Privacy Policy
Effective date: May 8, 2020
Last updated: September 25, 2025
1. Short notice (summary)
Philace is a shared online repository of course materials and learning services operated jointly by AssetPro Training Center and ICPAR Inc. We collect and process personal data to create accounts, deliver courses, issue certificates (digital and printed), send course and renewal notices, ship printed materials, and — with your consent — feature achievements in social media and marketing. This Policy explains what we collect, why, how we use and share it, and your rights.
2. Who controls your data
Philace is not a registered legal entity. The Portal is jointly operated by:
AssetPro Training Center
Contact: info.assetpro@gmail.com
DPO / Privacy Contact: info.assetpro@gmail.com
ICPAR Inc.
Contact: info.icpar@gmail.com
DPO / Privacy Contact: info.icpar@gmail.com
AssetPro and ICPAR act as joint controllers for data collected via the Philace Portal. For data-subject requests or questions, contact either organization at the contact information above.
3. Scope
This Policy covers personal data processed through the Portal (website, enrollment forms, LMS integrations, certificate issuance, support, payments, shipping, and social-media/marketing activities). It applies to all users, learners, instructors, and visitors who interact with the Portal.
4. Personal data we collect
We collect only the information necessary for the Portal’s functions. Common categories include:
- Identity & account: full name, username, email address, hashed password, profile photo, birthdate (optional), contact number, organization/affiliation.
- Academic / training records: courses enrolled, progress, grades, exam results, certificates, assignments you upload.
- Payment & billing: payment tokens/transaction IDs, billing name/address (note: full card numbers are handled by third-party payment processors).
- Shipping: recipient name, shipping address, phone number, courier/tracking info for printed certificates or materials.
- Publicity / social: photos, testimonials, achievement details you permit us to use on social media or marketing materials.
- Technical & usage: IP address, device/browser info, login timestamps, cookies and logs.
- Support & communications: messages and feedback you send.
- Sensitive data: we avoid collecting sensitive categories; if required, we will request explicit consent and limit processing to lawful purposes.
5. How we collect data
- From you directly: registration, enrollment, profile updates, support requests, forms.
- Automatically: cookies, logs, analytics while you use the Portal.
- From partners: payment gateways, courier services, or training partners when needed to deliver services.
At point-of-collection we provide a short notice and request consent where legally required (e.g., marketing, publicity).
6. Purposes of processing & legal basis
We process personal data for the following purposes:
- Create and maintain accounts, authenticate access, and deliver course content and assessments. (Contract)
- Issue certificates (digital and printed), embed names/photos on certificates, and ship printed certificates/materials. (Contract/Performance)
- Communicate course updates, certificate readiness, renewal reminders, training invitations, and mandatory administrative notices. (Contract/Legitimate interest/Consent for marketing)
- Display achievements, photos, and testimonials on social media or marketing channels — only with your consent; you can withdraw consent. (Consent)
- Process payments and refunds via third-party processors. (Contract)
- Secure the Portal, detect fraud, and comply with legal obligations. (Legitimate interest / Legal compliance)
- Analyze and improve services using aggregated/anonymized data. (Legitimate interest)
Transactional notifications (e.g., enrollment confirmation, payment receipts, shipping notices, certificate issuance) are necessary service communications and will be sent whether or not you accept marketing messages.
7. Sharing & disclosure
We share personal data only as necessary:
- Service providers/subprocessors: hosting, LMS/cloud storage, email delivery, payment gateways, couriers — under written contracts and limited instructions. (e.g., shipping requires sharing name/address/phone with courier).
- Affiliates/partners: when you enroll in partner-run courses (we will inform you).
- Legal authorities: when required by law or court order.
- Business transfers: sale, merger, or reorganization — we will notify users as required.
We do not sell personal data.
8. International transfers
Data may be stored or processed outside the Philippines (cloud providers, third-party processors). We use contractual and technical safeguards to protect data; contact our privacy contact for details.
9. Cookies & tracking
We use cookies and similar technologies for essential operation, analytics, and optional marketing. You can manage cookie preferences through the consent banner and your browser settings. Third-party social embeds or tracking may collect data under their own policies.
10. Data security
We implement reasonable technical and organizational measures (access controls, encryption where practical, monitoring, staff training). Access to shipping/recipient data is limited to authorized staff and courier partners. In case of a data breach affecting personal data, we will follow applicable legal notification requirements.
11. Data retention
We retain data only for as long as necessary for the purpose collected, or to satisfy legal, regulatory, or accounting requirements. Typical examples (customize later):
- Payment and billing records: 10 years (for tax/audit).
- Course records and certificates: 5 years (or as required by accreditation).
- Shipping logs: retained until delivery confirmed plus 3 years for recordkeeping.
- Logs and analytics: retained for 60 days (or aggregated/anonymized for longer).
Contact the privacy contact to request specific retention schedules or record deletion.
12. Your rights
Depending on applicable law (e.g., the Philippine Data Privacy Act), you may have rights including:
- Access your data;
- Request correction;
- Request blocking or deletion (subject to legal obligations);
- Object to direct marketing;
- Withdraw consent (for publicity/marketing);
- Portability (where applicable);
- Lodge a complaint with the National Privacy Commission (NPC) or relevant supervisory authority.
To exercise your rights contact: info.assetpro@gmail.com or info.icpar@gmail.com.
Note on publicity: If you consented to public use (photos/testimonials/achievements), you may withdraw consent going forward. We will stop future uses and will take reasonable steps to remove already-published material on third-party platforms where possible.
13. Children
The Portal is not intended for children under MINIMUM_AGE (e.g., 13). We do not knowingly collect personal data from children without parental/guardian consent; if discovered, we will delete it unless retention is required by law.
14. Third-party links & embedded content
The Portal may link to or embed third-party platforms (social, payment, analytics). Those platforms process data under their own policies; review their privacy notices before use.
15. Changes to this Policy
We may update this Policy for legal, operational, or business reasons. For material changes we will post notice on the Portal and update the effective date.
16. Contact & complaints
For questions, to exercise rights, or to lodge complaints:
AssetPro Training Center — Contact: info.assetpro@gmail.com
ICPAR Inc. — Contact: info.icpar@gmail.com
If you are not satisfied with our response you may file a complaint with the National Privacy Commission (NPC) or other applicable supervisory authority.