Privacy Policy
1. INTRODUCTION
HuboMoto Corporation is committed to protecting the privacy and security of personal information collected from employees, guests, partners, and third-party service providers. This policy outlines how we collect, process, store, and safeguard personal data in compliance with Republic Act No. 10173 (Data Privacy Act of 2012) and relevant international privacy regulations.
2. Scope & Applicability
This policy applies to all personal data collected through HuboMoto’s short-term rental (STR) operations, property management services, online platforms, and HR systems. It covers:
Employees (including contractors and applicants)
Guests (including those booking through OTAs)
Vendors and Business Partners
Website and Platform Users
Third-Party Service Providers handling personal data
3. Data Collection & Processing
HuboMoto collects personal data only for legitimate business purposes and in accordance with applicable privacy regulations. The legal basis for processing personal data includes consent, contractual necessity, compliance with legal obligations, and legitimate business interests. The following categories of information may be gathered:
3.1 For Guests:
Personal Information: Full name, nationality, date of birth, and contact details.
Booking Information: Payment details, transaction history, and stay preferences.
Government-Issued Identification: Passport, driver’s license, or other valid IDs for long-term guests (30+ days).
Security and Surveillance Data: CCTV footage within common areas for safety compliance.
Guest Feedback & Interactions: Complaints, inquiries, and preferences.
3.2 For Employees & Applicants:
Employment Data: Name, contact details, educational background, employment history.
Payroll & Benefits Information: Tax details, Social Security (SSS, Pag-IBIG, PhilHealth) contributions, and salary data.
Performance Evaluations & Disciplinary Records (where applicable).
3.3 For Vendors & Business Partners:
Company & Representative Details: Business name, contact details, contracts.
Financial Data: Payment records, bank details, and invoicing history.
3.4 Automatic Data Collection
Cookies & Analytics: Website interactions, browsing behavior, device information.
AI-Generated Data: Content generation and automation insights for customer service and marketing.
4 Data Storage & Security
HuboMoto implements strict data protection measures to prevent unauthorized access, loss, or misuse of personal information:
Encryption & Access Controls: All sensitive data is encrypted and access is limited to authorized personnel.
Retention Period: Personal data is retained only for the necessary duration (e.g., guest records for 12 months, financial data for legal compliance).
Secure Disposal: After retention periods expire, data is permanently deleted using industry-standard security protocols.
5 Data Sharing & Third-Party Disclosures
Personal data will not be sold or shared without consent, except in the following cases:
Booking Platforms & Payment Gateways: Data is shared with OTAs (Airbnb, Agoda, Booking.com) and payment processors for transaction verification.
Law Enforcement & Government Compliance: Information may be provided to government agencies such as the Bureau of Immigration (BI), Philippine National Police (PNP), or the Department of Trade and Industry (DTI) if legally required.
Third-Party Vendors & Service Providers: Guest details may be shared with cleaning services (Liempyo Cleaning Services) and maintenance providers (AC Innovative Solutions) for operational purposes.
6 Rights of Data Subjects
Under the Data Privacy Act of 2012, individuals have the right to:
Access their personal information held by HuboMoto.
Request Corrections if data is inaccurate or incomplete.
Withdraw Consent from marketing or promotional communications.
Request Deletion of their personal data (subject to legal and contractual obligations).
Requests can be submitted via official company channels.
7 Data Breach Management
In the event of a data breach, HuboMoto follows a structured incident response plan:
Immediate Containment: Identifying affected systems and securing compromised data.
Investigation & Assessment: Determining the extent of the breach and affected individuals.
Regulatory Notification: Reporting to the National Privacy Commission (NPC) within 72 hours, if required.
User Notification: Affected individuals will be informed of any risks and provided guidance on protective actions.
8 Policy Updates & Contact Information
This privacy policy is reviewed annually or as needed based on regulatory changes. Any updates will be posted on our official website and notified to affected stakeholders.