Privacy Policy

1. Introduction

Welcome to Hydra ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our automotive service management platform.

By accessing or using Hydra, you agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Legal Basis & Philippine Laws

Our data processing activities are governed by and comply with the following Philippine laws and regulations:

Data Privacy Act of 2012 (Republic Act No. 10173)

This is the primary law governing data privacy in the Philippines. It protects individual personal information and establishes the National Privacy Commission (NPC) as the regulatory body. Under this law, we act as a Personal Information Controller (PIC) and, in some cases, a Personal Information Processor (PIP).

We process your personal data based on one or more of the following lawful criteria under Section 12 of the DPA:

• Consent: You have given your consent for one or more specific purposes
• Contract: Processing is necessary to fulfill our service agreement with you
• Legal Obligation: Processing is necessary for compliance with a legal obligation
• Legitimate Interest: Processing is necessary for our legitimate business interests, provided these do not override your rights

NPC Circulars and Issuances

We comply with all relevant circulars issued by the National Privacy Commission, including but not limited to:

• NPC Circular 16-01: Security of Personal Data in Government Agencies
• NPC Circular 16-02: Data Sharing Agreements
• NPC Circular 16-03: Personal Data Breach Management
• NPC Advisory 2017-01: Designation of Data Protection Officers

Cybercrime Prevention Act of 2012 (Republic Act No. 10175)

This law addresses cybersecurity and penalizes offenses such as illegal access, data interference, and computer-related fraud. We implement security measures to prevent such offenses and protect your data from unauthorized access.

Electronic Commerce Act (Republic Act No. 8792)

This law governs electronic transactions and recognizes the legal validity of electronic documents and signatures. Our platform operates in compliance with this law, ensuring that electronic records and transactions are legally recognized.

Consumer Act of the Philippines (Republic Act No. 7394)

This law protects consumer interests and promotes their general welfare. We ensure fair and ethical practices in our dealings with customers and users of our platform.

3. Information We Collect

Personal Information You Provide

We collect information you voluntarily provide when using our services:

• Account Information: Name, email address, phone number, password
• Company Information: Business name, address, registration details
• Payment Information: Billing address, payment method details (processed securely through our payment partners)
• Service Data: Customer records, vehicle information, service history, job details
• Communications: Messages, support inquiries, feedback

Information Collected Automatically

When you use our platform, we automatically collect:

• Device Information: Device type, operating system, browser type
• Log Data: IP address, access times, pages viewed, referring URL
• Usage Data: Features used, actions taken, time spent on pages
• Location Data: General location based on IP address (we do not track precise GPS location without consent)

Sensitive Personal Information

We do not intentionally collect sensitive personal information as defined under the Data Privacy Act (such as race, health information, or government-issued IDs) unless strictly necessary for our services and with your explicit consent.

4. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

• Provide, operate, and maintain our platform
• Process transactions and manage subscriptions
• Enable features such as booking, service tracking, and notifications
• Generate QR codes and tracking links for service jobs

Communication

• Send service notifications and updates
• Respond to inquiries and provide customer support
• Send promotional materials (with your consent)
• Notify you of changes to our services or policies

Improvement & Analytics

• Analyze usage patterns to improve our services
• Develop new features and functionality
• Conduct research and generate aggregate reports
• Troubleshoot issues and fix bugs

Legal & Security

• Comply with legal obligations and regulatory requirements
• Detect, prevent, and address fraud or security issues
• Enforce our terms and conditions
• Protect the rights and safety of our users

5. Data Sharing & Third Parties

We may share your information with the following categories of recipients:

Service Providers

We engage trusted third-party companies to perform services on our behalf:

• Payment Processors: Xendit for processing payments securely
• Cloud Hosting: Secure servers for data storage
• Email Services: For sending notifications and communications
• Analytics: To help us understand platform usage

These providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

With Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

• Account Data: Retained while your account is active and for 5 years after account closure for legal and tax purposes
• Transaction Records: Retained for 10 years as required by Philippine tax laws
• Service Job Data: Retained for 5 years after job completion
• Log Data: Retained for 1 year for security and analysis purposes
• Marketing Data: Retained until you withdraw consent

After the retention period, your data will be securely deleted or anonymized for statistical purposes.

7. Your Rights as a Data Subject

Under the Data Privacy Act of 2012, you have the following rights regarding your personal information:

To exercise any of these rights, please contact our Data Protection Officer using the contact information provided at the end of this policy.

8. Security Measures

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL
• Access Controls: Strict access controls and authentication mechanisms
• Regular Audits: Periodic security assessments and vulnerability testing
• Employee Training: Regular training on data protection and security practices
• Incident Response: Established procedures for detecting and responding to data breaches

In the event of a personal data breach, we will notify the National Privacy Commission and affected data subjects within 72 hours as required by NPC Circular 16-03.

9. Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience on our platform:

Essential Cookies

Required for the platform to function properly. These cannot be disabled.

Functional Cookies

Remember your preferences and settings to provide a personalized experience.

Analytics Cookies

Help us understand how users interact with our platform to improve our services.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.

10. International Data Transfers

Your information may be transferred to and processed in countries outside the Philippines where our service providers operate. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Data processing agreements with standard contractual clauses
• Transfers only to countries with adequate data protection laws
• Security measures equivalent to those required under Philippine law

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes:

• We will update the "Last updated" date at the top of this policy
• We will notify you via email or through a notice on our platform
• For material changes, we may require you to re-acknowledge acceptance

We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Contact & Complaints

Data Protection Officer

For questions about this Privacy Policy or to exercise your data subject rights, contact our Data Protection Officer:

Filing a Complaint

If you believe your data privacy rights have been violated, you have the right to file a complaint with the National Privacy Commission:

We encourage you to contact us first to resolve any concerns before filing a formal complaint with the NPC.