ATRAM Data Privacy Statement
The Board of Directors, shareholders, Management and employees of ATRAM Group (“ATRAM”) value the personal data of our customers and all stakeholders.
ATRAM is dedicated to operating the company according to the highest principles of accountability, honesty, integrity and ethics. The policies of ATRAM are geared towards the handling of accounts with confidentiality, scrupulous care, safety and prudent management of customers’ investments. ATRAM exerts all efforts in safeguarding personal data obtained in the performance of its business activities.
As an asset management firm, ATRAM collects various personal data such as personal information and sensitive personal information from prospective customers and existing clients pursuant to the requirements of regulatory bodies such as the BSP, AMLC, and SEC. ATRAM’s fiduciary responsibility is focused towards giving the best products and services suitable to the needs of our clients. This is done by having a gainful knowledge of the client’s financial needs and objectives.
The front-liners are primarily responsible for collecting personal data from customers through the client account opening forms, and through client encounters such as personal meetings, phone calls, or emails. As allowed by regulations, collecting of personal data may also be obtained electronically through an online platform.
ATRAM obtains personal information from prospective customers and existing clients as part of its Know Your Customer (“KYC”) process, which includes, among others:
- Personal information such as name, date and place of birth
- Valid Identification (ID) and its details
- Contact information
- Financial information, including employment details, business interests, and assets
- Information relating to tax obligations – TIN, nationality, income derived from investments
- Other information relating to investing
- Specimen signatures
- Recording of conversations or contact through other electronic devices
As and when necessary, ATRAM also verifies or augments the foregoing information with third-party entities including government regulators, judicial, supervisory bodies, tax authorities or courts of competent jurisdiction and, in the process, gains additional client information.
ATRAM uses the information collected for the following purposes:
- Provision of any service or product relating to client’s account/s or investments;
- Requesting feedback through the completion of customer satisfaction surveys;
- Monitoring, reviewing and reporting any actual or perceived anti-money laundering activity;
- Performing statistical, credit and risk analysis;
- Managing risks;
- Sending marketing materials and promotions about the ATRAM Group’s products, services, and special offers;
- Reporting or disclosures required by any law or regulation such as but not limited to the Anti-Money Laundering Act of 2001, FATCA, and OECD
- Common Reporting Standards.
Access, Disclosure, and Sharing
ATRAM may share personal information it collects with its subsidiaries, affiliates and third parties, under an obligation of confidentiality.
- ATRAM may share personal information with its parent, subsidiaries, and affiliates in order to better understand its clients. This will allow ATRAM to improve its services and offer other useful products and solutions that may deliver greater value to its clients.
- ATRAM may share information with its subsidiaries and affiliates to likewise offer its clients additional products and services that it believes its clients might find interesting.
- ATRAM may share with information third parties that it engages with to support it in delivering its services to its clients. These may involve anonymous or aggregated information to help improve ATRAM’s products, services, and content.
- ATRAM may also engage third parties to help it operate its business.
Personal information and sensitive information of clients may also be shared during the following occasions:
- Personal data is needed to serve a subpoena
- Personal data of client is needed to process client’s investment
- Personal data is needed for a legal obligation (e.g. tax exemption, payment and registration of taxes)
Further, when a prospective customer or an existing client becomes or applies to become a client of any of ATRAM’s parent, subsidiaries and affiliates, such parent, subsidiaries and affiliates concerned has the option, but not the obligation to, rely upon, use, and share clients’ relevant personal and/or account information for any of the following purposes:
- To facilitate investment account application with the relevant entity;
- To validate, consolidate or update customer records;
- To provide investment summary or other account-related reports;
- To send announcements, promotions, marketing materials, offers, invitations, and other notifications;
- For case analysis and research purposes in relation to the products and services the relevant entity offers;
- For marketing activities of the relevant entity;
- To comply with regulatory requirements and legal obligation to which the relevant entity is subject to.
In cases where ATRAM needs to provide personal information and sensitive personal information as mentioned above, personal data shall only be given to appropriate recipients. ATRAM assures clients that we do not and will not sell personal data to any third parties. We fully uphold to our obligation to safeguard personal data obtained in the performance of our business activities, pursuant to the requirements of regulatory bodies and in compliance with applicable laws.
ATRAM implements security measures to protect the personal information and sensitive personal information of its clients. These measures may be organizational, physical, or technical. These are necessary to ensure the data’s availability, integrity, confidentiality and protect them from loss or destruction, unlawful access (e.g. hackers), illegal alteration and contamination.
The following security measures are being employed by ATRAM to protect personal data:
- Regular daily backups to prevent loss of data and to ensure data availability
- Access control systems to limit access to information and information processing facilities. The controls include, among other things, access to networks and network services, remote access, user access management, system and application access control and clear desk and clear screen policy
- Classification, handling and use of data to ensure the data used and managed by ATRAM receives an appropriate level of protection commensurate with the value, importance and criticality of the data
- Media handling to prevent unauthorized disclosure, modification, removal or destruction of data stored on media
- External party security to ensure the protection of ATRAM’s assets and data that are accessed, processed, communicated to, or managed by external parties
- Business continuity management to ensure the continued availability of business information and security enabled systems in the event of crisis or disaster
Retention and Disposal Procedure
ATRAM follows appropriate retention period pursuant to regulatory requirements. Generally, customer data shall be retained for five (5) years up to ten (10) years from account closure date, or as required by regulation. Proper disposal of personal data shall be observed at all times and performed in a secure manner to prevent illicit processing, unauthorized access and disclosure to other parties.
Inquiries and Complaints
Subject to legal and regulatory requirements, ATRAM’s clients shall have the following rights, such as:
- Right to check and/or have reasonable access to their personal data stored physically or inputted in ATRAM’s system
- Right to dispute the accuracy and/or amend the details of their personal data
- Right to request to update, remove, block, suspend or destroy their personal data
- Right to complain and claim compensation for any damages they may have sustained due to the inaccurate, erroneous, unlawfully obtained and unauthorized use of personal data
ATRAM has policies and procedures to address customer inquiries and complaints as documented in its Financial Consumer Protection Manual. The same policies and procedures shall be followed to address inquiries and complaints related to personal data.
Reporting requirements, as mandated by the regulation, shall strictly be observed.
Changes to ATRAM Data Privacy Statement
ATRAM may update its Data Privacy Statement from time to time to ensure consistency with industry trends and relevant laws and regulations. Please check our website: www.atram.com.ph regularly for updates on how we collect, process, and use your personal information.
ATRAM Group or ATRAM shall refer to ATR Asset Management, Inc. and ATRAM Trust Corporation.
BSP shall refer to the Bangko Sentral ng Pilipinas.
AMLC shall refer to Anti-Money Laundering Council.
SEC shall refer to Securities and Exchange Commission.
Front-liner shall refer to the person or employee who is the first contact of the clients. They usually have the most direct interaction with clients. They are also referred to as “Sales” personnel. In ATRAM, front-liners are employees from ATRAM Solutions, ATRAM Funds, and ATRAM Wealth.
Personal data refers to all types of personal information
Personal Information refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
Processing refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system.
Sensitive personal information refers to personal information:
(1) about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
(2) about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
(3) issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
(4) specifically established by an executive order or an act of Congress to be kept classified.