Privacy Policy

Your privacy and data protection rights under RA 10173

Last Updated: September 18, 2025 Effective Date: October 02, 2025

1. Introduction and Legal Framework

CyberQuest ("we," "our," or "us") is committed to protecting your privacy and personal data in accordance with Republic Act No. 10173, also known as the "Data Privacy Act of 2012" of the Philippines. This Act protects individual personal information in information and communications systems in both government and private sectors, recognizing the fundamental human right of privacy while ensuring the free flow of information to promote innovation and growth.

Key Legislative Reference

This Privacy Policy is formulated in compliance with Republic Act No. 10173 (Data Privacy Act of 2012), its Implementing Rules and Regulations, and other applicable data protection laws of the Philippines.

2. Data Controller Information

Personal Information Controller: CyberQuest

Address: [Your Company Address]

Email: privacy@example.com

Data Protection Officer: [DPO Name and Contact]

National Privacy Commission Registration: [Registration Number if applicable]

3. Definitions (Per RA 10173)

Personal Information

Any information, whether recorded in material form or not, from which your identity is apparent or can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify you as an individual.

Sensitive Personal Information

Personal information about your race, ethnic origin, marital status, age, color, religious, philosophical or political affiliations, health, education, genetic or sexual life, or information about criminal proceedings.

Processing

Any operation performed upon personal information including collection, recording, organization, storage, updating, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.

4. Personal Information We Collect

4.1 Information You Provide Directly

  • Account Information: Username, email address, password (encrypted using industry-standard Argon2 hashing)
  • Contact Information: Name, email address, subject, and message content when using our contact form
  • Profile Information: Any additional information you voluntarily provide in your user profile

4.2 Information Collected Automatically

  • Technical Information: IP address, browser type, operating system, device information
  • Usage Information: Pages visited, time spent on site, click patterns, session data
  • Security Information: Login attempt logs, session tokens, authentication data
  • Timezone Information: Your device's timezone setting is automatically detected during account creation using browser APIs to provide personalized time-based features and content. This information is used solely to enhance your user experience by displaying times in your local timezone and is stored securely with your account preferences.

4.3 Automatic Timezone Detection

How We Detect Your Timezone

During account creation, our system automatically detects your timezone using your browser's built-in timezone API (Intl.DateTimeFormat). This is a standard web technology that provides your device's timezone setting without accessing any sensitive location data.

What we collect: IANA timezone identifier (e.g., "Asia/Manila", "America/New_York")

How it's collected: JavaScript browser API during account setup

Purpose: Display timestamps, deadlines, and schedules in your local time

Storage: Stored with your account preferences, can be updated anytime

User control: You can modify your timezone preference in account settings

5. Legal Basis for Processing (Section 12, RA 10173)

We process your personal information based on the following lawful grounds under Section 12 of RA 10173:

Consent (Section 12(a))

For account creation, marketing communications, and optional features

Contract Performance (Section 12(b))

To provide our services and fulfill our obligations to you

Legitimate Interest (Section 12(f))

For security monitoring, fraud prevention, and service improvement

Legal Obligation (Section 12(c))

To comply with applicable laws and regulations

6. Data Privacy Principles (Section 11, RA 10173)

In accordance with Section 11 of RA 10173, we ensure that personal information is:

  • Collected for specific and legitimate purposes determined before or as soon as practicable after collection
  • Processed fairly and lawfully in accordance with the declared purposes
  • Accurate, relevant and up-to-date for the purposes for which it is processed
  • Adequate and not excessive in relation to the purposes for collection and processing
  • Retained only as long as necessary for the fulfillment of the stated purposes
  • Kept in a form permitting identification for no longer than necessary for the stated purposes

7. Your Rights as a Data Subject (Section 16, RA 10173)

Under Section 16 of RA 10173, you have the following rights:

Right to be Informed

Be informed whether personal information pertaining to you is being processed

  • • Description of personal information being processed
  • • Purposes for which they are being processed
  • • Recipients or classes of recipients
  • • Period for which information will be stored

Right of Access

Reasonable access to your personal information that we process

  • • Contents of your personal information
  • • Sources from which information was obtained
  • • Names and addresses of recipients
  • • Manner by which data was processed

Right to Rectification

Dispute inaccuracy and have us correct information immediately

  • • Correct inaccurate or incomplete data
  • • Update outdated information
  • • Modify timezone preferences through account settings
  • • Notify third parties of corrections

Right to Erasure/Blocking

Suspend, withdraw or order blocking/removal/destruction of your data

  • • When data is incomplete or outdated
  • • When data was unlawfully obtained
  • • When data is used for unauthorized purposes
  • • When data is no longer necessary

Right to Data Portability (Section 18)

Obtain a copy of your data in electronic or structured format for transfer to another controller

Right to Indemnification

Be indemnified for damages due to inaccurate, incomplete, or unauthorized use of personal information

8. Security of Personal Information (Section 20, RA 10173)

In compliance with Section 20 of RA 10173, we implement reasonable and appropriate organizational, physical and technical measures:

Technical Measures

  • • Argon2 password hashing
  • • HTTPS encryption for data transmission
  • • Secure session management
  • • Network security safeguards
  • • Timezone data validation against IANA database

Organizational Measures

  • • Data protection policies and procedures
  • • Employee confidentiality obligations
  • • Access controls and authorization
  • • Regular security monitoring
  • • User control over timezone preferences

9. Data Breach Notification (Section 20(f), RA 10173)

In compliance with Section 20(f) of RA 10173, we will promptly notify the National Privacy Commission and affected data subjects when sensitive personal information is reasonably believed to have been acquired by an unauthorized person, and such acquisition is likely to give rise to a real risk of serious harm to affected data subjects.

10. Cross-Border Data Transfer

Any transfer of personal information outside the Philippines will be conducted in accordance with RA 10173 and its implementing regulations, ensuring adequate protection through appropriate safeguards such as standard contractual clauses or adequacy decisions by the National Privacy Commission.

11. Data Retention

In accordance with Section 11(e) of RA 10173, we retain personal information only for as long as necessary for the fulfillment of the purposes for which the data was obtained, for the establishment, exercise or defense of legal claims, or for legitimate business purposes.

Retention Periods by Data Type

  • Account data: Retained until you request deletion
  • Security logs: Automatically deleted after 30 days
  • Session data: Deleted upon logout or session expiry
  • Contact form submissions: Retained for 1 year for support purposes

12. National Privacy Commission

Filing Complaints

You have the right to file a complaint with the National Privacy Commission if you believe your data privacy rights have been violated.

National Privacy Commission

5th Floor, Philippine International Convention Center

Vicente Sotto St., Pasay City

Email: info@privacy.gov.ph

Website: https://www.privacy.gov.ph

13. Changes to Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, applicable laws, or National Privacy Commission guidelines. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date.

Policy Change Notice Period

Important: Any changes to this Privacy Policy will take effect 14 days after the updated policy is posted on this page. This 14-day notice period allows you time to review the changes and decide whether to continue using our services. Your continued use of our services after the 14-day period constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights under RA 10173, please contact us:

Data Protection Officer: [DPO Name]

Email: privacy@example.com

Address: [Your Company Address]

Phone: [Your Contact Number]

Response Time: We will respond to your inquiries within fifteen (15) days as required by the Data Privacy Act of 2012.

Legal Compliance: This privacy policy is compliant with Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations. Last updated: September 18, 2025