My Cart

PRIVACY POLICY

Manila Symphony Orchestra Foundation, Inc. (which may be referred to as: “we,” “us,” or “our”) takes your privacy seriously. For this reason, we describe how we collect, use, process, and protect your Personal Data below.

Capitalized terms in this Privacy Policy (the “Policy”) shall contain the same definition as our Terms and Conditions unless the context requires otherwise.

We adopt the definitions of “Personal Information”, “Sensitive Personal Information”, and “Processing” as provided by the Data Privacy Act of 2012 and its Implementing Rules and Regulations (the “DPA”). “Personal Information” and “Sensitive Personal Information” are collectively referred to as “Personal Data”.

Once you consent to our use of your Personal Data, we shall only cease the processing of your Personal Data when you withdraw your consent, or when our processing is unjustified under the Data.

Take the time to read and understand the following carefully. These are important matters, and we wish that you make an informed decision before consenting to our collection, use, and processing of your Personal Data.

A. How we collect and what kind of Information do we Collect.

To sign-up as a member and to subscribe to our newsletters, it is necessary that we process certain information we collect about you. This being the case, we collect your information in the following ways:

Information and content you provide.

We collect your Personal Data when you:
1. Create, register, and maintain a user account with us;
2. Contact us;
3. Interact with our website;
4. Purchase tickets, subscriptions, sponsor, or send donations to us; and
5. Subscribe to become our member.

The Personal Data we collect pertain to your Personal Information and Sensitive Personal Information, such as:
1. Name;
2. Gender;
3. Birthday;
4. City and region where you reside;
5. Contact Details;
6. Payment information (for transactions); and
7. Other metadata for items purchased and subscriptions.

There may also be instances when we may request for data that is not enumerated above, however we will specifically notify you what information we need, and why we need it.

Information we get from the use of our website, Meta-data and Log-in Details.

We obtain metadata on your user profile when you create an account, as well as on items purchased from the site and subscription schedule. Other information obtained are not personally identifiable to you, such as web page traffic data. Our data analytics software does not associate the data with the stored customer profile.

Cookies

“Cookies” are pieces of information that a website transfers to an individual’s hard drive for record-keeping purposes. It allows the website to remember important information to ensure a more-convenient use of our website. We use cookies in order for the website to remember you to keep track of transactions or items in your shopping cart when you purchase tickets from us, make donations, or avail of our sponsorship packages. This will also allow us to confirm if payment is received.

Information from Third Parties

We may contract the services of third-parties to run our website. Consequently, these third-parties may be given access to your Personal Data, but rest assured, they are told to process your Personal Data according to our instructions and only purposes stated herein.

B. How we use this information.

We use the information we have on you: (i) as described below, (ii) to support our obligations under the Terms and Conditions, and (iii) as otherwise provided for and allowed by law.

We use your information for the following purposes, among others:

• To keep you up to date with our concerts and events. We are one of the country’s most active artistic institutions by providing a variety of high-quality classical performances – and we would like you to be the first to know about them.

To notify you of our concerts, we use your Personal Data, such as your email, cellphone number, name, address, age, gender, and the like to provide you with relevant news, newsletters, advertisements, special offers, promotions, discounts, privileges, and other marketing and promotional materials for our events.

We may partner with third parties for certain promotional or marketing campaigns, specialty events, and the like. We may use your Personal Data to inform you of events and marketing campaigns which we think may be of interest to you.

• To allow our third-party service providers serve you better. We may engage the services of third-party persons providers to handle the management of the website. Your personal information, such as your name, gender, birthday, city where you reside, region where you, reside, email address, contact number, and payment information, among others, are passed to these service providers. Rest assured, these service providers only process your Personal Data to the extent that we instruct them to.

• To comply with law and regulation. There may be instances where we have to process your data in order to comply with law, legal processes, and/or other regulations, to prevent imminent harm to public security, public safety, public order, to fulfill functions of public authority which necessarily includes the processing of Personal Data for the fulfillment of its mandate.

We may also use your personal information to prevent fraud and/or other criminal acts.

• To protect our lawful rights and interests in court proceedings. We may use your Personal Data when it becomes necessary or beneficial for the protection of our lawful rights and interest in any arbitration, court proceedings, or the establishment, exercise, or defense of any and all legal claims and defenses.

• Research. One way for us to serve you better is to conduct research. We collect and use aggregated data and analytics which we may share with our affiliates, service providers, subsidiaries, business partners, and the like. These entities help us research, analyze, and evaluate our Offerings, which help us improve what we offer.

The data that we sent to these entities is anonymized – meaning we use commercially available and reasonable means and efforts, to remove and obscure your personally identifiable information.

C. How your information is shared and to whom do we share your data

In some instances, we may share your Personal Data to people and entities that we trust such as:

• To our Trusted Service Providers and Contractors. We may disclose the Personal Data that you provide us to our trusted third-party service providers and/or contractors, who perform functions, services, and activities for us, or directly for you on our behalf (“Trusted 3rd Parties”).

We will only provide these Trusted 3rd Parties with the information that is necessary for them to effectively perform their services, functions, and/or activities. Furthermore, these Trusted 3rd Parties are prohibited from using your Personal Data for purposes outside our instructions, and they are under the obligation to abide by the terms of this Policy.

• To comply with legal obligations. We may be required, ordered, or mandated by a competent public authority to disclose your Personal Data to comply with law, pursuant to a judicial, administrative, or any other official proceeding, to comply with a court order, subpoena, or any other legal process.

• To protect our lawful rights and interests in court proceedings. We may disclose your Personal Data when it becomes necessary or beneficial for the protection of our lawful rights and interest in any arbitration, court proceedings, or the establishment, exercise, or defense of any and all legal claims and defenses.

D. Where we keep your information and how we make sure it’s safe.

Where we keep your data.

We are committed to ensuring that personal information and sensitive personal information obtained from you are safe. We use a trusted 3rd-party cloud server hosting facility in the United States where the website is hosted.

How we keep your data safe.

When it comes to data security, we look after both digital and physical data. ¬We try to secure your Personal Data from unauthorized access, use, disclosure, or processing. To further this goal, we have adopted certain technical and organizational measures necessary to ensure the security of your data.

However, no security system in the world that is impenetrable. Unfortunately, we cannot guarantee the absolute security of our database, but we will take all the necessary measures, according to reasonable industry standards and practice to keep it safe.

While we ensure that we try to keep our systems safe, we cannot control external factors (such as the safety of your computer or mobile phone, the network you are using, the servers you are being routed through, and the like). When you transmit information to us via our website, mobile, or any other online means, we cannot guarantee that your Personal Data will be absolutely secure. Your personal data passes through various channels where it may be intercepted, corrupted, disclosed, or misused. But rest assured that once we receive your information, we will use our implemented safety features and procedures to ensure that your data is kept safe from any unauthorized access.

When we provide you with our services, there may be times that you may come across links that will direct you to other websites. Unless we own, operate, and/or manage these other websites we cannot and do not take responsibility over how they use, process, store, or protect your Personal Data.

E. How long we keep your data.

As may be necessary pursuant to law.

We may store your Personal Data for the period prescribed by law to process any claims or actions relating to your data and/or your use of our services. We may also store and keep your data for the period required by laws, regulations, and legal obligations.

The periods as stated in this section may be extended if there is a legal obligation and/or requirement to do so.

F. What are your rights and how you can exercise them.

Under the Data Privacy Act of 2012, you as a data subject have eight (8) rights. Below is a brief description of your rights and how you can enforce them.

Rights Under the DPA How you can exercise them

Right to be Informed

You have the right to be informed if your Personal Data was, is, or will be processed.
Before we process your Personal Data we will inform you of what Personal Data we collect and the purposes of such collection.

This is usually contained in documents that we provide to you, such as the Terms and this Policy. Please make sure to read and understand them to ensure that you are fully informed.

Right to Access

You may ask us to provide you any and all data that we may have on you. However, we may charge you for the reproduction costs.

If you want to exercise this right, you must do the following:
1. Submit a notarized written request to our contact details below, attaching the same identification card used in the notarization.
2. State in your written request that you wish to exercise your Right to Access in accordance with the Data Privacy Act of 2012.
3. Specify in the written request:
a. What Personal Data you wish to inquire about,
b. Through what means you wish us to send your Personal Data to you (email, courier service, etc. We will not send Personal Data through fax), and
c. Your contact information that we can use to communicate with you.
4. We will inform you of our decision on your request fifteen (15) days from our receipt of your written request.
5. If we grant your data request, we will send an invoice representing the anticipated costs that we will incur for the collation, reproduction, duplication, and releasing of your Personal Data in our possession. You will have fifteen (15) days from your receipt of the invoice to settle payment. We will release your data request ten (10) days from our receipt of payment. Furthermore, if the data request is sent through couriers, the reckoning point for our compliance with the ten-day period is date of delivery to the courier, and not your receipt of your data request.
6. The release of the data request will only be made to the person whose Personal Data is subject of the data request. A notarized authorization letter shall be required if the data request will be released to a third-party.

Note: We may reject your request if the procedures above are not followed. In which case, you would have to re-submit your request in a manner compliant with the above.

Right to Object

You have the right to object to the processing of your Personal Data, and determine the extent of our processing activities.

If you wish for us to stop processing your Personal Data.

1. Submit a written request to our contact details below, attaching a valid government-issued ID.
2. State in your written request that you wish to exercise your Right to Access in accordance with the Data Privacy Act of 2012.
3. We will inform you of our decision on your request fifteen (15) days from our receipt of your written request.

Right to Erasure or Blocking

You have the right to tell us that you no longer want us to process your data, withdraw your data from our system, or you want all of the Personal Data we have on your destroyed.

To exercise this right you must provide the proof required by Section 34 (e)(1) of Implementing Rules of the Data Privacy Act of 2012.
If you want us to erase data that we have on you, or you no longer want us to process your data:

1. Submit a written request to our contact details below, attaching a valid government-issued ID.
2. State in your written request that you wish to exercise your Right to Access in accordance with the Data Privacy Act of 2012, and that you wish to unsubscribe.
3. We will inform you of our decision on your request fifteen (15) days from our receipt of your written request.

Right to Rectify

If any Personal Data we have on you is inaccurate or wrong, you have the right to have us correct it, unless your request is vexations or otherwise unreasonable.

If you wish for us to correct/rectify Personal Data that we have on you, the following procedure must be followed:
1. Send a notarized written request to our DPO along with a copy of any valid government issued ID with a picture and signature.
2. State in your written request that you wish to exercise your Right of Rectification in accordance with the Data Privacy Act of 2012.
3. Specify and attach the following to the written request:
a. The erroneous data that you wish to have corrected;
b. Summary of the correct data to be entered;
c. Documentary proof supporting the correction;
d. A statement certifying that the documentary proof submitted is genuine and a true and correct copy of the original.
4. Have this written request received our DPO, or his/her duly authorized representative.

Special Considerations:
1. We may reject your request if the procedures above are not followed. In which case, you would have to re-submit your request in a manner compliant with the above.
2. We reserve the right to refuse your request for rectification if it is vexatious or otherwise unreasonable.
3. We may deny your right to rectification if the suggested corrections are not supported by or inconsistent with the documentary proof.

Right to Data Portability

You have the right to obtain and electronically move, copy, or transfer your Personal Data in a secure manner for further use. Note, that we may charge you the reproduction costs if you choose to exercise this right.

If you want to exercise this right, you must do the following:
1. Submit a notarized written request addressed to our DPO, attaching the identification card used in the notarization.
2. Have this written request received our DPO, or his/her duly authorized representative.
3. State in your written request that you wish to exercise your Right to Data Portability in accordance with the Data Privacy Act of 2012.
4. Specify in the written request:
a. What Personal Data you wish to be made portable;
b. Through what means you wish us to send your Personal Data to you; and
c. Your contact information.
5. From the time that you file your written request, we will respond within fifteen (15) days from our receipt of your written request.
6. If we grant your request, we will send an invoice representing the anticipated costs that we will incur by collating, reproducing, duplicating, and releasing your Personal Data. You will have fifteen (15) days to settle payment from your receipt of the invoice, and we will release your data ten (10) days from our receipt of payment.
7. The release of the data request will only be made to the person whose Personal Data is subject of the data request. A notarized authorization letter shall be required if the release of the data request will be made to a third-party.

Note: We may reject your request if the procedures above are not followed. In which case, you would have to re-submit your request in a manner compliant with the above.

The contact details of our DPO are as follows:
Email Address: privacy@manilasymphony.com
Telephone Number: (02) 8523-5712

When a written request is required for the exercise of your rights, you may send these written requests to the following addresses:
Address: Unit 1404 Marbella Manila Bldg., 2071 Roxas Blvd., Malate Manila