Privacy Policy

1 Information We Collect

When you use our website and services, we may collect the following personal information:

Personal Information

• Full Name - to identify you for bookings and communication
• Email Address - for account creation, booking confirmations, and service updates
• Phone Number - for scheduling coordination and service updates
• Home/Office Address - for on-site service delivery

Booking & Transaction Data

• Service type, aircon unit details, preferred schedule
• Payment method and transaction reference numbers
• Booking reference numbers and service history

Technical Data

• Browser type, IP address (for security purposes only)
• Session cookies (essential for login and site functionality)

2 How We Use Your Data

We process your personal data only for the following legitimate purposes:

• Service Delivery - to process and fulfill your aircon service bookings
• Communication - to send booking confirmations, reminders, status updates, and receipts
• Account Management - to manage your user account and booking history
• Payment Processing - to record and track payment transactions
• Customer Support - to respond to your inquiries and resolve issues
• Service Improvement - to improve our scheduling and service quality
• Legal Compliance - to comply with applicable laws and regulations

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3 Legal Basis for Processing

Under the Data Privacy Act of 2012, we process your data based on:

• Consent - You explicitly agree to our privacy policy when creating an account, submitting a booking, or contacting us
• Contractual Necessity - Processing is necessary to fulfill your service booking
• Legitimate Interest - For security, fraud prevention, and service improvement
• Legal Obligation - To comply with tax, accounting, and regulatory requirements

4 Data Storage & Retention

Your data is stored securely on our servers. We retain personal data only as long as necessary:

• Active accounts - Data is retained while your account is active
• Inactive accounts - Accounts inactive for more than 2 years are flagged for deletion
• Completed bookings - Booking records are retained for 3 years for warranty and service history purposes, then anonymized
• Financial records - Transaction records are retained for 5 years as required by Philippine tax regulations (BIR)
• Contact inquiries - Retained for 1 year after resolution, then deleted
• Chat messages - Retained for 1 year, then auto-purged

After the retention period, data is either securely deleted or anonymized so it can no longer identify you.

5 Data Security Measures

We implement appropriate technical and organizational measures to protect your data:

• Password Protection - All passwords are hashed using industry-standard bcrypt encryption
• CSRF Protection - All forms include anti-forgery tokens to prevent cross-site attacks
• Rate Limiting - Login attempts are limited to prevent brute-force attacks
• Prepared Statements - All database queries use parameterized queries to prevent SQL injection
• Session Security - Secure session management with automatic timeout
• Access Control - Role-based access ensures only authorized personnel can view customer data

6 Your Rights Under the DPA

As a data subject under the Data Privacy Act of 2012, you have the following rights:

• Right to Be Informed - To know how your data is collected, used, and stored
• Right to Access - To request a copy of your personal data we hold
• Right to Rectification - To request correction of inaccurate or incomplete data
• Right to Erasure - To request deletion of your personal data (subject to legal retention requirements)
• Right to Object - To object to processing of your data in certain circumstances
• Right to Data Portability - To receive your data in a structured, machine-readable format
• Right to File a Complaint - To file a complaint with the National Privacy Commission (NPC)

To exercise any of these rights, please use our Data Subject Request Form or contact our Data Protection Officer.

7 Cookies

Our website uses only essential cookies required for:

• Session management (keeping you logged in)
• CSRF protection tokens
• Cart functionality (stored in localStorage, not cookies)

We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.

8 Third-Party Services

We use the following third-party services in the operation of our system:

• Gmail / Google SMTP - For sending booking confirmations and service emails

We do not share your personal data with any other third-party services, advertisers, or data brokers.

9 Data Breach Response

In the event of a personal data breach, Bonzaire Enterprises will:

• Notify the National Privacy Commission (NPC) within 72 hours of discovery
• Notify affected data subjects if the breach poses a real risk to their rights and freedoms
• Document the breach, its effects, and remedial actions taken
• Implement measures to prevent recurrence

10 Data Protection Officer

For any privacy-related concerns, questions, or to exercise your data rights, contact our Data Protection Officer:

11 Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. Continued use of our services after changes constitutes acceptance of the updated policy.