(as of 06 December 2017)

  1. Overview

    We, Qarabao, (‘the Company’) provide Ecommerce software services to our clients. In providing such support and services, we rely heavily on personal information, whether it be the information of our clients, our employees, or any other individual in connection with any matter that we handle.

    Given the importance of privacy to all concerned parties, we are committed to the highest standards of privacy and data protection compliance and expect everyone in our Company to adhere to these standards. We demand highest standards of ethics and compliance with applicable laws and rules from our management, employees, and third-party suppliers and service providers.

    This Privacy Policy will help you understand: (i) what Personal Information we collect; (ii) how we collect, hold, use and disclose that information; and (iii) the purposes of such collection, holding, use and disclosure.

  2. To what does this Privacy Policy apply?

    This Policy applies to all of our facilities, as well as all the services that we offer.

    This Policy does not apply to any website, product or service of any third-party organization even if the website links to (or from) our Website. Please always review the privacy practices of any third-party organization before deciding whether to provide any information.

    By using our services, you accept the practices described in this Policy. If you do not agree with this Policy, you should immediately cease and desist from using our Services. Continued use of our Services will signify your acceptance of this Policy.

  3. What information do we collect?

    When you use our Services, we collect your Personal Information.

    The term “Personal Information”, as used in this Policy, refers to any data (whether by itself or when linked with other information) in the possession of, or likely to come into the possession of the Company, that can be used to identify a specific living person.

    Personal Information does not include information that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person.

  4. Why do we collect your Personal Information?

    We collect your Personal Information for the following purposes:

    • To facilitate Ecommerce transactions for our merchant clients;
    • To facilitate delivery and logistics services for our merchant clients;
    • To maintain constant communication with our clients;
    • To manage the process of billing our merchant clients for services rendered; and
    • To assert and defend any legal claims by or against the Company.

    Subject to the Data Privacy Act and with your consent, we may share, preserve, transfer, and disclose your Personal Information to the following:

    • Third party suppliers and service providers that help us provide our services, to the extent needed to perform their duties and their functions; and
    • Government authorities and such entities that may have a legitimate and legal interest in the information, in response to a legal request such as a search warrant, court order or subpoena, if we believe in good faith that we are required to do so under the law.
  5. How do we collect your information?

    Whenever you use our Services, we collect your Personal Information.{" "}

    Broadly speaking, we collect information in three ways: (1) when you provide it directly to us, (2) when we obtain verification information about you or your company through trusted third parties, and (3) passively through technology such as “cookies”.

    Specifically, we collect Personal Information from you through contracts, notes taken and prepared by our lawyers and staff, physical or electronic communication (e.g. electronic mail), verification information from trusted third parties, passive technologies (e.g. cookies), and documents or forms bearing your personal information that you submitted or was acquired by us with your authorization.

  6. What are your rights as a data subject and how do you exercise them?

    As a data subject whose Personal Information will be collected and processed by us, you are entitled to the following rights, pursuant to Section 16 of Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, and Section 34 of its Implementing Rules and Regulations:

    1. Right to be informed

      You have a right to be informed whether Personal Information pertaining to you shall be, are being, or have been processed, including the existence of automated decision-making and profiling.

    2. Right to object

      You shall have the right to object to the processing of your Personal Information, including processing for direct marketing, automated processing or profiling. You shall also be notified and be given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the data subject.

    3. Right to Access

      You have a right to be given access to specific kinds of information identified in the Data Privacy Act upon reasonable demand.

    4. Right to Rectification

      The data subject has the right to dispute the inaccuracy or error in the Personal Information and have us correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable.

    5. Right to Erasure or Blocking

      You shall have the right to suspend, withdraw or order the blocking, removal or destruction of your Personal Information from our filing system.

    6. Right to Damages

      Upon presentation of a valid decision, we recognize your right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Information, taking into account any violation of your rights and freedoms as data subject.

      Please note that this is not an exhaustive discussion of your rights as a data subject. If you wish to know more, please see our Data Subject Rights Policy.

  7. What the principles do we follow when we collect your information? (Optional)

    In compliance with the applicable laws and regulations, we pledge to observe the following principles:

    1. Principle of Transparency

      We are committed to ensuring that you know why we collect Personal Information, as well as how much of it we collect. As we seek to ensure the security of your Personal Information, we make sure that you know what risks are involved when we collect and use your Personal Information, as well as the measures we have established to ensure that those risks are lessened or eliminated.

    2. Principle of Legitimate Purpose

      We are committed to ensuring that your Personal Information will only be used for specified, legitimate purposes. No Personal Information shall be used for a purpose other than that which has been told to you and have been consented to by them.

      No Personal Information shall be collected without your consent. If you wish to withdraw consent to the collection of your Personal Information, kindly give us reasonable notice so we may have time to cease any and all processing

    3. Principle of Proportionality

      We are committed to ensuring that we do not collect Personal Information more than what is necessary from you. Personal Information shall be collected only to the extent that is needed for the purposes specified in this Policy.

    4. Principle of Lawful Processing

      We pledge that we shall uphold your right as a Data Subject. You shall have the right to refuse, withdraw, consent, or object to the use and collection of your Personal Information.

      In the event that you refuse to give consent, your Personal Information shall no longer be processed, unless:

      • The Personal Information is needed pursuant to a subpoena;
      • The collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which the customer is a party; or
      • The information is being collected and processed as a result of a legal obligation.

      Any information to be provided by you shall always be in clear and plain language, to ensure that the information is easy to understand and access.

    5. Data Retention

      Whatever Personal Information given to us by you or pertaining to you shall only be retained for as long as necessary:

      • For the fulfillment of the declared, specified, and legitimate purpose, or when the processing relevant to the purpose has been terminated;
      • For the establishment, exercise, or defense of legal claims; or
      • For legitimate business purposes, which must be consistent with standards followed by the applicable industry or approved by the appropriate government agency.

      Personal Information provided to us by you shall be disposed or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party, or prejudice the interests of our customers.

  8. Why do we retain your personal information?

    We will retain Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by the Data Privacy Act of 2012. Please note that we have a variety of obligations to retain the Data that you provide to us, including to ensure that transactions can be appropriately processed, settled, refunded or charged-back, to help identify fraud and to comply with anti-money laundering and other laws and rules that apply to us and to our financial service providers. There may also be residual Data that will remain within our databases and other records, which will not be removed.

    How do we protect your personal information?

    We use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. We use the following globally recognized technologies in the storing and handling of Personal Information: Firebase Authentication, which aims to make building secure authentication systems easy. It provides an end-to-end identity solution, supporting email and password accounts, phone auth, and Google and Facebook. Built by the same team that developed Google Sign-in, Smart Lock and Chrome Password Manager, Firebase security applies Google's internal expertise of managing one of the largest account databases in the world. Amazon Web Services (AWS) is the largest and one of the most secure hosting providers worldwide. Aside from the technologies, the Company has a dedicated Data Protection Officer and the office premises are secured with a biometrics system in place as well.

    Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If the customer has reason to believe that his interaction with us is no longer secure (for example, if the customer feels that the security of his account has been compromised), please contact our Data Protection Officer immediately. His contact details are provided in Part XI below.

  9. What about changes to this policy?

    We may change this Privacy Policy. The “Last updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes are effective when we post the revised Privacy Policy on the Services.

    We may provide you with disclosures and alerts regarding the Privacy Policy or Personal Information collected by posting them on our website. By using our Services, you agree that electronic disclosures and notices have the same meaning and effect as if we had provided you with hard copy disclosures. Disclosures and notices in relation to this Privacy Policy or Personal Information shall be considered to be received by you within twenty-four (24) hours of the time they are posted to our website.

  10. How can you reach us?

    If you have any questions or suggestions about this Privacy Policy or would like to access or seek correction of your Personal Information, or if you have any complaints regarding our privacy practices, please contact our Data Protection Officer. His contact information is as follows:

    Name: Roy Patrick Nepomuceno
    Office Address: Unit 402-A, ICITE Building, Orchard Road, Eastwood City Cyberpark, Bagumbayan, Quezon City, Philippines
    Contact Number: +639171730330
    Email Address:

    Please note that you, as the requesting party, would have to pay the reasonable costs and expenses incurred by the Company for producing the requested information.

    Because email communications are not always secure, you are asked to not include credit card or other sensitive data (such as racial or ethnic origin, political opinions, religion, health, or the like) in emails sent to us.