Privacy Policy - Daet Massage and Spa Philippines

1. Introduction

Daet Massage and Spa ("we," "our," or "us") is committed to protecting your personal information in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our services.

Data Controller: Daet Massage and Spa Philippines
Data Protection Officer Contact: dpo@avasolutions.ph

2. Your Rights Under Philippine Law

As a data subject under RA 10173, you have the following rights:

Right to be Informed: You have the right to be informed about the collection and processing of your personal data
Right to Access: You may request access to your personal data that we hold
Right to Object: You can object to the processing of your personal data
Right to Erasure or Blocking: You may request the deletion or blocking of your personal data
Right to Rectification: You can request corrections to inaccurate personal data
Right to File a Complaint: You may file a complaint with the National Privacy Commission
Right to Portability: You can request your data in a structured, commonly used format
Right to be Indemnified: You have the right to damages for violations of your data privacy rights

3. Information We Collect

3.1 Personal Information

Full name and contact details (email, phone number, address)
Government-issued ID information (when required for verification)
Business registration details (DTI/SEC registration numbers)
Payment and billing information
Business transaction data

3.2 Sensitive Personal Information

We only collect sensitive personal information when absolutely necessary and with your explicit consent:

Government-issued identification numbers (for compliance purposes only)
Financial account information (for payment processing only)

3.3 Technical Information

IP address and device information
Browser type and version
Usage data and analytics
Cookies and similar technologies (with consent)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under RA 10173:

Consent: You have given clear consent for processing
Contract: Processing is necessary for the performance of a contract
Legal Obligation: To comply with Philippine laws and regulations
Legitimate Interest: For our legitimate business interests that do not override your rights
Vital Interests: To protect someone's life or physical safety

5. How We Use Your Information

To provide and maintain our services
To process transactions and send transaction notifications
To comply with legal obligations under Philippine law
To communicate with you about our services
To improve our services and develop new features
To prevent fraud and enhance security
To send marketing communications (with your consent)

6. Data Sharing and Disclosure

We may share your information with:

Service Providers: Third parties who help us operate our business (all bound by confidentiality agreements)
Government Authorities: When required by Philippine law or valid legal process
Business Transfers: In connection with any merger, sale, or acquisition (with notice to you)
With Your Consent: When you explicitly agree to sharing

We NEVER sell your personal information to third parties.

7. International Data Transfers

If we transfer your data outside the Philippines, we ensure:

The receiving country has adequate data protection laws
We have appropriate safeguards in place (such as standard contractual clauses)
You are informed and consent to such transfers when required

8. Data Security

We implement appropriate organizational, technical, and physical security measures:

Encryption of data in transit and at rest
Regular security assessments and audits
Access controls and authentication measures
Employee training on data privacy and security
Incident response procedures
Regular backups and disaster recovery plans

9. Data Retention

We retain your personal data only for as long as necessary:

Active accounts: For the duration of your account plus 5 years
Financial records: 10 years as required by BIR regulations
Legal claims: Until the end of the relevant limitation period
Marketing: Until you withdraw consent

10. Children's Privacy

Our services are not directed to individuals under 18 years old. We do not knowingly collect personal information from minors without parental consent. If you are a parent and believe we have collected your child's information, please contact us immediately.

11. Cookies and Tracking Technologies

We use cookies and similar technologies with your consent. You can manage cookie preferences through your browser settings. For more details, see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes via email or prominent notice on our website. The "Effective Date" at the top indicates when this policy was last revised.

13. How to Exercise Your Rights

Data Protection Officer

To exercise any of your rights under RA 10173, please contact our Data Protection Officer:

Email: dpo@avasolutions.ph
Phone: +63 (2) 8888-8888
Address: [Your Business Address], Philippines
Response Time: Within 15 days as required by law

14. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with:

National Privacy Commission

Website: https://www.privacy.gov.ph
Email: info@privacy.gov.ph
Hotline: +63 (2) 8234-2228
Address: 3rd Floor, Core G, GSIS Headquarters Building, Financial Center, Pasay City

15. Consent Statement

By using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy and consent to the collection, use, and processing of your personal data as described herein, in accordance with the Data Privacy Act of 2012.

This Privacy Policy was last updated on January 1, 2025
Version 1.0 | Compliant with RA 10173