CUSTOMER DATA

Miescor Builders Inc. (“MBI”) adheres to data privacy principles of transparency, legitimate purpose, and proportionality in processing its clients’ personal information and complies with its data processing privacy standards.

Processing your Personal Data

MBI collects and processes only necessary personal and project-related data, including names, company details, contact information, signatures, and records of communications and transactions, as well as client information, asset records, project details, maintenance data, and contract and billing information, to support business operations and service delivery.

MBI processes customer data primarily to support successful project execution. This includes planning and scheduling, coordination and communication, progress monitoring, and ensuring that all project requirements are met accurately. Customer data enables MBI to manage resources, maintain records, comply with contractual obligations, and provide efficient, reliable services throughout the project lifecycle.

Once a project is awarded and a work order is issued by the client, customer personal data is collected, recorded, organized, stored, updated, retrieved, and used within the system through secure, controlled processes. Data processing is performed strictly on a need-to-know basis and only for declared, legitimate business purposes (e.g., planning, coordination, execution, monitoring), in accordance with company policies and applicable data privacy laws.

Protecting your Personal Data

MBI implements appropriate physical and technical security measures to safeguard personal data. To ensure proper handling, MBI designates data stewards and information asset custodians to oversee compliance with its Data Handling Policy, data privacy laws, and industry standards. Physical records are secured in locked cabinets, and access to storage rooms is restricted to authorized personnel. Electronic data is protected by firewalls, antivirus software, and password-protected systems to prevent unauthorized access, disclosure, or loss.

Retaining Your Data

MBI retains personal data of client customers only for as long as necessary to fulfill the purposes for which it was collected, or as required by law, regulation, or contract, in accordance with MBI’s retention policies, which are designed to comply with applicable data privacy laws and regulations.

CLIENT REPRESENTATIVE DATA

We respect the privacy of our clients' employees, officers, agents, and authorized representatives. We process their personal data in accordance with the data privacy principles of transparency, legitimate purpose, and proportionality, and in compliance with applicable data privacy laws.

Processing Your Personal Data

MBI collects personal information that may include, but is not limited to, full name, company or organization, job title or position, business contact details (e.g., company email address, telephone or mobile number), signatures, and records of communications and transactions related to projects or services. Only personal data necessary for business purposes is collected.

We process client representatives' personal data for communication, coordination, and the preparation and submission of bids and proposals. These purposes may include contract negotiation, execution, and administration; project assessment, evaluation, and planning; project coordination, implementation, and monitoring; site access management, safety compliance, and security requirements; communication and coordination regarding ongoing or future projects; and compliance with legal, regulatory, and contractual obligations.

Personal data is processed by authorized MBI employees and representatives strictly on a need-to-know basis and only for purposes consistent with declared and legitimate business objectives. Data processing may include the collection, recording, organization, storage, updating, retrieval, and use of personal data through secure document management systems and controlled physical records. All processing is conducted in accordance with applicable data privacy laws, company policies, and industry standards.

Protecting Your Personal Data

MBI implements appropriate physical and technical security measures to protect personal data. To ensure proper handling, MBI has designated data stewards and information asset custodians to oversee compliance with its Data Handling Policy, data privacy laws, and industry standards. Physical records are secured in locked cabinets and in storage rooms with restricted access, and access is limited to authorized personnel. Electronic data is protected by firewalls, antivirus software, and password-protected systems to prevent unauthorized access, disclosure, or loss.

Retaining Your Data

MBI retains personal data of client representatives only for as long as necessary to fulfill the purposes for which it was collected, or as required by law, regulation, or contract, in accordance with MBI’s retention policies, which are designed to comply with applicable data privacy laws and regulations.

PROSPECTIVE, ACTIVE, AND SEPARATED EMPLOYEES AND ON-THE-JOB TRAINEES

We value the privacy of our employees and their dependents, as well as our job applicants, on-the-job trainees, and retirees. We collect and maintain their personal data in connection with our prospective, current, and former contracts with them, whether for employment or training agreements. We ensure their information is up to date and kept confidential, even after their separation from Miescor Builders Inc.

Collecting Employee Personal Data

We collect your personal data in the course of, or incidental to, our business with you. This data may include any other information you voluntarily provide to us for any legitimate purpose disclosed at the point of collection, as well as information about you that we receive from third parties and other sources, where the disclosure was subject to consent you gave separately or to a legal requirement.

We collect the following information:

1. Information you submit when you apply to MBI for work or training, including what is contained in your resume or curriculum vitae and application form (e.g., work references);
2. Information we collect during the processing of your application, such as testing results, employment offer, results of character investigation, and pre-employment medical assessment;
3. Information we collect and maintain during your employment, such as your personal information, addresses, education records, professional licenses and permits, and government-issued identification information; payroll information, including but not limited to government-mandated and third party remittances like Social Security System (SSS), Philippine Health Insurance Corporation (PhilHealth), and Pag-IBIG Fund membership and contributions, taxes, bank account information; wages; entitlements and benefits; medical and dental care records; emergency contact information; training and certifications; performance evaluation; sanctions; and employment changes/work history;
4. Information we collect and maintain to facilitate your use of tools, equipment, and software that are related to the performance of your duties and responsibilities; to assist you in any work-related issues that you may encounter as you perform your duties and responsibilities, including troubleshooting of technical problems; to develop ways to improve your work conditions, such as automation of transactions and processes;
5. Information you provide about your dependents/beneficiaries for purposes of, but not limited to, the administration of health maintenance plan, insurance claims, or profiling;
6. Information you provide when you participate in our surveys related to internal business processes, such as but not limited to employee engagement events, sustainability efforts, post-training assessments, and climate surveys;
7. Information we retain after your separation from service, such as but not limited to pension information, retiree eligibility and other benefits, bank account information, addresses, beneficiaries, and emergency contact information; and
8. Information we may record as you perform your duties and responsibilities, strictly limited to photos, videos, and audio files of you in the workplace or in other MBI-sponsored programs that contain your image or voice.

Purposes for the Processing of Personal Information

We store, process, and/or analyze the personal data collected for some legitimate purpose related to or incidental to the conduct of our business, including, but not limited to, maintaining safety and security within MBI premises. Specifically, we may store, process, and/or analyze your personal data for the following and any other legitimate purposes related to the fulfillment thereof:

1. To handle your application for employment or training. We process your personal data to evaluate your eligibility for employment or training, including the verification of your qualifications, employment history, and character references (background checking);
2. To manage our employer-employee or training relationship. We process your data to maintain your employment, on-the-job training, and/or personal records, including your contact information, for operational or administrative efficiency. Specifically for employees, we collect, store, and process your data to administer your pay, statutory and salary deductions, entitlements, and benefits, and those of your dependents or beneficiaries, to conduct your performance reviews and grant rewards, to establish appropriate training and/or developmental interventions including your membership with professional or industry organizations, to monitor your work performance and use of MBI resources, and to conduct internal investigation and/or administer disciplinary action and sanction as necessary;
3. To address or enforce legal claims or obligations arising from an employment contract or training relationship. We process your data to comply with applicable statutory and regulatory requirements and submissions, including processing your work- or labor-related claims (e.g., workers' compensation, insurance claims, etc.). Your personal data may also be processed to enforce our claims or defend our rights in any proceeding arising from our relationship;
4. To improve your welfare, productivity, safety, and security at work. We process your data to develop your health and wellness programs, including the provision of your medical benefits; to conduct employee engagement activities; to create and maintain user accounts that serve as your personalized work credentials and access rights; and to facilitate and maintain overall productivity, safety, and security in the workplace and in all business operations. We also facilitate the payment of your donation to foundations or charitable institutions through deduction from your payroll account and implement corporate social responsibility and other MBI programs or events;
5. To maintain our post-employment relationship. We process your data to administer your pension, retiree eligibilities and other benefits;
6. To prepare publications that feature MBI. We process your images or voice that we may have recorded in the workplace or during your participation in MBI-sponsored activities to give the general public previews on the work culture and workplace environment in MBI;

Processing Employee Information

How do we process employee information?

Employee information managed by the Human Resources Department, including data management activities, is processed by MBI’s mother company through the SAP Human Capital Management (SAP‑HCM) system. Payroll processing is carried out both in-house and in coordination with Meralco. Payroll accounts are processed by Banco de Oro (BDO) Unibank.

Sharing and Disclosure of Your Personal Data

To whom do we disclose your personal data? We disclose your personal data to: (a) employees, authorized representatives, trainees, and consultants; (b) clients, vendors, mother company, and other external parties such as auditors; and (c) government entities, under these details:

• Employees, Authorized Representatives, Trainees, and Consultants. We ensure that our employees and trainees commit to observing the privacy policies of MBI. We require our Authorized Representatives and Consultants to sign a Non-Disclosure Agreement (NDA), to ensure that they process your data confidentially in a manner consistent with the purpose of their employment or engagement.
• Clients, Vendors, Mother Company, and Relevant Third Parties such as Auditors. We require our clients, vendors, mother company, and relevant third parties, such as auditors, to enter into a Data Processing Agreement, Data Sharing Agreement, Outsourcing Agreement, and Non-Disclosure Agreement (NDA), as applicable, to secure and keep your data confidential. We take your privacy seriously, so punitive or legal action will be taken in the event of proven misconduct. Moreover, we do not allow our clients, vendors, parent company, or other relevant third parties to disclose or share your data with others or use it for their own purposes without your consent.
• Government entities. Your information may also be disclosed to government entities pursuant to and in compliance with applicable laws and regulations, subpoena or court order.

To whom do we share your personal data? Unless you provide specific consent or except in instances allowed under Philippine data privacy and protection laws, we will not:

• Share your personal data with other third parties for their own commercial purpose or benefit;
• Use your personal data to enable third-party targeted advertisements unrelated to our business.

If data sharing, including cross-border transfer, is allowed, we shall ensure the protection of your data through appropriate Data Sharing Agreements and commit to giving you prior notice of any such transfer and processing of your data.

Protecting Your Personal Data

How do we protect your data? We have appointed data stewards and information asset custodians to ensure that your data is properly handled and kept secure, in accordance with our Data Handling Policy, data privacy laws, and industry-approved standards.

We are committed to ensuring the integrity, confidentiality, availability, and security of your information. We implement reasonable organizational, physical, and technical security measures to collect, process, transmit, store, and dispose of your personal data, including the use of secure servers, firewalls, and security controls, and by regularly conducting audits and testing our security protocols.

For an enhanced online experience, our services are available on compatible devices, including laptops, PCs, tablets, and mobile phones. For added security, we recommend installing antivirus software on any such device before accessing the internet.

You are responsible for the security of your information once it reaches you or your representative, in any medium, including, but not limited to, written correspondence, bills, emails, system applications, and online accounts.

You should take appropriate measures to ensure that any medium or device you use to monitor or manage your account is secure and not accessible to anyone without permission.

Retaining Your Data

We keep your personal data only for as long as necessary:

• for the fulfillment of the declared, specified, and legitimate purposes provided above, or when the processing relevant to those purposes has been completed or terminated;
• for the establishment, exercise, or defense of legal claims; or
• for other business purposes consistent with standards established or approved by regulatory agencies governing MBI.

Thereafter, your personal data shall be disposed of or discarded in a secure manner that prevents further processing, unauthorized access, or disclosure to any other party or the public.

VENDORS, SUPPLIERS, AND SUBCONTRACTORS

We value the privacy of all our individual vendors, suppliers, and subcontractors, as well as the officers, employees, attorneys-in-fact, and authorized representatives of our corporate service providers. We request the personal data of sole proprietors and other individuals representing our corporate vendors, suppliers, and subcontractors, primarily for accreditation and official correspondence. At the time of data collection, we provide them with an opportunity to review our Privacy Statement and sign acknowledgment forms confirming that they understand how we uphold their rights as data subjects and how we secure copies of their personal data in our possession.

Collection of Personal Data

What personal data do we collect? We collect your personal data in the course of, or incidental to, our business with you. This data may include any other information that you voluntarily provide to us for any legitimate purpose declared at the point of collection, as well as information about you that we receive from third parties and other sources, where the disclosure was subject to consent you gave separately or to a legal requirement.

We will be collecting the following information from you:

• Information you submit to MBI in your application for accreditation, use of the supply chain application system, and/or processing of payments, such as your name, tax identification number, government-issued identification information, address, contact details, educational attainment, work experience, banking information, authorized signatories, a notarized secretary's certificate, and an audited financial statement;
• Information we collect and maintain about you and your employees in relation to the preparation, execution, or fulfillment of your contract with us, and to the development of a single contact directory that may guide MBI, its parent company, and affiliates in coordinating with your representatives for upcoming business partnerships or engagements;
• Information that your employees submit to have access to or perform your services or deliver your products within the premises of MBI.

Purpose of Processing Personal Data

Why do we collect this data? We store, process, and/or analyze the personal data collected for legitimate purposes, related to or incidental to the conduct of our business, including maintaining safety and security within MBI premises.

Specifically, we may store, process, and/or analyze your personal data for the following and any other legitimate purposes related to the fulfillment thereof:

• To establish our business relationship. We process your personal data to evaluate your application for accreditation or as basis for our engagement.
• To conduct business with you. We process your data to enforce our legal and contractual obligations including evaluating or auditing the provision of goods and/or services you provide, and facilitating the payment of your invoices in various payment methods (i.e., Fund Transfer, Corporate Check, Outsourced Check); informing you of our requirements, programs, or advisories; referring you as a potential service provider to our customers; and responding to your questions, comments, and feedback by letter, e-mail, telephone, or other media for internal administrative purposes, such as auditing, data analysis, and database records management. Your data may also be processed to comply with statutory, legal, and regulatory requirements related to our business.
• To maintain your account with us and establish potential business relationship with our Mother Company and Affiliates. We maintain and update your vendor account information and establish details of your authorized contact persons for the goods and/or services you provide. We may also process your data for procurement synergy initiatives, including referring you as a potential vendor to our mother company and affiliates and maintaining a directory as a single point of reference in the pursuit of these initiatives.

Purpose of Processing Personal Data

How do we process your information?

Sharing and Disclosure of Your Personal Data

To whom do we disclose your personal data? We disclose your personal data to: (a) employees, authorized representatives, trainees, and consultants; (b) clients, mother company, and relevant third parties, including auditors; and (c) government entities, under these details:

• Employees, Authorized Representatives, Trainees, and Consultants. We ensure that our employees and trainees commit to observing the privacy policies of MBI. We require our Authorized Representatives and Consultants to sign a Non-Disclosure Agreement (NDA), to ensure that they process your data confidentially in a manner consistent with the purpose of their employment or engagement.
• Clients, Mother Company, and Relevant Third Parties, Including Auditors. We require our contractors, mother company, and business partners to sign a Data Processing Agreement, Data Sharing Agreement, Outsourcing Agreement, and Non-Disclosure Agreement (NDA), as applicable, to secure and keep your data confidential. We take your privacy seriously, so punitive or legal action will be initiated in the event of proven misconduct. Moreover, we do not allow our clients, our mother company, or relevant third parties to disclose or share your data with others or use it for their own purposes without your consent.
• Government entities. Your information may also be disclosed to government entities pursuant to and in compliance with applicable laws and regulations, subpoena, or court order.

To whom do we share your personal data? Unless you provide specific consent or except in instances allowed under Philippine data privacy and protection laws, we will not:

• Share your personal data with other third parties for their own commercial purpose or benefit;
• Use your personal data to enable third-party targeted advertisements unrelated to our business.

If data sharing, including cross-border transfer, is allowed, we shall ensure the protection of your data through appropriate Data Sharing Agreements and commit to giving you prior notice of any such transfer and processing of your data.

Protecting Your Personal Data

How do we protect your data? We have appointed data stewards and information asset custodians to ensure that your data is properly handled and kept secure, in accordance with our Data Handling Policy, data privacy laws, and industry-approved standards.

We are committed to ensuring the integrity, confidentiality, availability, and security of your information. We implement reasonable organizational, physical, and technical security measures to collect, process, transmit, store, and dispose of your personal data, including the use of secure servers, firewalls, and security controls, and by regularly conducting audits and testing our security protocols.

You are responsible for the security of your information once it reaches you or your representative in any medium, including but not limited to written correspondence, bills, emails, system applications, and online accounts. You should take appropriate measures to ensure that any medium or device you use to monitor or manage your account is secure and not accessible to anyone without permission.

Retaining Your Data

We keep your personal data only for as long as necessary:

• for the fulfillment of the declared, specified, and legitimate purposes provided above, or when the processing relevant to the purpose has been completed or terminated;
• for the establishment, exercise, or defense of legal claims; or
• for other business purposes that are consistent with standards established or approved by regulatory agencies governing MBI.

Thereafter, your personal data shall be disposed of or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public.

GUESTS, VISITORS, AND SOCIAL MEDIA USERS

We respect the privacy of any person who visits MBI’s physical offices and other areas where MBI’s properties are located, whether by invitation, upon authorization, or on their own accord. We primarily collect their personal data to establish their identities and monitor their whereabouts while they are inside MBI-owned premises. Unless required by reasons of public safety and orderliness, we neither access nor share any information that might have been stored in our devices, such as closed-circuit television cameras, after the guest or visitor has left MBI-owned premises.

Data Collection

What do we collect? We collect your personal data in the course of, or incidental to the conduct of, our business with you. This data may include any other information that you voluntarily provide to us for any legitimate purpose declared at the point of collection, as well as information about you that we received from third parties and other sources, where the disclosure was subject to a consent that you gave separately or a legal requirement.

We collect the following information from our guests and visitors: (a) information we collect when you enter our premises, such as your name, address, contact number, vehicle type and plate number or conduct sticker number, and identification card details, including government-issued identification information; and (b) information captured by our closed-circuit television (CCTV) installed on our premises, including at entrance and exit points.

Processing Your Information

How do we process your information?

Purpose of Processing

Why do we process your information? We store, process, and/or analyze the personal data collected for legitimate purposes, related to or incidental to the conduct of our business, including maintaining safety and security within the Company premises.

Specifically, we may store, process, and/or analyze your personal data for the following and any other legitimate purposes related to the fulfillment thereof:

• To monitor and/or control your entrance to, or exit from, and activities within, our premises. We process your personal data to facilitate your ingress to and egress from our premises, offices, and facilities, including your vehicles or materials, such as verification of your identity and recording the purpose of your visit. We also monitor your location and activities inside the company premises, including ingress and egress of equipment, vehicles, and materials;
• To enforce safety and security measures and procedures. This includes conducting investigations and imposing sanctions in case of violations of MBI policies and security and safety procedures or the commission of crimes.

Sharing and Disclosure of Your Personal Data

To whom do we disclose your personal data? We disclose your personal data to: (a) employees, authorized representatives, trainees, and consultants; (b) clients, mother company, and relevant third parties, including auditors; and (c) government entities, under these details:

• Employees, Authorized Representatives, Trainees, and Consultants. We ensure that our employees and trainees comply with MBI’s privacy policies. We require our Authorized Representatives and Consultants to sign a Non-Disclosure Agreement (NDA) to ensure that they process your data confidentially and in a manner consistent with the purpose of their employment or engagement.
• Clients, Mother Company, and Relevant Third Parties, including Auditors. We require our contractors, mother company, and business partners, through Data Processing Agreement, Data Sharing Agreement, Outsourcing Agreement, and Non-Disclosure Agreement (NDA), as applicable, to secure your data and keep it confidential. We take your privacy seriously, and punitive or legal action will be initiated in case of proven misconduct. Moreover, we do not allow our clients, our mother company, or relevant third parties to disclose or share your data with others or use it for their own purposes without your consent.
• Government entities. Your information may also be disclosed to government entities pursuant to and in compliance with applicable laws and regulations, subpoena, or court order.

To whom do we share your personal data? Unless you provide specific consent or except in instances allowed under Philippine data privacy and protection laws, we will not:

• Share your personal data with other third parties for their own commercial purpose or benefit;
• Use your personal data to enable third-party targeted advertisements unrelated to our business.

If data sharing, including cross-border transfer, is allowed, we shall ensure the protection of your data through appropriate Data Sharing Agreements and commit to giving you prior notice of any such transfer and processing of your data.

Protecting Your Personal Data

How do we protect your data? We have appointed data stewards and information asset custodians to ensure that your data is properly handled and kept secure, in accordance with our Data Handling Policy, data privacy laws, and industry-approved standards.

We are committed to ensuring the integrity, confidentiality, availability, and security of your information. We implement reasonable organizational, physical, and technical security measures for collecting, processing, transmitting, storing, and disposing of your personal data, such as using secure servers, firewalls, and security controls, and ensuring the regular conduct of audits and testing of our security protocols.

You are responsible for the security of your information once it reaches you or your representative in any medium, including, but not limited to, written correspondence, emails, and social media messages. You should take appropriate measures to ensure that any medium or device you use to monitor or manage your account is secure and not accessible to anyone without permission.

Retaining Your Data

We keep your personal data only for as long as necessary:

• for the fulfillment of the declared, specified, and legitimate purposes provided above, or when the processing relevant to those purposes has been completed or terminated;
• for the establishment, exercise, or defense of legal claims; or
• for other business purposes consistent with standards established or approved by regulatory agencies governing MBI.

Thereafter, your personal data shall be disposed of or discarded in a secure manner that prevents further processing, unauthorized access, or disclosure to any other party or the public.

UPDATING OUR PRIVACY STATEMENT

We update our privacy statement and practices regularly to reflect changes in applicable laws, government and regulatory requirements, and technological, industry, and business practices. We will notify you of these changes whenever applicable.

UPHOLDING YOUR DATA SUBJECT RIGHTS

As an individual whose information we collect and store for our legitimate purposes, you have rights as a data subject under the DPA.

You have the right to be informed about how and why we collect your personal data. You also have the right to access a copy of your personal information in our possession; the right to withdraw consent you previously gave; the right to have your information corrected if you believe it is inaccurate or incomplete; and the right to erase or block your information from our databases.

We also recognize your right to data portability, which is your right to obtain and electronically move, copy, or transfer personal data for further use. Furthermore, we respect your right to file a complaint with the National Privacy Commission and your right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal information.

How do we exercise our data subject rights? We advocate for your right to exercise your data subject rights, and you may use the forms available on this page.