Grafik Hotel Collection - Privacy Policy

DATA PRIVACY POLICY STATEMENT

Welcome to Baguio Mountainscapes Inc [email protected]

Baguio Mountainscapes Inc is committed to protecting the privacy of its guests, employees, and

partners, and to ensuring the safety and security of all personal data in its possession and under its

control.

In compliance with Republic Act No. 10173, or the Data Privacy Act of 2012, its Implementing Rules

and Regulations (IRR), and relevant issuances of the National Privacy Commission, Baguio Mountainscapes Inc shall collect from you, the data subject, personal data as outlined in this Data

Privacy Notice. How this personal data will be collected, used, disclosed, and retained, is outlined as

follows:

I. DEFINITIONS

  1. “Personal data” refers to all types of personal information, sensitive personal information, and privileged information under the Data Privacy Act and its IRR.

  2. “Data subject” refers to an individual whose personal, sensitive personal, or privileged information is processed.

  3. “Personal information” refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an individual.

  4. “Sensitive personal information” refers to personal information: (i) about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations; (ii) about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings; (iii) issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension, or revocation, and tax returns; and (iv) specifically established by an executive order or an act of Congress to be kept classified.

  5. “Privileged information” refers to any and all forms of data or information, which under the Rules of Court and other pertinent laws constitute privileged communication.

II. PRIVACY NOTICE

A. Data Collected.

We collect personal data that you provide to us, including but not limited to:

  1. Full name, sex, nationality, birthdate, age, and civil status

  2. Contact Information (e-mail, phone number, mobile number, address)

  3. Payment Information and billing address

  4. Identification documents (passports, airline tickets and itineraries)

  5. Booking details

  6. Preferences and special requests

  7. For Corporate bookings: Employment details

  8. Additional information specific to special events and gatherings

  9. Information relating to minor companion / child details (for CRIMZONE members)

B. Collection Method

Your Personal Data may be collected through online reservations, physical forms, our website,

third-party booking platforms, or directly through our personnel.

C. Use of your Personal Data

We use your Personal Data for the following purposes:

  1. To fulfill bookings, hospitality, and concierge services;

  2. To communicate with you regarding your stay;

  3. To process payments and provide customer support;

  4. To improve our services and customer experience;

  5. To comply with regulatory, legal, or audit requirements;

  6. To conduct guest satisfaction surveys and loyalty programs; and

  7. To promote hotel-related offers, events, or services (subject to your consent)

D. Data Sharing

We hold your Personal Data in strict confidence. However, we may disclose and share your

personal information as may be reasonably necessary and only for the purposes set out in this

Policy to the following third-party partners

  1. Our subsidiaries and/or affiliates1 within the Filinvest Group

  2. Legal and regulatory authorities as required by law

  3. Partner hotels or third-party service providers bound by a Data Sharing Agreement

We ensure that any third party we share your data with comply with the Data Privacy Act of 2012

and implement appropriate safeguards. We do NOT sell or share your data for unrelated

commercial purposes.

E. Storage and Transfer of Data

Your Personal data is securely stored in physical and digital formats in accordance with industry

standards. We implement technical and organizational measures to protect your personal data

against unauthorized access, alteration, or disclosure. These measures include encryption, access

controls, and regular security assessments

F. Retention Period

We shall keep a copy of your Personal data for a maximum of two (2) years after completion of

our transaction with our guests and clients, unless we deem necessary to comply with any legal

requirements or as may be required to do so by law or any government agency. After this period,

your personal data will be securely deleted or anonymized.

G. Your Rights as Data Subject

As a data subject, you have the following rights in accordance with the Data Privacy Act, its IRR,

and other relevant issuances:

  1. to be informed that your personal data will be, are being, or were, collected and processed;

  2. to obtain reasonable access to information relating to you that we have on our computer database and/or manual filing system;

  3. to object if the personal data processing involved is based on consent or legitimate interest;

  4. to suspend, withdraw, or order the blocking, removal, or destruction of your personal data;

    1 “Affiliate” means, in relation to a party, any company, firm or legal entity which is directly or indirectly (i) owned or controlled by that party; (ii) owning or controlling that party; or (iii) owned or controlled by a Person owning or controlling that party, but any such legal entity shall only be considered an Affiliate for as long as such ownership or control exists.

  5. to claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, considering any violation of your rights and freedoms as a data subject;

  6. to file a complaint if you feel that your data privacy rights were violated;

  7. to dispute and have corrected any inaccuracy or error in the data that we hold about you about you; and

  8. to data portability of your personal data.

If you want to exercise any of your rights, or if you have any questions regarding the

processing of your personal data, please contact our Data Privacy Officer through the

following:

Email: [email protected]

Address: Sheridan Drive, Camp John Hay, Scout Barrio 2600 City of Baguio Benguet

Philippines.

III. THIRD-PARTY WEBSITES AND PHISHING WARNING

Our Privacy Notice applies only to data collected by Baguio Mountainscapes Inc . External

sites or booking platforms accessed via hyperlinks may have separate privacy policies and

security measures.

We strongly advise you to exercise caution when clicking on links or entering your personal

information on unfamiliar or suspicious websites. Baguio Mountainscapes Inc will never

ask for your passwords, credit card information, or personal details via unsolicited emails,

text messages, or pop-up links.

Beware of phishing attempts or fraudulent messages that may impersonate our company or

staff. If you receive such communication, do not click any links or download attachments.

Report it immediately to our Data Privacy Officer.

IV. AMENDMENTS

We reserve the right to right to update, amend, or supplement this Data Privacy Notice and

Consent Form to comply with relevant laws and government regulations, to adopt new

techniques relevant to the collection and protection of data, or for other legitimate purposes.

Changes will be posted at https://www.grafikhotels.com/privacy-policy