The SECURITIES AND EXCHANGE COMMISSION (SEC) is committed to protect and respect your personal data privacy. We are at the forefront of not only implementing but also complying with the Data Privacy Act of 2012 (RA No. 10173), and pertinent issuances of the National Privacy Commission (NPC).

The eSPAYSEC platform is a web-based system that facilitates online payments for SEC transactions, including registration fees, penalties, and other related fees. It supports various cashless payment options such as debit and credit cards, digital wallets, and other secure payment methods.

We collect the following personal information:
• Email address

The collected personal information will be utilized in the processing of the above-mentioned payment for the different SEC transactions, pursuant to Pursuant to RA 11232 Revised Corporation Code of the Philippines (RCC), RA 8799 The Securities Regulation Code, RA 11032 Ease of Doing Business, Anti-Money Laundering Act (AMLA) of 2001, Data Privacy Act of 2012.

We collect personal information when an applicant or representative uses the eSPAYSEC platform to process payments for SEC transactions. This occurs during the online payment process to ensure the transaction is successfully completed and verified.

Pursuant to RA 11232 Revised Corporation Code of the Philippines (RCC), RA 8799 The Securities Regulation Code, RA 11032 Ease of Doing Business, Anti-Money Laundering Act (AMLA) of 2001, Data Privacy Act of 2012.

Each piece of personal information we collect is necessary to fulfill specific purposes related to the processing of SEC payments:

• Email Address: To confirm the payment, send receipts, and communicate updates regarding the transaction status.

We collect, use and process the personal information provided through electronic or automated means to proceed in this payment system.

The SEC ensures the protection of personal data against accidental or unlawful destruction, alteration, disclosure, and other unlawful processing by implementing appropriate security measures based on the nature of the data.

Personal information of SEC personnel is retained and disposed of in accordance with civil service laws and the National Archives of the Philippines Act of 2007.

Personal data from contractors and service providers are retained for one year after contract expiration. After this period, hard copies are securely destroyed, and soft copies are deleted.

Similarly, personal data from job applicants are retained for one year from collection. After this period, hard copies are securely disposed of, and soft copies are deleted.

Once a record has passed its retention period and is no longer needed, all hard and soft copies of personal information will be securely disposed of and destroyed. Authorized disposal methods include shredding, burial, or sale to a buyer. This process will be carried out in the presence of a Records Management Analyst from the National Archives of the Philippines (NAP), a SEC COA representative, and members of the SEC RMIC, such as the Chairperson, Vice-Chairperson, and relevant Departmental Directors/Records Focals (or their alternates).

Risk refers to the potential for incidents that may harm a data subject or organization, including unauthorized collection, use, disclosure, or access to personal data. It involves threats to the confidentiality, integrity, and availability of personal data or violations of data privacy principles and rights.

The SEC implements physical, technical, and organizational security measures to protect personal data but acknowledges that risks like cyberattacks, malware, and unauthorized access to manual records may still occur.

Adequate policies are in place to manage security incidents, in alignment with NPC policies, circulars, and other relevant issuances.

Only authorized SEC personnel are granted access to the personal information collected through the payment system. The collected personal information via the internet or other electronic methods is stored in a secured database. We use reasonable security safeguards to protect the information gathered from any loss, unauthorized access, use or disclosure.

Under the Data Privacy Act of 2012, data subject refers to an individual whose personal information is collected and processed. We are duly bound to observe and respect your privacy rights, including your right to information, right to access, right to correct, right to remove, right to damages and right to data portability.

Data subjects may file a request with the Data Protection Officer (DPO). They may contact the DPO at 8818-7204, send an email to [email protected] or file a complaint through imessage.sec.gov.ph.

By using this facility and by providing your personal data, you hereby authorize the Securities and Exchange Commission (SEC) to collect and store the said data. Data such as but not limited to your email address with the use of electronic or automated means, shall be stored within the period allowed under applicable laws, rules and regulations, for the purpose of processing your payments for the different transactions of SEC.
You also acknowledge and consent to the collection and processing of your personal data for the purpose of processing payment for the SEC transaction.

If you have any questions, concerns, or requests related to this Privacy Notice, or if you would like to exercise your rights under applicable data protection laws, please contact our Data Protection Officer, Director Oliver V. Chato:

• Email: [email protected]
• Phone: 8818-7204