This privacy statement is effective as of 01 January 2020
Comfac Technology Options and its subsidiaries (CTO or We) respect your privacy. This Privacy Statement informs you about our privacy practices including details of the personal data we collect, use, disclose and transfer as well as choices you can make and rights you can exercise in relation to your personal data. This Privacy Statement is available from a link on the footer of every CTO web page.
CTO respects and takes into account the major privacy principles and frameworks around the world, including OECD Guidelines on the Protection of Privacy and Transborder Flows, EU General Data Protection Regulation 2016/679 (GDPR), and the APEC Privacy Framework. CTO’s privacy practices described in this Privacy Statement also comply with the APEC Cross Border Privacy Rules (CBPR) System.
We collect personal data only if required to provide our products or services, fulfil our legitimate business purposes and/or comply with applicable laws and regulations. Depending on your relationship with CTO we collect and process your personal data as follows:
CTO may transfer your personal data as necessary within the CTO group of companies and to other third parties. The recipients may be located in countries which do not provide the same level of data protection as the country in which you are located. CTO will take steps to ensure personal data we transfer is adequately protected as required by applicable data protection laws. Where required by local law, we will request your consent to transfer your personal data.
Transfers within CTO group of companies. CTO has an intra-company agreement on the transfer and processing of personal data within the CTO group of companies. This agreement also forms the basis of CTO’s Binding Corporate Rules for Controller which have been approved by the Data Protection Regulators in the European Economic Area (EEA), the UK and Switzerland. The BCRs allow CTO to ensure that EEA and UK personal data which is transferred and processed by CTO companies outside the EEA and the UK, is adequately protected in accordance with applicable data protection laws.
CTO’s privacy practices described in this Privacy Statement comply with the APEC Cross Border Privacy Rules (CBPR) System, including transparency, accountability and choice regarding the collection and use of personal data. The CBPR system provides a framework for organisations to ensure protection of personal data transferred among participating APEC economies. More information about the CBPR framework can be found here. The CBPR certification does not cover information that may be collected through downloadable software on third party platforms. If you have an unresolved privacy or data use concern related to CTO’s APEC Certification that we have not addressed satisfactory, please contact us immediately.
CTO may provide you with information that complements our products and services and/or communications about our new products, services and offers. If you or your organisation purchased our products or services, you may receive alerts, software updates or responses to support requests that are part of our products and services. If you choose to receive CTO communications you may also choose to subscribe to receive specific newsletters and publications. In some cases, you may also choose whether to receive the information and communication by email, telephone or post.
Unsubscribe from communications. In the event you no longer wish to receive CTO communications, you can unsubscribe from such communications by:
In the event your opt-out or unsubscribe request has not been resolved in a timely manner, please contact us immediately via email with details of your name, contact information and description of the communications you no longer wish to receive from CTO.
Please note that these options do not apply to communications relating to the administration of orders, contracts, support, product safety warnings or other administrative and transactional notices, where the primary purpose of these communications is not promotional in nature.
CTO also allows third-party advertising companies to use Automatic Data Collection Tools on our web sites and applications in order to understand how you interact with our web sites and applications, to optimise our advertisements and marketing and to serve advertisements specific to your interests on other web sites and applications you may visit or use. CTO may use retargeting and behavioural advertising technologies, a set of practices collectively referred to as “Interest Based Advertising” to tailor those advertisements to your perceived interests based on information collected through Automatic Data Collection Tools.
Automatic Data Collection Tools may also be used when you share information using a social media sharing button on our websites. The social network will record that you have done this and may use this information to send you targeted advertisements. The types of Automatic Data Collection Tools used by these companies and how they use the information is governed by their privacy policies.
When you enter your contact details on a web form on an hpe.com site, in order to subscribe to a service, download a white paper or request information about CTO’s products and services, your contact details may be stored in a cookie on your device. This information is then accessed on subsequent visits to hpe.com sites, allowing us to track and record the sites you have visited and the links you have clicked, in order to better personalise your on-line experience, and future CTO communications.
If you choose to receive marketing emails or newsletters from CTO, we may track whether you’ve opened those messages and whether you’ve clicked on links contained within those messages, through the use of web beacons and personalised URLs embedded in these communications. This allows CTO to better personalise future communications and limit these communications to subjects that are of interest to you.
Choices Regarding Automatic Data Collection & Online Tracking. While CTO web sites at this time do not recognise automated browser signals regarding tracking mechanisms, such as "do not track" instructions, you can generally express your privacy preferences regarding the use of most Automatic Data Collection Tools through your web browser or device settings. You can set your browser in most instances to notify you before you receive certain Automatic Data Collection Tools, giving you the chance to decide whether to accept them or not. You can also generally set your browser or device to turn off certain Automatic Data Collection Tools. If you are accessing our web sites or applications in countries of the European Union (EU), or countries where the EU regulations apply, you are given the choice to accept or refuse our use of non-essential cookies (as described in the section titled ‘How CTO uses Automatic Data Collection Tools’ above) through a ‘cookie preference’ banner that appears on our web pages. The banner stops being displayed when you have made your choice, but it can be brought back on display by selecting the ‘Cookies’ link on the footer of every CTO web page.
Since these Automatic Data Collection Tools allow you to take advantage of some of our web sites' and applications’ features, we recommend that you leave them turned on. If you block, turn off or otherwise reject certain Automatic Data Collection Tools, some web pages or user experiences may not display properly or you will not be able, for instance, to add items to your shopping cart, proceed to checkout or use any web site services that require you to sign in.
CTO participates in the Digital Advertising Alliance (DAA and DAAC) self-regulatory programme for digital online advertising (see http://www.aboutads.info/ or http://youradchoices.com/ in the US and youradchoices.ca in Canada). CTO advertisements that are targeted to you will be identified with the Ad Choices icon . If you do not want this information to be used for serving you targeted advertisements on web sites you may visit, you can click here to opt-out. For applications, please update your device settings. This will allow you to access and update your preferences. Please note that this does not opt you out of being served non-targeted advertising.
Some of our websites use Google Analytics cookies. Information collected by Google Analytics cookies will be transmitted to and stored by Google on servers in the United States of America in accordance with its privacy practices. To see an overview of privacy at Google and how this applies to Google Analytics, visit https://www.google.com/policies/privacy/. You may opt out of tracking by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
In the USA and Canada, we participate in the Adobe Marketing Cloud Device Co-op. This helps us understand how you use our websites and apps across all the devices you use and deliver tailored promotions based on your interests to those devices. You can learn more about how Adobe does this, and how to opt-out, at https://cross-device-privacy.adobe.com/.
CTO strives to keep your personal data accurately recorded. We have implemented technology, management processes and policies to help maintain data accuracy. In accordance with applicable laws, CTO provides individuals with reasonable access to personal data that they provide to CTO and the reasonable ability to review and correct it.
To protect your privacy and security, we will take reasonable steps to verify your identity, such as the requirement to provide a copy of a user ID, before granting access to your personal data.
CTO takes seriously the trust you place in us to protect your personal data. In order to protect your personal data from loss, or unauthorised use, access or disclosure, CTO utilises reasonable and appropriate physical, technical and administrative procedures to safeguard the information we collect and process. All systems used to support CTO’s business are governed by CTO’s corporate Cyber Security policies, which are built upon industry standards and best practices like the International Organization for Standardization (ISO) 27001 family of standards and National Institute of Standards and Technology (NIST) standards.
When collecting or transferring sensitive information we use a variety of additional security technologies and procedures to help protect your personal data from unauthorised access, use or disclosure. The personal data you provide us is stored on computer systems locked in controlled facilities which have limited access. Access to your information is restricted to CTO employees or authorised third parties who need to know that information in order to process it for us, and who are subject to strict confidentiality obligations. When we transmit sensitive information over the internet, we protect it through the use of encryption, such as the Transport Layer Security (TLS), Internet Protocol Security (IPSec), or Secure Socket Layer (SSL).
Typically, we keep personal data for the length of any contractual relationship and, to the extent permitted by applicable laws, after the end of that relationship for as long as necessary to perform purposes set out in this Privacy Statement, to protect CTO from legal claims and administer our business. When we no longer need to use personal data, we will delete it from our systems and records or take steps to anonymise the data unless we need to keep it longer to comply with a legal or regulatory obligation. If you would like to receive more information about our data retention policies, please contact us via email.
Our privacy practices are aligned with the requirements of the General Data Protection Regulation (GDPR). If you are located in the European Union (EU), the European Economic Area (EEA), the UK, or Switzerland or Turkey, this additional information may be relevant and applicable to you.
Data controllers. Companies from the CTO group of companies may act as data controllers in relation to your personal data for the processing of personal data described in this Privacy Statement. If you would like to receive more information about which CTO entity acts as data controller for your personal data, please contact us via email.
Data Protection Officer. CTO has appointed a Data Protection Officer (DPO) to comply with the GDPR. You can contact the DPO by sending an email with the subject "Data Protection".
Legal basis to process personal data. We process your personal data on the following legal bases:
Your rights in relation to your personal data. You may have the following rights to:
These rights may be limited in some situations such as where CTO can demonstrate that CTO has a legal requirement or legitimate interest to process your personal data.
Complaint with a supervisory authority. If you consider that the processing of your personal data infringes the GDPR, you have a right to lodge a complaint with a supervisory authority in the country where you live, or work, or where you consider that data protection rules have been breached.
Your rights under CTO Binding Corporate Rules. You may have additional rights under our BCRs. For instance, as a third party beneficiary, where you believe your personal data has been transferred to an CTO company located outside the EU and processed by that company in breach of the BCR, you may have a right to:
If CTO processes your personal data on behalf of an CTO customer, then we will, in the first instance, refer your complaint to our customer to handle.
We value your opinions. If you have any questions about our Privacy Statement, any concerns or complaint regarding our collection and use of your personal data or wish to report a possible breach of your privacy, please contact us via email or write to us at the appropriate address below. We will treat your requests and complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.
330 Sen. Gil J. Puyat Ave, Makati, 1227 Metro Manila
If we modify this Privacy Statement, we will publish a revised version with an updated revision date. The privacy link on the footer of every CTO web page will then point to that new version.