DATA PRIVACY POLICY

Effective Date: September 25, 2025

Introduction

At QR WISE, we aim to provide you the best experience possible. To make this possible, we need to collect and use certain information. This Privacy Policy explains what information we collect, why we collect it and how we use and protect it.

Purpose and Scope

This Privacy Policy outlines the data privacy principles and practices of QR WISE in compliance with Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations. It applies to all personal data we collect, process, and store in connection with the use of our services and platforms.

Data We Collect

We collect personal data necessary for the delivery of our services:

• From Buyers: Full name, and contact number for Kiosk and Over-the-Counter ordering
• Automatically Collected Data: Session data for order tracking and bill calculations for At-Table Ordering

Purpose of Processing

• To verify identity
• To facilitate communication between parties
• To process payments
• To generate analytics and improve platform functionality
• To comply with lawful orders and regulatory requirements

Legal Bases for Processing

Use of Information

• Provide and maintain our services, including real-time ordering
• Verify your identity to secure your transactions
• Enable real-time payouts and manage financial operations
• Communicate essential updates and announcements
• Fulfill legal and regulatory requirements
• Analyze platform behavior and optimize features

Payment Information

QR WISE does not collect any payment information other than confirmation receipts provided by third-party payment processors.

Payments are processed by trusted third-party providers:

• Xendit Privacy Policy
• PayMaya Privacy Policy

Data Sharing and Disclosure

Data collected is shared with trusted third parties when necessary to operate the platform, fulfill services, or to comply with legal obligations. These third parties follow strict confidentiality standards and data protection safeguards. Written agreements and monitoring measures are used to ensure compliance.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes above or comply with laws. As a rule, personal data shall be retained for a maximum period of five (5) years from the date of the last transaction unless longer retention is required by law or justified by a legitimate business interest.

Disposal of Data

After the retention period, data shall be securely disposed of or anonymized. We conduct regular reviews and implement disposal schedules to ensure compliance with data retention policies.

Data Protection and Security Measures

QR WISE implements stringent technical and organizational measures to protect personal data, including strict access controls, secure digital storage, backups, and physical security measures.

Data Subject Rights

You may exercise your rights under the Data Privacy Act by contacting our Data Protection Officer at privacy@qrwise.com. To protect confidentiality, we may request verification details or additional information.

Data Breach Management

In the event of a data breach, QR WISE shall perform actions in accordance with NPC Circular No. 16-03 and relevant laws.

Training and Awareness

All new employees undergo mandatory privacy training during onboarding. Regular refresher training is conducted to ensure awareness of data protection responsibilities and incident handling.

Data Protection Officer (DPO)

Policy Review and Updates

This Privacy Policy may be updated periodically to reflect regulatory or practice changes. Updates will be posted on our website or notified via email or in-app messages.