Effective October 2022
The privacy of your data—and it is your data, not ours—is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights with respect to your data. We promise we never sell your data: never have, never will.
What we collect and why
Our guiding principle is to collect only what we need. Here’s what that means in practice:
Identity & access
When you sign up for an account at https://www.hermaco.com.ph, we ask for identifying information such as your name, email address, and maybe a company name. That’s so you can personalize your new account, and we can send you updates and other essential information, with your consent. We sometimes also give you the option to add a profile picture for your account. This goes for filling up forms as well, their purpose is to help you with your inquiries, general and/or services. Your data is collected to help us help you. We will never sell your personal information to third parties, and we will not use your name or company in marketing statements without your permission either.
If you sign up for checking out Hermaco Commercial products, you will be asked to provide your billing address. We store a record of the payment transaction, including the payment method and details, for purposes of account history and billing support. We store your billing address so we can charge you for our products/service, calculate any sales tax due, send you quotations, and detect fraudulent transactions. We occasionally use aggregate billing information to guide our marketing efforts.
We store on our database the content that you upload or receive or maintain in your Hermaco Commercial product accounts. This is so you can use our products as intended, for example, when sending photos of products that need repairs or servicing. We keep this content as long as your account is active or as long as the photo/s is necessary in helping you.
For most of our products, we log the full IP address used to sign up a product account and retain that for use in mitigating future spammy signups. We also log all account access by full IP address for security and fraud prevention purposes, and we keep this login data for as long as your product account is active.
Embedded content from other websites
Pages on this site may include embedded content (e.g. videos, images, maps, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We also use persistent first-party cookies and some third-party cookies to store certain preferences, make it easier for you to use our applications, and perform A/B testing as well as support some analytics.
These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
A cookie is a piece of text stored by your browser. It may help remember login information and site preferences. It might also collect information such as your browser type, operating system, web pages visited, duration of visit, content viewed, and other click-stream data. You can adjust cookie retention settings and accept or block individual cookies in your browser settings.
We collect information about your browsing activity for analytics and statistical purposes such as conversion rate testing and experimenting with new product designs. This includes, for example, your browser and operating system versions, your IP address, which web pages you visited and how long they took to load, and which website referred you to us. If you have an account and are signed in, these web analytics data are tied to your IP address and user account until your account is no longer active.
When you email us with a question or to ask for help, we keep that correspondence, including your email address, so that we have a history of past correspondence to reference if you reach out in the future.
We also store information you may volunteer, for example, photos for servicing. If you agree to a customer interview, we may ask for your permission to record the conversation for future reference or use. We will only do so with your express consent.
When we access or share your information
To provide products or services you’ve requested
No Hermaco Commercial human looks at your content except for limited purposes with your express permission, for example, if an error occurs that stops a process from working and requires manual intervention to fix. These are rare cases, and when they happen, we look for root cause solutions as much as possible to avoid them recurring. We may also access your data if required in order to respond to legal process (see “When required under applicable law” below).
To help you troubleshoot or squash a software bug, with your permission
If at any point we need to access your content to help you with a support case, we will ask for your consent before proceeding.
To investigate, prevent, or take action regarding restricted uses
Accessing a customer’s account when investigating potential abuse is a measure of last resort. We want to protect the privacy and safety of both our customers and the people reporting issues to us, and we do our best to balance those responsibilities throughout the process. If we discover you are using our products for a restricted purpose, we will take action as necessary, including notifying appropriate authorities where warranted.
When required under applicable law
Hermaco Commercial Inc. is a Philippine company and all data infrastructure are located in the Philippines.
Requests for user data
Our policy is to not respond to government requests for user data unless we are compelled by legal process or in limited circumstances in the event of an emergency request. However, if Philippine law enforcement authorities have the necessary warrant, criminal subpoena, or court order requiring us to share data, we must comply. Likewise, we will only respond to requests from government authorities outside the Philippines if compelled by the Philippine government through procedures outlined in a mutual legal assistance treaty or agreement. It is Hermaco Commercial’s policy to notify affected users before we share data unless we are legally prohibited from doing so, and except in some emergency cases.
Similarly, Hermaco Commercial’s policy is to comply with requests to preserve data only if compelled by a properly served Philippine subpoena for civil matters. We do not share preserved data unless required by law or compelled by a court order that we choose not to appeal. Furthermore, unless we receive a proper warrant, court order, or subpoena before the required preservation period expires, we will destroy any preserved copies of customer data at the end of the preservation period.
If we are audited by a tax authority, we may be required to share billing-related information
If that happens, we will share only the minimum needed, such as billing addresses and tax exemption information.
your rights to your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Many of these rights can be exercised by signing in and updating your account information.
If you have questions about exercising these rights or need assistance, please contact us at firstname.lastname@example.org or at 8733 6502 to 03. If an authorized agent is corresponding on your behalf, we will need written consent with a signature from the account holder before proceeding.
If you are in the Philippines, you can contact your data protection authority to learn more about local privacy laws.
How we secure your data
All data is encrypted via [SSL/TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) when transmitted from our servers to your browser. The database backups are also encrypted. In addition, we go to great lengths to secure your data at rest. For more information about how we keep your information secure, please review our [security overview]
What happens when you delete content in your accounts
In many of our applications, we give you the option to trash content. Anything you trash in your product accounts while they are active will be kept in an accessible trash can for about 20 days. After that time, the trashed content cannot be accessed via the application and we are not able to retrieve it for you. The trashed content may remain on our active servers for another 30 days, and copies of the content may be held in backups of our application databases for up to another 30 days after that. Altogether, any content trashed in your product accounts should be purged from all of our systems and logs within 90 days.
If you choose to cancel your account, your content will become immediately inaccessible and should be purged from our systems in full within 60 days. This applies both for cases when an account owner directly cancels and for auto-cancelled accounts.
Location of site and data
Our products and other web properties are operated in the Philippines. If you are located elsewhere outside of the Philippines, please be aware that any information you provide to us will be transferred to and stored in the Philippines. By using our websites or services and/or providing us with your personal information, you consent to this transfer.
Changes & questions
We may update this policy as needed to comply with relevant regulations and reflect any new practices. Whenever we make a significant change to our policies, we will refresh the date at the top of this page and take any other appropriate steps to notify users.