Xpress Privacy Statement

Last updated 10 December 2025

PARA XPRESS TECHNOLOGY SERVICES INC. ("Company", "we", "us", or "our") respects your privacy and is committed to protecting your personal data in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, its Implementing Rules and Regulations (IRR), and relevant issuances from the National Privacy Commission (NPC).

Please read this Privacy Statement carefully to understand our policies and practices regarding your personal data and how we will treat it. This statement explains how your personal data is collected, used, and disclosed by us. It also tells you how you can access and update your personal data and make certain choices about how your personal data is used. By using our website, you agree to the terms of this Privacy Statement. 

I. Scope

This Privacy Statement applies to all personal data collected by us through our websites, mobile apps, customer support channels, and other legitimate business activities. It applies to any individual who shares personal data with us, including but not limited to our customers, employees, drivers, applicants, service providers, and business partners.

We do not intentionally collect personal data from individuals under 18 years of age. If we become aware that personal data from a minor has been collected without appropriate consent, we will delete it as soon as possible. That said, we may process personal data of minors if it is provided directly by their parent or legal guardian, with clear and informed consent. We encourage individuals under 18 to seek permission from a parent or guardian before sharing any information with us online.

This Privacy Statement does not apply to third-party websites or services that may be linked to or accessible from our website. We encourage you to review the privacy statements of those third parties before providing any information.

II. What Personal Data are Collected?

Personal Data refers to any information that can be used to identify you directly or indirectly. This includes details such as your name, nationality, contact number, email address, photographs, bank and credit card information, government-issued IDs, biometric data, date of birth, civil status, health information, vehicle information, insurance information, employment information, financial information, and even online identifiers like your IP address or browsing behavior. When combined with other information, even data that may not seem personal on its own—like location data or device information—can become personal data if it can be linked to you.Depending on your relationship with us, we collect different types of personal data. The categories below explain what personal data we may collect from you:

A. Employees
We collect personal and sensitive information to manage the employment relationship and comply with legal obligations:  

- Full name, date and place of birth, gender, marital status, and nationality
- Contact details (e.g., home address, email, and phone number)
- Government-issued identifiers (e.g., TIN, SSS, PhilHealth, Pag-IBIG)
- Employment records (e.g., job title, position, department, work history, attendance)
- Educational background, training records, licenses, and certifications
- Bank account and other financial details (for payroll)
- Health and medical data (e.g., medical certificates, COVID-19 declarations, vaccination status)
- Performance appraisals, disciplinary records, and internal memos
- Biometric data (e.g., fingerprints or facial recognition for access control, if applicable)
- Emergency contact information
- Photographs or videos (e.g., for ID cards, internal communications, CCTV Footage)
- Signatures

B. Job Applicants
We process applicant information to evaluate qualifications and suitability for employment:

- Full name and contact details (e.g., address, mobile number, email address)
- Resume/Curriculum Vitae (CV), academic transcripts, and employment history
- Educational and Professional background, skills, and certifications
- Government-issued IDs and clearances (if submitted during application)
- Interview notes and pre-employment test results
- References or character endorsements
- Health and Medical information
- Documents submitted during background checks or job offers
- Signatures

C. Customers
We collect data from customers and clients to fulfill services, maintain accounts, and deliver customer support:

- Full name and preferred name
- Contact information (e.g., email, phone number, mailing/billing address)
- Profile and Account details (e.g., username, preferences, and communication settings)
- Government-issued ID (as may be required for verification, e.g., Know Your Customer (KYC))
- Ride and Transaction Information (e.g., pick-up and drop-off locations, routes, timestamps, fare amounts, and trip history)
- Payment and billing details (e.g., credit/debit card or bank account info)
- Customer service interactions (e.g., emails, chat transcripts, call recordings)
- Device and Log Data (e.g., IP address, device identifiers, operating system, and app version)
- Preferences, feedback, or responses to surveys
- Any documents you submit (e.g., IDs, proof of billing) for account verification or service requests

D. Drivers
When you register as a Driver or operate under our platform, we collect and process the following data:

- Full name, birthdate, address, contact details, and valid government-issued IDs (e.g., driver’s license, NBI clearance, and other identity documents)
- Driver’s license information, vehicle registration (OR/CR), insurance records, and photos of your vehicle
- Certificate of Public Convenience (CPC) or Provisional Authority (PA) registration documents with the Land Transportation Franchising and Regulatory Board (LTFRB), including related supporting permits and franchise details
- Results of driving history checks, background screenings, and compliance monitoring
- Trip completion rates, acceptance and cancellation records, passenger feedback, incident reports, and location data
- Bank account details, e-wallet numbers, and related payment records

E. Online Users
When you visit our website or online platforms, we may automatically collect technical and usage data through cookies or other tracking tools:

- IP address and geolocation data
- Browser type and version, device model, operating system
- Date and time of visit, referring URL, and pages visited
- Session duration and navigation behavior
- Clickstream data and interaction with website elements
- Login credentials (for registered users, where applicable)

F. Vendors, Suppliers, and Business Partners
We collect the necessary data to establish, manage, and evaluate business relationships:

- Name and contact details of authorized representatives
- Position, department, and professional affiliation
- Business name, address, and registration details
- Tax Identification Number (TIN), bank account details, and billing info
- Company profile, proposals, contracts, and due diligence documents
- Email correspondence, meeting notes, or submitted reports

If we require additional personal data from you, we will notify you of the reason and secure your consent, where applicable. Sensitive personal information is only collected when necessary, and always handled with extra care in accordance with applicable laws.

III. Why is the Personal Data Processed? (Purpose)

Your personal data is collected and processed by us for specific, legitimate, and lawful purposes. Below are the detailed reasons and objectives for which we may use and process your personal data:

To Provide Products and Services: We process your personal data to fulfill our obligations under any contracts you enter with us, including providing products, services, or subscriptions you request. This includes delivering requested information, processing transactions, and providing technical support.

To Facilitate Ride Booking and Transportation Services: We process your personal data to enable you to use our platform, including the booking and confirmation of rides, matching of customers and drivers, trip navigation, and communication between both parties.

To Manage Customer Accounts: Personal data is essential for establishing, maintaining, and managing customer accounts. This includes processing orders, payments, billing, and fulfilling customer service requests.

To Manage Driver Registration and Accreditation: We process personal data of driver to verify their identity and eligibility to operate, maintain driver profiles, and ensure compliance with the requirements of all relevant government agencies.

To Provide Customer Support and Assistance: If you encounter issues with our services or products, we may use your data to resolve problems, troubleshoot issues, and ensure that you receive the support needed in a timely manner.

To Enable Payment Processing and Fare Settlement: We collect and process payment and financial information to calculate fares, process electronic transactions, remit driver payouts, and issue receipts.

To Send Service-Related Notifications: We may send you important updates, system notifications, and notices about your account, service outages, or changes to our terms or policies.

To Improve Our Products and Services: Personal data allows us to analyze how our products and services are used, enabling us to enhance user experience, optimize functionality, and tailor offerings to better meet customer needs.

To Personalize Marketing Communications: We use personal data (such as preferences and interaction history) to personalize marketing efforts, such as product recommendations or special promotions based on your interests or previous purchases.

To Promote Products and Services: We may use your personal data to inform you about new products, services, or promotional offers that we think may interest you, through channels such as email, phone, or SMS.

To Manage Employment and Human Resources:  We process employee data to administer compensation, benefits, and performance evaluations; maintain personnel records; and comply with employment, tax, and labor requirements.

To Comply with Legal and Regulatory Obligations: We process personal data to meet legal requirements under local or international laws, regulations, and government orders. This includes adhering to data retention policies, tax and reporting obligations, and regulatory requirements for service providers.

To Ensure Compliance with Internal Policies: We may process personal data to ensure compliance with our internal policies and procedures, including data security measures, ethical guidelines, and code of conduct.

To Verify Identity and Prevent Fraud: We use personal data, including GPS and trip records, to enhance the safety of customers and drivers, provide emergency response support, detect and investigate fraudulent or unauthorized activity, and comply with law enforcement requests.

To Perform Any Other Purpose Authorized by Law: We may process personal data for any other lawful purpose as permitted by applicable data protection laws, with prior notice and consent where required.

IV. How do we collect the Personal Data?

We collect your personal data through various methods, ensuring transparency and compliance with relevant privacy laws. The collection methods depend on how you interact with our services, platforms, and communications. Below is a detailed description of the various ways in which we collect personal data:

- The most common way we collect personal data is when you provide it directly to us through various interactions with our website, platform, services, or customer support.
- When you fill out forms on our website, mobile apps, or other platforms (e.g., contact forms, eligibility assessments, survey responses).
- We also collect personal data automatically as you interact with our website, mobile apps, and other online platforms.
- In some cases, we may collect personal data from third-party sources, such as service providers, social media platforms, and business partners. This data is used in conjunction with the information you have provided to us directly.
- Some personal data is collected as a result of your direct interaction with our services or products.
- We may also collect and process personal data in compliance with legal requirements and obligations.

V. What are the rights of a Data Subject?

As a data subject, you are entitled to certain rights under the DPA and other applicable privacy regulations. We are committed to upholding these rights and ensuring that your personal data is handled in a fair, lawful, and transparent manner. Below are your key rights and what each one means:

1. The right to access Personal Data 
Under the DPA, it is possible for individuals to request access to any of their Personal Data held by us, subject to certain restrictions. A request for disclosure of such information is called a subject access request.

2. The right to make corrections to Personal Data
The DPA requires us to take reasonable steps to ensure that any Personal Data it processes is accurate and updated. It is your responsibility to inform us of any changes to the Personal Data that you have supplied to us during our relationship.

3. The right to object to the processing of Personal Data 
You have the right to object to the processing of your Personal Data. You shall also be notified and be given an opportunity to withhold consent to the processing in case of changes or any amendment to the information made known to you in this Privacy Statement.

Keep in mind that while you do have the right to withdraw the consent you have given, please note that this withdrawal will not stop us from processing your personal data so long as there are other legal bases to do so. In other words, if you withdraw your consent, we can only stop the processing activities that rely on your consent. If, however, we cannot give you a legal basis to justify the continued processing of your personal data, we will either stop the processing and delete your personal data or anonymize it.

Also, please note that some of the Personal Data you have provided to us is necessary for us to comply with statutory and regulatory requirements, as well as our administrative policies. Hence, the collection and processing of these pieces of Personal Data is mandatory.

4. The right to erasure or blocking of Personal Data
You have the right to suspend, withdraw or order the blocking, removal, or destruction of your Personal Data from our filing system. However, the exercise of this right is subject to certain conditions as specified by the DPA.

5. The right to be informed of the existence of processing of your Personal Data 
You have the right to be informed whether Personal Data pertaining to you shall be, is being, or have been processed, including the existence of automated decision-making and profiling.

6. The right to portability
This right allows you to get a copy of the Personal Data we have on you in a structure, commonly used, and machine-readable format.

7. The right to damages
Upon presentation of a valid decision, we recognize your right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your Personal Data, taking into account any violation of your rights and freedoms as a data subject.

8. The right to lodge a complaint before the National Privacy Commission
In case you feel that any of your privacy rights have been violated, you have the right to file a complaint with the NPC. However, we encourage you to come to us first so we can resolve your complaint.

To exercise your rights, please contact our Data Protection Officer using the details below. We may request supporting documents to process your request. If someone else submits the request on your behalf, they must provide proof of authorization; otherwise, it will be rejected. Any identification provided will be processed in compliance with applicable laws. In some cases, we may deny your request and, if permitted, inform you of the reason. A reasonable fee may apply to cover processing costs.

VI. How long is the Personal Data retained?

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by applicable laws, regulations, or contractual obligations. The retention period varies depending on the nature of the data, the purpose of processing, and legal or operational requirements.

When personal data is no longer required for any legal, contractual, or operational purpose, we take the following steps:

- Secure Deletion: Personal data in electronic form is permanently deleted from our databases and backups using secure deletion protocols.
- Physical Destruction: Printed documents containing personal data are shredded, pulped, or otherwise disposed of securely.
- Anonymization: In some cases, we may anonymize data so that it can no longer be used to identify a person. Anonymized data may be used for statistical, research, or analytical purposes.

VII. What Security Measures do we employ?

We implement a comprehensive set of technical, organizational, and physical safeguards to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction. These include the use of encryption technologies, secure networks and firewalls, intrusion detection systems, role-based access controls, regular system audits, security awareness training for employees, and strict facility access protocols. We also have an incident response plan in place to manage and mitigate data breaches, including notifying the National Privacy Commission and affected individuals when legally required. However, while we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

VIII. Who do we share the Personal Data to?

We may disclose your personal data to the following parties, subject to appropriate safeguards:

- Internal Recipients: Authorized employees and personnel who require access to personal data for legitimate business functions and only on a need-to-know basis;
- Service Providers and Contractors: Third-party providers engaged to perform outsourced services such as IT support, data analytics, cloud storage, marketing, billing, logistics, recruitment, and customer service, subject to the appropriate data transfer agreements and due diligence procedures;
- Affiliates and Subsidiaries: Other entities within the same corporate group, provided the disclosure is consistent with the original purpose of data collection;
- Regulatory and Law Enforcement Agencies: Government bodies or law enforcement authorities when disclosure is required by law, subpoena, or court order, or necessary for the protection of legal rights;
- Auditors, Legal Counsels, and Consultants: External advisors who assist in our legal, compliance, financial, or operational matters, subject to confidentiality obligations;
- Other Third Parties: Entities to whom you have expressly consented or where disclosure is otherwise legally permissible.

We ensure that all third-party recipients of personal data adhere to the same high standards of data privacy and security.

XI. Updates to this Privacy Statement

We reserve the right to update or modify this Privacy Statement at any time, in response to changes in relevant laws, regulations, or business practices. Material changes will be prominently posted on our website, and where appropriate, we will notify you via email or other contact information you have provided. Continued use of our services following any update constitutes your acceptance of the revised policy.

We encourage you to periodically review this Privacy Statement to stay informed about how we are protecting your personal data.

X. Cookies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, improve website performance, and deliver personalized content or advertisements. Cookies are small text files placed on your device when you visit a website. These allow us to recognize your browser or device and store certain information such as user preferences and session data.

We use the following types of cookies:

Strictly Necessary Cookies
These cookies are essential for you to browse the website and use its features, such as accessing secure areas.

Performance and Analytics Cookies
These cookies collect anonymous data on how users interact with the website, including pages visited and error messages received, to help us improve functionality and usability.

Functionality Cookies
These cookies allow our website to remember your preferences (e.g., language, region) and provide enhanced, more personalized features.

Targeting or Advertising Cookies
These cookies are used to deliver advertisements that may be relevant to your interests. They may also limit how often you see an ad and help measure the effectiveness of advertising campaigns. These cookies may be set by us or by third-party advertising partners.

You have control over your cookie preferences. Most web browsers allow you to manage or disable cookies through your browser settings. However, disabling certain cookies may affect your ability to use some features of the website.

By continuing to use our website without changing your browser settings, you consent to our use of cookies in accordance with this Privacy Statement and applicable data privacy laws.

XI. Contact Details of the Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Statement or how we handle your personal data, you may contact our Data Protection Officer:

Data Protection Officer
3rd Floor, 3 Brixton Building, Brixton Street, Pasig City
dpo@xpress.com.ph

#3 Brixton Bldg., Brixton Street, Brgy. Kapitolyo, Pasig, Metro Manila
Solutions
Xpress for BusinessLGU Partnership
Quick Links
Help CentreBoracay
All rights reserved. Xpress ©2025
Terms and Conditions of ServicePrivacy Statement