Privacy Notice

This Privacy Notice explains how the QCU Consumers Cooperative (“QCU Coop”, “we”, “us”) collects, uses, shares, and protects Personal Data in connection with our membership services, cooperative store, loans, and this website. We process Personal Data in accordance with the Data Privacy Act of 2012 (RA 10173), its IRR, and guidance from the National Privacy Commission (NPC).

1) Who we are & DPO contact

Controller: QCU Consumers Cooperative
Registered address: LG Bautista Building, Quezon City University, Quezon City, Philippines

Data Protection Officer (DPO):
Email: dpo@qcucoop.com · Phone:

We will update this section if our DPO details change.

2) Personal Data we collect

Identity & Contact: name, employee/staff ID, student/employee affiliation, postal address, email, phone.
Membership & Account: membership number, application forms, attendance in orientations, role in the cooperative.
Financial (for services/loans): payroll info (e.g., employee number, department), government IDs (e.g., TIN/SSS/GSIS/PhilHealth), income proofs, bank details (for disbursements), payment records.
Transaction & Usage: store purchases, web form submissions, uploaded files, service requests, audit logs.
Device/Cookie data: IP address, browser type, pages visited, basic analytics and security logs (no targeted advertising).

3) Why we process your data & lawful criteria

We process data under the lawful criteria in Sections 12 and 13 of RA 10173, including: consent, necessity for a contract/service, legal obligation, protection of vitally important interests, and legitimate interests with appropriate safeguards.

Purpose	Examples	Lawful criterion
Membership administration	Application review, orientation, maintaining member registry, communications	Contract / Legitimate interests
Coop store & services	Sales, receipts, account credits, patronage computations	Contract / Legitimate interests
Lending & finance	Eligibility checks, payroll coordination, loan releases & collections	Contract / Legal obligation / Consent (where needed)
Compliance & audits	CDA/NPC reporting, statutory books, incident handling	Legal obligation
IT/security & website	Access logs, anti-fraud, service stability, metrics	Legitimate interests

4) Sharing & disclosure

We do not sell Personal Data. We may share data with:

Service providers/Processors (e.g., web hosting, cloud storage, email/SMS, IT support, payment/banking partners) bound by data-processing agreements.
Government/Regulators where required by law (e.g., CDA, courts, NPC).
Partner institutions (e.g., payroll office or university departments) when necessary to deliver coop services.

5) Retention

We keep Personal Data only as long as needed for the purposes above, and as required by law or policy. Typical periods:

Membership records: active membership + 5 years
Loan files & financial records: per statutory retention (usually 10 years)
Website/application logs: 6–24 months (security & audit)

6) Security

We implement organizational, physical, and technical measures such as role-based access, encryption in transit, secure storage, logging/audits, least-privilege controls, and staff training. We promptly assess and, when required, notify the NPC and affected individuals of qualifying data breaches.

7) Your rights

Subject to law, you have the rights to be informed, access, object, erasure/blocking, rectification, data portability, and to file a complaint with the NPC. You may also seek damages for violations under RA 10173.

To exercise your rights, contact our DPO (see Section 1). We may ask for proof of identity and details to locate your records. We will respond within the timelines set by law.

8) Cookies & analytics

Our site uses essential cookies and basic analytics to operate and secure the service. We do not use behavioral advertising cookies. You can control cookies via your browser settings; disabling some cookies may affect site functionality.

9) Cross-border transfers

If a service provider stores data outside the Philippines, we ensure appropriate safeguards and that processing remains consistent with RA 10173 and NPC guidance.

10) Children’s data

Our services are primarily for QCU employees. We do not knowingly collect Personal Data from children under 18 without appropriate authority or parental consent. If you believe a child provided data without proper consent, please contact the DPO.

11) NPC registration status

We have designated a DPO and will register (or have registered) our DPO and applicable Data Processing Systems with the NPC as required by NPC Circular No. 2022-04.

12) Changes to this notice

We may update this Notice to reflect changes in law or our practices. We will indicate the latest effective date below and, where appropriate, notify members via email or on this site.

Effective date:

13) How to contact us

Email: info@qcucoop.com · DPO: dpo@qcucoop.com
Office: LG Bautista Building, Quezon City University, Quezon City

You may also contact the National Privacy Commission at privacy.gov.ph.