DATA PRIVACY POLICY STATEMENT&nbsp;Welcome to Fora Services Inc &nbsp;Fora Services Inc is committed to protecting the privacy of its guests, employees, and partners, and to ensuring the safety and security of all personal data in its possession and under its control.&nbsp;In compliance with Republic Act No. 10173, or the Data Privacy Act of 2012, its Implementing Rules and Regulations (IRR), and relevant issuances of the National Privacy Commission, Fora Services Inc shall collect from you, the data subject, personal data as outlined in this Data Privacy Notice. How this personal data will be collected, used, disclosed, and retained, is outlined as follows:&nbsp;I DEFINITIONS&nbsp;1. “Personal data” refers to all types of personal information, sensitive personal information, and privileged information under the Data Privacy Act and its IRR.&nbsp;2. “Data subject” refers to an individual whose personal, sensitive personal, or privileged information is processed.&nbsp;3. “Personal information” refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an individual.&nbsp;4. “Sensitive personal information” refers to personal information: (i) about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations; (ii) about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings; (iii) issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension, or revocation, and tax returns; and (iv) specifically established by an executive order or an act of Congress to be kept classified.&nbsp;5. “Privileged information” refers to any and all forms of data or information, which under the Rules of Court and other pertinent laws constitute privileged communication.&nbsp;II PRIVACY NOTICE&nbsp;A. Data Collected.&nbsp;We collect personal data that you provide to us, including but not limited to: &nbsp;<ol><li>Full name, sex, nationality, birthdate, age, and civil status&nbsp;</li><li>Contact Information (e-mail, phone number, mobile number, address)&nbsp;</li><li>Payment Information and billing address&nbsp;</li><li>Identification documents (passports, airline tickets and itineraries)&nbsp;</li><li>Booking details&nbsp;</li><li>Preferences and special requests&nbsp;</li><li>For Corporate bookings: Employment details &nbsp;</li><li>Additional information specific to special events and gatherings&nbsp;</li><li>Information relating to minor companion / child details (for CRIMZONE members)&nbsp;</li></ol>B. Collection Method&nbsp;Your Personal Data may be collected through online reservations, physical forms, our website, third-party booking platforms, or directly through our personnel.&nbsp;C. Use of your Personal Data&nbsp;We use your Personal Data for the following purposes:&nbsp;<ol><li>To fulfill bookings, hospitality, and concierge services; &nbsp;</li><li>To communicate with you regarding your stay;&nbsp;</li><li>To process payments and provide customer support;&nbsp;</li><li>To improve our services and customer experience;&nbsp;</li><li>To comply with regulatory, legal, or audit requirements;&nbsp;</li><li>To conduct guest satisfaction surveys and loyalty programs; and&nbsp;</li><li>To promote hotel-related offers, events, or services (subject to your consent)&nbsp;</li></ol>D. Data Sharing&nbsp;We hold your Personal Data in strict confidence. However, we may disclose and share your personal information as may be reasonably necessary and only for the purposes set out in this Policy to the following third-party partners&nbsp;<ol><li>Our subsidiaries and/or affiliates1 within the Filinvest Group&nbsp;</li><li>Legal and regulatory authorities as required by law&nbsp;</li><li>Partner hotels or third-party service providers bound by a Data Sharing Agreement&nbsp;</li></ol>We ensure that any third party we share your data with comply with the Data Privacy Act of 2012 and implement appropriate safeguards. We do NOT sell or share your data for unrelated commercial purposes.&nbsp;E. Storage and Transfer of Data&nbsp;Your Personal data is securely stored in physical and digital formats in accordance with industry standards. We implement technical and organizational measures to protect your personal data against unauthorized access, alteration, or disclosure. These measures include encryption, access controls, and regular security assessments&nbsp;F. Retention Period&nbsp;We shall keep a copy of your Personal data for a maximum of two (2) years after completion of our transaction with our guests and clients, unless we deem necessary to comply with any legal requirements or as may be required to do so by law or any government agency. After this period, your personal data will be securely deleted or anonymized.&nbsp;G. Your Rights as Data Subject&nbsp;As a data subject, you have the following rights in accordance with the Data Privacy Act, its IRR, and other relevant issuances:&nbsp;<ol><li>to be informed that your personal data will be, are being, or were, collected and processed;&nbsp;</li><li>to obtain reasonable access to information relating to you that we have on our computer database and/or manual filing system;&nbsp;</li><li>to object if the personal data processing involved is based on consent or legitimate interest;&nbsp;</li><li>to suspend, withdraw, or order the blocking, removal, or destruction of your personal data;&nbsp;</li><li>to claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, considering any violation of your rights and freedoms as a data subject;&nbsp;</li><li>to file a complaint if you feel that your data privacy rights were violated;&nbsp;</li><li>to dispute and have corrected any inaccuracy or error in the data that we hold about you about you; and&nbsp;</li><li>to data portability of your personal data.&nbsp;</li></ol>If you want to exercise any of your rights, or if you have any questions regarding the processing of your personal data, please contact our Data Privacy Officer through the following:&nbsp;Email: dpo.tagaytay@questhotelsandresorts.com&nbsp;Address: Behind Fora Lifestyle Mall, Diversion Road, Tagaytay, 4120 Cavite&nbsp;&nbsp;III THIRD-PARTY WEBSITES AND PHISHING WARNING&nbsp;Our Privacy Notice applies only to data collected by Fora Services Inc. External sites or booking platforms accessed via hyperlinks may have separate privacy policies and security measures.&nbsp;We strongly advise you to exercise caution when clicking on links or entering your personal information on unfamiliar or suspicious websites. Fora Services Inc will never ask for your passwords, credit card information, or personal details via unsolicited emails, text messages, or pop-up links.&nbsp;Beware of phishing attempts or fraudulent messages that may impersonate our company or staff. If you receive such communication, do not click any links or download attachments. Report it immediately to our Data Privacy Officer.&nbsp;IV AMENDMENTS&nbsp;We reserve the right to right to update, amend, or supplement this Data Privacy Notice and Consent Form to comply with relevant laws and government regulations, to adopt new techniques relevant to the collection and protection of data, or for other legitimate purposes. Changes will be posted at<a href="http://www.questhotelsandresorts.com/tagaytay/privacy-policy"> www.questhotelsandresorts.com/tagaytay/privacy-policy</a>&nbsp;

DATA PRIVACY NOTICE

DATA PRIVACY NOTICE