Privacy Notice
How Bayanihan Lab Network, Inc. handles your personal data, and the rights you have under the Data Privacy Act of 2012.
Last updated: 27 June 2026
The short version
- We collect your personal data mainly to register you for events and run our website.
- Identity documents (such as passport copies) are collected only with your consent, kept in private storage, and deleted within about 60 days after the event.
- We share data only with the providers that help us operate — payment, hosting, and analytics — and when the law requires it. We do not sell your data.
- Under the Data Privacy Act you can access, correct, object to, or ask us to delete your data, and complain to the National Privacy Commission.
This summary is for convenience only. The full notice below is what applies.
1. About this notice & who is responsible
This Privacy Notice explains how Bayanihan Lab Network, Inc. (“BLN,” “we,” or “us”) collects and handles your personal data when you use this website or register for our events. BLN is the personal information controller and is registered with the Securities and Exchange Commission of the Philippines (Company Registration No. 2025040198291-44), with principal office at 3107 Vita Tower 3, Avida Towers Vita, Bagong Pag-asa, Barangay Bagong Pag-asa, Quezon City, Second District, National Capital Region (NCR), 1105.
We process personal data in accordance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC).
2. What personal data we collect
Depending on how you interact with us, we may collect:
- Event registration data — your full name, email address, mobile number, and the answers to any additional questions an event requires.
- Identity documents (sensitive personal information) — for some events we ask you to upload a copy of your passport or other identification, where it is needed for entry, visa, or verification purposes. We collect these only with your consent and only for the specific event.
- Payment data — your payment is processed by our provider, Xendit. We receive confirmation of the amount, channel, and time of payment, but we do not collect or store your full card details.
- Account data — if you create an account to access member or administrative areas, we collect your sign-in details and profile information.
- Website & technical data — basic information your browser sends (such as device and usage data), and diagnostic data we use to measure and fix problems in the registration flow.
3. Why we use your data & our lawful basis
We use your personal data to:
- register you for events, confirm payment, issue your confirmation document, and verify entry at check-in — to perform our agreement with you;
- process identity documents for entry, visa, or verification — on the basis of your consent;
- issue receipts and keep financial records, and meet tax and regulatory obligations — to comply with the law;
- operate, secure, and improve our website and services, and measure our outreach — for our legitimate interests, balanced against your rights;
- respond to your enquiries and contact you about your registration.
Where we rely on your consent, you may withdraw it at any time (see your rights in Section 9); withdrawing consent does not affect processing already carried out.
4. Cookies & analytics
Our website uses cookies and similar technologies. Some are essential for the site to work and to keep you signed in. Others help us understand how the site is used and measure our campaigns, through:
- Vercel Analytics — privacy-friendly traffic measurement for our hosting platform;
- Google tag / Google Ads — to measure visits and the performance of our advertising.
You can control or block cookies through your browser settings, though some parts of the site may not work as intended if you do.
5. Who we share your data with
We do not sell your personal data. We share it only with parties that help us run our services, and only as needed:
- Xendit — to process your payment and any refund;
- Supabase — our database, authentication, and secure file storage provider;
- Vercel — our website hosting and analytics provider;
- Google — for analytics/advertising measurement and, where we correspond by email, email services;
- Event partners — where an event is co-organized, and only the details needed to admit and host you;
- Government authorities — when we are required by law or lawful order to disclose information.
These providers act as our processors and are bound to protect your data and use it only for the purposes we specify.
6. Transfers outside the Philippines
Some of our providers store or process data on servers outside the Philippines. Where this happens, we take reasonable steps to ensure your data continues to be protected to a standard consistent with the Data Privacy Act, including through the contractual commitments of those providers.
7. How long we keep your data
- Identity documents (passport/ID copies) — kept only as long as needed for the event and deleted within about 60 days afterwards, unless a longer period is legally required.
- Registration and payment records — kept as long as needed for the event and for the period our tax and accounting obligations require.
- Account data — kept while your account is active, and deleted or anonymized within a reasonable period after it is closed.
When we no longer need your data, we securely delete or anonymize it.
8. How we protect your data
We apply organizational and technical safeguards appropriate to the data we hold. Identity documents and registrant uploads are stored in private storage that is not publicly accessible; access is restricted to authorized personnel, and data is encrypted in transit. No system is perfectly secure, but we work to reduce risk and to respond promptly to any incident, including notifying you and the NPC where the law requires.
9. Your rights under the Data Privacy Act
As a data subject, you have the right to:
- be informed about how your data is processed;
- access the personal data we hold about you;
- correct (rectify) inaccurate or outdated data;
- object to processing, or withdraw consent;
- request erasure or blocking of your data in the circumstances the law allows;
- data portability — obtain a copy of data you provided in a usable format;
- be indemnified for damage caused by unlawful processing; and
- lodge a complaint with the National Privacy Commission.
To exercise any of these rights, contact us using the details below. We may need to verify your identity before acting on your request.
10. Children's privacy
Our events and registration are intended for adults. We do not knowingly collect the personal data of children without the consent of a parent or guardian. If you believe a child has provided us data without that consent, please contact us and we will address it.
11. Changes to this notice
We may update this Privacy Notice from time to time. The current version is always the one published on this page, with the “last updated” date shown above. Significant changes will be highlighted where appropriate.
12. Contact us
For any privacy question or to exercise your rights, contact our Data Protection Officer at bayanihanlabnetwork@gmail.com. If you are not satisfied with our response, you may contact the National Privacy Commission (privacy.gov.ph).
See also our Event Payment Terms & Conditions.