DIY Biz Rewards

Privacy Policy

Effective date: May 19, 2026 · Jurisdiction: Republic of the Philippines

This policy is a general template aligned with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and issuances of the National Privacy Commission (NPC). It does not constitute legal advice. Have qualified counsel review it for your organization before relying on it in production.

DIY Biz Rewards (“we”, “us”, or “our”) operates the member rewards portal at https://portal.diybizrewards.com and related loyalty services (collectively, the “Service”). We respect your privacy and are committed to protecting personal data in accordance with applicable Philippine law.

1. Personal information controller

For purposes of the Data Privacy Act, the personal information controller is DIY Biz Rewards. You may contact us regarding privacy matters at noreply@diybizrewards.com.

2. Personal data we collect

Depending on how you use the Service, we may collect the following categories of personal data:

  • Identity and contact: full name, email address, mobile number, mailing or billing address (if provided).
  • Account and membership: rewards card number, QR code identifier, referral code, referrer relationship, account status, profile completion and activation status.
  • Transaction and rewards: purchase amounts, points earned or redeemed, rebate levels, order references from our online store integration, in-store sync records, wallet and bank details you submit for withdrawals (where enabled).
  • Technical: IP address, browser type, device information, session identifiers, and logs related to security and system administration.
  • Communications: messages you send to support and records of password-reset or verification requests.

Where required by law, we will obtain your consent before collecting sensitive personal information or processing data for purposes not described in this policy.

3. How we use your personal data

We process personal data for legitimate purposes including to:

  • create and manage your member account and genealogy / referral relationships;
  • calculate, record, and display points, rebates, and wallet balances;
  • process redemptions, adjustments, and administrator-approved transactions;
  • synchronize purchases from connected channels (e.g. online store webhooks, in-store POS sync where configured);
  • authenticate users, prevent fraud, and maintain security of the Service;
  • comply with legal obligations, respond to lawful requests, and enforce our terms;
  • improve the Service and communicate important account or policy updates.

4. Legal bases for processing

We rely on one or more of the following, as applicable under the Data Privacy Act:

  • your consent (e.g. registration, optional marketing where offered);
  • contract — processing necessary to provide the rewards program you signed up for;
  • legitimate interests — such as fraud prevention, network security, and program integrity, balanced against your rights;
  • legal obligation — retention or disclosure required by Philippine law or competent authority.

5. Sharing and disclosure

We do not sell your personal data. We may share personal data only with:

  • Service providers (hosting, email, payment or store platforms) bound by confidentiality and data-protection obligations;
  • Participating stores and partners to the extent needed to validate membership, award points, or fulfill redemptions;
  • Affiliates and uplines limited to information required for the referral and override rebate program (e.g. referred member activity summaries visible in the member portal);
  • Authorities when required by law, court order, or to protect rights, safety, and property.

International transfer of personal data, if any, will be conducted only with appropriate safeguards permitted under NPC regulations.

6. Retention

We retain personal data only for as long as necessary to fulfill the purposes above, including statutory retention periods for tax, audit, or dispute resolution. When data is no longer required, we secure delete, anonymize, or archive it in accordance with our retention schedule.

7. Security measures

We implement organizational, physical, and technical safeguards appropriate to the nature of the data, such as access controls, encryption in transit (HTTPS), hashed passwords, and restricted administrative access. No method of transmission or storage is completely secure; please use a strong password and protect your login credentials.

8. Your rights as a data subject

Under the Data Privacy Act, you may have the right to:

  • be informed that personal data pertaining to you is being, or has been, processed;
  • reasonable access to your personal data;
  • object to processing, including for direct marketing;
  • erasure or blocking of data where processing is unlawful or unnecessary;
  • rectification of inaccurate or incomplete data;
  • data portability, where applicable;
  • damages for violations substantiated under the law;
  • file a complaint with the National Privacy Commission.

To exercise these rights, email noreply@diybizrewards.com with sufficient detail to verify your identity. We will respond within the period required by law or NPC guidance.

9. Cookies and similar technologies

We use session cookies and similar technologies necessary for login, security (CSRF protection), and basic site functionality. You may control cookies through your browser settings; disabling essential cookies may limit use of the Service.

10. Minors

The Service is not directed at children under eighteen (18) without parental or guardian consent. If you believe we have collected data from a minor without proper authority, contact us and we will take appropriate steps to delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top will reflect the latest version. Material changes may be communicated through the Service or by email where appropriate. Continued use after the effective date constitutes notice of the updated policy.

12. Contact and NPC complaints

Privacy inquiries and requests: noreply@diybizrewards.com.

You may also contact the National Privacy Commission: privacy.gov.ph.