Privacy Notice

Introduction

Robinsons Appliances Corp. (RAC) respects your privacy and is committed to protecting the personal data we collect when you shop in our physical stores or use our e-commerce website. This Privacy Notice provides information on how we process your personal data when you visit our physical stores or visit our website. It describes the purpose and manner of processing your personal data and it also covers your data privacy rights and how you can exercise them.


What Personal Data We Collect and Process

We do not collect personal data when you simply visit our stores or browse our website. Personal data is processed only when you voluntarily provide it to us, or when it is needed to complete your transactions.


When You Shop in Our Physical Stores

We may process personal data when you choose to provide it during your in-store transactions. This may include:


  • Go Rewards Membership Information
  • Purchased Items
  • Date and Time of Purchase
  • Store Location
  • Full Name
  • Address
  • Signature
  • Last 4 digits of Credit/Debit Card Number
  • Credit/Debit Card Issuing Bank
  • Email Address
  • Contact Number
  • Date of Birth

For certain transactions, such as high-value purchases made using credit cards, we may request presentation of a valid government-issued ID to verify the transaction. The ID is only viewed for validation and is not recorded or retained.

For CCTV-related processing inside our stores, please refer to our separate CCTV Privacy Notice.


When You Use Our E-Commerce Site

We do not process personal data that can directly identify you when you simply browse our website. Identity-related information is processed only when you choose to create an account, make a purchase, join a promotion, or contact us online.


When you interact with the website beyond browsing, we may process the following personal data:


  • Email Address
  • First Name and Last Name
  • Mobile Number
  • Delivery or Shipping Address
  • Billing Address
  • Payment-related information processed through our authorized payment gateway.

How We Use Your Personal Data

We use your personal data to operate our physical stores and e-commerce website, process your transactions, communicate with you, and comply with legal requirements. The specific purposes for processing may include:


  • To process your purchase and fulfill your orders. This includes creating your online account, processing your transactions in-store or online, preparing your items, coordinating delivery and, where applicable, installation services, and providing updates about your order.
  • To respond to your inquiries and provide customer support. This includes handling your requests, concerns, returns or refunds, and feedback made in-store or through our online channels.
  • To provide marketing promotions that you have opted in to receive. This includes sending promotional materials you opted in to receive, and processing information needed for online promotions.
  • To maintain, operate, and improve our website and store operations. This includes analyzing website traffic, enhancing your browsing and shopping experience, and ensuring the security and performance of our systems.
  • To comply with legal and regulatory requirements. This may include obligations under tax laws, accounting, consumer protection laws, and other applicable regulations.
  • To process loyalty membership and transactions. This includes processing your personal data to complete your Go Rewards membership purchase and registration in our stores, and process earning or redemption of points.

Children’s Privacy

We do not collect personal data directly from children. Any personal data relating to a child is provided to us only through the child’s parent or legal guardian, and is used solely for the specific purpose for which it was given. We encourage parents and guardians to supervise their children’s online and in-store activities to ensure that personal data is not shared without their consent.


Customer Data & Engagement Platform (CDEP)

RAC is part of the Robinsons Retail Group (RRG). To help maintain accurate and consistent customer information, we participate in a CDEP managed within RRG. This platform combines and matches customer records to help maintain complete and updated customer profiles. The CDEP supports identity resolution, sales and marketing analytics so we can better understand how customers engage with us. We use information from the CDEP only to communicate with customers who have shopped with us or who have opted in to receive our updates. Other RRG brands do not use RAC information to send you marketing messages. All CDEP activities are performed under strict data protection safeguards and in accordance with the Data Privacy Act of 2012 (DPA).


Who We Share Our Personal Data With

We do not sell your personal data. We only share it when needed to serve you, run our stores and website, or follow the law. When we share your data, we make sure that the people or companies we work with protect it and use it only for the purpose we allow.


We may share your personal data with:


  • Our partners and affiliates for loyalty and marketing activities. We may share personal data with our partners and affiliates so we can process loyalty-related activities such as earning and redeeming points and sending marketing promotions that you choose to receive.
  • Our service providers. We only share the information necessary with our service providers who help us operate our stores and website. These may include delivery and logistics providers, authorized payment partners, and IT and platform providers for running and securing our systems.
  • Government agencies or law enforcement. We may disclose personal data when we are required to do so by law.

How We Protect Your Personal Data

We take reasonable steps to make sure that personal data in our custody is accurate, complete, and up-to-date. We strictly enforce our Privacy Policy within RAC and we have implemented technological, organizational and physical security measures to protect personal data from loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction. We put in effect safeguards such as the following:


  • We store your personal data in secure systems protected by safeguards such as firewalls, access controls, and encryption on our devices and servers.
  • Only authorized personnel are allowed to handle personal data, and they are required to keep it confidential.
  • When you make an online purchase, we do not store your payment details.
  • We also use secure connections to protect personal data when transacting through our website and systems. Only authorized personnel have access to the personal data from our platforms.

Although we use various measures to secure your information, no method of online transmission or electronic storage can be guaranteed to be completely secure. We remain committed to protecting your data and continually updating our security controls.


Your password protects your account. For your safety, please use a strong password, change it regularly, and keep it confidential.


How Long We Keep Your Personal Data

We keep your personal data only for as long as it is needed for the purposes described in this Privacy Notice, or as required by law. This may include keeping records while you are an active customer, for business or tax requirements, or when your information is needed to resolve issues or disputes.


When we no longer need your personal data, or when you ask us to delete it and the law allows us to do so, we securely delete or anonymize it using reasonable methods so it can no longer be read, recovered, or used.


Your Data Privacy Rights

Under the DPA, you have rights over the personal data we process about you. You may exercise these rights, subject to certain limitations under the DPA.


  • Right to be informed. You have the right to be informed whether your personal data shall be, are being, or have been processed, including the existence of automated decision making and profiling.
  • Right to access. You have the right to know whether or not data relating to you are being processed as well as how it is being processed.
  • Right to object. You have the right to object to the processing of your personal data where such processing is based on consent or legitimate interest, including processing for direct marketing, automated processing or profiling.
  • Right to erasure or blocking. You have the right to request for the suspension, withdrawal, blocking, removal, or destruction of your personal data from our systems.
  • Right to Rectify. You have the right to dispute and request for correction of your personal data if you believe it is inaccurate, incomplete, or outdated.
  • Right to file a complaint. You have the right to file a complaint with the National Privacy Commission (NPC) if you feel that your personal data has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated.
  • Right to damages. You have the right to claim compensation for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of their personal data, taking into account any violation your rights and freedoms as a data subject.
  • Right to Data Portability. When applicable, you have the right to obtain a copy of your personal data and/or request to have your personal data transferred to another Personal Information Controller, in a commonly used electronic or structured format.

Generally, we do not charge any fee to fulfill the exercise of your data subject rights. As an exception, where you request copies of your personal data and the other information in exercising your right to access, we may require reasonable fees to cover administrative costs.


Changes in our Privacy Notice

From time to time, it may be necessary for us to update this Privacy Notice as required by changes in our processing of your personal data, latest amendments to the DPA, or new issuances of the NPC. Should we update our Privacy Notice, we will post the revised version here and will take effect immediately. We suggest that you check this site periodically for the most up-to-date version of our Privacy Notice. Rest assured, that any changes will not be retroactively applied and will not alter how we handle previously collected personal data without obtaining your consent, unless required by law.


How to Contact the Data Protection Officer

If you have questions about this Privacy Notice, or if you want to exercise your data privacy rights, please contact our Data Protection Officer:


Data Protection Officer
Robinsons Appliances Corp.
110 E. Rodriguez Jr. Avenue, Bagumbayan, Quezon City
racdataprivacyoffice@robinsonsappliances.com.ph

CCTV Notice

Introduction

Robinsons Appliances values your privacy. This Privacy Notice provides information on our CCTV systems and how we process your personal data through these systems.


Personal Data Collected and Manner of Collection

When you enter our premises, our CCTV systems may record video of your activities. These recordings may include identifiable features such as your image and physical appearance, along with associated metadata (e.g., time, date, and location) captured automatically by cameras installed in common areas.


Purpose and Lawful Basis

We use CCTV systems for the following purposes:

  • To help keep people safe and reduce the risk of crime;
  • To protect our facilities, assets, and property;
  • To assist in investigating security-related incidents;
  • To support authorities in deterring and detecting crime, and in identifying and prosecuting offenders;
  • To manage areas with high health and safety risks;
  • To support operational needs such as resource allocation and management.

We process CCTV recordings under the Data Privacy Act of 2012 (DPA) based on legitimate interests and/or legal obligations. These purposes are necessary for security, safety, and operational management.

In certain situations, CCTV recordings may capture sensitive personal information, such as health-related data (e.g., injuries), or be used for legal claims. When this happens, processing is carried out based on lawful bases provided by the DPA, including:

  • Compliance with legal obligations;
  • Protection of lawful rights and interests; or
  • Establishment, exercise, or defense of legal claims.

Retention Period

CCTV recordings are retained only for as long as necessary to fulfill the purposes stated in this notice. The standard retention period ranges from 30 to 45 days, depending on operational and locational requirements, unless a longer period is required for investigations, legal proceedings, or compliance with applicable laws.

After the retention period has lapsed or the recordings are no longer needed, they are securely deleted or destroyed in accordance with our CCTV policy and the requirements of the DPA.


Third Party Transfer

We do not disclose CCTV recordings to third parties except when required by law or for lawful purposes, such as:

  • Requests from law enforcement or government authorities in connection with investigations;
  • Compliance with a court order or other legal process;
  • Situations necessary to protect lawful rights and interests or to establish, exercise, or defend legal claims.

We do not release CCTV footage to the media or for entertainment purposes unless with the consent of the data subjects. Any disclosure is done securely and only to authorized recipients, in accordance with the DPA and issuances of the National Privacy Commission (NPC).


Data Subject Rights

Under the DPA, your rights as a data subject are as follows:


1. Right to be Informed

You have the right to know whether your personal data is being processed, including the existence of CCTV systems and the purposes for which recordings are used.


2. Right to Access

You have the right to request reasonable access to CCTV footage that contains your personal data, subject to verification and lawful limitations. Requests must include sufficient details (e.g., date, time, and location) and will require identity verification.

3. Right to Object

You have the right to object to processing based on legitimate interest if your rights and freedoms outweigh such interest.


4. Right to Rectification

You have the right to dispute inaccuracies and request corrections to your personal data.


5. Right to Erasure or Blocking

You have the right to request deletion or suspension of your personal data when it is no longer necessary for the declared purpose or if processing is unlawful.


6. Right to Data Portability

You have the right to obtain a copy of your personal data in a structured format or have it transmitted to another PIC, where applicable. We may charge a reasonable fee to cover administrative costs for providing a copy of the CCTV footage, in accordance with NPC guidelines.


7. Right to File a Complaint

You have the right to file a complaint with the NPC if you believe that your data privacy rights have been violated in connection with the processing of your personal data through our CCTV systems.


8. Right to Damages

You have the right to claim compensation for damages sustained due to inaccurate, unauthorized, or unlawful processing.


Updates or Changes to the CCTV Notice

We reserve the right to update or revise this CCTV notice at any time and as required by latest amendments to the DPA, its Implementing Rules and Regulations, issuances of the NPC, and/or when there are improvements and changes to the collection, processing, sharing or disclosure, retention, and disposal of your personal data. Previous versions of the privacy notice will be retained and provided to data subjects upon request.


How can you reach us?

For any questions, concerns, feedback on this privacy notice, or to exercise your data privacy rights, you may reach us through:


DATA PROTECTION OFFICER
Robinsons Appliances Corp.
110 E. Rodriguez, Jr. Ave.
Bagumbayan, Quezon City
racdataprivacyoffice@robinsonsappliances.com.ph