This Privacy Statement informs you how EVERISE HOLDINGS PTE. LTD. (EVERISE) and its affiliated companies collect and process your personal data and what your rights are in relation to such data. This Privacy Statement applies to all information submitted directly or indirectly on this website.

The primary purpose of this website (“Site”) is to be a dynamic resource to help you learn more about EVERISE. When you use our website, we intend to give you as much control as possible over your personal information and we are committed to protecting your privacy. We respect and protect your privacy. It is our goal to explain whom you can contact regarding your concerns about your personal information. Please note that your use of our Site signifies your agreement to be bound by the most recent version of this Privacy Statement. Accordingly, when you use our Site, you should check the date of this Privacy Statement and review any changes we have made from the previous version. In order to make sure that your data is being kept safe, we have also implemented applicable requirements of Regulation 2016/679 EU (the General Data Protection Regulation or “GDPR”), adopted by the European Union, which is in force as of 25 May 2018 and the Philippine Republic Act No. 10173 also known as the Data Privacy Act of 2012 (“DPA”). Our Site may contain links to other third-party websites, including social media sites. Please note that we are not responsible for the privacy practices or the content of those third-party websites when you access them from our Site. As such, we encourage you to read the privacy policies of any third-party website you may access from our Site.

Although you can visit our Site without telling us who you are or revealing any information about yourself, we indirectly obtain your information by keeping track of the domains from which people visit our Site through our website’s technology. We may also need information directly from you, such as your name, email address, title, company name, and country of location to be able to provide you with the information or service you are requesting or to give answers to your questions posted on our Site. We may also collect and process the following information in the following instances:

• We may keep a record of your correspondence if you contact us;
• We may ask you to complete surveys that we use for research purposes although you do not have to respond to them;
• We will also use information about your computer, including your IP address, operating system and browser type, for system administration, to filter traffic, to look up user domains, to report on statistics, to predict usage trends, to conduct market research, and to do data analytics; and
• We will also store or process details of your visits to our website, the pages you view and resources you access or download, including but not limited to, traffic data, location data, weblogs and other communication data.

If you provide us with personal data of another person, you are responsible for ensuring that such person is made aware of the information contained in this Privacy Statement and that the person has given you his/her consent for sharing the information with Everise. We will treat such data as “personal data” when this information directly relates to or reasonably identifies you.

We use personal data to provide you with information that you request, and for other purposes which we would describe to you at the point where it is collected, or which will be obvious to you:

• To fulfill your requests for information or other content;
• For surveys or research questionnaires;
• To personalize your experience at our website;
• To contact you for marketing purposes where you have agreed to this;
• Recruitment;
• Operating and managing our business operations;
• Complying with legal requirements;
• Monitoring your use of our systems;
• Improving the security and functioning of our website, networks and information; and
• Undertaking data analytics to improve business performance.

We also analyze such data for market trends or research and statistics about site traffic. We may also use your IP address or browser information to help diagnose problems with our server, to administer our web site or to help us identify ways to make it relevant. While we do not link IP addresses to any personally identifiable information, we will be able to track which areas of our site the users are visiting. Although the users will be anonymous, usage will be tracked for the above-mentioned purposes. We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is mandatory under applicable laws. To the extent you are asked to click on/check “I accept”, “I agree” or similar buttons, checkboxes or functionalities in relation to this Privacy Statement, doing so will be treated as your consent to process your personal information, only in the countries where such consent is mandated by law. In all other countries, such action will be considered as a mere acknowledgement, and the legal basis of the processing of your personal data will not be your consent but any other applicable legal basis. We will not use your personal data for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorized by law, or it is in your own vital interest to do so.

We collect both electronic and physical personal data from the following sources:

1. Directly from users or clients when they use any of our services on the Site. We also collect such information when customers, among others, contact us through our agents and representatives, for social media monitoring, customer service, customer acquisition, customer retention/loyalty, back office support, non-voice services, care services, and technical support services or when users or clients sign up to receive communications from us, respond to our surveys, participate in events, or we receive queries, requests and complaints from them; and indirectly through third-party sources such as social media sites, publicly available databases and government repositories or from other customers;
2. We also obtain such information when users or clients visit our website as well as when they use our social and digital platforms;
3. When individuals representing or affiliated with our vendors, partners, investors and other business contacts voluntarily provide us with their contact information in order to develop business relations and/or complete legitimate transactions with them; or
4. Directly from job applicants through their curriculum vitae for pre-employment and indirectly from the verification efforts of third-party employee background screening service providers, job search sites or other social media sites and references from previous employers and other third parties.

We only share personal data within our organization, if, and as far as necessary, for the purposes specified in this Privacy Statement. All Everise employees processing personal data are bound by confidentiality agreements. We may transfer personal data to our service providers, consultants, public and governmental authorities or third parties in connection with a potential or on-going corporate or commercial transaction. Such third parties may be located in other countries. But before we do so, we shall take the necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws and Everise internal policies. Sharing of personal data with any third party outside of our organization may occur under any of the following circumstances:

1. When it is necessary for the purpose. We may share personal data with third parties to the extent that the third party’s services or access (through you) requires such disclosure, and your personal data was submitted for such purpose. We may share personal data with our parent company and affiliated companies and other service providers that support us in the realization of the purposes specified in this Privacy Statement, such as by performing data hosting, background check or screening services, government filings, data analytics, payment processing, and implementation of access control systems.
2. When required by law or for legal reasons. We may share personal data with third parties if we have a good-faith belief that their access to and use of the personal data is necessary: (a) to satisfy or comply with any applicable law or court order, (b) to detect, prevent or otherwise address fraud, security or technical issues, or (c) to protect the interests, properties or safety of Everise, our employees, clients and guests, or the public, in accordance with law. We will notify you about such disclosure, if such notification is reasonably possible.
3. In relation to corporate restructuring. If we are in the process of a merger, acquisition or asset sale, we may transfer personal data to other parties to the transaction. However, we will continue to ensure the confidentiality of all personal data.
4. With your consent. We may share personal data with third parties for reasons other than the above if we obtain your explicit consent to do so. You have the right to withdraw this consent at any time.

Any third party who may come in contact with your personal data is obliged to keep and treat your personal data as confidential in accordance with all applicable data privacy laws.

1. Right to be informed. You have the right to be informed that your personal data will be, is being or was collected and processed by Everise.
2. Right to access. You may contact us to get confirmation that we are processing your personal data and request that we provide you with a written description of information that we have about you as well as the purpose for holding or processing the information.
3. Right to withdraw consent. If our processing of your personal data is based on your consent, you may withdraw the consent at any time by contacting us. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful basis for processing it other than consent. Right to rectification. You have the right to have inaccurate or incomplete personal data we store about you rectified or completed. If such personal data has been disclosed to a third party in accordance with this Privacy Statement, then we shall also ask them to rectify or update your personal data.
4. Right to object. If our processing of your personal data is based on our legitimate interests in operating, maintaining and developing our business, you have the right to object at any time to our processing. We shall then no longer process your personal data unless there are other compelling legitimate grounds for our processing that override your interests, rights and freedom, such as legal claims or obligations.
5. Right to data portability. You have the right to receive your personal data from us in a structured, commonly used and machine-readable format and to independently transmit the data to a third party, if the processing is based on your consent and carried out by automated means.
6. Right to deletion or removal. You have the right to have personal data we process about you deleted or removed from our systems if the personal data is no longer necessary for the purposes specified in this Privacy Statement. Upon your request, we will also delete data when you withdraw your consent or object to our processing of it, unless we have a legitimate basis for not doing so. We may not immediately be able to remove all residual copies from our servers and backup systems after the active data has been deleted. Such copies shall be deleted as soon as reasonably possible.

We reserve the right to request additional information necessary to confirm your identity. We may also reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

1. STORAGE AND ACCESS TO PERSONAL DATA We take reasonable steps to ensure that the personal data, whether in manual or electronic form, we collect, use or disclose is accurate, complete, and up to date. We strictly enforce this Privacy Statement within Everise and we have implemented technological, organizational and physical security measures to protect your personal data from loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction. To keep your personal data secure, we have implemented the following security measures:

• Secure operating environments. We store your data in secure operating environments and only accessible to Everise employees, agents and contractors on a need-to-know basis. We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal data, username, password, transaction information and data stored and processed by Everise. Everise also follows generally accepted industry standards in this respect.
• Encryption. We use industry-standard encryption tools, firewalls and security incident management systems and procedures to provide protection for information that is transmitted to us.
• Prior authentication for IT access and access to premises. We require our employees and contractors to verify their identity (e.g. through login ID and badges) before they can access IT resources and business premises to prevent unauthorized access.
• Audit. We audit the application of our security measures and ask third party experts to review our security controls against international standards to help us to further improve the level of security we deploy.

Should a security breach occur that is likely to result in a risk to your privacy despite of our security measures, we will inform you and other affected parties, as well as relevant authorities, when required by applicable data protection law, about the security breach as soon as reasonably possible. However, please be aware that no data transmission over the Internet can be guaranteed to be 100% secure. As such, while we strive to protect your information, we cannot guarantee its absolute security. Therefore, the Terms of Use on Indemnity and Limitation of Liability on this Site shall apply.

2. RETENTION OF PERSONAL DATA Personal data is stored in our facilities located in USA, Guatemala and Philippines and is retained for a period of five (5) years, unless your account is active or if needed to provide services to you, in accordance with existing retention policies, industry standards, laws and regulations, or unless you request that your personal data be removed or deleted from our systems and databases and hardcopies destroyed within a shorter period of time, and subject to the limitations stated in relevant laws and rules. Once deleted, your personal data will no longer be searchable or included in anonymous searches and will be completely removed from all storage locations. Our Data Protection Officer may, however, choose not to grant access or correct information based on the request following relevant laws and regulations. The Data Protection Officer will give the requestor a written notice that sets out the reason for the refusal.

3. THIRD PARTY DISCLOSURES

• Personal Information Processors. In instances where any processing of personal data is outsourced to a third-party processor, we ensure that such third party shall comply with the organization’s security standards through appropriate contractual documents.
• Personal Information Controllers. Any disclosure or transfer of personal information controllers shall be governed by a legally-compliant data sharing agreement and in accordance with the rights of the data subject. The data subject shall be duly informed, and shall provide consentwhere applicable, before such data sharing activity is performed.

4. HUMAN RESOURCE POLICY We will implement periodic and mandatory training for all its employees, representatives, and agents on data privacy and data protection in areas reflecting job-specific content. We will ensure that all employees, representatives, and agents exposed to personal data pursuant to their functions are adequately bound by strict confidentiality covenants.

5. INTERNATIONAL DATA TRANSFERS As a global organization with branch offices and operations spread throughout the world, any personal data that we collect may be transferred or accessible internationally throughout and between its entities and affiliates. Any such transfers within the global business of Everise takes place in accordance with the applicable data privacy laws and in accordance with our internal General Data Protection Regulation (GDPR) which also reflects the standards contained in the European data privacy laws. Unless you are otherwise notified, any transfer of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on an adequacy decision or are governed by the standard contractual clauses. Any other non-EEA related transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards.

6. COOKIE POLICY All our websites engage third-party service providers to analyze the web traffic data for us. This service uses cookies or web beacons. A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Cookies are small files that our website puts on your personal computer (PC) to store information about your preferences. Cookies can improve your browsing experience by allowing our website to remember your preferences or letting you avoid signing in each time you visit our website. If you don’t want our website to store cookies on your PC, you can block cookies. But blocking cookies might prevent some pages from displaying correctly, or you might get a message from our website letting you know that you need to allow cookies to view our website. A “web beacon,” is also called a Web bug or a pixel tag or a clear GIF. Used in combination with cookies, a Web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, that is placed on a website or in an e-mail that is used to monitor the behavior of the user visiting the website or sending the e-mail. For you to fully enjoy your visit and browsing experience, only non-identifiable web traffic data are collected and analyzed, including:

• Your internet protocol (IP) address,
• The search terms you used,
• The pages and internal links accessed on our site,
• Demographics,
• The date and time you visited the site, including frequency of visits,
• Geolocation,
• Your operating system, and
• Web browser type.

7. LINKS TO THIRD PARTY WEBSITES From time to time, we will provide links to third party web sites. These links are provided as a service to you and we do not provide any personal data to these websites, and therefore, we will not accept responsibility for their privacy practices. These websites are operated by independent entities that have their own privacy policies which you should review as well. Our Privacy Statement does not apply to such other websites or to the use that those entities make of your information. We have no control over the content displayed on such websites, nor over the measures if any, that are taken by such websites to protect the privacy of your information.

We may update this Privacy Statement from time to time in response to changing legal, technical, organizational, or business developments or when dictated by issuances of the Philippine National Privacy Commission (NPC) or any amendment to the Data Privacy Act of 2012 or other relevant data privacy laws. Any change to this Privacy Statement shall be duly posted on this Site and will take effect immediately. Data subjects are encouraged to periodically check for such updates.