Privacy Policy

  • Website Privacy Policy


    EFFECTIVE: 1 January 2018

    Safeguarding your privacy is important to us. KMC MAG Solutions, Inc. (KMC Solutions) is committed to maintaining your trust by protecting personal information that we collect and use.

    This Privacy Policy describes how KMC Solutions collects, uses, and discloses your personal information in connection with any website, application, or other services that refers to or links to the Policy. KMC Solutions may amend this Privacy Policy at any time by posting the amended terms on this site. All amended terms automatically take effect on the date set out in the posted Privacy Policy, unless otherwise specified.


    Sites covered by this Privacy Policy

    This Privacy Policy applies to all KMC Solutions owned websites and domains, including and  (collectively, “Sites”). The KMC Solutions Websites may provide links to third-party websites for your convenience and information. If you access those links, you will leave the KMC Solutions Websites. We do not control those sites or their privacy practices, which may differ from our own privacy practices. This Privacy Policy does not cover any personal data that you choose to give to unrelated third parties. We do not monitor or control the information collected by such sites or the privacy practices of any third parties, and we are not responsible for their practices or the content of their sites.


    Information Collection and Use

    While using our Sites, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to your name, address, telephone number, email address, business name, a unique login name, and password ("Personal Information"). We use this information to contact you about the services on our Sites in which you have expressed interest, to verify your identity, in connection with a transaction that you or your company or organization has initiated, to deliver notifications and other operational communications, and for troubleshooting.

    You also have the option to provide demographic information (such as type of business, size of business, locations, etc.). KMC Solutions uses this demographic information to understand your needs and interests and to provide you a more personalized experience on our Sites. The information is used by KMC Solutions to process your orders, enable participation in promotions, and facilitate your relationship with us.

    In some cases, we collect billing and payment information you provide when you purchase products and services. We also collect information that you provide us when you participate in our surveys, sweepstakes or events.

    To the extent that you disclose to us any personal information of another individual, we assume that you have obtained such individual’s consent for the disclosure of such personal information as well as the processing of the same in accordance with the terms of this Policy.


    Log Data

    Like many site operators, we collect information that your browser sends whenever you visit our Sites ("Log Data").

    This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Sites that you visit, the time and date of your visit, the time spent on those pages, whether you have opened or forwarded our e-mails or connected to offers or links that we send you, your general or specific geographic location, such as through GPS, Bluetooth or WiFi signals to the extent permitted by the settings of your devices, and other statistics.

    If you use our internet connection, networks, telecommunications systems or information processing systems, your activity and any files or messages on those systems may also be monitored by KMC Solutions at any time, in accordance with applicable law, for purposes of an investigation or to ensure compliance with company policies.


     Information From Third-Party Sources

    We receive information about you from publicly and commercially available sources and other third parties as permitted by law. We may combine this information with other information we receive from or about you, where necessary to provide the Services you requested.

    We also may  partner with the following categories of third parties to collect, analyze, and use some of the personal information described in this Policy:

    • Third-parties that provide features and functionality on the services by means of plug-ins. Even if you do not click on or interact with social networking services or other plug-ins, they may collect information about you, such as your IP address and the pages that you view.
    • Advertising providers help us and our advertisers provide advertisements on our services or elsewhere, including advertisements that are targeted based on your online behaviour, and analytics companies help us measure and evaluate the usage of our services.
    • Other content providers may offer products and services on our services and may operate contents, sweepstakes, or surveys on our services.



    We may use your contact information to send you information about KMC Solutions products and services as well as promotional material that may be of interest to you.  For example, we may periodically contact you with offers and information about our products, services, features, and events; to send you newsletters or other information about topics that we believe may be of interest; to conduct online surveys; and to otherwise promote our products, services, features, and events. We also may deliver targeted advertisements to you, both on and off the Services.


    Cookies, Web Beacons and other Internet Technologies

    Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive.

    Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

    Web beacons and similar technologies are small bits of code, which are embedded in web pages, advertisements, and e-mail, that communicate with third parties. We use web beacons, for example, to count the number of users who have visited a particular web page, to deliver or communicate with cookies, and to understand usage patterns. We also may include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

    There are other local storage and internet technologies, such as Local Shared Objects (also referred to as “Flash cookies”) and HTML5 local storage, that operate similarly to the cookies discussed above in that they are stored on your device and can be used to store certain information about your activities and preferences across different services and sessions.

    Our websites use these technologies for the following purposes:

    • Administering our Services.
    • Improving our Services, including helping us measure and research the effectiveness of our content, features, advertisements, and other communications. For example, we measure which pages and features website visitors are accessing and how much time they are spending on our webpages. We may include web beacons in e-mails, for example, to understand whether messages have been opened, acted on, or forwarded.
    • Storing your sign-in credentials and preferences so that you do not have to enter those credentials and preferences every time you log on to a Service.
    • Helping us and third parties provide you with relevant content and advertising by collecting information about your use of our Services and other websites.



    The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.


     Accessing, Reviewing, and Updating Your Personal Information

    To the extent provided for under Republic Act No. 1073, otherwise known as the Data Privacy Act of 2012, you may have the right to access your personal information and to update or correct inaccuracies in your personal information.

    You may have rights to revoke consent you previously granted us with respect to processing personal information and to object to the use of your personal information for direct marketing or for other purposes that are not necessary in light of the nature of our legal relationship. Note that if you revoke your consent to such processing, we may be unable to provide you with certain aspects of the services.

    If you would like to exercise any of your rights under the Data Privacy Act, please send an e-mail to


    Changes To This Privacy Policy

    We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

    If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.


    Contact Us

    If you have any questions about this Privacy Policy, please contact us at:

    KMC MAG Solutions, Inc. 25th Floor, Picadilly Star Building, 4th Avenue, corner 27th Street,

    Bonifacio Global City, Taguig 1634, Metro Manila, Philippines. Email: dpo[at]


  • Privacy Manual

    Republic of the Philippines 



    KMC MAG Solutions, Inc.



    Background Introduction

    The Company respects and values data privacy rights, and makes sure that all personal data collected from employees, clients and customers, are processed following the general principles of transparency, legitimate purpose, and proportionality.  This Manual provides information on the Company’s data protection and security measures, and may serve as a guide for the exercising of a Data Subject’s rights under the DPA.

    Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), aims to protect personal data in information and communications systems. Under the DPA, the Company is processing personal data and has policies, and implements measures and procedures that guarantee the safety and security of personal data under control or custody, thereby upholding an individual’s data privacy rights. The Company takes reasonable and appropriate measures to protect personal data against dangers such as accidental loss or destruction, unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.

    To inform its personnel of such measures, the Company has prepared this Privacy Manual. This Manual guides personnel for compliance with the DPA, its Implementing Rules and Regulations (IRR), and other relevant issuances of the National Privacy Commission (NPC). It also describes the privacy and data protection protocols to be observed and carried out for specific circumstances (e.g., from collection to destruction), to protect the rights of data subjects.


    Definition of Terms

    “Data Subject” – refers to an individual whose personal, sensitive personal or privileged information is processed by the organization. It may refer to officers, employees, consultants, and clients of this organization.

    “Personal Information” – refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

    “Processing” refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.


    Scope and Limitations

    All personnel of this organization, regardless of the type of employment or contractual arrangement, must comply with the terms set out in this Privacy Manual.


    Processing of Personal Data

    A. Collection (e.g. type of data collected, mode of collection, person collecting information, etc.)

    This Company collects the basic contact information of clients and employees, including their full name, address, email address, contact number, and other necessary personal information.


    B. Use

    Personal data collected shall be used by the Company for documentation purposes.


    C. Storage, Retention and Destruction (e.g. means of storage, security measures, form of information stored, retention period, disposal procedure, etc.)

    This Company will ensure that personal data under its custody are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. The Company will implement appropriate security measures in storing collected personal information, depending on the nature of the information. All information gathered shall not be retained for a period longer than three (3) to ten (10) years. After the three (3) to ten (10) year period, all hard and soft copies of personal information shall be disposed and destroyed, through secured means.


    D. Access (e.g. personnel authorized to access personal data, purpose of access, mode of access, request for amendment of personal data, etc.)

    Due to the sensitive and confidential nature of the personal data under the custody of the Company, only the client and the authorized representative of the Company shall be allowed to access such personal data, for any purpose, except for those contrary to law, public policy, public order or morals.


    E. Disclosure and Sharing (e.g. individuals to whom personal data is shared, disclosure of policy and processes, outsourcing and subcontracting, etc.)

    All employees and personnel of the Company shall maintain the confidentiality and secrecy of all personal data that come to their knowledge and possession, even after resignation, termination of contract, or other contractual relations. Personal data under the custody of the Company shall be disclosed only pursuant to a lawful purpose, and to authorized recipients of such data.


    Security Measures

    The Company implements reasonable and appropriate physical, technical and organizational measures for the protection of personal data. Security measures aim to maintain the availability, integrity and confidentiality of personal data and protect them against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination. This section generally describes those measures.


    A. Organization Security Measures


    1. Data Protection Officer (DPO)

    The designated Data Protection Officer is Atty. Patricia C. Velarde, who is concurrently serving as the Corporate Legal Counsel of the Company.


    1. Functions of the Data Protection Officer

    The DPO shall oversee the compliance of the organization with the DPA, its IRR, and other related policies, including the conduct of a Privacy Impact Assessment, implementation of security measures, security incident and data breach protocol, and the inquiry and complaints procedure.


    1. Conduct of trainings or seminars to keep personnel, especially the Data Protection Officer updated vis-à-vis developments in data privacy and security

    The organization shall sponsor a mandatory training on data privacy and security at least once a year. For personnel directly involved in the processing of personal data, management shall ensure their attendance and participation in relevant trainings and orientations, as often as necessary.


    1. Conduct of Privacy Impact Assessment (PIA)

    The organization shall conduct a Privacy Impact Assessment (PIA) relative to all activities, projects and systems involving the processing of personal data. It may choose to outsource the conduct of a PIA to a third party.


    1. Recording and documentation of activities carried out by the DPO, or the organization itself, to ensure compliance with the DPA, its IRR and other relevant policies.

    The organization shall sponsor a mandatory training on data privacy and security at least once a year. For personnel directly involved in the processing of personal data, management shall ensure their attendance and participation in relevant trainings and orientations, as often as necessary.


    1. Duty of Confidentiality

    All employees will be asked to sign a Non-Disclosure Agreement (NDA). All employees with access to personal data shall operate and hold personal data under strict confidentiality if the same is not intended for public disclosure.


    1. Review of Privacy Manual

    This Manual shall be reviewed and evaluated annually. Privacy and security policies and practices within the organization shall be updated to remain consistent with current data privacy best practices.


    B. Physical Security Measures

    Physical security measures monitor and limit access to the facility containing the personal data, including the activities therein. It provides the actual design of the facility, the physical arrangement of equipment and furniture, the permissible modes of transfer, and the schedule and means of retention and disposal of data, among others. The following provisions are included to ensure that mechanical destruction, tampering and alteration of personal data under the custody of the organization are protected from man-made disasters, power disturbances, external access, and other similar threats:


    1. Format of data to be collected

    Personal data in the custody of the organization may be in digital/electronic format and paper-based/physical format.


    1. Storage type and location (e.g. filing cabinets, electronic storage system, personal data room/separate room or part of an existing room)

    All personal data being processed by the organization shall be stored in a data room, where paper-based documents are kept in locked filing cabinets while the digital/electronic files are stored in computers provided and installed by the company.


    1. Access procedure of agency personnel

    Only authorized personnel shall be allowed inside the data room. For this purpose, they shall each be given an exclusive access to the room. Other personnel may be granted access to the room upon filing of an access request form with the Data Protection Officer and the latter’s approval thereof.


    1. Monitoring and limitation of access to room or facility

    All personnel authorized to enter and access the data room or facility must fill out and register with the online registration platform of the organization, and a logbook placed at the entrance of the room. They shall indicate the date, time, duration and purpose of each access.


    1. Design of office space/work station

    The computers are positioned with considerable spaces between them to maintain privacy and protect the processing of personal data.


    1. Persons involved in processing, and their duties and responsibilities

    Persons involved in processing shall always maintain confidentiality and integrity of personal data. They are not allowed to bring their own gadgets or storage device of any form when entering the data storage room.


    1. Modes of transfer of personal data within the organization, or to third parties

    Transfers of personal data via electronic mail shall use a secure email facility with encryption of the data, including any or all attachments.


    1. Retention and disposal procedure

    The organization shall retain the personal data of a client for three (3) to ten (10) years from the date of transaction. Upon expiration of such period, all physical and electronic copies of the personal data shall be destroyed and disposed of using secure technology.


    C. Technical Security Measures

    The Company implements technical security measures to make sure that there are appropriate and sufficient safeguards to secure the processing of personal data, particularly the computer network in place, including encryption and authentication processes that control and limit access. These include the following, among others:


    1. Monitoring for security breaches

    The Company shall use an intrusion detection system to monitor security breaches and alert the Company of any attempt to interrupt or disturb the system.


    1. Security features of the software/s and application/s used

    The Company shall first review and evaluate software applications before the installation thereof in computers and devices of the Company to ensure the compatibility of security features with overall operations.


    1. Process for regularly testing, assessment and evaluation of effectiveness of security measures

    The organization shall review security policies, conduct vulnerability assessments and perform penetration testing within the Company on regular schedule to be prescribed by the appropriate department or unit.


    1. Encryption, authentication process, and other technical security measures that control and limit access to personal data

    Each personnel with access to personal data shall verify his or her identity using a secure encrypted link and multi-level authentication.


    Breach and Security Incidents

    KMC MAG Solutions, Inc. has developed and is implementing policies and procedures for the management of a personal data breach, including security incidents. This section describes or outlines such policies and procedures, including the following:


    1. Creation of a Data Breach Response Team

    A Data Breach Response Team comprising of five (5) officers shall be responsible for ensuring immediate action in the event of a security incident or personal data breach. The team shall conduct an initial assessment of the incident or breach in order to ascertain the nature and extent thereof. It shall also execute measures to mitigate the adverse effects of the incident or breach.


    1. Measures to prevent and minimize occurrence of breach and security incidents

    The Company shall regularly conduct a Privacy Impact Assessment to identify risks in the processing system and monitor for security breaches and vulnerability scanning of computer networks. Personnel directly involved in the processing of personal data must attend trainings and seminars for capacity building. There must also be a periodic review of policies and procedures being implemented in the organization.


    1. Procedure for recovery and restoration of personal data

    The Company shall always maintain a back-up file for all personal data under its custody. In the event of a security incident or data breach, it shall always compare the back-up with the affected file to determine the presence of any inconsistencies or alterations resulting from the incident or breach.


    1. Notification protocol

    The Head of the Data Breach Response Team shall inform the management of the need to notify the NPC and the data subjects affected by the incident or breach within the period prescribed by law. Management may decide to delegate the actual notification to the head of the Data Breach Response Team.


    1. Documentation and reporting procedure of security incidents or a personal data breach

    The Data Breach Response Team shall prepare a detailed documentation of every incident or breach encountered, as well as an annual report, to be submitted to management and the NPC, within the prescribed period.


    Inquiries and Complaints

    Every data subject has the right to reasonable access to his or her personal data being processed by the Company. Other available rights include: (1) right to dispute the inaccuracy or error in the personal data; (2) right to request the suspension, withdrawal, blocking, removal or destruction of personal data; and (3) right to complain and be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data.

    Accordingly, the Company has procedures for inquiries and complaints that will specify the means through which concerns, documents, or forms submitted to the organization shall be received and acted upon.  Data subjects may inquire or request for information regarding any matter relating to the processing of their personal data under the custody of the organization, including the data privacy and security policies implemented to ensure the protection of their personal data. They may write to the organization at dpo[at]kmc[dot]solutions and briefly discuss the inquiry, together with their contact details for reference.

    Complaints shall be filed in three (3) printed copies, or sent to dpo[at]kmc[dot]solutions. The concerned department or unit shall confirm with the complainant its receipt of the complaint.



    The provisions of this Manual are effective this 1st day of September 2017, until revoked or amended by this Company.