Data Privacy and Consent Statement

DATA PRIVACY

The Tourism Industry Board Foundation Inc. (also known as Tourism Board, and previously as TIBFI) values the confidentiality of personal data. This Privacy Policy and Consent Statement governs the data processing of our website/platform and details how we use and protect personal data of data subjects, in accordance with the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), issuances of the National Privacy Commission (NPC), and other relevant laws of the Philippines.

It shall be understood that the term "personal data" includes personal information, sensitive personal information, and privileged information. For the exact definitions, please refer to the text of the DPA here.

Before continuing your activities within the Tourism Board website, please read the following in its entirety and signify your acceptance and agreement to the following terms and conditions:

Personal Data We Collect

In principle, you voluntarily provide your personal information to us, and you are not obligated to provide us with your personal data. However, if you refuse to provide or decide to withdraw your personal data, you may experience disadvantages, such as inability to use various services provided by us.

We may collect personal data directly from you, as a data subject, through several means, including but not limited to the following:

We collect the following personal data, among others, are as follows:

How We Use Your Personal Information

We may collect and process your personal data for the following purposes:

1. User Registration
2. Membership and Subscriptions
3. Marketing and Public Relations (PR) Activities

4. Business Operations

How We Share Your Personal Information

As a general rule, we do not and will not share personal data with third parties. However, we need to make certain disclosures from time to time, such as when it is necessary for the proper execution of processes related to the above-mentioned declared purpose, or the use or disclosure is reasonable necessary, required or authorized by or under law. We may share your personal information with third parties within and outside the Philippines, such as strategic partners, service providers, corporate affiliates and corporate business transactions, and our local offices but, we shall require adherence by said third parties to similar or comparable data protection standards as required by the DPA.

Security

We have implemented technological, organizational and physical security measures to protect personal data from accidental or unlawful destruction, alteration, and disclosure, as well as against any other unlawful processing. Any personal data held by us or on our behalf is stored on secure servers, with modern security measures in place to protect against accidental or unlawful destruction, alteration, and disclosure, and any other unlawful processing. The personal data disclosed by the data subject may be accessed or processed only by authorized personnel who hold such information under strict confidentiality. Where such personal data is held by third parties on our behalf, we shall once more require adherence by said third parties to similar or comparable data protection standards as required by the DPA to ensure the confidentiality and security of such data.

However, while we will take all reasonable measures (as required by applicable law) to protect the integrity of such information, we cannot guarantee that loss, unauthorized access or alterations, or misuse will not occur. Any data security incident or breach that comes to our knowledge will be recorded and reported as required by law. We will take all necessary and reasonable steps to address such incident or breach and mitigate any negative effect of such incident or breach. If there is strong suspicion that an incident affects the data subject's personal information, we will notify the data subject of such incident in an appropriate manner.

Retaining Personal Information

We will periodically review the personal data held by us to ensure that it is accurate and up to date. We will also retain your personal data only for so long as it is necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by applicable laws, rules, and regulations.

Data Subject's Rights

You are given certain rights under the DPA, its IRR, and other NPC issuances, such as:

The decisions to provide access, consider requests for correction or erasure, and address objections to process personal data as it appears in official records, are always subject to applicable and relevant laws and/or the DPA, its IRR, and other issuances of the NPC.

Contact Us

Should you have any inquiries, feedback, and/or complaints, please send an email to privacy@tourismindustryboard.org.

If necessary, you have the right to lodge a complaint before the National Privacy Commission (NPC). For further details, please refer to the NPC's website.

CONSENT

By using the website, I consent to the collection, generation, use, processing, storage and retention of personal data by the Tourism Board for the purpose/s described above.

I also authorize the Tourism Board to disclose my information to accredited and/or affiliated third parties or independent and/or non-affiliated third parties, whether local or foreign, when the use or disclosure is reasonably necessary, required or authorized by or under law; and as necessary for the proper execution of processes related to the above-mentioned declared purposes.