Data Privacy Policy

Last Updated: September 28, 2025

1. Introduction and Our Unwavering Commitment to Your Privacy

Welcome to ReviewLutions! ReviewLutions, Inc. (“ReviewLutions,” “we,” “us,” or “our”) holds your privacy and the protection of your personal data as paramount. This Comprehensive Data Privacy Policy (“Policy”) meticulously details how ReviewLutions, as a Personal Information Controller (PIC) and potentially a Personal Information Processor (PIP) in certain contexts, collects, uses, processes, stores, shares, and ultimately protects your personal information when you access and utilize our website and self-study courses (collectively, the “Service”).

This Policy is scrupulously crafted and rigorously implemented to ensure full and continuous compliance with the letter and spirit of the Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), and all relevant issuances, circulars, advisories, and opinions of the National Privacy Commission (NPC). This includes, but is not limited to, NPC Circulars on Data Breach Management, Consent, Security of Personal Data, Data Sharing Agreements, and the registration of Data Processing Systems. Furthermore, we acknowledge and adhere to other applicable Philippine laws that may impact data privacy, such as Republic Act No. 10929 (Free Internet Access in Public Places Act) if public Wi-Fi services are provided, and pertinent provisions of the Cybercrime Prevention Act of 2012 (Republic Act No. 10175) and the Financial Consumer Protection Act (Republic Act No. 11765) where relevant to our operations.

We believe in absolute transparency and empower you, the data subject, with a comprehensive understanding of your rights and our obligations concerning your personal data. By accessing, Browse, or otherwise using our Service, you explicitly and unequivocally signify your informed consent to the collection, use, processing, and disclosure of your personal information as thoroughly described herein. If you do not agree with any provision of this Policy, or if your consent is not freely given, specific, and informed, you must immediately cease using our Service.

2. Scope and Applicability

This Policy applies to all personal information and sensitive personal information collected, processed, and stored by ReviewLutions, through any medium, including but not limited to:

  • The ReviewLutions website (www.reviewlutions.com, or any other domain we may legitimately use and register with the NPC).
  • Our self-study courses, learning management system, and all associated content, features, and interactive elements.
  • Any direct or indirect interactions you may have with us, such as through customer support channels (email, chat, phone), feedback forms, surveys, or any other digital or physical communication.
  • Information received from authorized third parties (e.g., PCI-compliant payment processors, identity verification services, if applicable) in accordance with lawful processing agreements.
  • Data automatically generated through the use of cookies, web beacons, analytics tools, and other similar tracking technologies on our Service.

3. Key Definitions (as per the Data Privacy Act of 2012)

To ensure clarity and a shared understanding, the following terms, as used in this Policy, shall have the meanings ascribed to them by the DPA and its IRR:

  • Personal Data: Refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual. This includes, but is not limited to, your full name, email address, contact number, and other data you provide during registration.
  • Sensitive Personal Information: Refers to personal information:
    • About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
    • About an individual’s health, education, genetic or sexual life, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
    • Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
    • Specifically established by an executive order or an act of Congress to be kept classified.1
  • Processing: Refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, or2ganization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
  • Data Subject: Refers to an individual whose personal information is processed. This means you, the user of our Service.
  • Personal Information Controller (PIC): Refers to a person or organization who controls the collection, holding, processing or use of personal information. ReviewLutions, Inc. generally acts as a PIC.
  • Personal Information Processor (PIP): Refers to any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject. Our service providers may act as PIPs.
  • Consent: Refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of the data 3subject by an agent specifically authorized by the data subject to do so.

4. Categories of Data We Collect

To provide and continuously enhance our Service, we collect various types of information, ensuring proportionality and relevance to our stated purposes.

4.1. Personal Information You Voluntarily Provide

This data is directly and voluntarily provided by you when you interact with our Service.

  • Registration and Account Data: Your full legal name, email address, contact number (mobile), and a secure password. Any other information you input when creating an account, subscribing to a course, or updating your profile.
  • Payment Information: Details essential to process your subscription payments, such as billing address, and transaction reference numbers. Please note that ReviewLutions does not directly store your full payment card details on its servers. All payment transactions are securely processed by trusted, PCI Data Security Standard (PCI DSS) compliant third-party payment gateways, who are contractually bound to protect your financial data and comply with relevant data protection laws.
  • Demographic Information (Optional): If you choose to provide it, information such as your profession, age group, gender, or educational background. This data is used for aggregated statistical analysis and service improvement, and is not required for core Service access.
  • Communications and Interaction Data: Records of your correspondence with us, including emails, chat messages, support tickets, feedback provided through surveys, forms, or direct communication, and details of any complaints or inquiries you submit.
  • Survey and Feedback Data: Information you provide when participating in surveys, polls, or providing feedback on our Service, content, or features.

4.2. Information Automatically Collected from Your Use of the Service

This data is collected passively as you navigate and interact with our Service, employing technology to ensure functionality and improve user experience.

  • Course Progress and Performance Data: Your comprehensive progress through courses, including completed modules, quiz scores, assignment submission statuses, performance analytics, and certificates earned. This data is fundamental to delivering the core educational service.
  • Interaction Data: How you interact with the course content, features, and any AI-generated elements (e.g., time spent on specific modules, videos watched, questions attempted, navigation paths, clicks, and page views). This helps us understand engagement and optimize learning materials.
  • Device and Usage Information: Information about the device(s) you use to access the Service (e.g., device type, operating system, browser type and version, language settings, unique device identifiers), your Internet Protocol (IP) address, approximate geographical location derived from IP address, access dates and times, pages viewed, features used, referring/exit URLs, and other diagnostic data.
  • Cookies and Tracking Technologies: Information collected through the use of cookies, web beacons, pixels, and similar technologies. This includes session information, preferences, and user behavior for analytics and personalization. A detailed explanation is provided in Section 13.

4.3. Non-Personal Information

This refers to information that does not directly or indirectly identify you. We may collect and derive non-personal information, which can be generated from personal information or collected independently. This includes:

  • Aggregated data: Statistical data about groups or categories of users, which does not identify individual users (e.g., the total number of users who completed a specific module, average quiz scores for a course).
  • Anonymized data: Personal information that has been irreversibly stripped of identifiable markers so that the data subject can no longer be identified.
  • Browser and device characteristics that are not linked to individual identities.

5. Legal Bases for Processing Your Information

Our collection and processing of your personal information are based on the following lawful criteria, in strict adherence to Section 12 of the Data Privacy Act of 2012:

  • Consent: We process your personal information with your explicit, informed, and freely given consent, particularly for non-essential processing activities such as direct marketing communications. You have the fundamental right to withdraw your consent at any time, subject to certain limitations as provided by law, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Contractual Necessity: The processing of your personal information is necessary for the fulfillment of our contractual obligations to you as a data subject, such as providing access to the self-study courses you have subscribed to, managing your account, and processing your payments. Without this processing, we would be unable to deliver the core services you have contracted for.
  • Legal Obligation: We may process your personal information when it is necessary for compliance with a legal obligation to which ReviewLutions is subject. This includes, but is not limited to, compliance with tax laws, audit requirements, legitimate requests from the National Privacy Commission (NPC), court orders, or other government agency directives under Philippine law.
  • Legitimate Interest: We may process your personal information based on our legitimate interests or the legitimate interests of a third party, provided that such interests are not overridden by your fundamental rights and freedoms as a data subject. This includes processing for purposes such as improving our Service, ensuring the security of our systems, preventing fraud, conducting internal analytics and research to enhance user experience, and enforcing our Terms and Conditions. We always conduct a balancing test to ensure your privacy rights are respected.
  • Protection of Vital Interests (Rarely): In rare and urgent circumstances, processing may be necessary to protect your vital interests or the vital interests of another person, such as in a medical emergency.

6. Purposes of Processing (Why We Collect and Use Your Data)

We collect and process your personal information for specific, legitimate, and declared purposes, ensuring that all processing is compatible with these purposes:

  • To Provide, Operate, and Maintain the Service: To enable your access to and use of our website, deliver course content, manage your user account, track your progress, save your course completion status, and ensure the overall functionality and performance of our self-study program.
  • To Process Transactions and Manage Billing: To facilitate your subscription payments, manage invoicing, process refunds, and ensure accurate financial record-keeping in compliance with tax laws and financial regulations.
  • To Personalize Your Learning Experience: To understand your learning patterns, track your individual progress through courses, provide relevant course recommendations, and tailor the learning experience to your needs, thereby enhancing engagement and effectiveness.
  • For Communication and Customer Support: To send you important transactional updates about your account, course changes, technical issues, security alerts, service announcements, and to respond to your inquiries, support requests, and feedback promptly and efficiently.
  • For Service Improvement, Analytics, and Research: To analyze usage patterns, understand how users interact with our Service and content (including AI-generated elements), identify areas for improvement, troubleshoot technical issues, and enhance the overall quality, effectiveness, and design of our course materials and platform features. This purpose extensively utilizes aggregated and anonymized data for research and development.
  • For Security and Fraud Prevention: To protect our Service and all data subjects from fraudulent activities, unauthorized access attempts, cyber threats, and other security vulnerabilities. This includes monitoring for suspicious activities and implementing security protocols.
  • To Comply with Legal and Regulatory Obligations: To meet our legal and regulatory requirements under Philippine law, including but not limited to responding to valid legal requests, court orders, government agency inquiries, and fulfilling reporting obligations to regulatory bodies like the Bureau of Internal Revenue (BIR) or the National Privacy Commission (NPC).
  • For Marketing and Promotional Purposes (with your explicit consent): To send you promotional materials, special offers, newsletters, or information about new courses, features, or services that may be of interest to you, but only if you have provided your explicit and revocable consent to receive such communications. You have the right to withdraw this consent at any time, easily and without cost.

7. Disclosure and Sharing of Your Personal Data

We are committed to protecting your personal information and will only disclose it to third parties under strictly controlled circumstances and with appropriate safeguards, consistent with the Data Privacy Act and NPC issuances.

  • Service Providers (Personal Information Processors): We engage trusted third-party service providers (e.g., cloud hosting providers, data analytics platforms, payment processors, email delivery services, customer support tools) to perform specific functions on our behalf. These providers are carefully vetted, contractually bound by Data Sharing Agreements (DSAs) or equivalent Processing Agreements in accordance with NPC Circulars, to protect your data, maintain confidentiality, and use it only for the specific purposes for which we disclose it to them, and strictly in accordance with our instructions. They are prohibited from using your personal data for their own independent purposes.
  • Legal Requirements and Law Enforcement: We may disclose your information if required to do so by law, or in response to valid and lawful requests by public authorities with jurisdiction (e.g., a court order, subpoena, search warrant, or a legitimate request from the National Privacy Commission or other regulatory bodies) to comply with legal obligations under Philippine law. We will ensure that such disclosures are limited to what is strictly necessary and proportionate to the legal requirement.
  • Business Transfers: In the event of a merger, acquisition, reorganization, asset sale, bankruptcy, or similar corporate transaction involving ReviewLutions, your personal information may be transferred as part of that transaction. In such an event, we will ensure that the acquiring entity assumes the obligations outlined in this Policy, or provide you with prior notification via email or a prominent notice on our website of any such change in ownership or control of your personal information, and inform you of your rights.
  • With Your Explicit Consent: We may share your information with other third parties when we have obtained your explicit, specific, and informed consent to do so. Such consent will detail the identity of the third party and the specific purpose of the sharing.
  • Aggregated or Anonymized Data: We may share aggregated or anonymized non-personal information with third parties for various purposes, including research, marketing, analytics, or academic studies. This data cannot be used to identify you personally and therefore does not fall under the purview of personal data protection under the DPA.

We categorically state that ReviewLutions will never sell, rent, or trade your personal information to third parties for their independent marketing or commercial purposes without your explicit and freely given consent.

8. Data Retention Policy

We adhere to the principle of storage limitation. We retain your personal information only for as long as necessary to fulfill the specific purposes for which it was collected, including for the purposes of satisfying any legal, accounting, reporting requirements, or for the establishment, exercise, or defense of legal claims. The retention period is determined by the type of data, the purpose of processing, and applicable legal or regulatory mandates.

  • Account and Course Progress Data: Generally, we will retain your account and course progress data for the duration of your active subscription and for a reasonable period of up to one (1) year thereafter to facilitate potential re-subscription, provide historical access to achievements, or for internal analytics, unless you request earlier deletion, subject to any overriding legal obligations.
  • Transactional Records: Financial transaction records and related personal data will be retained for a period of ten (10) years from the date of the transaction, in compliance with the retention requirements of the Bureau of Internal Revenue (BIR) and other relevant financial regulations.
  • Marketing Consents: Records of your marketing consent will be retained until you withdraw your consent or upon your request for deletion, to ensure we comply with your preferences.
  • Communications Data: Records of communications (e.g., support inquiries, feedback) may be retained for a period necessary to manage ongoing relationships, resolve disputes, or for compliance with record-keeping obligations, typically up to five (5) years.
  • Deletion Requests: Upon a valid request for erasure or blocking (Right to Erasure/Blocking), we will endeavor to execute the deletion of your personal data from our active systems within thirty (30) calendar days, unless there is a legitimate legal basis or a mandatory retention period that requires us to retain the data (e.g., for legal claims, tax purposes, or regulatory compliance). In such cases, the data will be securely archived or isolated to prevent further processing, except for the specific legal purpose.

9. Data Security Measures and Breach Management

ReviewLutions is deeply committed to protecting your personal data from unauthorized access, accidental loss, unlawful alteration, unauthorized disclosure, or destruction. We implement and continuously review a comprehensive framework of appropriate and reasonable organizational, technical, and physical security measures, consistent with Section 20 of the DPA and NPC Circular No. 2023-06 (Security of Personal Data).

  • Organizational Measures:
    • Data Protection Officer (DPO): Designation of a qualified DPO responsible for overseeing data privacy compliance. Pursuant to NPC Circular No. 17-01 (Designation of Data Protection Officers), our DPO is duly registered with the National Privacy Commission.
    • Privacy Management Program (PMP): Implementation of a comprehensive PMP that guides our data privacy practices.
    • Employee Training and Awareness: Regular mandatory training for all employees on data privacy principles, the DPA, this Policy, and secure data handling practices.
    • Access Controls and Confidentiality: Strict internal policies and access controls ensure that only authorized personnel with a legitimate “need-to-know” can access personal data. All employees are bound by confidentiality agreements.
    • Privacy Impact Assessment (PIA): Regular conduct of PIAs for new or significantly changed data processing systems or activities to identify and mitigate privacy risks proactively. In line with NPC Circular No. 2023-06, all new or significantly modified processing activities undergo a PIA within the prescribed transition period (April 2024–April 2025) and for all future developments.
  • Technical Measures:
    • Data Encryption: Implementation of strong encryption protocols (e.g., AES-256 for data at rest, SSL/TLS for data in transit) to protect data from interception or unauthorized access.
    • Firewalls and Intrusion Detection Systems: Deployment of robust firewalls and intrusion detection/prevention systems to protect our networks and systems from external threats.
    • Regular Security Audits and Vulnerability Assessments: Periodic security audits, penetration testing, and vulnerability assessments conducted by internal or external experts to identify and address security weaknesses.
    • Secure Coding Practices: Adherence to secure software development life cycle (SSDLC) principles to minimize vulnerabilities in our applications.
    • Data Minimization by Design: Systems are designed to collect and process only the personal data that is strictly necessary for the stated purposes.
    • Pseudonymization and Anonymization: Where feasible and appropriate, personal data is pseudonymized or anonymized to further protect privacy.
    • Registration of Data Processing Systems: Our Data Processing Systems, including the types of personal data processed, the purposes, and the recipients, are duly registered with the NPC through its Data Breach Notification and Management System (DBNMS), in compliance with NPC Circular No. 2022-04 (Consolidated Registration via the DBNMS).
  • Physical Measures:
    • Restricted Access to Data Centers: Strict physical access controls, including surveillance (CCTV), biometric scanners, and layered security zones, for all facilities where personal data is stored or processed.
    • Secure Storage of Physical Records: Any physical records containing personal data are stored in locked cabinets or secure rooms with restricted access.
    • Environmental Controls: Measures to protect against natural dangers such as fire and floods.

While we strive to use commercially acceptable and industry-standard means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. You are also responsible for maintaining the confidentiality of your account credentials (e.g., password) and for any activities that occur under your account.

Personal Data Breach Management:

In the unfortunate event of a personal data breach, ReviewLutions will strictly comply with NPC Circular No. 16-03 (Personal Data Breach Management). We will immediately assess the nature of the breach, the personal data involved, and the potential harm. We commit to notifying the National Privacy Commission and the affected data subjects within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of data subjects. Our notification will include a detailed incident report, root-cause analysis (if immediately ascertainable), and a comprehensive mitigation plan to address the breach and prevent recurrence.

10. Cross-Border Transfers of Personal Data

ReviewLutions operates primarily within the Philippines. However, in certain instances, personal data may be stored or processed in, or transferred to, countries outside the Philippines, for example, through the use of cloud hosting services whose servers may be located internationally. When such cross-border transfers occur, we implement robust safeguards to ensure the continued protection of your personal data in accordance with the DPA and relevant NPC Circulars.

We ensure that:

  • The recipient country has an adequate level of data protection laws recognized by the NPC.
  • We utilize appropriate safeguards, such as NPC-approved mechanisms, to ensure that the transferred data receives a level of protection equivalent to that under Philippine law. While the use of Model Contractual Clauses (MCCs) under NPC Advisory No. 2024-01 is voluntary, we commit to adopting ASEAN MCCs, EU SCCs, or other recognized MCCs to uphold the accountability principle for any cross-border transfer of data, thereby providing robust contractual guarantees for data protection.
  • Any such transfer is conducted with strict adherence to the principles of transparency, legitimate purpose, and proportionality.
  • You will be provided with prior notice where required by law regarding the international transfer of your personal data, including the purposes and the safeguards in place.

11. Your Data Subject Rights (Under the Data Privacy Act of 2012)

As a valued data subject, you are vested with fundamental rights concerning your personal information under the Data Privacy Act of 2012 (Section 16). ReviewLutions is committed to respecting and facilitating the exercise of these rights:

  • Right to Be Informed: You have the right to be informed whether personal information pertaining to you shall be, are being, or have been processed. This Policy serves as our primary mechanism for fulfilling this right, providing comprehensive details on our data processing activities.
  • Right to Object: You have the right to object to the processing of your personal information, including processing for direct marketing, automated processing, or profiling. Upon your objection, we will cease the processing unless the data is needed for a legitimate purpose allowed by law (e.g., for contractual obligations, legal claims, or compliance with a legal obligation).
  • Right to Access: You have the right to reasonable access to your personal information held by us, including details about the processing of your data, the categories of personal data concerned, the purposes of processing, the categories of recipients to whom the personal data have been or will be disclosed, and the period for which the personal data will be stored.
  • Right to Rectification: You have the right to dispute the inaccuracy or error in your personal information and have us correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. We commit to ensuring that your personal data is accurate, relevant, and kept up to date for the purposes for which it is to be used.
  • Right to Erasure or Blocking (Right to Be Forgotten): You have the right to demand the suspension, withdrawal, removal, or destruction of your personal information from our filing system under certain circumstances, such as when the personal information is incomplete, outdated, false, unlawfully obtained, or used for unauthorized purposes, or when consent is withdrawn and there is no other legal ground for processing.
  • Right to Damages: You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal information, or any other violation of your rights and freedoms as a data subject.
  • Right to File a Complaint: You have the right to file a formal complaint with the National Privacy Commission (NPC) if you believe your data privacy rights have been violated, or if our response to your request is unsatisfactory.
  • Right to Data Portability: Where your personal information is processed by electronic means and in a structured and commonly used format, you have the right to obtain a copy of your personal information in an electronic or structured format, which allows for further use by you. This right primarily applies to data processed based on consent or contract, or through automated means, allowing you to transfer your data to another personal information controller.

12. How to Exercise Your Data Subject Rights / Contacting Our Data Protection Officer (DPO)

ReviewLutions has designated a Data Protection Officer (DPO) who is accountable for our compliance with the DPA and for assisting data subjects with their privacy concerns.

To exercise any of your data subject rights, or for any concerns, inquiries, or complaints regarding your personal data or this Policy, please contact our Data Protection Officer (DPO) through the following dedicated channels:

Data Protection Officer (DPO)

ReviewLutions, Inc.

Email: dpo@reviewlutions.ph

Phone: +63 2 1234 5678 (Standard office hours: Monday-Friday, 9:00 AM – 5:00 PM PST)

Mailing Address: Unit 101, ABC Building, Quezon City, Metro Manila, Philippines

Response Time Commitment:

We are committed to addressing your requests promptly and efficiently.

  • Acknowledgment: We will acknowledge receipt of your request within three (3) working days from the date of submission.
  • Resolution: We will endeavor to resolve your request and provide a substantive response within thirty (30) calendar days from the date of receipt of the request, in accordance with the timeframes prescribed by the Data Privacy Act and its Implementing Rules and Regulations, and relevant NPC circulars. Should we require additional time or information to process your request, we will inform you of the extension and the reasons for it.

13. Cookies and Other Tracking Technologies

We utilize cookies and similar tracking technologies (such as web beacons, pixels, and local storage) to track activity on our Service and hold certain information, enhancing your user experience and for analytical purposes.

  • What are Cookies? Cookies are small data files placed on your device (computer, tablet, smartphone) when you visit a website. They enable the website to remember your actions and preferences over a period, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
  • How We Use Cookies:
    • Essential/Strictly Necessary Cookies: These cookies are fundamental for the Service to function correctly (e.g., maintaining your login session, enabling secure payment processing, remembering items in a cart). The Service cannot operate without them.
    • Analytical/Performance Cookies: These cookies help us understand how users interact with our website and courses by collecting information anonymously. This enables us to monitor traffic, analyze usage patterns, identify areas for improvement, and enhance the overall performance and design of our Service.
    • Functional Cookies: These cookies remember your preferences and choices (e.g., language selection, region) to provide a more personalized and convenient experience.
    • Marketing/Advertising Cookies (with Consent): These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaigns. We only deploy these cookies if you provide your explicit consent.
  • Managing Cookies: You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to refuse all cookies or to indicate when a cookie is being sent. Instructions for managing cookies are typically found in your browser’s “Help” or “Settings” menu. However, please be aware that if you choose to disable or refuse certain cookies, particularly essential ones, some portions or functionalities of our Service may become inaccessible or may not function properly.

14. Children’s Privacy

Our Service is designed for and intended for individuals who have reached the age of majority, which is eighteen (18) years old in the Philippines, or the age of majority in their specific jurisdiction, unless verifiable parental or guardian consent has been explicitly obtained in accordance with our Terms and Conditions (Section 3.1) and NPC Circular 2024-03 (Guidelines on Child-Oriented Transparency).

We do not knowingly collect, process, or maintain personal information from children under the age of eighteen (18) without such verifiable parental or guardian consent. If you are a parent or guardian and you believe your child has provided us with personal information without your consent, please contact our Data Protection Officer (DPO) immediately using the contact details provided in Section 12. Upon verification, we will take immediate and appropriate steps to remove that information from our systems and terminate the child’s account within forty-eight (48) hours.

15. Changes to This Data Privacy Policy

ReviewLutions reserves the right to update or modify this Data Privacy Policy from time to time to reflect changes in our data processing practices, technological advancements, evolving legal requirements, or other operational factors. We are committed to transparency in this process.

We will notify you of any material changes to this Policy by posting the updated version on this page and updating the “Last Updated” date at the top. For significant changes, we will also endeavor to provide you with more prominent notice, such as via email to your registered email address or through a prominent banner or notification on our website, at least thirty (30) calendar days prior to the changes becoming effective.

Your continued use of the Service after the revised Policy takes effect signifies your explicit acknowledgment and acceptance of the changes. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

16. Dispute Resolution, Complaints, and Administrative Fines

ReviewLutions is committed to resolving any data privacy concerns or complaints directly and amicably. We encourage you to first contact our Data Protection Officer (DPO) (as detailed in Section 12) to address your concerns. We will exert all reasonable efforts to resolve your complaint in a timely and effective manner.

Notwithstanding the foregoing, and subject to any specific legal jurisdiction relevant to non-Philippine residents (e.g., for European residents and GDPR), any dispute arising from or in connection with our compliance with this Policy, the Data Privacy Act, or related privacy matters may be brought before the National Privacy Commission (NPC). The NPC is the primary regulatory body in the Philippines responsible for the enforcement of the Data Privacy Act. You have the right to file a formal complaint with the NPC if you believe your data privacy rights have been violated, or if you are dissatisfied with our response to your complaint.

Furthermore, if a satisfactory resolution is not achieved through internal mechanisms or the NPC, and consistent with applicable Philippine laws, disputes may ultimately be escalated to a competent Philippine court. ReviewLutions commits to cooperating fully with any investigation conducted by the NPC or any judicial proceeding initiated in accordance with Philippine law.

Administrative Fines and Penalties:

ReviewLutions acknowledges the serious implications of non-compliance with the DPA. Violations of Republic Act No. 10173, its Implementing Rules and Regulations, or specific NPC issuances may attract administrative fines ranging from 0.25% to 2% of annual gross income, as prescribed under NPC Circular No. 2022-01 (Guidelines on Administrative Fines), based on the severity and nature of the violation. These administrative fines are in addition to any potential criminal or civil liabilities that may arise under the Act or other applicable laws.

17. Contact Information

For any general questions, clarifications, or requests regarding this Data Privacy Policy or our overall data privacy practices, please do not hesitate to contact us:

ReviewLutions, Inc.

Email: privacy@reviewlutions.ph

Phone: +63 2 1234 5678

Address: Unit 101, ABC Building, Quezon City, Metro Manila, Philippines

This Policy forms an integral part of our Terms and Conditions of Service and is legally binding under Philippine law.