Who we are:
Marketing Convergence, Inc. (MCI) operates and manages the SM Advantage Loyalty Program which aims to incentivize the purchasing behavior of its customers. SM Advantage (“SMAC”) is the biggest loyalty program in the country with the widest network of stores like The SM Store, SM Markets, and other SM Retail establishments which let our members earn and redeem points every time they shop. Our Members also get exclusive access to sale events, discounts, special offers, and freebies within SM and our external partners. SM Advantage members who reach the required spending level at SM stores and external partners may upgrade to SM Prestige, an elite membership program.
We value and respect our customers’ privacy rights as Data Subjects under the Data Privacy Act of 2012 (DPA). The objective of this policy is to inform our customers how we collect, use, retain, and dispose their personal data in relation to their membership with the SM Advantage Loyalty Program. This policy also outlines our practices and the security measures we have implemented in order to assure our data subjects that the handling and processing their personal data is in accordance with the requirements of the DPA and its implementing rules.
What we collect:
In the course of membership with the SMAC Loyalty Program, the Member will be asked to provide his or her Personal Data, depending on the services which the Member is using. The personal data we may collect from you are as follows:
- Full Name
- Contact Numbers
- Email Address
- Date of Birth
- Civil Status
- Purchase information
- Shopping preferences
- SMAC Card number
- IP Address and device information
- Browsing behavior
- Account Password and Login details
- Nature and details of inquiries, concerns or complaints coursed through the SMAC customer contact center
- CCTV footages – in case of Member’s use of SM Prestige Lounges (exclusive to SM Prestige members)
- Voice recordings (conversations with customer service representatives)
The Member is responsible in ensuring that the personal data he provides is accurate and up-to-date. A Member may update his or her personal data at any time by accessing the Member’s SMAC account on the SMAC digital Platform (SMAC Platform). MCI shall not be held liable for any loss, damage, injury or claim arising from the Member’s failure to keep his personal data file updated.
How will we use your personal data:
The Personal Data collected shall be used or processed pursuant to any or all of the following purposes:
- For administration of the SMAC loyalty program, including to register and maintain your account, to credit, award or redeem SMAC points;
- To verify your identity when you access your account;
- For direct marketing;
- For market research and analysis – to better understand your interests and preferences;
- To send you marketing promotions, offers, competitions and events by email, post, phone and SMS for SMAC services, and other electronic means of communication.
- To administer any prize draws or competitions that you choose to enter.
- To render such services which may be requested by the Member such as but not limited to addressing inquiries and complaints, updating or deletion of records;
- To develop and test any changes or improvements to our Website or services;
- To send you service emails or communications required by law to update you about any changes to our policies or services or any information required by law to be disseminated.
In certain circumstances, MCI may need to provide or disclose the Member’s information to enable us to comply with legal or regulatory requirements, such as criminal, civil or administrative investigations, among others.
Member’s consent to the collection, use or otherwise processing of the Member’s personal data by MCI and/or its Service Group was obtained at the time of submission of application for membership, whether manually or electronically, and/or purchase of the SMAC membership kit. By using the issued SMAC Card and participation in SMAC Loyalty Program, the Member reaffirms his consent to the processing of his personal data. Below is a copy of the Member’s consent provided to MCI:
Our service providers and contractors:
In order to deliver certain services to you, we may need to share your personal data with some of our service partners (our service group) consisting of the following:
- Our officers, employees, personnel, and consultants;
- Our affiliate companies;
- Our authorized service providers, such as but not limited to: IT providers, data encoders, website and database hosts, couriers and delivery, advertising and marketing service providers, card printers.
Our accredited service providers have confirmed that they apply appropriate data protection policies and security controls to keep your personal data safe and secured. We have also imposed contractual obligations on these service providers to ensure that they can only use your personal data to render the services agreed upon in relation to your SMAC Membership. We only share such information that is needed to provide services to you and if we stop using a third party, we require them to return and remove your information from their systems. We do not, and will not, sell your personal data.
Disclosure to other third parties:
SMAC will not disclose your personal data to other third parties, except as set out below:
- Our carefully selected business partners who offer exclusive and SMAC approved promotions and privileges to SMAC Members, if we have your consent to share your information;
- Merchant Partners which agreed to award SMAC points or allow its redemption in line with the SMAC loyalty or point earning/redemption program, these merchant partners include partners from Retail, Petroleum, Telecommunications, Insurance, Financial/Credit Card, Transportation, Food Service, Real Estate and Hospitality Industry, among others;
- a business or company which acquires all or part of the SMAC business;
- governmental bodies, regulators, law enforcement agencies, courts or tribunals, insurers when we are required to do so – to comply with a legal obligation, to exercise a legal right, to prevent or aid an investigation of a crime or to prosecute offenders and/or to protect our employees or customers.
Where we process and store data:
MCI stores, processes and transmits personal data only within the Philippines. MCI shall comply with the applicable laws and regulations should it store your data in another jurisdiction.
MCI ensures the security and protection of your personal data against risk of data loss, unauthorized access and disclosure, alteration and unlawful processing. Aside from establishing policies, rules and procedures, the company also ensures that all information are secured and protected within the scope of the organization. The Company conducts periodic Privacy Impact Assessments to evaluate and manage the privacy implications of projects, programs and processes. MCI also ensures that a Personal Data Breach Management is in place.
MCI uses various appropriate measures to safeguard your personal information. This includes but not limited to:
Organizational measures: appointment of Data Protection Officer, access control policy, security awareness training, among others.
Physical measures: security on data centers, card storage, biometric devices, among others.
Technical security measures: encryption, anti-virus software, among others.
How long we will store your information:
MCI will store your information for as long as the Member retains his or her membership to the SMAC or SMAC-Prestige Loyalty Program or, for as long as is needed for us to be able to provide the relevant services to the Member. MCI’s general retention policy is to retain information for 3 years from expiration or termination of SMAC Membership.
In some circumstances, such as to meet our legal or regulatory obligations, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may hold on to your personal data after we’ve finished providing services to you, or for longer than our general retention policy.
Collection of Computer Data
Cookies contain information about the web activities of the user. This allows MCI to understand more about your visit and help us to enhance your experience and may be used for authentication and storing website information or preferences. You are free to accept or decline cookies by modifying your browser setting to decline cookies. However, should you choose to decline cookies, you may not be able to fully experience the features of the Platform.
Web beacons are small graphic images that may be included on our Service and the Platform. It will allow the Company to count users who have viewed these pages, the time spent on the pages, the items searched for, among others, through the use of Platform so that we can better understand your preference and interests so we can improve our services further.
If you do not want to accept cookies from SMAC Platform, you can change your browser settings so that cookies are not accepted. If you choose to do this, please be aware SMAC Platform may no longer function as intended.
The Rights of the Data Subject
As data subject you have the right to be informed, to object, to access, to rectify, to erasure or blocking, to damages, to data portability and to complain. If you wish to correct or update your personal data, we may ask some information in order to verify your identity in order to avoid unwanted disclosure of personal information. We have included here contact information that can be used to voice clarifications and complaints relative to your personal information. Any complaint should be made in writing, clearly state the material facts, specify your contact information and include supporting evidence.
Our website is intended only for persons who are at least eighteen (18) years old. We neither offer products or services to, nor knowingly collect personal data of persons below the age of eighteen (18) years (“Minors”) without any legal basis or consent of the minor’s parent or guardian. Should we learn that we were provided with personal data of Minors, we will delete the same from our database.
For inquiries relating to your personal data or about this policy, or if you would like to exercise any of your rights as Data Subject or if you would like to raise concerns regarding data privacy, you may contact our Data Protection Officer at:
The Data Protection Officer
4th Floor One E-com Building Harbor Drive
Mall of Asia Complex Pasay City, Philippines 1300
Helpdesk contact number:
833-8888/944-3888 (for Metro Manila)
1-800-10-833-8888/1-800-8-944-3888 (for areas outside Metro Manila)
We urge you to submit your inquiries, request or concerns in writing. Kindly provide our DPO with the factual background, documentary evidence, if any, and your contact details and please use the title “Data Protection Concern/Request/Inquiry” for your email.