Data Privacy Policy

At ProTech Devices, we respect your privacy and are committed to protecting your personal data. As an electronics product insurance provider, we process your information in accordance with the General Data Protection Regulation (GDPR) and the Philippines Data Privacy Act of 2012 (DPA), as well as other applicable data protection laws.

This Privacy Policy explains how we collect, use, store, disclose, and protect your information.

1. Scope

This Policy applies to all personal data we collect from:

  • Policyholders and customers
  • Prospective customers
  • Website, app, and digital platform users
  • Business partners, intermediaries, and service providers

2. Information We Collect

We may collect and process the following types of personal data:

  • Personal Identification Data: Name, date of birth, contact details, government-issued IDs (where required).
  • Insurance & Financial Data: Policy details, claims information, payment and billing records, premium data.
  • Technology & Business Data: Device details, IT systems covered under insurance, incident/claim reports related to technology or cyber risks.
  • Digital Interaction Data: IP address, device/browser details, usage logs, cookies, and analytics.

3. Purpose of Processing

We process your personal data for the following purposes:

  • To underwrite, administer, and deliver technology insurance products and services
  • To evaluate risk and process claims
  • To verify your identity and prevent fraud or cybercrime
  • To comply with applicable laws, regulations, and lawful orders
  • To improve customer service, user experience, and platform functionality
  • To improve reach through targeted marketing campaigns and advertisements (with your consent, where required)

4. Legal Basis for Processing

We rely on the following lawful bases for processing your data:

  • GDPR Article 6(1)(b): Contractual Necessity – for policy issuance, claims handling, and service delivery
  • GDPR Article 6(1)(c): Legal Obligation – to comply with regulatory, tax, and anti-fraud requirements
  • GDPR Article 6(1)(f): Legitimate Interests – for fraud prevention, service improvement, and business continuity
  • GDPR Article 6(1)(a): Consent – for marketing communications and optional services
  • DPA Section 12 – for processing necessary to fulfill a contract, comply with law, protect lawful interests, or with data subject consent

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Insurance carriers, brokers, and reinsurers
  • Technology and cybersecurity partners supporting risk assessment and claims
  • Regulatory and supervisory authorities, as legally required (e.g., National Privacy Commission in the Philippines, EU Supervisory Authorities, and equivalent regulators in jurisdictions where we operate)
  • Third-party service providers bound by data processing agreements and strict confidentiality/security obligations
  • Professional advisors (legal, compliance, auditors)
  • Where cross-border data sharing is necessary, we ensure it is done lawfully, transparently, and in accordance with applicable data privacy regulations in each jurisdiction where we operate.

6. International Data Transfers

As part of our global operations, your personal data may be transferred to, stored in, or processed in countries outside your home jurisdiction, including but not limited to the European Union, the Philippines, Sri Lanka, Brunei, Mongolia, Myanmar, Vietnam, Nepal, and Pakistan.

When we transfer personal data internationally, we comply with:

  • GDPR Chapter V – by using adequacy decisions, Standard Contractual Clauses (SCCs), or equivalent safeguards.
  • Philippines Data Privacy Act (DPA) – by ensuring compliance with National Privacy Commission (NPC) guidelines on cross-border data transfers.
  • Local Data Privacy Laws – including applicable requirements in Sri Lanka, Brunei, Mongolia, Myanmar, Vietnam, Nepal, Pakistan, and any other jurisdiction where Protech conducts business.

To ensure protection across all regions:

  • Transfers are limited to recipients who can demonstrate compliance with data protection standards that are materially similar to GDPR/DPA principles (lawful, fair, transparent, purpose-specific, limited, accurate, secure).
  • Appropriate legal instruments (e.g., contractual commitments, regulatory approvals, or government-mandated safeguards) are applied before transfers take place.
  • Data subjects will be informed, where required, of transfers that involve their personal information.

By using our services, you acknowledge that your personal data may be transferred internationally in accordance with these safeguards.

7. Data Security

We implement technical, organizational, and physical safeguards to protect personal data, including:

  • Data encryption (in transit and at rest)
  • Multi-factor authentication and secure access controls
  • Continuous system monitoring and intrusion detection
  • Regular vulnerability assessments and penetration testing
  • Employee training and strict confidentiality obligations

8. Data Retention

We retain personal data only as long as necessary for:

  • Providing services and fulfilling contractual obligations
  • Compliance with legal and regulatory retention requirements
  • Resolving disputes and enforcing agreements

When retention is no longer necessary, we securely delete, anonymize, or pseudonymize data.

9. Your Rights

Under the GDPR and the Philippines DPA, you have the right to:

  • Access your personal data and request a copy
  • Correct/Rectify inaccurate or incomplete information
  • Delete/Erasure of personal data (subject to legal obligations)
  • Restrict Processing in certain circumstances
  • Object to processing, including for direct marketing
  • Data Portability (for GDPR-covered users)
  • Withdraw Consent at any time (without affecting prior lawful processing)

You may exercise these rights by contacting us at isdp@protechdevices.com We will respond in accordance with GDPR timelines (generally within 30 days) and DPA requirements.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to improve user experience, analyze performance, and deliver personalized services. You may adjust cookie preferences in your browser settings.

11. Data Breach Notification

We take all personal data breaches seriously. A personal data breach is any incident that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

Our Procedure:

1. Assessment:

  • Upon discovery of a potential breach, our Data Protection Officer (DPO) and incident response team will immediately investigate the scope, cause, and impact.

2. Containment and Mitigation:

  • We will take urgent steps to contain the breach, prevent further unauthorized access, and mitigate risks to affected individuals.

3. Notification (GDPR & DPA Compliance):

  • Under GDPR Article 33, if the breach is likely to result in a risk to individuals’ rights and freedoms, we will notify the relevant Supervisory Authority within 72 hours of becoming aware of it.
  • Under the Philippines Data Privacy Act (NPC Circular 16-03), if the breach involves sensitive personal information and is likely to result in harm, we will notify the National Privacy Commission (NPC) and affected individuals within 72 hours upon knowledge or reasonable belief of such breach.

4. Communication to Affected Individuals:

  • Where the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.
  • The notification will include details of the breach, likely consequences, and measures taken to address and mitigate risks.

5. Documentation:

  • All breaches, regardless of severity, will be recorded and documented internally, including facts of the breach, its effects, and remedial actions taken.

12. Policy Updates

We may update this Privacy Policy to reflect changes in business practices, laws, or regulations. Significant updates will be communicated via email, platform notifications, or on our website.

13. Contact Us

We may update this Privacy Policy to reflect changes in business practices, laws, or regulations. Significant updates will be communicated via email, platform notifications, or on our website.

For any concerns or to report a suspected breach, please contact our Data Protection Officer (DPO):

Temasek International Trading Corp – Information Security

OfficerEmail:isdp@protechdevices.com

Phone: +63 02 70021213

Address:High Street South Corporate Tower Plaza 1, Unit 2116, 26th Street cor 9th Ave. BGC, Taguig, Philippines 1635