Effective Date January 01, 2025

This Data Privacy Policy (“Policy”) governs the collection, processing, retention, use, disclosure, and protection of personal data collected by One Kard Solutions Corp, operating under the trade name KardPH (“KardPH”, “we”, “our”, or “us”), from its merchants and users (collectively, “Data Subjects” or “you”).

KardPH is fully committed to upholding your privacy rights and ensuring the lawful, fair, and secure processing of your personal data, in accordance with Republic Act No. 10173 or the Data Privacy Act of 2012, its Implementing Rules and Regulations, and all other applicable laws, rules, and regulations.

Scope of Application

This Policy applies to:

• Merchants, including sole proprietors and corporate entities, that avail of KardPH services (payment facility, loyalty & rewards, membership, e-vouchers, POS, etc.);
• Users, including individual customers or members who access services via our website, mobile app, partner merchant platforms, or point-of-sale systems.

This Policy is deemed accepted upon the use of KardPH’s services, including account registration, access, or continued use of the platform.

Personal Data Collected

We may collect the following personal and sensitive personal information, whether manually or automatically:

For Users

• Full name
• Mobile number and email address
• Gender and birthdate (for promotional targeting and eligibility)
• Transaction history and card usage
• IP address, device ID, geolocation (with consent)
• Profile image and optional preferences

For Merchants

• Business name, nature of business, and registration details (e.g., SEC/DTI/Mayor’s Permit)
• Tax Identification Number (TIN), BIR Certificate, and business licenses
• Representative’s full name, valid government-issued ID, and contact details
• Corporate bank account details for payment settlements
• Merchant transaction logs and sales performance data
• Access credentials (e.g., usernames, POS access logs)

All information provided must be true, current, and complete. KardPH is not liable for any loss or damage arising from false, incomplete, or misleading information provided.

Legal Bases for Processing

We process your data based on any of the following lawful grounds:

• Consent
• Performance of a contract with the merchant or user
• Compliance with a legal obligation
• Protection of vital interests of the data subject
• Legitimate interest of KardPH in preventing fraud, ensuring security, and improving service delivery

Purposes of Collection and Processing

We collect and process your personal data for the following primary purposes:

• To verify identity and perform know-your-customer (KYC) checks
• To facilitate financial transactions, refunds, redemptions, and settlements
• To prevent fraud, illegal activity, and abuse of the platform
• To fulfill obligations under existing merchant agreements
• To provide customer support and service enhancements
• To send service announcements, transaction alerts, system updates, and marketing promotions (where permitted)
• To generate analytics and reports to improve user experience and merchant performance
• To comply with legal requirements, including regulatory reporting to BSP, BIR, NPC, and other authorities

Data Sharing and Disclosure

We may share or disclose your data with third parties under strict confidentiality, solely for the purposes stated above. These include:

• Banks and payment processors for fund disbursement
• Third-party service providers (e.g., cloud providers, analytics, SMS/email gateways)
• Regulators and law enforcement, where required by law, subpoena, or court order
• Affiliates and authorized agents assisting with service operations

KardPH reserves the right to audit and monitor all access to merchant and user data to ensure lawful use and detect suspicious activity.

Data Retention

We retain your data for as long as:

• You maintain an account with KardPH; or
• It is necessary to fulfill the purpose for which it was collected; or
• As required by applicable laws (e.g., tax, AML, consumer protection laws)

Data Security Measures

KardPH implements physical, technical, and organizational safeguards to protect data from unauthorized access, alteration, disclosure, or destruction:

• SSL encryption for data transmission
• Tokenization and encryption of sensitive payment details
• Multi-factor authentication for merchant access
• Restricted role-based access for personnel
• Regular vulnerability scans and security audits
• Incident response protocol for data breach reporting

Merchants are contractually obligated to observe the same high standards of data protection and are liable for any breach caused by negligence on their part.

Fraud Monitoring and Risk Management

To protect the integrity of the KardPH ecosystem:

• We may flag, suspend, or terminate accounts involved in suspicious or unauthorized transactions without prior notice.
• We reserve the right to report fraudulent activity to appropriate authorities and share data with law enforcement.
• We may block redemption of rewards or payouts pending investigation.

By using our platform, you agree to cooperate fully in any internal investigation of fraud or data misuse.

Your Rights as a Data Subject

Under the Data Privacy Act, you have the right to:

• Be informed about the processing of your data
• Access and request a copy of your personal data
• Rectify inaccurate or outdated data
• Object to processing based on legitimate interest or consent
• Erase or block your data, subject to legal retention
• Withdraw consent
• File a complaint with the National Privacy Commission (NPC)

Requests must be submitted in writing to our Data Protection Officer (DPO) with valid proof of identity.

Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, KardPH will notify you and the National Privacy Commission within 72 hours of discovery, in accordance with law.

Policy Updates

KardPH may amend this Policy at any time without prior notice. Updated versions will be posted on our official channels, and continued use of the platform signifies your acceptance.

Contact Information

For questions, concerns, or requests related to your data:

One Kard Solutions Corp (KardPH)

• Email: support@kard.ph
• Address: Unit A Leonardo Place, Davao Street, Macaria Drive, Phase 2 3B, Biñan, Laguna
• Phone: 0920 282 2000
• Website: https://www.kard.ph

Last Updated On January 01, 2025