03 November 2017

SAN MIGUEL CORPORATION, Subsidiaries and Affiliates (“SMC”)

40 San Miguel Avenue, Mandaluyong City 1550 Metro Manila,
Philippines

Corporate Procurement Group:

Data Privacy Consent

We acknowledge that San Miguel Corporation, its subsidiaries and affiliates (“SMC”) has implemented a
policy on Data Privacy, pursuant to Republic Act No. 10173 or the Data Privacy Act of 2012 and its
implementing rules and regulations.

We recognize that Personal Information and Sensitive Personal Information (“Personal Data”) of certain
individuals (“Data Subject”) may have been provided to SMC by us or on our behalf or in relation to our
dealings with SMC. We further acknowledge that SMC will be collecting, using, sharing, disclosing,
transferring, retaining and destructing (collectively “Processing”) such Personal Data in connection with
our accounts, transactions with, and relevant services and products offered to and through SMC. In
relation to the same:

1. We represent, warrant and undertake that we have obtained (and shall maintain) the
agreement of and consent from Data Subject such as directors, officers, employees,
shareholders, beneficial owners, signatories, representatives, if acting on behalf of another,
whose Personal Data were provided by us or on our behalf to SMC or otherwise obtained by
SMC in relation to our transactions with SMC.

2. We acknowledge and consent the sharing and disclosure of such Personal Data, subject to
compliance with applicable laws and regulations, on a need to know basis, only for legitimate
business purposes, as follows:

• to SMC subsidiaries and affiliates;

 to contractors, service providers, and other third parties We engage to support our
business, and who are bound by contractual obligations to keep Personal Data secure
and confidential, and use it only for the purposes for which We disclose it to them;
 to government and law enforcement agencies and regulatory bodies;
 if SMC believes disclosure is necessary or appropriate to protect the rights, property, or
safety of SMC, its subsidiaries and affiliates, officers, employees, customers, or other
third parties;
 to a buyer or other successor in the event of a merger, divestiture, restructuring,
reorganization, dissolution, or other sale or transfer of some or all of SMC’s assets,
 whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding,
in which Personal Data held by SMC is among the assets transferred; and
 to investigating parties during breach of SMC’s internal policies, laws and regulations,
enforce appropriate sanctions and pursue legal actions if necessary; and
 such other purposes as it may deem reasonably necessary.

3. We agree to maintain such consent for such period as SMC shall retain and secure the Personal
Data for the period and manner defined in the SMC Policy on Records and Retention and/or as
prescribed by applicable law, whichever is longer.

4. We acknowledge that SMC has implemented technical, organizational, and physical measures
designed to protect the confidentiality, integrity, and availability of our Personal Data, secure
such from unauthorized destruction, access, alteration, disclosure, fraudulent misuse and/or any
other unlawful processing, as well as other natural and human dangers.

5. We acknowledge and agree that SMC shall retain the Personal Data for the period and manner
defined in the SMC Policy on Records Retention and/or as prescribed by applicable law,
whichever is longer. We likewise acknowledge that SMC cannot delete Personal Data without
restricting or removing its ability to effectively execute our transactions with, and relevant
services and products offered to and through SMC. SMC may not accommodate a request to
correct and/or delete Personal Data if SMC believes the same would violate any law or legal
requirement or cause the Personal Data and Historical Transactions to be incorrect.

6. We agree that SMC shall only be responsible for relaying to us any notices or disclosures
required by the law to be made to the Data Subject and such will constitute sufficient
compliance by SMC to the Data Subject. We shall be solely responsible for immediately
providing such notices or disclosures required by the law directly to the Data Subject. We have
made and undertaken to provide awareness about the Data Privacy Act of 2012 to the Data
Subject.

7. We also undertake to immediately provide SMC with any changes on the authorized persons
that SMC may share or disclose Personal Data to. We further represent and warrant that all
Data Subject has been advised that its consent as described herein shall continue until
withdrawal is effectively communicated to SMC or the persons to whom SMC may share or
disclose the Personal Data to, and that withdrawal or withholding of the consent may result in
SMC’s inability to carry out and give effect to the purposes provided above.

8. We acknowledge our obligation to comply with the Data Privacy Act of 2012 and the SMC policy
on Data Privacy in carrying out transactions with SMC and that SMC shall not be responsible for
our compliance with the same.
 9. We also agree to release SMC and its directors, officers, employees, shareholders, subsidiaries,
affiliates, and agents from every and all liability whether direct or indirect, special or
consequential arising out of the Processing of such Personal Data in connection to my
application for Supplier Accreditation.

Signed,

NAME OF COMPANY
By:

AUTHORIZED SIGNATORY 1 AUTHORIZED SIGNATORY 2 AUTHORIZED SIGNATORY 3

Position Position Position