Skip to Content

Privacy Policy

  1. Introduction
    Greenstrum Inc.(“GSI”, “we”, “us”, or “our”) is a company that specializes in electric vehicle charging solutions. We respect and value your right to data privacy and are committed to protecting your personal data in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and issuances of the National Privacy Commission (NPC). This Privacy Statement explains, in general, what personal data we collect, how we use, store, share, protect, retain, and dispose of it, and the rights you have as a data subject. This statement is also in addition to specific privacy notices we provide data subjects whenever we collect personal data from them.

  2. Personal Data We Collect
    Depending on your interaction with GSI, we may collect and/or process the following personal data: customer full name, email address, mobile number, home or billing address, inquiry and transaction details, vehicle information (conduction Sticker, vehicle identification number, engine type, color, and model), service and warranty records, and billing and payment information. We collect them through the following channels: our website, leads generation (marketing) activities, sales reporting, and aftersales reporting.

    When you navigate through our website, we may also collect website usage logs and cookie identifiers. For more information, please consult our cookie policy.

  3. Purpose of Processing
    We process personal data for the following lawful purposes:
    • EV charging inquiry handling, sales, installation, testing, inspection, warranty, and service fulfillment
    • Customer account creation and support
    • Product support and troubleshooting
    • Marketing communications, promotions, surveys, and feedback
    • Market analysis, demand forecasting, and service improvement
    • Compliance with legal and regulatory obligations
     
    When we collect personal data, we rely on the following criteria for lawful processing: consent, contractual necessity, legal obligation, or GSI’s legitimate interests, as allowed under the Data Privacy Act. We also make sure that our data subjects are properly informed of the specific purposes for processing and the lawful criteria we rely on, other than consent, at the earliest possible opportunity.

  4. Disclosure of Personal Data to Other Parties
    We disclose personal data only to the extent necessary and relevant for our legitimate purposes, as follows: <please provide where and what data is being shared, see sample below>
    • Authorized EV dealers – full name, contact details, vehicle inquiry details, service and warranty records (for sales, servicing, and warranty fulfillment)
    • Financing and insurance partners – full name, contact details, billing and payment information (for financing and insurance evaluation, when applicable)
    • IT service providers and CRM platforms – identification and transaction reference data (for system hosting, customer relationship management, and website operations)
    • Government agencies and regulators – personal data required by law, regulation, or lawful order

      All disclosures are governed by data processing, data sharing, and confidentiality agreements, where applicable in compliance with the Data Privacy Act. It is our policy to inform data subjects of the purposes for engaging third-party service providers, in the case of data processing agreement, and to ensure that disclosures to third parties, in the case of data sharing agreements, are supported by the appropriate lawful criteria under the Data Privacy Act.

  5. Manner of Storage of Personal Data
    We securely store Personal data in the following manner: <please confirm below and edit/add as necessary>
    1. Secure electronic databases hosted on controlled servers, protected by access controls and encryption; and
    2. Physical records, where applicable, are stored in locked cabinets within restricted office premises.

      Access is limited to authorized personnel based on role and operational necessity, subject to monitoring and periodic review.

  7. Retention and Secure Disposal
    Personal data is retained only for as long as necessary to fulfill declared purposes or as required by law, generally not exceeding ten (10) years, unless legally extended. Thereafter, we securely dispose records of personal data and render them unrecoverable, unidentifiable, and unusable, in the following manner:
    1. Electronic data: secure deletion, overwriting, or anonymization
    2. Physical records: shredding or secure destruction

  9. Data Protection Measures
    In the collection and/or processing of personal data, GSI implements the following reasonable and appropriate safeguards:
    Organizational Measures
    • Fully functioning Data Privacy Office with a duly appointed Data Protection Officer (DPO)
    • Functional and periodic privacy training and awareness programs
    • Periodically reviewed Privacy Impact Assessments (PIAs)
    • Periodically reviewed privacy policies and procedures covering access control, security incident management, data security, and the exercise of data subjects’ rights, among others.

    Physical Measures
    • Restricted office access
    • Secured storage areas
    • Visitor access controls
    • Closed Circuit Television (CCTV) Cameras

    Technical Measures
    • Encryption of sensitive data
    • Firewalls and malware protection
    • Multi-factor authentication
    • Audit logs and monitoring
    • Penetration and vulnerability testing

    These safeguards are regularly reviewed and updated to address evolving security and privacy risks.

  10. Cross-Border Data Transfers
    Where personal data is stored or processed outside the Philippines (e.g., cloud servers), GSI ensures comparable protection standards through contractual safeguards and strict access controls. Access to personal data stored outside the Philippines is restricted to authorized personnel and subject to contractual and technical safeguards.

  11. Rights of Data Subjects and How to Exercise Them
    Please informed that you have the following rights under the Data Privacy Act:
    • Right to be informed – You should be informed of the scope of our personal data processing activities including where and how we collected them, to whom we share them and why, how we secure them, how long we keep them, and how we dispose of them, as well as any changes to such activities before they are applied.
    • Right to access – Upon request, you should be able to have reasonable access to your personal data in accordance our internal procedures. At times, however, we may charge reasonable fees when granting your request takes additional effort due to its volume and the possible removal of information considered to be confidential/propriety or belonging to other data subjects.
    • Right to object - You may object to the processing of your personal data whenever you feel that we have no legal basis to do so. However, we may be unable to render our services should the processing objected to is necessary for its performance. You may also withdraw any consent previously given for the processing and/or sharing of your personal data without prejudice to any lawful processing done prior to such withdrawal.
    • Right to rectification – You may dispute the accuracy of the personal data we have about you and ask for it to be corrected and/or updated subject to GSI’s internal procedures.
    • Right to erasure or blocking - You have the right to suspend, withdraw, or order the blocking, removal, or destruction of inaccurate, incomplete, outdated, false, or unlawfully obtained personal data, including those unnecessary for GSI’s stated purposes.
    • Right to data portability - You have the right to request copies of your electronic personal data or have it sent to third parties in a portable and commonly accessible format in accordance with GSI’s internal procedures.
    • Right to file a complaint with the National Privacy Commission (NPC) - Should you feel that GSI has violated any of your rights under the Data Privacy Act or is unable to properly address any such complaints with us, you may file a complaint with the NPC.
    • Right to damages - You have the right to be indemnified for damages sustained, if any, due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.

    12. How to Exercise Your Rights
    You may exercise your rights by submitting a written request with GSI’s Data Privacy Office using the contact details below. Please be advised that apart from a description of the right being exercised, we may also request for additional information to help us understand why the request is being made as well as sufficient proof of identity to ensure that the personal data subject of the request is properly identified.

    GSI will respond within the period prescribed by the Data Privacy Act and its Implementing Rules and Regulations. Data subjects may also lodge a complaint directly with the National Privacy Commission if they believe their data privacy rights have been violated.

  12. Cookies and Website Technologies
    GSI uses cookies and similar technologies to improve website functionality and user experience. You may manage cookie preferences through your browser settings. For further information, please consult our Cookie Policy.

  13. Amendments
    This Privacy Statement may be updated to reflect changes in law, regulation, or business operations. Updated versions will be posted on our website.

  14. Contact Information
    Data Privacy Office
    Greenstrum Inc.
    Email: dpo@greenstrum.com
    Address: 932 28th St. cor. 9th Ave., City Center, Bonifacio Global City, Taguig City, Philippines