← Back to Home

Privacy Policy

Last updated: December 22, 2025

Compliant with RA 10173 (Data Privacy Act of 2012)

1. Introduction

Cura Vitalytics ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 ("DPA"), and its Implementing Rules and Regulations.

Express Consent Required: By checking the consent checkbox on our quote request form, you provide your express, informed consent to the collection and processing of your personal data as described in this Privacy Policy. This consent is recorded with a timestamp for our records. You may withdraw your consent at any time by contacting our Data Protection Officer.

2. Data Controller Information

Cura Vitalytics

Data Protection Officer Contact:

Email: privacy@curavitalytics.com

For any inquiries regarding your personal data or this Privacy Policy, please contact our Data Protection Officer using the information above.

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Information You Provide

  • Contact Information: Name, email address
  • Project Information: Service requirements, timeline preferences, additional project details
  • Uploaded Files: Documents, data files, or other materials you submit for analysis
  • Communication Records: Messages and correspondence with our team

3.2 Automatically Collected Information

  • Technical Data: IP address, browser type, device information
  • Usage Data: Pages visited, time spent on site, interaction patterns
  • Cookies: Session and preference cookies (see Cookie Policy section)

4. Purpose of Data Processing

We process your personal data for the following purposes:

  • Service Delivery: To process your quote requests and provide statistical analysis services
  • Communication: To respond to inquiries and provide project updates
  • Account Management: To create and manage your client account
  • Quality Improvement: To improve our services and website functionality
  • Legal Compliance: To comply with legal obligations and protect our rights
  • Marketing: To send relevant updates about our services (only with your consent)

5. Legal Basis for Processing

Under RA 10173, we process your personal data based on the following legal grounds:

  • Consent: You have given your explicit consent to the processing of your personal data for specific purposes
  • Contract Performance: Processing is necessary to fulfill our contractual obligations to you
  • Legitimate Interest: Processing is necessary for our legitimate business interests, provided these do not override your fundamental rights
  • Legal Obligation: Processing is required to comply with applicable laws and regulations

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Quote Requests: Retained for 2 years from submission date
  • Project Data: Retained for 5 years after project completion for reference and legal purposes
  • Account Information: Retained while your account is active and for 2 years after closure
  • Marketing Consent: Retained until you withdraw consent

After the retention period, your data will be securely deleted or anonymized.

7. Your Rights as a Data Subject

Under RA 10173, you have the following rights regarding your personal data:

Right to be Informed

You have the right to know how your data is being collected, processed, and used.

Right to Access

You may request access to your personal data that we hold.

Right to Rectification

You may request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data, subject to legal retention requirements.

Right to Data Portability

You may request a copy of your data in a structured, machine-readable format.

Right to Object

You may object to the processing of your personal data in certain circumstances.

Right to Withdraw Consent

You may withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact our Data Protection Officer at privacy@curavitalytics.com.

8. Data Sharing and Disclosure

We do not sell your personal data. We may share your data only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist in our operations (e.g., cloud hosting, payment processing), bound by confidentiality agreements
  • Legal Requirements: When required by law, court order, or government regulation
  • Protection of Rights: To protect our rights, privacy, safety, or property
  • Business Transfers: In connection with any merger, acquisition, or sale of assets (with prior notice to you)
  • With Your Consent: For any other purpose with your explicit consent

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure access controls and authentication
  • Regular security assessments and updates
  • Employee training on data protection
  • Incident response procedures

10. Data Breach Notification

In compliance with NPC Circular 16-03, in the event of a personal data breach that poses a real risk to your rights and freedoms, we will:

  • Notify the National Privacy Commission (NPC) within seventy-two (72) hours of becoming aware of the breach
  • Notify affected data subjects within the same timeframe if the breach is likely to result in serious harm
  • Provide details about the nature of the breach, data involved, and remedial measures taken
  • Document all breaches and maintain records for NPC inspection

Breach notification will include: Description of the breach, types of data involved, approximate number of affected individuals, potential consequences, and measures taken to address the breach.

11. Cookies and Tracking

Our website uses cookies to enhance your browsing experience. Types of cookies we use:

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: Help us understand how visitors use our site
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling cookies may affect some website functionality.

12. International Data Transfers

Your data may be processed in countries outside the Philippines where our service providers operate. In such cases, we ensure appropriate safeguards are in place to protect your data in accordance with RA 10173 requirements.

13. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically. Significant changes will be communicated via email or website notification.

15. Filing a Complaint

If you believe your data privacy rights have been violated, you have the right to file a complaint with the National Privacy Commission (NPC):

National Privacy Commission

Website: https://privacy.gov.ph

Email: info@privacy.gov.ph

16. Contact Us

For questions about this Privacy Policy or our data practices, please contact:

Cura Vitalytics - Data Protection Officer

Email: privacy@curavitalytics.com