Privacy Policy

1. Who We Are

iStart International Inc.(hereinafter referred to as “iStart,” “we,” “us,” or “our”) is a Philippine corporation registered with the Securities and Exchange Commission and is the Personal Information Controller (PIC) of any personal data submitted to or collected through this website (istartinternational.net) and our affiliated programs.

2. Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal information:

2.1 Information You Provide Directly

• Contact form submissions: name, email address, phone number, subject of inquiry, preferred meeting date, and message content.
• Mentor / partner / learner applications: name, contact details, professional background, curriculum vitae, educational history, and other documents you upload.
• Program enrollment: details required for participation in iLearn, iMentor, iPartner, and related programs.
• Newsletter subscriptions: your email address, collected only if you affirmatively opt in to receive our weekly newsletter (see Section 11).

2.2 Information Collected Automatically

• Technical data such as IP address, browser type, device information, referring URLs, and pages visited, collected for security, analytics, and service improvement.
• Authenticated-session data (where you have created an account): login timestamps, activity within member dashboards, and assessment results.

We do not knowingly collect sensitive personal information (as defined under Section 3(l) of RA 10173 — race, ethnic origin, marital status, health, religious or political affiliations, etc.) through this website. If such information is voluntarily provided through documents you upload, it will be processed only for the purpose for which you submitted it and with appropriate safeguards.

3. Why We Collect Your Data

We process your personal data for the following purposes:

• To respond to inquiries, requests, and applications you submit;
• To evaluate applications for our mentor, partner, and learner programs;
• To deliver, administer, and improve our education, training, and consultancy services;
• To send you administrative communications and program updates that are necessary for services you have requested;
• To send you our newsletter and other marketing communications, only where you have given separate, specific consent (see Section 11 for full details on the newsletter);
• To comply with legal, regulatory, and contractual obligations, including those imposed by the SEC, TESDA, BIR, and other Philippine government agencies;
• To protect the security and integrity of our systems, members, and operations.

We will not use your personal data for any purpose materially different from those listed above without first informing you and, where required, obtaining your additional consent.

4. Legal Basis for Processing

In accordance with Sections 12 and 13 of RA 10173, we process personal data only when at least one of the following lawful bases applies:

• Consent: You have given freely, specifically, and informedly given your consent (e.g. by submitting our contact form or registering for a program);
• Contract: Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract;
• Legal obligation: Processing is required by law or regulation;
• Vital interests:Processing is necessary to protect a person’s life or health;
• Legitimate interests: Processing is necessary for the legitimate interests pursued by iStart, except where such interests are overridden by your fundamental rights and freedoms.

5. How We Share Your Data

We do not sell your personal data. We may share limited personal data with the following categories of recipients, strictly for the purposes described in this Policy and subject to confidentiality and data protection commitments:

• Authorized personnel of iStart who require access to perform their roles;
• Service providers and processors engaged on our behalf (e.g. email delivery, hosting, analytics) bound by contractual data-processing obligations;
• Program partners (e.g. TESDA, accredited training institutions, industry partners), only where necessary to deliver the program you applied for and with appropriate safeguards;
• Government authorities and regulators where disclosure is required by law, court order, or lawful administrative process;
• Legal advisors and auditors bound by professional confidentiality obligations.

Where any such recipient is located outside the Philippines, we will ensure that the cross-border transfer complies with Section 21 of RA 10173 and applicable NPC issuances on cross-border data transfers.

6. Retention Period

We retain personal data only for as long as is necessary to fulfill the purposes set out in this Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements:

• Contact-form inquiries: up to 2 years from last interaction, after which records are anonymized or securely deleted;
• Application records (mentor / partner / learner): for the duration of your engagement plus 5 years thereafter, or as required by tax, labor, or sector-specific regulations;
• Account & assessment data: for the lifetime of your membership; you may request earlier deletion in accordance with Section 8 below;
• Technical & security logs: typically 12 months, except where a longer period is required for incident investigation.
• Newsletter subscriber data: for as long as you remain subscribed. Upon unsubscribing, your email is removed from active mailing lists within 7 days; a minimal suppression record (email + unsubscribe date) may be kept indefinitely solely to ensure we do not re-contact you.

7. Security Measures

In accordance with Sections 20 and 25 of RA 10173, we have implemented reasonable and appropriate organizational, physical, and technical security measures to protect personal data, including:

• Encryption of data in transit (HTTPS / TLS);
• Access controls and role-based permissions for staff;
• Multi-factor authentication for administrative accounts;
• Regular security reviews and patching;
• Confidentiality undertakings for all personnel;
• Incident-response procedures and breach-notification protocols aligned with NPC Circular No. 16-03.

While we take reasonable steps to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure. If you become aware of any actual or suspected unauthorized access to your data, please notify our Data Protection Officer immediately (see Section 14).

8. Your Rights as a Data Subject

Under Section 16 of the Data Privacy Act of 2012, you have the following rights with respect to your personal data:

1. The right to be informed that your personal data shall be, are being, or have been processed, and to be furnished with the information required by law.
2. The right to access the personal data we hold about you, including the sources, recipients, manner of processing, and the existence of automated decision-making.
3. The right to object to the processing of your personal data, including processing for direct marketing, automated processing, or profiling.
4. The right to rectification of any inaccurate or incomplete personal data we hold about you.
5. The right to erasure or blocking of personal data from our filing system, subject to the conditions set out in the law.
6. The right to damages for any inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data.
7. The right to data portability— to obtain a copy of your personal data in a commonly used electronic format where processing is carried out by electronic means.

9. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer using the details in Section 14. We may ask you to verify your identity before fulfilling the request, for your protection.

We will respond to legitimate requests within a reasonable period and, in any case, within the timeframes prescribed by applicable law and NPC issuances. There is generally no fee for exercising your rights; however, we may charge a reasonable fee for manifestly unfounded or excessive requests.

10. Withdrawing Your Consent

Where we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time by contacting our Data Protection Officer. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal, nor will it affect processing that is based on another lawful ground (e.g. compliance with a legal obligation).

11. Newsletter & Marketing Communications

iStart sends a weekly newsletter with program updates, training opportunities, partnership news, and educational content. Receiving the newsletter is entirely optional — you may use our website, contact form, and (where available) member accounts without subscribing.

11.1 Data we collect for the newsletter

When you subscribe to the newsletter — either through our dedicated newsletter signup form or by ticking the optional newsletter checkbox during account signup — we collect only your email address. We do not require your name, phone number, or any other personal information to deliver the newsletter.

11.2 Legal basis

We process your data for newsletter purposes solely on the basis of your specific, freely given, and informed consent under Section 12(a) of RA 10173 and NPC Circular No. 2023-04 (Guidelines on Consent). In accordance with these rules:

• The newsletter subscription checkbox is unticked by default; you must take an affirmative action to subscribe.
• Newsletter consent is separate from any other consent you may give us (e.g. contact form consent, account-creation consent). We will not subscribe you automatically as a result of those other actions.
• You can give, withhold, or withdraw newsletter consent independently, with no effect on your access to our other services.

11.3 Frequency and content

We aim to send the newsletter approximately once per week, with occasional additional emails for time-sensitive announcements (e.g. application deadlines, event invitations). We will not use your email address for any other marketing purpose without obtaining separate consent.

11.4 Newsletter delivery platform

As of the “Last Updated” date above, iStart is still finalising its choice of newsletter delivery platform (e.g. Mailchimp, Brevo, ConvertKit, or a self-hosted system). Once selected, the name and role of that processor will be disclosed in this section and we will ensure an appropriate data-processing agreement is in place in accordance with Sections 14 and 21 of RA 10173. If the chosen processor is located outside the Philippines, cross-border transfer safeguards will apply as described in Section 5 above.

11.5 Unsubscribing

Every newsletter email includes a clearly visible “Unsubscribe” link at the bottom. Clicking it removes your email address from our active mailing list, and we will stop sending you newsletter emails. You may also unsubscribe at any time by:

• Emailing our Data Protection Officer at info@istartinc.com with the subject line “Unsubscribe Newsletter”; or
• Replying to any newsletter email with the word “Unsubscribe” in the body.

We will process unsubscribe requests within 7 days. After unsubscribing we retain only a minimal suppression record (your email address plus the date you unsubscribed) for the sole purpose of ensuring we do not accidentally re-contact you in the future.

11.6 Your rights still apply

All the data-subject rights described in Section 8 above apply equally to data processed for newsletter purposes, including the rights to access, rectification, erasure/blocking, objection, and data portability.

12. Cookies & Similar Technologies

We use a minimal number of cookies and similar technologies for essential website functionality (such as keeping you logged in) and aggregated, non-identifying analytics. You may control or disable cookies through your browser settings; however, doing so may affect parts of the website that rely on them.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will revise the “Last Updated” date above and, where appropriate, provide a more prominent notice. We encourage you to review this page periodically.

14. Data Protection Officer

In accordance with Section 21 of RA 10173 and NPC Advisory No. 2017-01, iStart International Inc. has designated a Data Protection Officer (DPO) responsible for ensuring our compliance with the Data Privacy Act and addressing data-subject concerns.

15. Filing a Complaint with the NPC

If you believe your data-privacy rights have been violated and you are not satisfied with our response, you have the right to file a complaint with the National Privacy Commission (NPC) of the Philippines: