Privacy Policy

Tatak Entertainment Technologies Inc. ("Fans by Fans", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our e-commerce platform ("Platform"). Fans by Fans operates as the Merchant of Record for all transactions, meaning we are the legal seller and processor of all purchases.

Company Address:
111 Paseo de Roxas Building, Legazpi Village, San Lorenzo,
Makati City 1223, National Capital Region, Philippines

This Privacy Policy is issued in compliance with the Data Privacy Act of 2012(Republic Act No. 10173) and its Implementing Rules and Regulations, as enforced by the National Privacy Commission of the Philippines.

By accessing or using our Platform, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Platform.

Tatak Entertainment Technologies Inc. is the Personal Information Controller (PIC) responsible for determining the purposes and means of processing your personal data.

Our Data Privacy Officer oversees our data protection strategy and ensures compliance with the Data Privacy Act. You may contact the DPO for any privacy-related inquiries or to exercise your data subject rights.

3.1 Information You Provide Directly

Account Registration

• Email address (required for authentication)
• Full name (first name and last name)
• Password (securely hashed, never stored in plain text)

Profile Information

• Phone number (E.164 international format)
• Date of birth (for age verification, minimum age 13)
• Gender (optional: male, female, non-binary, prefer not to say)
• Country of residence
• Profile picture (stored in secure cloud storage)
• Profile visibility preferences

Shipping Addresses

• Recipient name (first and last name)
• Phone number
• Street address (line 1 and optional line 2)
• City, State/Province, Postal Code
• Country

Partner Information

• Bank account details (for disbursements)
• Business registration documents (if applicable)
• Product listings and descriptions

3.2 Identity Verification (KYC) Data

For certain transactions and partner accounts, we require identity verification through our trusted verification partner. During verification, our partner collects:

• Government-issued identification document images
• Facial photographs and selfies
• Liveness detection data

Note: Identity verification is processed by our verification partner under their privacy policy. We do not store the actual images or biometric data. We only receive and store summary information extracted from the verification, including:

• Verification status (verified, pending, rejected)
• Verified name (first and last name)
• Date of birth
• Document type and country of issue
• Verification session identifiers

3.3 Transaction Information

• Purchase history and order details
• Payment method type and channel (e.g., GCash, credit card)
• Transaction amounts, fees, and discounts
• Shipping address snapshots (captured at time of transaction)
• Promo codes used
• Communication between buyers and partners
• Dispute and resolution records

Note: We do not store full credit card numbers, CVV codes, or bank account passwords. Payment processing is handled by a PCI DSS compliant payment processor.

3.4 Automatically Collected Information

• IP address (for security, rate limiting, and audit logging)
• Browser type and version
• Device type and operating system
• User agent string
• Access timestamps and session data
• Pages viewed and features used

3.5 Cookies and Local Storage

We use minimal cookies and local storage. For detailed information, please see our Cookie Policy.

• Authentication cookies: Essential for session management
• Theme preference: Stored locally for light/dark mode display

We do not use advertising cookies or third-party tracking pixels. We do not engage in behavioral advertising or cross-site tracking.

Under the Data Privacy Act of 2012, we process your personal information based on the following lawful criteria:

4.1 Consent

By creating an account and using our Platform, you consent to the collection and processing of your personal data as described in this Privacy Policy. You may withdraw consent at any time by closing your account.

4.2 Contractual Necessity

Processing is necessary for the performance of our contract with you, including:

• Providing e-commerce services
• Processing transactions and payments
• Managing order fulfillment and delivery
• Processing refunds and customer support

4.3 Legal Obligation

We may process data to comply with legal requirements, including:

• Tax reporting and record-keeping (7-year retention)
• Anti-money laundering (AML) compliance
• Fraud prevention and investigation
• Response to lawful government requests

4.4 Legitimate Interests

We may process data based on legitimate business interests, including:

• Improving and developing our Platform
• Preventing fraud and ensuring security
• Resolving disputes between users
• Maintaining audit logs for accountability

5.1 Service Provision

• Create and manage your account
• Authenticate your identity via magic links
• Process transactions and manage escrow
• Facilitate communication between parties
• Provide customer support

5.2 Security and Fraud Prevention

• Verify user identities through KYC processes
• Detect and prevent fraudulent activities
• Implement rate limiting and bot protection
• Maintain security audit logs
• Investigate suspicious activities

5.3 Communication

• Send transaction notifications (purchase confirmations, shipping updates)
• Notify partners of new orders
• Send security alerts (login from new device, password changes)
• Provide dispute resolution updates
• Send service announcements and policy updates

5.4 Platform Improvement

• Analyze usage patterns to improve user experience
• Debug technical issues
• Develop new features and services

We do not sell your personal information to third parties.

We may share your information in the following circumstances:

6.1 For Order Fulfillment

• Shipping: Your first name and shipping address are shared with fulfillment partners (last name partially censored for privacy)
• Product Information: Product listings and vendor details are displayed publicly
• Transaction-related information necessary to complete your orders

6.2 With Service Providers

We share data with trusted third-party service providers who assist us in operating our Platform:

6.3 Legal Requirements

We may disclose your information when required by law or in response to:

• Valid legal processes (court orders, subpoenas)
• Government agency requests (NPC, law enforcement)
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change and any choices you may have regarding your information.

We implement comprehensive security measures to protect your personal information:

7.1 Technical Measures

• Encryption: Data is encrypted both in transit and at rest
• Secure Authentication: Industry-standard authentication with secure session management
• Access Controls: Policies ensuring users can only access their own data
• Input Validation: Protection against common web vulnerabilities
• Payment Security: PCI DSS compliant payment processing

7.2 Access Controls

• Protection against automated attacks and abuse
• Role-based access controls for administrative functions
• Limited access to data on need-to-know basis

7.3 Monitoring and Auditing

• Security event logging and audit trails
• Monitoring for unauthorized access attempts
• Regular security assessments

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.

We retain your personal information for different periods depending on the type of data:

Upon account deletion, we will delete or anonymize your personal data within 30 days, except for data we are required to retain for legal or regulatory purposes.

Under the Data Privacy Act of 2012, you have the following rights regarding your personal data:

9.1 Right to Be Informed

You have the right to be informed about the collection and processing of your personal data, including the purpose, scope, and method of processing.

9.2 Right to Access

You may request access to your personal data, including information about how it has been processed and shared. You can access most of your data directly through your account settings.

9.3 Right to Object

You may object to the processing of your personal data, including processing for direct marketing purposes.

9.4 Right to Erasure or Blocking

You may request deletion or blocking of your personal data when it is incomplete, outdated, falsely obtained, unlawfully processed, or no longer necessary for the declared purpose. Some data may be retained as required by law.

9.5 Right to Rectification

You may request correction of inaccurate or incomplete personal data. You can update most information directly through your account settings.

9.6 Right to Data Portability

You may request a copy of your personal data in a structured, commonly used, and machine-readable format.

9.7 Right to File a Complaint

If you believe your data privacy rights have been violated, you may file a complaint with the National Privacy Commission:

9.8 Exercising Your Rights

To exercise any of these rights, please contact our Data Privacy Officer at dpo@fansbyfans.com. We will respond to your request within 15 working days.

We may require verification of your identity before processing your request to ensure the security of your data.

Some of our service providers may store or process data in countries outside the Philippines, including the United States and Singapore. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Contractual protections with service providers
• Selection of providers with strong security and privacy practices
• Compliance with Data Privacy Act requirements for cross-border transfers

Our Platform is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. Users between 13 and 18 may use the Platform with parental or guardian consent.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us at dpo@fansbyfans.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make material changes, we will notify you by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification to registered users (for significant changes)
• Displaying a notice on the Platform

We encourage you to review this Privacy Policy periodically. Continued use of the Platform after changes constitutes acceptance of the updated policy.

For questions, concerns, or requests regarding this Privacy Policy or your personal data: