DATA PRIVACY POLICY

PRIVACY AND LEGAL

I. OVERVIEW OF THE PRIVACY POLICY

Gateway Group of Companies (the ‘Company’ ‘Gateway Group’, ‘we’, or ‘us’) is a fast-growing automotive business in the Philippines. The company was founded in 2004. Through the years, Gateway Group has obtained successful ventures in dealership for globally renowned car brands namely Nissan, Mitsubishi, Kia, BMW, Suzuki, Peugeot, Geely, Fuso, Morris Garages, Chevrolet, Volvo, Volkswagen, Maxus, Changan, Foton, Chery, Subaru and Hyundai. Gateway Group has branches all over the Philippines but its main office is at Cebu. The company provides complete sales and aftersales support for these brands. As we continue to grow our share in the market by broadening our product lineup with exciting vehicles, strengthening sales and fortifying its service across the nation, we inevitably collect and process Personal Information of our customers. We understand the importance of privacy to our customers, and we are committed to the highest standards of privacy and data protection compliance and expect everyone in our Company to adhere to these standards. We demand highest standards of ethics and compliance with applicable laws and rules from our management, employees, and third-party suppliers and service providers.

II. TO WHAT DOES THIS PRIVACY STATEMENT APPLY?

This Statement applies to all our systems involving the processing of customer Personal Information. This Statement does not apply to any website, product or service of any third-party organization even if the website links to (or from) our Website. Please always review the privacy practices of any third-party organization before deciding whether to provide any information.

III. WHAT INFORMATION DO WE COLLECT?

The term “Personal Information”, as used in this Statement, refers to any data (whether by itself or when linked with other information) in the possession of, or likely to come into the possession of the Company, that can be used to identify a specific living person. Personal Information does not include information that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person. We collect the following Personal Information from our customers: Full name Contact details such as e-mail address, telephone and/or mobile number We also collect Vehicle Information for provision of after-sales services, which can be coursed through any of the authorized Dealers, at the convenience of the customer.

For purposes of market analytics and research, as well as improving the design of our products and our sales strategy, we also collect the following:

Age

Gender

Nationality

Occupation

Marital Status

Address

Salary Range

Birthday

Employment Information

Household Information

IV. WHY DO WE COLLECT YOUR PERSONAL INFORMATION?

We collect your Personal Information for the following purposes: To prepare the documentation needed for the purchase of the vehicle, including in-house or third-party financing scheme; if applicable; To manage the process of billing the Purchase for vehicles purchased and services rendered; To facilitate the release or delivery of the vehicle; To provide after-sales support services; To allow flexibility of customers in choosing the most convenient Gateway Service Center to provide required vehicle services; To receive customer complaints or feedback and take necessary action in response to the complaint or feedback; To maintain communication with Purchaser and inform the Purchaser of Gateway’s newest vehicle lineup and services offered; To gather feedback and information, including sales and service experience; To facilitate warranty registration and approval of claims, enable claims payment processing, submit the same to the warranty system for Supplier Chargeback, make a Weekly Analysis of Claims per model per dealer, and issue the Warranty Claims Policy; To assess Service Campaign-affected vehicles, provide an analysis of affected vehicles, and enable data comparison of affected vehicles and possible repair of vehicles;

To facilitate the registration in our Customer Database; To identify units sold by dealers for matching of incentive reimbursement;

To identify customer raffle winner;

To reconcile Company’s records with dealer records, consolidate reports, provide materials for business review and internal meetings;

and To assert and defend any legal claims.

V. TO WHOM DO WE DISCLOSE YOUR PERSONAL INFORMATION?

Subject to the Data Privacy Act, we may share, preserve, transfer, and disclose your Personal Information to the following: Gateway Group of Companies, its management, employees, agents, authorized representatives, including its network of authorized Dealers, the management, employees, agents, and authorized representatives of the latter; Third party suppliers and service providers that help us provide our products and services, to the extent needed to perform their duties and their functions; and Government authorities and such entities that may have a legitimate and legal interest in the information, in response to a legal request such as a search warrant, court order or subpoena, if we believe in good faith that we are required to do so under the law.

VI. HOW DO WE COLLECT YOUR INFORMATION?

Broadly speaking, we collect information in three ways: (1) when you provide it directly to us, (2) when we obtain verification information about you or your company through trusted third parties, and (3) passively through technology such as “cookies”. Specifically, we collect Personal Information [about] you from our accredited dealers who input the same to our system. We also collect your Personal Information through the contracts and forms that you submitted to or was acquired by us with your authorization, verification with trusted third parties, and passive technologies (e.g. cookies).

VII. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT AND HOW DO YOU EXERCISE THEM?

As a data subject whose Personal Information will be collected and processed by us, you are entitled to the following rights, pursuant to Section 16 of Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, and Section 34 of its Implementing Rules and Regulations

1. Right to be informed You have the right to be informed whether Personal Information pertaining to you shall be, are being, or have been processed, including the existence of automated decision-making and profiling.

2. Right to object You have the right to object to the processing of your Personal Information, including processing for direct marketing, automated processing or profiling. You shall also be notified and be given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the data subject.

3. Right to Access You have a right to be given access to specific kinds of information identified in the Data Privacy Act upon reasonable demand.

4. Right to Rectification You have the right to dispute the inaccuracy or error in the Personal Information and have us correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable.

5. Right to Erasure or Blocking You shall have the right to suspend, withdraw or order the blocking, removal or destruction of your Personal Information from our filing system.

6. Right to Damages Upon presentation of a valid decision, we recognize your right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Information, taking into account any violation of your rights and freedoms as data subject.

VIII. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?

Generally, we shall keep your Personal Information in our database for a period of fifteen (15) years, after which period, the same shall be deleted unless needed for: the fulfillment of declared, specific, and legitimate purpose; the establishment, exercise, or defense of legal claims, such as ongoing investigations, legal proceedings, and litigation; or legitimate business purposes, which must be consistent with standards followed by the applicable industry or approved by the appropriate government agency. Personal Information provided to us shall be disposed or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party, or prejudice the interests of our customers.

IX. WHY DO WE RETAIN YOUR PERSONAL INFORMATION?

We will retain Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by the Data Privacy Act of 2012. Please note that we have a variety of obligations to retain the Data that you provide to us, including to ensure that transactions can be appropriately processed, settled, refunded or charged-back, to help identify fraud and to comply with anti-money laundering and other laws and rules that apply to us and to our financial service providers. There may also be residual Data that will remain within our databases and other records, which will not be removed.

X. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

This Company has put in place physical, electronic, and managerial procedures designed to help prevent unauthorized access, to maintain data security, and to use correctly the Information we collect online. These safeguards vary based on the sensitivity of the Information that we collect and store Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If the customer has reason to believe that his interaction with us is no longer secure (for example, if the customer feels that the security of his account has been compromised), please contact our Data Protection Officer immediately. His contact details are provided in Part XII below.

XI. WHAT ABOUT CHANGES TO THIS STATEMENT?

We may change this Privacy Statement. The date indicated at the bottom of this Privacy Statement indicates when this Privacy Statement was last revised. Any changes are effective when we post the revised Privacy Statement for Customers on our website. We may provide you with disclosures and alerts regarding this Privacy Statement by posting them on our website. Disclosures and notices in relation to this Privacy Statement or Personal Information shall be considered to be received by you within twenty-four (24) hours of the time they are posted to our website.

XII. HOW CAN YOU REACH US?

If you have any questions or suggestions about this Privacy Statement or would like to access or seek correction of your Personal Information, or if you have any complaints regarding our privacy practices, please contact our Data Protection Officer:

DATA PRIVACY OFFICER

Gateway Group of Companies

Contact Number: (02)8293-6888

Email Addresses:

dataprotection.pgmc@gatewaygroup.ph

dataprotection.mggsc@gatewaygroup.ph

dataprotection.gmci@gatewaygroup.ph

dataprotection.mdc@gatewaygroup.ph

dataprotection.mggmc@gatewaygroup.ph

dataprotection.gfmc@gatewaygroup.ph

Because email communications are not always secure, you are asked not to include credit card or other

sensitive data (such as racial or ethnic origin, political opinions, religion, health, or the like) in emails

sent to us

Version Dec 2022.