PURPLEBUG TERMS OF USE, 

DATA PROCESSING and PRIVACY POLICY, AND COOKIE POLICY 

 

Our Terms of Use, Data Processing and Privacy Policy, and Cookie Policy (collectively, “Policy”) governs your use of our services as well as how we collect, use, disclose, store, and/or process the personal data that you have provided to us. This data is given in varying ways including, but not limited to, using, accessing, benefitting from, availing of, or in any other matter utilizing (collectively, “using” or “use”) PurpleBug, Inc. (“PurpleBug”) any of its services, systems, platforms, technologies, equipment, offers, or derivatives therefrom (collectively, “Services”), in compliance with Republic Act No. 10173 or “the Data Privacy Act of 2012”, its Implementing Rules and Regulations, the issuances of the National Privacy Commission (“NPC”), and other relevant laws (collectively, “law”).

 

By transacting with PurpleBug and using its Services, you hereby acknowledge that you have read, understood, and agreed to the terms of Policy. You agree to having your data collected, corrected, transferred, stored, retrieved, used, retained, shared, deconstructed, and/or destroyed in the manner disclosed in this Policy. This Policy applies to the maximum extent possible to all individuals, juridical entities, customers, or any other party that avails of or uses the Services of PurpleBug (collectively, “Customer”), its affiliates, subsidiaries, or related entities, subject to rights retained by the Customer as required by law. Without limiting the applicability of this Policy, PurpleBug and Customer may enter into more definitive agreements, which shall control in areas not governed by this Policy or where such definitive agreements expressly provide. PurpleBug and Customer may be referred to herein individually as a “Party” or, collectively, as “Parties”.

 

  1.       TERMS OF USE

 

  1.    GENERAL POLICIES

 

  1.        1.1.1 Use of PurpleBug Services shall be with the express written consent of PurpleBug. PurpleBug reserves the right to restrict, deny, alter, or charge for any use of PurpleBug Services without PurpleBug’s consent.

 

  1.        1.1.2 The Customer hereby agrees that any material submitted or entered into PurpleBug’s Services by Customer does not violate or infringe upon any copyright, trademark, patent, statutory, common law, or proprietary rights of others or contain anything obscene or libelous, and is not in conflict or in competition with PurpleBug or any PurpleBug affiliates.

 

  1.        1.1.3 PurpleBug reserves the right to disconnect or deactivate Services to or for any Customer at any time, without any prior notice, in situations where an act or acts attributable to the Customer directly interferes with PurpleBug’s capability to provide Services. The Customer must therefore, at all times, comply with PurpleBug requirements regarding the proper use of the Services.

 

  1.        1.1.4 PurpleBug reserves the right to withhold the release of a Customer's information to another Customer or to any person or entity, since all applications shall be treated with confidentiality, except where the prior written consent of the Customer is obtained or when such information is required to be disclosed pursuant to any applicable law, legal process, or inquiry issued by any government body or court of law.

 

  1.        1.1.5 Customer acknowledges that the Services provided by PurpleBug is of such a nature that service can be interrupted for many reasons other than the negligence of the company, and that damages resulting from any interruption of Services are difficult to ascertain. Therefore, Customer agrees that PurpleBug shall not be liable for any damages arising from such causes not directly and exclusively attributable to PurpleBug. Customer further acknowledges that PurpleBug’s liability may not, in any event, exceed an amount equivalent to charges payable by Customer for Services during the period in which damages occurred. PurpleBug shall in no manner be liable for any special or consequential damages, loss, or injury. PurpleBug, at its sole discretion, may decide whether or not credit is due for any loss of Services.

 

  1.        1.1.6 Customer understands and accepts that their ability to access and use the Services provided by PurpleBug is contingent upon certain predefined restrictions set by PurpleBug or regulations applicable to it. These limitations may encompass various aspects such as usage duration, frequency, specific features, or legal requirements, and they serve as parameters to ensure a controlled and balanced utilization of the Services.

 

  1.        1.1.7 Please note that all stored data will be retained for at least three months, after which it may be managed or deleted according to our policies.

 

  1.    1.2 PAYMENT TERMS AND SUBSCRIPTION

 

  1.        1.2.1 In consideration of the Services, Customer shall pay to PurpleBug without need of demand the applicable service fees in amounts and terms to be agreed upon. Non-receipt of the applicable service fees by PurpleBug may result in the suspension of the Services of PurpleBug.

 

  1.    1.3 REPRESENTATIONS AND WARRANTIES

 

  1.        1.3.1 PurpleBug and Customer hereby represent and warrant that they have the right, power, and authority, and have taken all actions necessary, to execute, deliver, and exercise their rights and perform their obligations under this Policy, including but not limited to having obtained the necessary approval from its relevant officers and management.

 

  1.        1.3.2 Customer represents that its acceptance of this Policy, use of Services, or the performance or fulfillment of any obligation herein does not and will not conflict with any regulation, agreement, or arrangement to which the Customer is a party to or is bound. Customer hereby warrants that it is not, and will not be, in contravention of any law or administrative or government regulation in availing of the Services or agreeing to this Policy, nor will such use infringe or impugn any intellectual property.

 

  1.        1.3.3 Customer expressly warrants that it shall not use the Services for any unlawful, immoral, or any other purpose contrary to public policy, or that will impair the purposes of the Services or will impugn or put PurpleBug into disrepute.

 

  1.    1.4 CONFIDENTIALITY

 

  1.        1.4.1 A party receiving information from another shall keep the same and all other data  strictly confidential. This includes, but is not limited to, technical information, technologies, know-how, techniques, processes, and other information provided by PurpleBug to the Customer while this Policy is in place, or during the course of negotiations and performance of the same or any other agreement between the parties (collectively, “Confidential Information").

 

  1.        1.4.2 Confidential Information shall not be disclosed, directly or indirectly, to any third party, or to any of its employees, agents, officers and representatives. The receiving party must employ reasonable measures to protect this the Confidential Information, treating it with the same level of care as they do their own similar Confidential Information. Unauthorized use, disclosure, or attempts to access or alter the information should be prevented.

 

  1.    1.5 DISCONTINUANCE OF SERVICE

 

  1.        1.5.1 PurpleBug shall have the option to pre-terminate or suspend the Services to Customer, without prejudice to other remedies available to PurpleBug, upon the occurrence of any of the following events:

 

  1.              1.5.1.1 Customer’s non-payment of overdue accounts involving other existing PurpleBug Services which, based on PurpleBug 's records, are maintained or owned by or kept under the same Customer's name. Aside from the outstanding charges of the Customer due to PurpleBug, applicable pre- termination charges shall be imposed.

 

  1.              1.5.1.2 Customer becomes subject of any voluntary or involuntary proceedings under bankruptcy or insolvency laws, or has a substantial change in its ownership as applicable; a substantial change in ownership occurs when more than fifty-percent of shareholdings, or equivalent ownership representation in Customer, has changed after PurpleBug and Customer enter into the relevant agreement.

 

  1.              1.5.1.3 Breach by Customer of any obligation under this Policy or other agreements between Customer and PurpleBug, including, without limitation, violation of the rules and regulations of PurpleBug, or breach of Customers representations and warranties.

 

  1.              1.5.1.4 Non-payment of Service Fees for a period of more than Fifteen (15) days from the due date.

 

  1.              1.5.1.5 Reasonable grounds to believe that Customer is using the Services for immoral or illegal purposes, or is allowing a non-authorized third party to use the Services for whatever reason.

 

  1.              1.5.1.6 In addition to having the Service temporarily/permanently disconnected, there shall be a three percent (3%) interest penalty per month for accounts with 30 days past due.

 

  1.    1.6 RECONNECTION OF SERVICE

 

  1.        PurpleBug shall charge a set of reconnection fee amounting to XXX.XX (PhP XXX.XX ). Further, all outstanding amounts due from the Customer shall all be demanded prior to reconnection. PurpleBug shall effect reconnection within XX working days after all outstanding obligations of Customer are settled in full.

 

  1.    1.7 LIMITATIONS ON LIABILITY

 

  1.        The Customer hereby holds PurpleBug free and harmless from any claim, liability, or damage to Customer or third parties of whatever kind or character, whether direct or indirect, or however else described in law or as generally understood, including but not limited to loss of opportunity, anticipated profits, or other economic gain, by reason of a power outage, interruption, suspension, termination or disconnection of the Services of PurpleBug as provided herein, whether or not PurpleBug was made aware of the possibility of such loss or damage or should have been aware of the possibility.

 

  1.    1.8 MISCELLANEOUS

 

  1.        This Policy shall be governed by and interpreted according to the laws of the Republic of the Philippines, and the Customer and PurpleBug hereby submit to the exclusive jurisdiction of the courts of the City of Makati, Philippines, to the exclusion of all other courts, for any dispute of whatsoever nature arising from, or related to, this Policy or any further agreement that the parties may enter into.

 

  1.        If any one or more of the provisions contained in this Policy shall be invalid, illegal, or unenforceable in any respect under any applicable law, then the validity, legality, and enforceability of the remaining provisions contained herein or therein shall not in any way be affected or impaired and shall remain in full force and effect. Where necessary, PurpleBug and Customer shall enter into further agreements to correct and put into effect as best as possible, within the bounds of law or any relevant court of government decision, provisions that may be deemed invalid, illegal, or unenforceable.

 

  1.       DATA PROCESSING POLICY

 

  1.    INFORMATION WE COLLECT

 

  1.        Information you provide us directly such as, but not limited to:

 

  1.   Your full name, personal photographs, gender, age, birthdate, email address, mobile number, employment, geolocation, in-platform activity, device information, and computer internet protocol address (“I.P.”) addressAnalytics information.

 

  1.        Cookies and similar technologies.

 

  1.        Log file information.

 

  1.        Device identifiers.

 

  1.    WHY WE COLLECT DATA 

 

  1.        To provide, improve, and monitor the effectiveness of our Services.

 

  1.        To enhance the design of our platform’s user interface and improve our customer support processes.

 

  1.        To comply with industry-standard know your customer (KYC) standards.

 

  1.        To monitor the safety of our virtual community and prevent illegal activities.

 

  1.        To ensure compliance with legal requirements, rules, regulations, and/or orders of duly constituted authorities, agents, and/or institutions of the Philippine national government, local governments, and other relevant government agencies.

 

  1.        To monitor the total number of visitors, traffic, demographic patterns, and other statistical data.

 

  1.        For general marketing or commercial purposes, provided the same is consented to by the Data Subject.

 

  1.    DEFINITIONS

 

  1.        The following terms shall be defined as follows:

 

  1.   Customer Personal Data refers to Personal Data that the Customer discloses to PurpleBug, or which PurpleBug processes or possesses on behalf of the Customer, or PurpleBug otherwise obtains as a result of, or in connection with, the Services.

 

  1.  Commission refers to the National Privacy Commission of the Philippines or the NPC;

 

  1.  Consent refers to any freely given, specific, informed indication of will, whereby the Data Subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged information. Consent shall be evidenced by written, electronic, or recorded means. It may also be given on behalf of a Data Subject by a lawful representative or an agent specifically authorized by the Data Subject to do so;

 

  1.  Data Privacy Act of 2012 (“DPA”) refers collectively to Republic Act No. 10173 of the Philippines and its corresponding Implementing Rules and Regulations (“IRR”), issuances of the NPC, and amendments thereto;

 

  1.  Data Protection Officer refers to an individual designated by each Party as such, in accord with the DPA, who is accountable for compliance with the DPA;

 

  1.  Data Subject refers to an individual whose personal, sensitive personal, or privileged information is processed;

 

  1.  Personal Data refers to either of the following:

 

  1.                    Personal Information refers to: any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

 

  1.                    Sensitive Personal Information refers to: personal information about an individual's race, ethnic origin, marital status, age, color, or religious, philosophical or political affiliations; it includes information about an individual's health, education, the genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings; information issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and specifically established by an executive order or an act of Congress to be kept classified.

 

  1.                    Privileged information is that which law or the Rules of Court deem to constitute privileged information.

 

  1.                          Personal Data Breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

 

  1.                          Personal Information Controller (“PIC”) refers to the party who controls the processing of Personal Data, or instructs another to process Personal Data on its behalf. There is control if the party decides on what information is collected, or the purpose or extent of its processing. For purposes of this Data Processing Agreement, the Customer shall be the PIC.

 

  1.                      Personal Information Processor (“PIP”) refers to any natural or juridical person or any other body to whom a Personal Information Controller may outsource or instruct the processing of Personal Data pertaining to a Data Subject. In general and insofar as the Services are concerned, a Customer is the PIC while PurpleBug shall be the PIP.

 

  1.                      Personnel shall refer to the directors, employees, agents, consultants, successors, and assigns, or otherwise acting under the authority of PurpleBug;

 

  1.                      Processing refers to any operation or any set of operations performed upon Personal Data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. Processing may be performed through automated means, or manual processing, if the Personal Data is contained or is intended to be contained in a filing system.

 

  1.                      Security Incident refers to an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It includes incidents that would have result to a personal data breach, if not for safeguards that have been put in place.

 

  1.    RESPONSIBILITIES OF PARTIES

 

  1.        The responsibilities of the Customer as the PIC are as follows:

 

  1.              As a PIC of the Personal Data in their original possession, the Customer shall warrant and be responsible for (a) ensuring it collects the Personal Data lawfully and in accordance with the requirements of the DPA;  (b) obtaining the necessary prior consent of the Data Subject over the collection of their Personal Data; (c) apprising the Data Subject of the nature, purpose, and extent of the processing of his or her Personal Data, including the identity of PIC; and (d) his or her rights as a Data Subject, and how these rights can be exercised.

 

  1.              The Customer as PIC shall be responsible for the quality, accuracy, and authenticity of the Personal Data being shared. The DPO of Customer shall take into account existing controls in the collection and processing of Personal Data that will be shared in order to give reasonable assurance that it is accurate and up to date. Adequate care must be undertaken specifically for Sensitive Personal Information.

 

  1.        The responsibilities of PurpleBug as the PIP are as follows:

 

  1.              It shall not share Customer Personal Data with any third party without the prior written permission and instruction of the Customer.

 

  1.              It shall use or process Customer Personal Data only for the purpose of fulfilling its obligations in the delivery of the Services. PurpleBug shall not otherwise use or process Customer Personal Data unless in accordance with Customer’s documented instructions, provided that instructions previously given may be deemed applicable and continuing if not in the meantime withdrawn by Customer.

 

  1.              It shall segregate Customer Personal Data from its own and its other clients’ data.

 

  1.              PurpleBug may transfer Customer Personal Data to a jurisdiction outside the Philippines with the prior written consent of the Customer.

 

  1.              In case of any judicial order, governmental action, or legal obligation requiring PurpleBug to disclose Customer Personal Data, PurpleBug shall immediately inform the Customer thereof, without prejudice to PurpleBug in the meantime complying with the said judicial order, governmental action, or legal obligation if periods imposed by law so require. At Customer’s cost and to the extent allowed by law, PurpleBug shall support and cooperate in the intervention of the Customer in contesting the judicial order, governmental action, or legal obligation, or minimizing the scope of the disclosure.

 

  1.    ORGANIZATIONAL, TECHNICAL, AND PHYSICAL SECURITY MEASURES

 

  1.        Customer shall have in place appropriate organizational, technical, and physical security measures that protect Personal Data from Security Incidents and Personal Data Breaches.

 

  1.        Customer shall ensure that Personal Data is backed up on a regular basis, and that any backup is subject to security measures as necessary to protect the confidentiality, integrity, and availability of Personal Data.

 

  1.        PurpleBug may restrict the use of any access granted to the Customer for the Services, only for such purposes as authorized under this Policy or any further agreement between the Parties, to prevent misuse and abuse of such access.

 

  1.        Customer shall ensure that its Personnel will not perform any duties incompatible with the fulfillment of his/her roles and responsibilities.

 

  1.        Customer shall not perform any means to circumvent the security mechanisms in place or create vulnerabilities in the Services.

 

  1.        Customer shall be responsible for any activities performed by its Personnel on the Customer’s data, systems, and applications and develop a process for reviewing work performed by its Personnel to determine the appropriateness of activities performed and checks for suspicious transactions if any.

 

  1.        Customer shall comply with all PurpleBug requirements for the Services.

 

  1.    PERSONNEL

 

  1.        Customer shall take steps to ensure that any person acting under its authority, and who has access to Customer Personal Data, does not process them except for purposes of this Policy or as required by law.

 

  1.        Each Party shall disclose the Customer Personal Data only to its Personnel who need to have access to it only for the purpose set out in this Policy or any other relevant agreement between the Parties.

 

  1.        Customer shall ensure that its Personnel engaged in the Processing of Customer Personal Data are informed of and understand the confidential nature of the Customer Personal Data, are subject to obligations of confidentiality, and that such obligations survive the termination of that Personnel’s engagement or relationship with Customer.

 

  1.        Customer shall ensure the reliability of any of its Personnel who has access to Customer Personal Data, such as ensuring he or she has received appropriate training in data protection prior to their access or Processing of Customer Personal Data.

 

  1.    DATA SUBJECT ACCESS RIGHTS

 

  1.        The Parties recognize that Data Subjects have express rights under the DPA and other applicable data privacy laws, which provide for the protection and confidentiality of their Personal Data.  Data Subjects have a right to see what Personal Data is held about them, and to know why and how it is processed. Any inquiry or request of Personal Data by a Data Subject can be made by submitting a written request to Customer. Where necessary and applicable, such as when Personal Data of Customer  Customer shall furnish PurpleBug with the said request, together with Customer’s own request..

 

  1.        The Customer, as a Personal Information Controller, has an obligation to respond to any request or complaint by a Data Subject. PurpleBug, as a Personal Information Processor, shall:

 

  1.              Immediately notify the Customer if it receives a request or complaint from a Data Subject as regards Personal Data.

 

  1.              Ensure that it does not respond to that request except on the documented instructions of the Customer, or as required under the DPA, reserving its right to inform the Data Subject that Purplebug is only a PIP and that Customer is the PIC, or that Personal Data is not held by PurpleBug, as applicable.

 

  1.              The Customer, with the assistance and cooperation of PurpleBug as necessary, shall ensure the request or complaint of any Data Subject is duly acted upon within thirty (30) days from receipt of notice.

 

  1.              Customer shall have an established procedure in upholding and enforcing Data Subject rights. PurpleBug shall be indemnified for any cost or liability paid to any Data Subject, who suffers any damage due to inaccurate, incomplete, outdated, false, and unlawfully obtained Personal Data and/or unauthorized use of Personal Data by Customer.

 

  1.    PERSONAL DATA BREACH NOTIFICATION

 

  1.        The Parties shall immediately notify the other if it becomes aware of any potential or actual security or data privacy incident involving Customer Personal Data. Customer shall implement policies and procedures for the guidance of its Personnel in the event of a Personal Data Breach.

 

  1.    AUDIT

 

  1.        PurpleBug shall have the right to audit and inspect the organizational, technical, and physical security measures implemented by Customer, only insofar as the same is necessary for this Policy or any other further agreement between the Parties.

 

  1.        In the course of such audit, PurpleBug may conduct the following measures, including but not limited to:

 

  1.   Obtaining any and all relevant information from Customer necessary to demonstrate its compliance with this Policy.

 

  1.   Requesting Customer to submit an existing attestation or certificate by an independent professional expert on its compliance with the DPA and the security requirements therein.

 

  1.   Conducting an on-site inspection of the business operations of Customer or have the same conducted by a qualified third party auditor or assessor, which shall not be an existing independent consultant of Customer. The on-site inspection shall be conducted during regular business hours and with reasonable and timely advance notice to Customer. 

 

  1.        Customer shall, after written request and within a reasonable period of time, submit to the PurpleBug any and all information, documentation, and/or other means of factual proof necessary for the conduct of an audit.

 

  1.        PurpleBug, upon its discretion and in good faith, may extend its review, if needed, and Customer is expected to heed the request until PurpleBug is satisfied with the conduct of the review.

 

 

  1.                      DATA RETENTION PERIOD

 

  1.   PurpleBug will only process and retain Customer Personal Data for the duration of this Policy or any relevant agreement between the Parties. Customer Personal Data may be deleted, returned, or retained upon expiry thereof, subject to what Parties may agree on. Sans any agreement, PurpleBug may delete, without liability, Customer Personal Data.  PurpleBug retains the discretion to approve or decline such request. In any case, all stored Customer Personal Data shall be retained for a minimum period of three (3) months, after which it may be managed or deleted in accordance with PurpleBug’s internal data retention policies.

 

 

 

  1.   If a complaint or notice is received about the accuracy of Customer Personal Data which affects Personal and/or Sensitive Personal Information shared with PurpleBug, a revised Customer Personal Data will be communicated to PurpleBug.  PurpleBug disclaims any liability whatsoever for Personal Data provided to it by Customer.

 

  1.                      RETURN OR DELETION OF CUSTOMER PERSONAL DATA

 

  1.          Unless return, retention, or extended processing is requested or required by the DPA or other regulation, PurpleBug may, upon expiry of this Policy or any further relevant agreement, destroy all copies of Customer Personal Data and any other property, information, and documents provided by the Customer.  For print-outs or other tangible formats, the document or object will be shredded or otherwise physically destroyed. For data in electronic form, the document will be permanently deleted, wiped, overwritten, or otherwise made irretrievable.

 

 

  1.   In cases where the Customer receives a request from its customers for the deletion of Customer Personal Data under the custody of PurpleBug, the Customer shall forward this request to PurpleBug, which request shall be acted upon within a reasonable period.

 

  1.                      The Customer shall have the sole responsibility of determining the validity or genuineness of the request for deletion and shall only forward valid requests for deletion to PurpleBug. PurpleBug shall not be liable in any event for deletion of data upon a request sent through Customer, regardless of the validity or genuineness of the request.

 

  1.                      LIABILITY

 

  1.   Customer shall be liable for any damage or loss that results from its failure or refusal to perform any obligation under this Policy, or its breach of the warranties and representations made herein.

 

  1.   In case the Security Incident or Personal Data Breach of is material and substantial, and such will cause PurpleBug irreparable injury for which it would have no adequate remedy at law, and for which there is an urgent and permanent necessity to prevent serious damage, the Customer shall be entitled to immediately seek an injunctive relief prohibiting any violation of this Policy, in addition to any other rights and remedies available to it.

 

  1.   Customer shall defend, indemnify, and hold PurpleBug, its affiliates, and their respective officers, directors, stockholders, employees, and agents, harmless from and against any and all claims, suits, causes of action, liability, loss, costs, and damages, including attorney’s fees and costs of litigation, in connection with or as a result of any third party claim arising from the Security Incident or Personal Data Breach of Customer.

 

  1.       COOKIE POLICY

 

  1.              Cookies are used to customize, enhance, and optimize your browsing, use, and overall experience in our Services. Cookies stored in the Services provide various functions and facilitate certain features, such as storage of certain information that can be retrieved by the web server which can Service utilization more comfortable and useful for all users.

 

  1.              Customer can decide on how its device will accept, limit or block cookies by configuring Customer’s own preferences or choices through its web browser settings. In addition, Customer can also configure multiple devices to notify it when a cookie is being placed and thereafter decide whether Customer will accept the cookie. Customer may undertake other measures as it may desire as regards Cookies.