Privacy Policy

Cafe Amadeo Development Cooperative ("CADC," "we," "us," or "our") is committed to protecting the privacy and security of all personal information we collect in the course of our operations. This Privacy Policy applies to all individuals who interact with CADC, including but not limited to:

• Members and membership applicants
• Customers and clients of our products and services
• Employees, job applicants, and contractors
• Visitors to our facilities and website
• Vendors, suppliers, and business partners
• Donors and supporters

This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173).

This Privacy Policy covers the processing of personal information in relation to:

• Membership Operations: Membership applications, services, and transactions
• Agricultural Services: Coffee farming support, product purchases, and technical assistance
• Financial Services: Savings, loans, credit, and other financial products
• Retail Operations: Café and product sales at our physical and online stores
• Employment: Job applications, employee records, and human resources
• Community Programs: Training, education, and community development initiatives
• Website and Digital Platforms: Online interactions through our website and social media

Depending on your relationship with CADC, we may collect:

A. For Members and Customers:

• Personal identification details (name, birth date, nationality)
• Contact information (address, email, phone numbers)
• Government IDs and numbers (TIN, SSS, PhilHealth, etc.)
• Financial information (income, bank details, credit history)
• Agricultural information (farm details, production data, land ownership)
• Transaction records (purchases, payments, loans)

B. For Job Applicants and Employees:

• Resume/CV information and employment history
• Educational background and qualifications
• References and background check information
• Payroll and benefits information
• Performance evaluations and training records

C. For Website Visitors:

• IP address, browser type, and device information
• Cookies and usage data
• Information provided through contact forms
• Social media interactions

D. For Business Partners and Vendors:

• Business contact information
• Company registration details
• Contract and payment information
• Performance and service records

We use personal information for legitimate business purposes, including:

• Service Delivery: To provide cooperative services, process transactions, and fulfill orders
• Membership Management: To process applications, maintain membership records, and provide benefits
• Financial Operations: To process loans, savings, and other financial services
• Employment Processing: To evaluate job applications and manage employment relationships
• Communication: To send important notices, updates, and promotional materials (with consent)
• Legal Compliance: To comply with cooperative laws, tax regulations, and other legal requirements
• Research and Development: To improve our products, services, and community programs
• Security: To protect our facilities, assets, and information systems
• Community Development: To plan and implement community programs and initiatives

We process personal information based on one or more of the following legal bases:

• Contractual Necessity: Processing necessary for the performance of a contract
• Legal Obligation: Processing necessary to comply with legal requirements
• Legitimate Interests: Processing necessary for our legitimate business interests
• Consent: Processing based on your explicit consent (which can be withdrawn at any time)
• Vital Interests: Processing necessary to protect someone's life
• Public Interest: Processing necessary for tasks carried out in the public interest

We may share personal information with:

• Regulatory Authorities: As required by law (e.g., Cooperative Development Authority, BIR, etc.)
• Financial Institutions: For banking and payment processing
• Service Providers: Trusted partners who assist in our operations (under confidentiality agreements)
• Affiliated Cooperatives: For joint programs and initiatives
• Auditors and Legal Advisors: For professional services
• Emergency Services: In case of emergencies affecting health or safety

We do not sell personal information to third parties for marketing purposes.

We implement comprehensive security measures including:

• Physical security controls at our facilities
• Encryption of sensitive data in transit and at rest
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Employee training on data protection
• Incident response and breach notification procedures
• Secure disposal of records

We retain personal information only for as long as necessary:

• Membership records: 10 years after membership termination
• Financial records: 10 years as required by tax laws
• Employee records: 5 years after employment ends
• Transaction records: 5 years
• Website logs: 1 year

After retention periods expire, we securely dispose of or anonymize the information.

You have the following rights regarding your personal information:

• Right to be Informed: Know how your data is being processed
• Right to Access: Request copies of your personal information
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data under certain conditions
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time
• Right to File a Complaint: Lodge complaints with the National Privacy Commission

As a local cooperative based in Amadeo, Cavite, we primarily process data within the Philippines. If international transfers occur (e.g., for coffee exports), we ensure adequate protection measures are in place and comply with applicable data protection laws.

We do not knowingly collect personal information from children under 18 without parental consent. Our youth programs collect minimal information with explicit parental consent.

We may update this Privacy Policy periodically. Significant changes will be communicated through appropriate channels (website notices, email, or physical notices at our office). The updated version will be posted on our website with the revised "Last Updated" date.