We respect and value your data privacy rights, and we make sure that all personal data collected from you on INVESTA (the “Platform”) are processed in adherence to the general principles of transparency, legitimate purpose, and proportionality.

This Privacy Policy is meant to inform you of our data processing and security measures, and may serve as your guide in the performance of your obligations and in the exercise of your privacy rights.

THIS PRIVACY POLICY IS AN INTEGRAL PART OF OUR TERMS AND CONDITIONS. WE RESERVE THE RIGHT TO CHANGE, MODIFY OR AMEND THIS PRIVACY POLICY FROM TIME TO TIME WITHOUT NOTICE. THUS, YOU UNDERTAKE TO PERIODICALLY VISIT AND REVIEW THE SAME FOR ANY AMENDMENTS. YOUR CONTINUED USE OF THE PLATFORM FOLLOWING THE POSTING OF THE AMENDMENTS WILL BE TAKEN AS YOUR ACCEPTANCE OF THE AMENDED PRIVACY POLICY.

We collect your personal data such as, but not limited to, name, address, contact information and financial information as part of account registration, transaction processing and communications in compliance or in accordance with relevant laws. We likewise use cookies and other tracking technologies to save your settings, remember your preferences, store your transactions, improve security, gather statistics and enhance your experience on the Platform by collecting certain data such as unique identifiers, browser information, device information, operating system, network information, location information, IP address, crash reports and system activity.

Personal data collected shall be used by the company for purposes of account registration, transaction processing, communications, compliance with relevant laws, saving your settings, remembering your preferences, storing your transactions, improving security, gathering statistics and enhancing your experience on the Platform. We may combine the data we collect among our services, across your devices and from third parties for the said purposes.

We reasonably ensure that personal data under our custody are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. We implement and update appropriate security measures in storing collected personal data depending on its nature. All information gathered shall be retained only for as long as necessary for the fulfillment of the purposes for which the specific data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law.

Only our authorized personnel shall be allowed to access your personal data for any legal and legitimate purpose. You likewise have the right to access, review and change your personal data. If allowed by relevant law or regulation, you also have the right to delete your personal data. You may do all the foregoing through the Platform if applicable, or by reaching us through the email provided below.

As on online intermediary between you as the investor and the chosen mutual fund company as the investee, you agree that we share your relevant personal data to the appropriate mutual fund companies and other third parties, including payment solution companies, to be able to process your transactions. You likewise agree that we may share your personal data to any of our subsidiaries, parent, affiliates, offices, branches, agents and representatives to simplify the process of your transactions and improve the delivery of our services. We may also disclose relevant personal data as may be required by law or regulation.

As on online intermediary between you as the investor and the chosen mutual fund company as the investee, you agree that we share your relevant personal data to the appropriate mutual fund companies and other third parties, including payment solution companies, to be able to process your transactions. You likewise agree that we may share your personal data to any of our subsidiaries, parent, affiliates, offices, branches, agents and representatives to simplify the process of your transactions and improve the delivery of our services. We may also disclose relevant personal data as may be required by law or regulation.

We organize trainings and briefings on data privacy and security at least once a year for all personnel directly involved in the processing of personal data. We likewise execute Non-Disclosure Agreements with all our employees with access to personal data.

Personal data in our custody shall be in electronic format unless otherwise required by law. Electronic data and files are stored on our physical and/or cloud servers while paper-based documents are kept in locked filing cabinets.

We limit the physical access of data and files only to authorized personnel. Other personnel may be granted access to the relevant data and files by submitting a formal request to the authorized personnel and with the approval of the relevant officer.

There is a prior review and evaluation of all software applications before their installation in our office computers and devices to ensure the compatibility of security features with our operations. We use encryption to keep your data private and secure, and each personnel with access to such data verifies his or her identity using a secure encrypted link and multi-level authentication.

We use an intrusion detection system to monitor security breaches and to be alerted of any attempt to interrupt or disturb the system. Proper maintenance of backups for all personal data is done as part of our measures to prevent or mitigate the effects of any security incident or breach. We regularly and periodically review security policies, conduct vulnerability assessments and perform penetration testing.

All breach and security incidents shall be directly and promptly reported by you or by any of our personnel to the DPO. The DPO shall be responsible for ensuring immediate action in the event of a security incident or personal data breach. The DPO shall deploy all available resources and execute any measures to mitigate the adverse effects of the incident or breach.

The DPO shall inform the management of the need to notify the NPC and the data subjects affected by the incident or breach within the period prescribed by law. The DPO, together with the relevant personnel, shall prepare a detailed documentation of every incident or breach encountered as well as an annual report to be submitted to the management and to the regulators within the period prescribed by law or regulation.

You may inquire or request for information regarding any matter relating to the processing of your personal data under our custody, including the data privacy and security policies implemented to ensure the protection of your personal data. You may contact us at [email protected] so we may assist you.