GDPR Compliance
Last Updated: June 12, 2026
While PisoCare is based in the Philippines and primarily governed by the Data Privacy Act of 2012 (RA 10173), we are committed to meeting the standards of the EU General Data Protection Regulation (GDPR) for our international donors and visitors.
Legal Basis for Processing
We process personal data under the following GDPR lawful bases:
Consent
You provide explicit consent when registering or donating (Article 6(1)(a)).
Contract
Processing is necessary to process your donation and provide your receipt (Article 6(1)(b)).
Legal Obligation
We retain records for tax and regulatory compliance (Article 6(1)(c)).
Legitimate Interest
Analytics and fraud prevention support our charitable mission (Article 6(1)(f)).
Your GDPR Rights
Right of Access
Request a copy of all personal data we hold about you, delivered within 30 days in a machine-readable format.
Right to Rectification
Request corrections to inaccurate or incomplete personal data at any time.
Right to Erasure
Request deletion of your personal data ('right to be forgotten'), subject to legal retention obligations.
Right to Restriction
Request that we limit processing of your data while a dispute is being resolved.
Right to Data Portability
Receive your data in a structured, commonly used format (JSON/CSV) and transfer it to another service.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
International Data Transfers
Your data may be transferred to and processed in countries outside the EU/EEA (primarily the Philippines and the United States, where our hosting infrastructure is located). We ensure adequate protection through Standard Contractual Clauses (SCCs) with our service providers and the Philippines’ recognition as providing adequate data protection by the European Commission.
Data Protection Officer
Our Data Protection Officer oversees GDPR compliance and responds to all data subject requests.
PisoCare Data Protection Officer
Email: dpo@pisocare.com
Response time: within 30 days for all GDPR requests.
Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local EU Data Protection Authority or the Philippine National Privacy Commission (NPC) at privacy.gov.ph.