Data Protection Policy

Last updated: March 2026

Introduction

OneClick Credentials is committed to protecting your personal information and your right to privacy. This Data Protection Policy explains the technical and organizational measures we implement to safeguard your data in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines, specifically Section 20 (Security of Personal Information) and Section 21 (Principle of Accountability).

As a Personal Information Controller (PIC) registered with the National Privacy Commission (NPC), we are committed to ensuring the confidentiality, integrity, and security of your personal information.

Information We Collect

Personal Information

Full name
Email address
Phone number
Student ID number
Date of birth
Current address

Academic Information

Enrollment history
Program/course information
Academic records and grades
Requested document types

Payment Information

Payment method details (processed securely via Xendit)
Transaction history
Billing address (for payment verification)

Technical Data

IP address
Browser type and version
Device information
Cookies and usage data

How We Use Your Information

•To process and fulfill your document requests
•To communicate with you about your request status
•To send email and SMS notifications
•To process payments securely
•To verify your identity as a student
•To improve our services and user experience
•To comply with legal obligations

Data Sharing & Disclosure

We may share your information with the following parties:

School Registrar

Your academic information is shared with the school registrar to process and verify document requests.

Payment Processors

Payment data is processed securely by Xendit. We do not store your complete payment details.

Service Providers

Third-party vendors who help us operate our platform (hosting, email delivery, SMS services).

Legal Requirements

When required by law or to protect our rights, safety, or property.

Data Security (RA 10173 Sec. 20)

In compliance with Section 20 of the Data Privacy Act of 2012, we implement reasonable and appropriate organizational, physical, and technical measures to protect personal information against accidental or unlawful destruction, alteration, disclosure, as well as against any other unlawful processing.

✓Encryption - SSL/TLS encryption for data in transit; encrypted storage for sensitive data at rest
✓Access Controls - Role-based access control (RBAC) with need-to-know principle
✓Secure Infrastructure - Firewalls, intrusion detection/prevention systems (IDS/IPS)
✓Vulnerability Management - Regular security assessments, penetration testing, and patch management
✓Employee Confidentiality - All employees sign confidentiality agreements; mandatory data privacy training
✓Secure Development - Secure coding practices and code review processes
✓PCI-DSS Compliance - Secure payment processing via Xendit (PCI-DSS Level 1 compliant)
✓Backup & Disaster Recovery - Regular automated backups with tested restore procedures

Data Breach Notification (RA 10173 Sec. 20(f))

In compliance with Section 20(f) of the Data Privacy Act of 2012, we have established procedures for handling personal data breaches:

1.Detection & Assessment - We monitor for security incidents and assess potential breaches promptly
2.NPC Notification - We will notify the National Privacy Commission within 72 hours of discovering a breach
3.Data Subject Notification - Affected individuals will be notified without undue delay when the breach is likely to result in serious harm
4.Remediation - We will take immediate action to mitigate the breach and prevent future incidents

Accountability (RA 10173 Sec. 21)

In compliance with Section 21 of the Data Privacy Act of 2012:

✓We are accountable for personal information under our control or custody, including information transferred to third parties for processing
✓We use contractual means to ensure third-party processors provide comparable protection
✓We have designated a Data Protection Officer (DPO) responsible for compliance
✓Our privacy practices are documented and subject to regular review

Your Rights

Under applicable data protection laws, you have the following rights:

Right to Access

You can request a copy of the personal data we hold about you.

Right to Correction

You can request correction of inaccurate personal data.

Right to Deletion

You can request deletion of your personal data (subject to legal requirements).

Right to Data Portability

You can request your data in a structured, machine-readable format.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. After this period, your data will be securely deleted.

Cookies

We use cookies and similar tracking technologies to enhance your experience on our platform. You can control cookies through your browser settings. Disabling cookies may affect the functionality of our service.

Children's Privacy

Our service is intended for students and alumni of educational institutions. We do not knowingly collect personal information from children under 13 years of age. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Policy

We may update this Data Protection Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. You are advised to review this policy periodically for any changes.

Contact Us & Data Protection Officer

If you have any questions or concerns about this Data Protection Policy or our data practices, please contact our Data Protection Officer (DPO):

dpo@oneclickcredentials.com

+63 (XXX) XXX-XXXX

OneClick Credentials, [Address]

National Privacy Commission

For complaints regarding potential data privacy violations, you may also contact the NPC:
Website: privacy.gov.ph
Email: complaints@privacy.gov.ph
Hotline: (02) 8-234-4567