PRIVACY NOTICE

Metro Pacific Tollways Corporation ("MPTC", "We", "Us") respects your fundamental right to privacy and we commit to take great care in safeguarding your personal data. Throughout your use of our products and services, we collect and keep some information about you. In accordance with applicable privacy laws, we share with you the general principles that govern how we collect, use, and share your personal data, as well as our privacy practices.

Why we collect your personal data

When we process your personal data, we do so under the following legal bases and for the purposes set out below:

A. We collect and process your personal data when you submit inquiries, requests, or concerns based on your consent:

  • We collect your name, email address, and phone number when you manually or electronically contact us for documentation, proper processing, and to enable us to address your inquiries, requests, or concerns, or whenever appropriate, endorse them to the relevant internal units, subsidiary or affiliate company for action and response.

B. We process your personal data based on our legitimate interest to function effectively as a business, except when your fundamental rights and freedoms override our interests. Such interests, include, among others:

  • To continuously improve our business and operations. We may collect personal information about you from sources such as MPTC's subsidiaries, affiliates, and business partners to whom you have also given your consent for them to share your information to analyze how you use products and services to help us provide customer care activities, investigate and resolve your requests and concerns, monitor the quality and security of our infrastructure and network, and plan for future growth. We may also process your personal contact details and publish them in an internal directory listing, in order to effectively communicate with you and provide you with necessary assistance.
  • To manage the security of our business operations. We may process your personal data to conduct IT security operations, to manage our assets, and for business continuity, disaster recovery, and audit purposes.

In pursuit of the above interests, our activities include monitoring our network with the assistance of automated tools (e.g., firewalls) capable of comparing suspicious data transmission with known threats to deter cyber-attacks, and detect and prevent fraudulent schemes. During such monitoring, we may analyze traffic data, and as necessary, details relating to my identity, contact information, service usage, device information, and communication content. Should you commit any cyber-attack, fraud, or similar schemes, MPTC shall block your access to the services without prior notice.

  • Use of Cookies. We use cookies to personalize our website content, provide social media features, analyze how our site is used, and give you a better experience. We do not share personal information with third parties without the knowledge and consent of our data subjects and an appropriate data sharing agreement.

C. We may process your personal data for additional purposes and activities that are completely optional. We only proceed with the performance of these activities when you give your specific consent for us to do so. Should you consent to any of these additional activities, you can also freely object to and withdraw your consent at any time.

  • We may collect personal information about you from third-party sources such as MPTC's subsidiaries, affiliates, and business partners, to whom you have also given your consent for them to share your information to analyze how you use our website, and other products and services to get a deeper understanding of and anticipate your personal needs and interests.

When we disclose your personal data

There are some instances where we may be required to disclose your personal data to our agents, subsidiaries, affiliates, business partners, and other agencies and service providers as part of our regular business operations and to provide our products and services.

This means we might share your information with:

  • Our service providers, contractors, and professional advisers. This includes partner companies, organizations, or agencies, and their sub-contractors, e.g., MPT Digital Inc. and Kayana Solutions Inc.
  • Our subsidiaries and affiliates with whom you also have an account with. We share information about how you use our network, products, and services for the improvement of our respective legitimate business purposes and operations.
  • Other companies to whom you have given us consent to share your information with. For example, when you sign up for products and services offered by other companies, they may request for information from us in order for them to validate your identity.

In these cases, we ensure that your personal data is disclosed on a confidential basis, through secure channels, and only in compliance with applicable privacy laws and regulations. We will never share, rent, or sell your personal data to third parties outside of MPTC, except in special circumstances where you may have given your consent and as described in this Notice.

When we disclose your personal data with the Government and other duly authorized entities, as may be required by law or legal processes, we ensure that your personal data is protected and shared according to the rules and regulations and Government guidelines, where such is available.

How we protect your personal data

The integrity, confidentiality, and security of your personal data are important to us. That's why we strictly enforce this Privacy Notice within MPTC and have implemented technical, organizational, and physical security measures that are designed to protect your information from unauthorized or fraudulent access, alteration, disclosure, misuse, and other unlawful activities. These are also designed to protect your information from other natural and human dangers.

We also put in effect the following safeguards:

  • We keep and protect your information using a secured server behind a firewall, encryption, and security controls;
  • We keep your information only for as long as necessary for us to provide services to our users, for our legitimate business purposes, to comply with applicable laws, and for special cases that will require the exercise or defense of legal claims;
  • We restrict access to your information only to qualified and authorized personnel who are trained to handle your information with strict confidentiality;
  • We undergo regular audits and rigorous testing of our infrastructure's security protocols to ensure your information is always protected;
  • We promptly notify you and the National Privacy Commission, when sensitive personal data that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person;

What your choices are

You are afforded certain rights in relation to your personal data under the Data Privacy Act of 2012 (Republic Act No. 10173). You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:

  • Request access to the personal data we process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data.
  • Request a rectification of your personal data: this right entitles you to have your personal data corrected if it is found to be outdated, inaccurate, or incomplete.
  • Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, such as in cases where your personal data is no longer necessary to achieve the legitimate business purpose of its use or processing.
  • Request the restriction of the processing of your personal data: this right entitles you to request that we only process your personal data in limited circumstances, including with your consent.
  • Request portability of your personal data: this right entitles you to receive a copy of personal data that you have provided to us (in a structured, commonly used and machine-readable format). This includes requests for us to transmit a copy of such personal data to another company, on your behalf.

Moreover, you have a right to object to the processing of your personal data, such as in cases when we process your personal data based on our legitimate interests or for purposes requiring your consent.

To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time. Please note that this will not affect the lawfulness of the processing that was carried out before you withdrew your consent or MPTC's right to continue parts of the processing based on other legal bases than your consent. If, however, we have not provided you with another legal basis justifying the processing of your personal data in this privacy statement, we will stop the processing and delete your personal data.

To exercise any of the above rights, you may get in touch with our Data Privacy Officer through the contact details provided below.

If, despite our commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage you to come to MPTC first so that we can work together to resolve your complaint.

Metro Pacific Tollways Corporation
5th Floor, Rockwell Business Center Tower 1,
Ortigas Avenue, Pasig City
Email: dataprivacyoffice@mptc.com.ph

Changes to our Privacy Notice

From time to time, we may update this Privacy Notice to comply with changes in applicable laws, to comply with government and regulatory requirements, to adapt to new technologies and protocols, to align with industry best practices, and for business purposes.

This Privacy Notice is effective as of August 13, 2025.

DPO Registration Certificate