Chico.ph

Privacy Policy

Last updated: February 2025

1. Introduction

Chico.ph ("we," "our," or "us") is committed to protecting your privacy. We act as a Personal Information Controller under the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services. We process data in accordance with the Data Privacy Act of 2012 and its Implementing Rules and Regulations, as well as other applicable privacy laws.

2. Information We Collect and How We Process It

In compliance with your right to be informed under the Data Privacy Act of 2012, we disclose the following. We collect only the information necessary to provide our services:

  • Contact form submissions: When you use our contact form, we collect your name, email address, subject, message content, and technical data (e.g., browser user agent).Purpose: To respond to your inquiries, support follow-up, dispute resolution, and maintain business records (e.g., advertising inquiries, discount error reports). Scope and method: Data is stored in a secure database; only authorized personnel access it. We do not use automated decision-making or profiling.
  • Usage data: We may temporarily use your IP address in memory for rate-limiting (to prevent abuse). This data is not stored persistently and is cleared automatically.
  • Local storage:If you use features like bookmarks, data is stored only in your browser's localStorage. We do not receive or store this data on our servers.

3. Lawful Criteria for Processing

Under Section 12 of the Data Privacy Act of 2012, we process your contact form data based on: (a) your consent when you voluntarily submit the form; and (b) legitimate purpose for responding to inquiries, dispute resolution, and maintaining business records. We do not process personal information for purposes incompatible with those disclosed to you.

4. How Long We Keep Your Data

We retain personal data only as long as necessary:

  • Contact submissions: Up to 24 months from the date of submission. After this period, data is deleted. We may retain data longer if required by law or for ongoing disputes.
  • Rate-limiting data: Not stored persistently; cleared automatically when the time window expires.
  • Bookmarks and preferences: Stored only in your browser. You control when this data is removed (e.g., by clearing site data).

5. Your Rights Under the Data Privacy Act of 2012

Under Section 16 of the Data Privacy Act of 2012, you have the following rights as a data subject:

  • Right to be Informed: You have the right to know what personal data we collect and how we process it. This Privacy Policy fulfills that obligation.
  • Right to Object: You may object to the processing of your personal information.
  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate or incomplete data.
  • Right to Erasure or Blocking: You may request deletion or blocking of your personal information. To request deletion of your contact submission(s), contact us via the Contact Us form. We will process requests within 30 days where feasible.
  • Right to Damages: You may claim compensation for any damage sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.
  • Right to Data Portability: You may request your data in a structured, commonly used, and machine-readable format where technically feasible.

To exercise these rights, please contact us using the Contact Us form. You also have the right to file a complaint with the National Privacy Commission (privacy.gov.ph) if you believe your data privacy rights have been violated.

6. Data Security and Breach Notification

We protect your data using industry-standard measures: access to personal data is restricted, data is encrypted in transit (HTTPS), and our database provider encrypts data at rest. We do not expose personal data to anonymous users or in client-side code.

In compliance with the Data Privacy Act of 2012, in the event of a personal data breach that is likely to result in real harm to you, we will notify the National Privacy Commission and affected data subjects in accordance with the law and NPC advisories.

7. Recipients and Third-Party Disclosure

We may share your personal data with the following classes of recipients: (a) our hosting and infrastructure providers who process data on our behalf to operate the website and database; (b) our email service provider when we send responses to your inquiries; and (c) analytics providers, if we use them. These providers act as Personal Information Processors and process data in accordance with their privacy policies and our instructions. We do not sell your personal data to third parties.

8. Minors

Under Philippine law, a child is a person below eighteen (18) years of age. Our services are not directed at minors. We do not knowingly collect personal data from minors without parental or guardian consent. If you believe we have collected data from a minor without proper consent, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

10. Personal Information Controller — Contact Us

Chico.ph is the Personal Information Controller for the data collected through this website. For questions about this Privacy Policy, to exercise your data subject rights, or to request access, correction, or deletion of your personal data, please use our Contact Us form.