AEG Technology Solutions Corporation

This Data Breach Notice explains the general approach of AEG Technology Solutions Corporation when handling a suspected or confirmed personal data breach affecting its systems, websites, applications, records, customers, employees, suppliers, or service-related data.

AEG is committed to acting responsibly, promptly, and transparently when privacy or security incidents may affect personal data under its control or responsibility.

The purpose of this Data Breach Notice is to:

• Explain how AEG handles suspected or confirmed personal data breaches
• Support transparency and accountability in privacy incident management
• Guide affected individuals on what may happen during a breach response
• Support compliance with the Data Privacy Act of 2012 (RA 10173)
• Provide contact details for privacy or incident-related concerns

A personal data breach may occur when personal data is accidentally or unlawfully accessed, disclosed, altered, lost, destroyed, copied, transmitted, or used without proper authorization.

A breach may involve digital records, paper records, databases, user accounts, system logs, CCTV-related information, business records, customer records, employee information, or other personal data processed by AEG.

Examples of incidents that may require assessment include:

• Unauthorized access to a system, account, server, database, or application
• Loss or theft of devices, documents, storage media, or credentials
• Accidental sending of personal data to the wrong recipient
• Malware, phishing, ransomware, or other cyber-related security events
• Unauthorized disclosure of customer, employee, supplier, or user information
• Improper disposal of documents or files containing personal data
• Misconfiguration of cloud storage, websites, portals, or databases

When a suspected breach is reported or detected, AEG may assess the incident based on:

• The type and sensitivity of personal data involved
• The number of affected individuals or records
• Whether the data was accessed, copied, altered, lost, or disclosed
• The likely harm or risk to affected individuals
• The cause of the incident and whether it is ongoing
• The systems, users, vendors, or third parties involved
• The containment and mitigation measures already taken

Depending on the incident, AEG may take containment steps such as:

• Disabling or resetting affected user accounts or credentials
• Restricting access to affected systems, files, or databases
• Isolating affected devices, servers, or applications
• Reviewing system logs and access records
• Removing unauthorized access or correcting configuration issues
• Coordinating with hosting providers, service providers, or technical support teams
• Preserving relevant records for investigation and compliance purposes

If AEG determines that notification is required, AEG may notify affected individuals, clients, relevant partners, and/or the National Privacy Commission as appropriate.

Notification may be made through email, written notice, website notice, phone call, official communication channel, or another reasonable method depending on the nature of the incident and available contact information.

• AEG will aim to provide clear and relevant information about the incident
• AEG may provide recommended steps for affected individuals where appropriate
• AEG may coordinate with clients or partners when the affected data relates to their users or customers
• AEG may update its notice if additional relevant information becomes available

A specific breach notice may include, where appropriate and available:

• A general description of the incident
• The type of personal data involved
• The estimated date or period of the incident
• The actions already taken by AEG to contain or address the incident
• Possible risks or effects on affected individuals
• Recommended protective steps for affected individuals
• Contact details for questions, concerns, or assistance

If you believe your personal data may have been affected by a privacy or security incident, you may contact AEG using the contact details below.

Depending on the situation, affected individuals may consider the following protective steps:

• Review account activity for unusual or unauthorized transactions
• Change passwords for affected or related accounts
• Use strong and unique passwords where possible
• Be cautious of suspicious calls, emails, text messages, or links
• Report suspected misuse of your personal data to the appropriate channel

AEG personnel, contractors, or authorized users who become aware of a suspected privacy or security incident should report it promptly to management, the assigned privacy contact, or the responsible technical/security team.

• Do not ignore suspected unauthorized access or accidental disclosure
• Do not delete logs, emails, files, or records related to the incident
• Preserve relevant information for review and investigation
• Escalate urgent incidents immediately through official company channels

AEG may document breach-related facts, decisions, actions, communications, technical findings, remediation steps, and related evidence as part of its accountability and compliance records.

• Incident reports and assessment notes may be maintained internally
• System logs or technical records may be reviewed where necessary
• Corrective actions may be tracked until completion
• Records may be retained according to legal, operational, and compliance requirements

If a breach involves a third-party service provider, vendor, hosting provider, payment provider, contractor, or integration partner, AEG may coordinate with the relevant party to assess the incident and determine appropriate actions.

• AEG may request incident details from the third party
• AEG may require containment, investigation, or remediation support
• AEG may notify affected parties where required or appropriate
• AEG may review vendor controls, contracts, or access permissions after the incident

After an incident, AEG may implement corrective actions to reduce the risk of recurrence. These may include:

• Improving access controls and authentication
• Updating system configurations or security settings
• Applying patches, updates, or technical safeguards
• Improving privacy notices, procedures, or user guidance
• Conducting staff reminders, training, or process review
• Reviewing vendor access, system permissions, or data sharing arrangements

For breach-related questions, suspected privacy incidents, or personal data concerns, you may contact:

AEG Technology Solutions Corporation is committed to protecting personal data and handling privacy or security incidents responsibly in support of the Data Privacy Act of 2012 (RA 10173), its Implementing Rules and Regulations, and applicable guidance issued by the National Privacy Commission (NPC).