Privacy Policy

1) Introduction

This Privacy Policy explains how Emcor Philippines (“EMCOR,” “we,” “us”) collects, uses, stores, and discloses personal data of users (“you,” “User”) of the emcor.ph website (the “Site”) and related online products and services. This Policy is intended to align with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations (IRR) NPC – Data Privacy Act NPC – IRR.

2. Personal Information Controller and Contact Details

Personal Information Controller (PIC):
Legal name: Emcor Philippines
Business address: Head Office JVR Bldg., J.P. Laurel Ave., Bajada, Davao City, Philippines 8000

Data Protection Officer (DPO):
Email: [email protected]

(For non-privacy customer service concerns, you may also contact [email protected].)

3. Personal Data We Collect

3.1 Data you provide

We may collect personal data in a variety of ways, including when you visit our Site, create an account, place an order, respond to a survey, and/or fill out a form. This may include:

  • Name, email address, phone number
  • Delivery address and order information
  • Account details you provide (e.g., username; password is stored in a protected form)
  • Your communications with us (inquiries, complaints, return requests)

You may choose not to provide certain data, but doing so may prevent you from creating an account or completing transactions on the Site.

3.2 Payment data (gateway processing)

Online payments are processed via a payment gateway. EMCOR does not store complete card details such as full card number or CVV. We may store payment-related records such as payment confirmation, transaction reference numbers, and reconciliation data for audit/accounting and customer service purposes.

3.3 Automatically collected / technical information

We may collect non-personal and online identifier information such as:

  • Browser name, device type, operating system, and internet service provider
  • IP address, site logs, pages viewed, date/time of access
  • Cookies and similar technologies (see Section 10)

4) How We Use Personal Data (Purposes)

EMCOR may collect and use personal data for the following purposes:

  • To improve customer service and respond to requests more efficiently
  • To manage user accounts (registration, authentication, account maintenance, password reset)
  • To process orders (order confirmation, delivery coordination, returns, after-sales support)
  • To process and confirm payments (via gateway; reconciliation and record-keeping)
  • To improve our Site (including analytics, troubleshooting, performance optimization)
  • To run promotions/contests/surveys (if offered)
  • To send communications: 
  • Transactional messages (order updates, support responses)
  • Marketing/promotional messages where permitted and with opt-out mechanisms

These uses are intended to follow the DPA/IRR privacy principles of transparency, legitimate purpose, and proportionality NPC – Data Privacy Act NPC – IRR.

5) Lawful Basis for Processing

We process personal data only when allowed under the Data Privacy Act, such as when processing is necessary to:

  • fulfill transactions or provide services you request,
  • comply with legal obligations,
  • pursue legitimate interests (e.g., security, fraud prevention, improving services), and/or
  • rely on your consent where required (e.g., certain marketing communications) NPC – Data Privacy Act.

6) Sharing / Disclosure of Personal Data

We do not sell, trade, or rent Users’ personal data. We may share personal data with:

  • Logistics/delivery providers for fulfillment
  • Payment gateway/payment processors for payment processing
  • Service providers supporting our operations (hosting, IT/security, customer service platforms, email/SMS providers, analytics providers such as Google Analytics)
  • Professional advisers (auditors, legal counsel) where necessary
  • Government authorities when required by law or lawful order

We share only what is necessary for the stated purpose and require service providers to implement appropriate safeguards.

7) Retention (10 years) and Disposal

We retain personal data for up to ten (10) years, or longer/shorter as necessary, depending on the purpose, legal requirements, security needs, and the exercise of your rights. After the retention period, we securely dispose of or anonymize personal data, consistent with the IRR’s retention principles NPC – IRR.

Examples (adjust if you want more specificity):

  • Order/transaction records: up to 10 years for accounting/audit and customer support
  • Account records: while active, then up to 10 years after closure (subject to purpose/security/legal needs)
  • Website/security logs: retained for a limited period, then deleted/anonymized, unless needed for investigations or security purposes

8) Security Measures

We implement reasonable and appropriate organizational, physical, and technical measures to protect personal data against accidental or unlawful destruction, alteration, unauthorized disclosure, or access NPC – IRR.

9) Your Rights as a Data Subject

You may exercise rights recognized under the Data Privacy Act, including the right to be informed, object, access, rectification, erasure or blocking, and data portability (where applicable) NPC – Data Subject Rights.

10) Cookies and Google Analytics

We use cookies and similar technologies for essential website functions (e.g., login sessions), security, and analytics.

Google Analytics: We use Google Analytics to understand how visitors use the Site (e.g., pages visited, time spent, device/browser information) so we can improve performance and user experience. You can manage cookies through your browser settings; disabling cookies may affect certain Site functions.

(If you deploy a cookie banner/consent tool, add a sentence here describing how users can manage cookie preferences on-site.)

11) How to Submit a Data Subject Request (Access/Correction/Deletion/etc.)

To exercise your rights (including deletion/erasure or blocking), email [email protected] with the subject line “Data Subject Request.” Please include:

  • Your full name
  • Email address associated with your account (if any)
  • Order number(s) or other details to help locate your records
  • The specific request (access/correction/deletion/objection/portability) and details

Verification: We will verify identity before processing requests.
Processing: We will process requests within a reasonable period. Some data may be retained when required by law or for legitimate business purposes, and we will inform you if an exception applies to NPC – Data Subject Rights.

12) Personal Data Breaches

In case of a personal data breach that may pose a real risk of serious harm to data subjects, we will take appropriate steps and follow NPC guidance on breach management and reporting NPC – Breach Reporting.

13) Changes to This Privacy Policy

We may update this Privacy Policy at any time. Updates will be posted on this page with a revised effective date. For material changes, we may provide additional notice via email or Site notice.

14) Contacting Us

If you have questions about this Privacy Policy or your personal data, please contact our DPO at [email protected].