Client’s Personal Information and to use them only for the purposes for which they are disclosed, to wit:
a.Banks, financial institutions, credit agencies or credit bureaus, for the purpose of verifying authenticity of information provided by the Client or to address queries relating to
b.Counterparties and their respective banks in relation to fund transfers, payments, and other transactions;
c.Agents, contractors, third party service providers, or
d.Regulatory or government agencies, such as but not limited to Bangko Sentral ng Pilipinas and the
The Company shall ensure that all such recipients of Personal Information and Sensitive Personal Information, except the regulatory or government agencies, which have its own policies and regulations regarding the management of personal, sensitive personal and/or confidential information, shall maintain confidentiality and secrecy of all such information that come to their knowledge and possession, even after resignation, termination of contract, or other contractual relations. Personal Information and Sensitive Personal Information under the custody of the Company shall be disclosed only pursuant to a lawful purpose, and to authorized recipients of such data. Moreover, these persons are also required to be bound by the confidentiality of all the information which they have access to by requiring them to comply with any and all laws, rules and regulations governing data privacy protection.
(i)Cookies and how the Company uses them
A cookie enables the Company’s website to identify a Client’s or User’s computer as the latter views different pages of the Company’s website.
Cookies allow websites and applications to store a Client’s or User’s preferences in order to present content, options or functions that are specific to a Client or User. They also enable the Company to see information like how many people use the website and what pages they tend to visit.
•Analyze its web traffic using an analytics package. Aggregated usage data helps the Company improve the website structure, design, content and functions.
•Identify whether a Client or User is signed in to the Company’s website. A cookie allows the Company to check whether a Client or User is signed in to the site.
•Test content on the Company’s website. For example, 50% of the Users might see one piece of content, the other 50% a different piece of content.
•Store information about a Client’s or User’s preferences. The website can then present a Client or User with information and ads that a Client or User may find more relevant and interesting.
•To recognize when a Client or User returns to the Company’s website. The Company may show a Client’s or User’s relevant content, or provide functionality he/she used previously.
•Cookies do not provide the Company with access to a Client’s or User’s computer or any information about a Client or User, other than that which a Client or User chooses to share with the Company.
Cookies may nevertheless be deactivated through the usual modes of deletion and as provided above.
All information regarding the Clients and Users of the ATC System shall be automatically deleted from the ATC System’s database upon the Client/ User’s deregistration from the ATC System. All officers, directors, employees, representatives, agents, service providers, contractors, consultants and any other person involved in the business or operations of the Company shall no longer have access to a Client’s and/or User’s information and data after the Client’s and/or User’s deregistration and the deletion of his or her data from the app’s database.
Unless otherwise provided under the law then in effect, all other information collected which are not otherwise pertinent or necessary for the operation of the Company or the ATC System shall not be retained for a period longer than one (1) year. After such period, all hard copies shall be disposed and destroyed, by shredding or other secured means.
E. INTERNATIONAL DATA TRANSFERS
The Personal Data may be stored and processed in and transferred between any of the countries in which the Company makes use of cloud services in order to enable it to use the information in accordance with this Policy. In which case, the Personal Data may be shared with the person or entity maintaining and providing such cloud services.
VI. BREACH AND SECURITY INCIDENTS
A. DATA BREACH RESPONSE TEAM
The Company has created a Data Breach Response Team (the “Team”), comprising of the Data Protection Officer as Head of Team, and three (3) other employees. The Team shall be responsible for immediate action in the event of a security incident or personal data breach. The Team shall conduct an initial assessment of any incident or breach in order to ascertain the nature and extent thereof. It shall also execute measures to mitigate the adverse effects of the incident or breach.
B. PRIVACY IMPACT ASSESSMENT
The Company regularly conducts Privacy Impact Assessments in order to identify risks in the processing system, update the system if necessary according to the assessment, and to regularly monitor the same for security breaches.
C. RECOVERY AND RESTORATION OF PERSONAL DATA
The Company always maintains a backup file for all personal data or information under its custody. In the event of a security incident or data breach, the Team or any member thereof designated by the Data Protection Officer regularly monitors the comparison of the backup file with the affected file, to determine the presence of any inconsistency or alteration that may have resulted from the security incident or data breach.
D. NOTIFICATION PROTOCOL
The Data Protection Officer shall inform the management of the Company of the need to notify the Commission and the data subjects affected by the security incident or data breach within the period prescribed by law or regulation by the Commission. The Company may decide to delegate the actual notification to any member of the Team.
E. DOCUMENTATION AND REPORTING
The Team shall prepare a detailed documentation of every security incident or data breach encountered, as well as an annual report, to be submitted to the management of the Company and the Commission, within the period prescribed by law or regulation by the Commission.
VII. RIGHTS OF THE DATA SUBJECT
The Client, User, and/or Data Subject are hereby reminded of their rights in relation to the collection, processing, and storage of their Personal Data as follows:
•The right to be informed
As a Data Subject, the latter has the right to be informed that his/her personal information shall be, are being, or have been processed. This Policy serves as the
Company’s notice to the User or Client that his/her personal information shall be collected for the declared purposes.
•The right to access
Concomitant to a Data Subject’s right to be informed, the latter also has a right to gain reasonable access to his/her Personal Information and Sensitive Personal Information that the Company collects and processes. For this purpose, the User or Client is given access to his Personal Information and Sensitive Personal Information and may amend the same from time to time as he/she deems fit.
•The right to object
A Data Subject has the right to object to the Processing of his/her Personal Information and Sensitive Personal Information, including Processing for direct marketing, automated processing or profiling.
A Data Subject likewise has the right to be notified and given an opportunity to withhold consent to the Processing in case of changes to the information given to a Data Subject regarding the Processing of his/her information.
For the foregoing purposes, the Data Subject may contact the Data Protection Officer of the Company or access his Personal Information and request limitation on the Processing of the Data Subject’s personal data.
•The right to erasure or blocking
A Data Subject has the right to suspend, withdraw or order the blocking, removal or destruction of a Data Subject’s Personal Information and Sensitive Personal Information upon discovery and substantial proof that:
oA Data Subject’s personal information is incomplete, outdated, false, or unlawfully obtained;
oIt is being used for purposes the Data Subject did not authorize;
oThe data is no longer necessary for the purposes for which they were collected; o The Data Subject has decided to withdraw consent, or the Data Subject objects
to its Processing, and there is no overriding legal ground for its Processing;
o The data concerns personal information prejudicial to the Data Subject - unless justified by freedom of speech, of expression, or of the press; or otherwise authorized;
o The Processing is unlawful; or
o The Data Subject’s rights as a data subject have been violated.
In case the User or Client decides to withdraw his/her consent to the Processing of his/her Personal Information, and depending on the nature of his/her consent or withdrawal, the Company may no longer be in a position to continue to provide products and services to the User or Client to further deal with the latter.
•The right to damages
A Data Subject has the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of Data Subject’s Personal Information, taking into account any violation of the Data Subject’s rights and freedoms as a data subject.
•The right to file a complaint
A Data Subject may also file a complaint in accordance with best practice and depending upon where the data subject is and the laws to which the Company may be subject to in accordance with the applicable law.
The Data Subject has a right to lodge a complaint with his or her local supervisory authority if he or she has concerns about how the Company is Processing his or her personal information.
•The right to rectification
A Data Subject has the right to dispute any inaccuracy or error in his/her Personal Information and call the attention of the Company to correct it immediately, unless the request is vexatious or unreasonable. Once corrected, the Company will ensure that the Data Subject will have access to both new and retracted information. The Company shall also ensure the simultaneous receipt of the new and the retracted information by the recipients thereof.
•The right to data portability
Where a Data Subject’s Personal Information is processed by electronic means, the Data Subject has a right to obtain a copy of his/her Personal Information in an electronic or structured format that is commonly used and allows for further use.
The Client and/or Data Subject recognize that the abovementioned rights shall be subject to and without prejudice to the provisions of the Company’s AML Policy and the KYC Policy.
VIII. CLIENT’S RESPONSIBILITIES
A. SAFEGUARDING OF VC WALLETS AS WELL AS
In ensuring the security of the Client’s assets and
a)To promptly update his/her/its information in the ATC System in case the previously provided and/or registered
b)To supervise, manage and control the confidentiality of your nominated User ID and Passwords. It is the Client’s responsibility to assume liability for any loss or damages
that may arise due to negligence and failure to keep and secure the User ID and password.
c)To keep themselves updated on the recommended procedures to safeguard their wallet and
For ATC Remittance: https://atcremit.ph/about/html/new/062409543623.html and https://atcremit.ph/about/html/new/062409543624.html
For ATC Exchange: https://atcex.ph/help/list/SspZGblFb025GKO2iAHsgw?IsVideo=2&Keywords =Safety and https://atcex.ph/help/detail/RoV3crNY002TBki6sF_0kQ?IsVideo=2&Keywor ds=Beginner%27s%20guide
IX. PROBLEM RESOLUTION PROCEDURE
In case the Client reasonably believes that his/her/its rights enunciated under this Policy have been violated, or in case the of a security incident or personal data breach, and the Client reasonably believes that he/she/it has suffered pecuniary damages, the Client shall promptly notify ATC of such violation and/or damage within
The recipients of the Personal Information and Sensitive Personal Information shall operate and hold personal data under strict confidentiality. They are required to sign
The Company shall have the right to modify, update, or amend the terms of this Policy at any time by updating the copy thereof as uploaded to the ATC System. The continuous use of the ATC System, or the communication between the Company and the Client, signifies the Client’s
acceptance of the modifications, updates, or amendments to the terms of this Policy. The terms of this Policy shall be subject to such laws and implementing rules as may be promulgated by the relevant regulatory agencies from time to time.
The Company will make readily available to you information about its policies and practices relating to the management of your personal information. Should you have further questions or concerns, you may contact our Data Protection Officer (DPO) through the following:
You may also contact ATC’s customer service:
1. Via personal visit to the Main Office Address of ATC 17F The Bonifacio Prime 20th Drive Mckinley Business Park, Bonifacio Global City Taguig City Metro Manila
2.Via teleconference. For this purpose, the contact number of ATC is (02) 8262526 or (02) 85611756.
4.Via instant messaging:
a. Facebook: https://www.facebook.com/AtomtransTechCorp/;
b. Twitter: @ATCRemittance; and
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.
qI have read this Policy, understood its contents and consent to the processing of my personal data. I understand that my consent does not preclude the existence of other criteria for lawful processing of personal data, and does not waive any of my rights under the Data Privacy Laws.