Privacy Policy

Last updated: May 4, 2026

NegosyoNow ("we", "us", or "our") is committed to protecting your privacy and ensuring that we collect, use, and share only the data that is necessary for delivering our services. We processes personal data in accordance with the Data Privacy Act of 2012 (RA 10173) of the Philippines and where applicable, the General Data Protection Regulation (GDPR) and the ePrivacy Directive of the European Union.

This Privacy Policy explains how we collect, use, store, and share your information when you access or use our platform.

We collect only the data necessary to provide our services, comply with legal obligations, and improve platform performance.

• Identity Data: Full name, age, date of birth, government-issued IDs, and verification documents.
• Contact Data: Email address, mobile number, delivery address.
• Transaction Data: Products purchased, services availed, order history, delivery details.
• Financial Data: Source of income, employment status, residential status (only when required for specific transactions).

As defined under RA 10173, SPI includes government IDs, financial information, and any data that may uniquely identify or profile you. We collect SPI only when strictly necessary and apply enhanced safeguards.

• Device type, operating system, browser version
• IP address and approximate location
• Access timestamps, interaction logs, diagnostic data
• Referrer URLs and session identifiers

We use cookies to operate essential features, secure the platform, analyze usage, and deliver personalized content or advertising.

Cookie Categories:

• Strictly Necessary Cookies - Required for core functionality.
• Functional Cookies - Enhance user experience.
• Analytics Cookies - Measure usage and performance (requires consent).
• Advertising/Targeting Cookies - Deliver personalized ads (requires consent).
• Security Cookies - Detect fraud and protect accounts.

Non-essential cookies are activated only with your explicit consent.

Data collected will be limited to what is necessary for the intended purposes. For details on how we use cookies and similar technologies, please refer to our Cookie Policy

We process your personal data only when supported by a valid lawful basis.

Where legitimate interest is used, we conduct a balancing test to ensure your rights and freedoms are not overridden.

Collection is done only after consent has been obtained. You may withdraw consent at any time without affecting the lawfulness of prior processing.

We share your data only when necessary to operate the platform or comply with legal requirements.

• Sellers and content providers
• Payment gateways
• Logistics, courier, and bus shipping partners
• Customer support providers
• Fraud prevention and security vendors
These entities may act as Personal Information Controllers (PICs) or Personal Information Processors (PIPs) depending on their role.

We enter into DSAs to ensure partners implement comparable levels of protection.

You may request access to DSAs, subject to redaction of confidential information.

Some partners or cloud providers may process data outside the Philippines.

When this occurs, we implement appropriate safeguards such as:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Contractual and technical protections

Under the DPA and GDPR, you are entitled to the following rights:

• Right to be Informed: To know how your data is collected and processed.
• Right to Access: To request a copy of your personal data in our possession.
• Right to Object: To stop the processing of your data for certain purposes (e.g., direct marketing).
• Right to Erasure or Blocking: To request the removal of your data from our systems.
• Right to Rectification: To correct any inaccuracies in your personal information.
• Right to Data Portability: To obtain your data in a structured, commonly used format.
• Right to Restrict Processing: To request temporary or permanent restriction of the processing of your data
• Right to Withdraw Consent: To withdraw previously given consent at any time without affecting the lawfulness of prior processing
• Right not to be subject to automated decision-making: To refuse decisions based solely on automated processing

We may require identity verification before fulfilling requests. A response can be expected within 30 days, extendable for complex cases.

We retain data only for as long as necessary for the declared purposes or as required by law.

Upon expiration, data is securely deleted or irreversibly anonymized.

We implement organizational, physical, and technical safeguards, including:

• Role-based access control (least privilege)
• Encryption of data in transit and at rest
• Regular audits and activity logging
• Multi-factor authentication for internal systems
• Vulnerability scanning and security monitoring
• Employee training on data protection
• Incident response and breach management procedures

While we strive for robust protection, no system is completely immune from risks.

We do not make decisions that produce legal or significant effects solely through automated processing.

If this changes, we will notify you and provide opt-out mechanisms.

Our services are not intended for individuals under 18 years old.

We do not knowingly collect data from minors.

If you believe a minor has provided data, contact us for immediate removal.

In the event of a personal data breach, we will notify you via Dashboard, SMS and/or email, and the National Privacy Commission (NPC) within 72 hours of discovery if the breach involves sensitive information that may pose a risk to your rights and freedoms and/or other forms of harm. This will include:

• Nature of breach
• Data affected
• Possible consequences
• Mitigation steps
• Contact details of the DPO

We may update this Privacy Policy from time to time.

Material changes to this Policy are changes that significantly affect how we process your personal data, your privacy rights, or the risks to you as a data subject. When we make material changes, we will notify you 7-14 days prior to implementation through email and/or a prominent notice on our Platform.

We assess whether a change is material based on its impact on your privacy rights and how your personal data is processed, in line with applicable data protection laws.

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

For inquiries, complaints, or to exercise your rights:

Data Protection Officer:

• Email: dpo@negosyonow.com
• Address: 704 Rizal Ave. ext., Caloocan City, Metro Manila.

You may also file complaints to the National Privacy Commission (NPC), whose procedures are provided in the following link: https://privacy.gov.ph/filing-a-complaint/