1. Introduction
1.1 This Privacy Policy explains how TERA TECHNOLOGIES ENTERPRISE CORP., a corporation registered with the Securities and Exchange Commission under Registration No. 2024010133959-05 (“CargoHub”, the “Company”, “we”, “us”, or “our”), as the personal information controller, collects, uses, discloses, stores, protects, and otherwise processes your Personal Data when you access or use the CargoHub platform, including our website, mobile applications, and related services (the “Platform”).
1.2 We are committed to protecting your privacy and process Personal Data in accordance with Republic Act No. 10173 (the Data Privacy Act of 2012, the “DPA”), its Implementing Rules and Regulations (the “IRR”), and the issuances of the National Privacy Commission (the “NPC”).
1.3 This Privacy Policy forms part of, and should be read together with, our Terms of Service. Capitalized terms that are not defined here have the meaning given to them in the Terms of Service.
1.4 By accessing or using the Platform, or by providing Personal Data to us, you acknowledge that you have read and understood this Privacy Policy. Where the law requires your consent, we will obtain it in the manner described here.
1.5 This Privacy Policy applies to Shippers, Carriers, Referrers, their respective personnel, and other visitors and users of the Platform.
2. Definitions
2.1 “Personal Data” means personal information, sensitive personal information, and privileged information as those terms are defined under the DPA, and includes any information from which an individual’s identity is apparent or can reasonably and directly be ascertained, or when put together with other information would directly and certainly identify an individual.
2.2 “Sensitive Personal Information” means the categories of personal information classified as sensitive under Section 3 of the DPA, including information about an individual’s race, ethnic origin, marital status, age, health, education, and government-issued identifiers.
2.3 “Processing” means any operation performed upon Personal Data, including collection, recording, organization, storage, use, consolidation, disclosure, transmission, and disposal.
2.4 “Data Subject” means the individual whose Personal Data is processed.
2.5 “Personal Information Controller” and “Personal Information Processor” have the meanings given to them under the DPA.
3. Personal Data We Collect
3.1 Account and identity data. Your name, date of birth, gender, username, password, and profile photo.
3.2 Contact data. Your address, email address, and mobile or telephone number.
3.3 Verification data. Information used to verify your identity, eligibility, and legal capacity, which may include government-issued identification documents and numbers, business registration documents, and, for Carriers, driver’s licenses, vehicle registration documents, plate numbers, and applicable permits or accreditations. Some of this information constitutes Sensitive Personal Information.
3.4 Booking and Shipment data. Pickup and delivery locations, contact persons, Shipment descriptions, schedules, and related instructions.
3.5 Location data. The location of vehicles and, where you enable it, of your device, for the purposes of matching, coordination, tracking, and safety.
3.6 Payment and transaction data. Wallet balances, transaction and payout history, and billing details. Card and electronic payments are processed by our third-party payment providers, including Xendit, and we do not store complete payment card details.
3.7 Usage, device, and technical data. Your IP address, device identifiers, browser and operating system type, application version, access logs, and information collected through cookies and similar technologies.
3.8 Communications and feedback. Messages, support requests, records of your communications with us or with other Users through the Platform, and your ratings and reviews.
3.9 Marketing preferences. Your preferences for receiving marketing and promotional communications.
3.10 Personal Data about other individuals. If you provide us with Personal Data about another person, such as a consignee or contact person, you represent that you are authorized to do so and to allow us to process that data in accordance with this Privacy Policy.
4. How We Collect Personal Data
4.1 Directly from you. When you register an account, complete verification, create or accept Bookings, make payments, complete forms, or communicate with us.
4.2 Automatically. Through your use of the Platform, including through cookies and similar technologies, and through device, usage, and location data.
4.3 From third parties. From identity-verification and fraud-prevention providers, payment providers, other Users involved in a Booking, Referrers, and publicly available or lawfully accessible sources.
5. Purposes of Processing and Legal Bases
5.1 Purposes. We process Personal Data to create and manage accounts; verify identity, eligibility, and legal capacity; prevent, detect, and investigate fraud and misuse; match Shippers and Carriers and facilitate Bookings; enable communication and coordination between Users; process payments, wallet transactions, and payouts; provide customer support; maintain safety and security; comply with legal, tax, and regulatory obligations, including those of the Bureau of Internal Revenue; operate, analyze, improve, and develop the Platform; send service-related and, where you consent, marketing communications; and enforce our Terms of Service and protect our rights and the rights of others.
5.2 Legal bases for personal information. Consistent with Section 12 of the DPA, we process personal information where you have given your consent; where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract; where processing is necessary for compliance with a legal obligation; where processing is necessary to protect vital interests; or where processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your fundamental rights and freedoms.
5.3 Legal bases for Sensitive Personal Information. We process Sensitive Personal Information only on the bases permitted under Section 13 of the DPA. Government-issued identification documents and numbers and other verification information are processed principally because such processing is provided for by, or is carried out in connection with our and our Users’ compliance with, existing laws and regulations, including transport licensing, tax, and anti-fraud and anti-money-laundering requirements, and because it is necessary for the establishment, exercise, or defense of legal claims and the protection of our and others’ lawful rights and interests. Where required, we also obtain your consent. Because we rely on these bases and on our legal and regulatory obligations, your withdrawal of consent to other processing will not, by itself, require us to stop processing verification information that we are required or entitled to process under the DPA. Where we process other Sensitive Personal Information not covered by these bases, we do so with your consent or as otherwise permitted by the DPA.
5.4 New purposes. If we intend to process your Personal Data for a purpose that is not compatible with the purposes described above, we will inform you and, where required by law, obtain your consent.
6. Consent and Withdrawal of Consent
6.1 Where we rely on your consent, that consent is freely given, specific, and informed. We obtain and record consent through clear means, such as sign-up checkboxes and your account settings, and consent may be given and evidenced through electronic means in accordance with Republic Act No. 8792 (the Electronic Commerce Act of 2000).
6.2 You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, through your account settings or by contacting our Data Protection Officer at [email protected]. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal, or of processing that continues to be justified under another lawful basis, and it may limit or prevent our ability to provide the Platform or certain features to you.
6.3 Marketing communications. You may opt in to receive marketing or promotional communications, for example through sign-up checkboxes or your account settings. Where you have opted in, you may opt out at any time through the unsubscribe link in the relevant communication, through your account settings, or by contacting our Data Protection Officer at [email protected]. We may continue to send you non-promotional, service-related communications that are necessary for your use of the Platform.
7. Cookies and Similar Technologies
7.1 Cookies are small text files placed on your device when you access the Platform. We also use similar technologies, such as software development kits, pixels, tags, and local storage. Cookies may be session cookies, which expire when you close your browser, or persistent cookies, which remain until they expire or are deleted.
7.2 First-party and third-party cookies. We use both first-party cookies, which we set, and third-party cookies, which are set by our service providers and partners, including analytics and advertising providers. Third-party cookies are also governed by the privacy and cookie policies of the relevant third parties.
7.3 Categories of cookies we use. We use the following categories of cookies and similar technologies:
- Strictly necessary cookies, which are essential to operate the Platform, enable core features, maintain your session, and keep the Platform secure. These cannot be switched off through our systems.
- Functional or preference cookies, which remember your choices and settings in order to personalize your experience.
- Performance and analytics cookies, which include first-party and third-party cookies that help us understand how the Platform is accessed and used so that we can measure and improve it.
- Advertising and targeting cookies, which are third-party cookies used to deliver and measure advertising and to limit the number of times you see an advertisement, and which may build a profile of your interests.
7.4 Consent. Strictly necessary cookies are used on the basis of our legitimate interest in operating and securing the Platform. For non-essential cookies, including functional, performance, analytics, and advertising cookies, we rely on your consent, which we obtain through our cookie banner or consent tool when you first access the Platform and which you may change or withdraw at any time.
7.5 How to control cookies. You can accept or reject non-essential cookies through our cookie banner or consent settings, where available. You can also manage or delete cookies through your browser or device settings, and you may opt out of certain third-party analytics and advertising cookies through the tools made available by the relevant third parties. Disabling certain cookies may affect the availability or functionality of parts of the Platform.
8. How We Share and Disclose Personal Data
8.1 With other Users. To facilitate and fulfill Bookings, we share relevant Personal Data between Shippers and Carriers, such as names, contact details, and pickup and delivery information. Users must use such data only for the relevant Booking and in accordance with the DPA.
8.2 Independent controllers. When Personal Data is shared through the Platform to arrange or perform a Booking, CargoHub, Shippers, Carriers, Referrers, and other Users each act as separate and independent personal information controllers in respect of the Personal Data each of them processes for its own purposes. Each is independently responsible for its own compliance with the DPA, and no party acts as the agent or personal information processor of another by reason of the Booking or of its use of the Platform.
8.3 With service providers. We share Personal Data with personal information processors and service providers that perform services on our behalf, such as payment processing (including Xendit), cloud hosting and storage, communications, analytics, and identity verification. These providers are bound by agreements requiring them to protect Personal Data and to process it only on our instructions.
8.4 With authorities. We may disclose Personal Data to regulators, courts, law enforcement, and other government authorities where required or permitted by law or legal process, including the NPC and the Bureau of Internal Revenue.
8.5 In corporate transactions. We may disclose Personal Data in connection with a merger, acquisition, reorganization, financing, or sale of assets, subject to appropriate safeguards and this Privacy Policy.
8.6 With your consent. We may share Personal Data with other parties where you have given your consent or at your direction.
8.7 No sale of Personal Data. We do not sell your Personal Data.
9. Outsourcing and Subprocessors
9.1 Where we engage personal information processors or subprocessors, we do so under contracts that require appropriate organizational, physical, and technical security measures, confidentiality, and compliance with the DPA. We remain accountable for Personal Data processed on our behalf.
10. International and Cross-Border Transfers
10.1 Some of our service providers may process or store Personal Data outside the Philippines. Where we transfer Personal Data abroad, we remain responsible for its protection and use appropriate contractual and security safeguards consistent with the DPA and applicable NPC issuances.
11. Data Retention
11.1 We retain Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or for such longer period as may be required by applicable law, including the record-retention periods required by the Bureau of Internal Revenue and other regulators.
11.2 When Personal Data is no longer required, we securely dispose of, delete, or anonymize it in accordance with the DPA and our retention and disposal procedures.
12. Security Measures
12.1 We implement reasonable and appropriate organizational, physical, and technical security measures to protect Personal Data against loss, misuse, and unauthorized access, disclosure, alteration, or destruction, as required by the DPA and the NPC. These measures may include access controls, authentication, encryption where appropriate, and confidentiality obligations for our personnel.
12.2 While we take steps to protect your Personal Data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. We require our service providers to maintain appropriate safeguards.
13. Personal Data Breach
13.1 We maintain procedures to manage and respond to personal data breaches. Where a personal data breach involving Sensitive Personal Information or information that may enable identity fraud occurs and poses a real risk of serious harm to affected Data Subjects, we will notify the NPC and the affected Data Subjects within seventy-two (72) hours of knowledge of the breach, as required by the NPC.
14. Your Rights as a Data Subject
14.1 Your rights. Subject to the conditions and limitations of the DPA, you have the right to be informed; the right to access your Personal Data; the right to rectify or correct inaccurate or erroneous Personal Data; the right to object to processing, including processing for direct marketing; the right to suspension, withdrawal, blocking, removal, or destruction of your Personal Data; the right to data portability; the right to be indemnified for damages; and the right to be informed about, and to reasonable safeguards regarding, decisions based solely on automated processing.
14.2 How to exercise your rights. You may exercise your rights by contacting us using the details in Section 19. We may need to verify your identity before acting on a request, and we will respond within the period required by applicable law.
14.3 Complaints. You also have the right to lodge a complaint with the NPC, as described in Section 19.
15. Automated Processing and Artificial Intelligence
15.1 We use automated tools and artificial-intelligence-assisted features for purposes such as matching, price estimation, routing, and fraud and risk detection. These tools support, and do not necessarily replace, human decision-making.
15.2 Where a decision that significantly affects you is based solely on automated processing, you may, subject to applicable law, request human intervention, express your point of view, or contest the decision.
16. Children and Minors
16.1 The Platform is intended for individuals who are at least eighteen (18) years of age. We do not knowingly collect Personal Data from minors. If we become aware that we have collected Personal Data from a minor without appropriate authority or consent, we will take steps to delete it.
17. Third-Party Services and Links
17.1 The Platform may link to or integrate with third-party services, such as payment providers and mapping services. The processing of your Personal Data by those third parties is governed by their own privacy policies, and we are not responsible for their practices. We encourage you to review their privacy policies.
18. Changes to this Privacy Policy
18.1 We may update this Privacy Policy from time to time. When we do, we will post the updated version and update the “Last updated” date above, and, where the changes are material, provide additional notice through the Platform or by other means.
18.2 Your continued use of the Platform after the effectivity of any update constitutes your acknowledgment of the updated Privacy Policy, and, where required by law, your consent to it.
19. How to Contact Us
19.1 If you have questions or concerns about this Privacy Policy or about how we handle your Personal Data, or if you wish to exercise your rights as a Data Subject, you may contact us using the details below.
TERA TECHNOLOGIES ENTERPRISE CORP.
Office address: Unit 2-D, Juanita Bldg., 309 10th Ave. cor. 8th St., Grace Park East, Caloocan City 1403, Metro Manila, Philippines
Email: [email protected]
Customer support: [email protected]
Data Protection Officer: [email protected]
National Privacy Commission
You may also file a complaint with, or seek assistance from, the National Privacy Commission:
Address: 25th to 27th Floors, The Upper Class Tower, Quezon Avenue corner Scout Reyes Street, Quezon City, Philippines
Telephone: (+63) 2 5322 1322
Email: [email protected] or [email protected]
Website: privacy.gov.ph