Data Protection Policy

Last updated: January 1, 2025

1. Introduction

CarConnect is committed to protecting the privacy and security of your personal data. This Data Protection Policy explains how we collect, use, store, and protect your personal information in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) and other applicable data protection laws.

2. Data Protection Principles

We adhere to the following data protection principles:

  • Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes.
  • Data Minimization: We only collect personal data that is adequate, relevant, and necessary for our purposes.
  • Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
  • Storage Limitation: We keep personal data in a form that permits identification no longer than necessary.
  • Integrity and Confidentiality: We process personal data securely using appropriate technical and organizational measures.
  • Accountability: We are responsible for and demonstrate compliance with data protection principles.

3. Types of Personal Data We Collect

3.1 Customer Data

We may collect the following information from customers:

  • Contact information (name, email, phone number, address)
  • Identification documents (driver's license, government ID)
  • Payment information
  • Booking history and preferences
  • Location data (with consent)
  • Communication records

3.2 Partner Data

We may collect the following information from partners:

  • Business information and documentation
  • Vehicle details and documentation
  • Insurance information
  • Bank account details for payments
  • Performance metrics and ratings

4. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

  • Consent: When you have given clear consent for us to process your personal data for a specific purpose.
  • Contract: When processing is necessary for the performance of a contract with you.
  • Legal Obligation: When processing is necessary for compliance with a legal obligation.
  • Legitimate Interests: When processing is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests.

5. Data Security Measures

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and testing
  • Employee training on data protection
  • Secure data backup and recovery procedures
  • Physical security measures for our facilities

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our retention periods are based on:

  • The nature of the personal data
  • The purposes for which we process it
  • Legal and regulatory requirements
  • Statutory limitation periods

7. Data Subject Rights

Under the Data Privacy Act of 2012, you have the following rights regarding your personal data:

  • Right to be Informed: You have the right to be informed whether personal data pertaining to you shall be, are being, or have been processed.
  • Right to Access: You have the right to reasonable access to your personal data.
  • Right to Rectification: You have the right to dispute and have corrected any inaccuracy or error in your personal data.
  • Right to Erasure or Blocking: You have the right to suspend, withdraw, or order the blocking, removal, or destruction of your personal data.
  • Right to Damages: You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data.
  • Right to Data Portability: You have the right to obtain a copy of your personal data in an electronic or structured format.
  • Right to Object: You have the right to object to the processing of your personal data.

To exercise these rights, please contact our Data Protection Officer using the contact information provided below.

8. Data Transfers

We may transfer personal data to third parties, including service providers, who assist us in providing our Services. When we transfer personal data to third parties, we ensure appropriate safeguards are in place to protect the data.

9. Data Breach Notification

In the event of a personal data breach, we will notify the National Privacy Commission and affected data subjects in accordance with the requirements of the Data Privacy Act of 2012.

10. Changes to This Policy

We may update this Data Protection Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Information

If you have any questions about this Data Protection Policy or wish to exercise your data subject rights, please contact our Data Protection Officer:

Data Protection Officer
CarConnect
Email: dpo@carconnect.cloud
Phone: +63 917 300 9468
Address: Serving Mindanao Region