Data Privacy Policy

I’M Onsen and Spa Inc. (IOSI, I’M Onsen Spa, we or us) value your privacy by providing appropriate measures in protecting and managing all confidential and sensitive information that you may provide to IOSI and/or those that IOSI may collect from you (Personal Data).

Thank you for visiting our website, (Website). To make your online visit pleasant and safe, this policy (Privacy Policy) tells you how we collect, use, share, retain and dispose your personal data.

Please read this Privacy Policy before using the Website or submitting any personal information. By using the Website and submitting your Personal Data to us, you agree to the processing set out and accept the practices described in this Privacy Policy. These practices may be changed, but any changes will be posted and changes will only apply to activities and information on a going forward, not retroactive basis. You are encouraged to review the privacy policy whenever you visit the Website to make sure that you understand how any personal information will be used. If there are any additional uses of your Personal Data, we will provide you with the ability to opt-in or out of those additional uses.

This Website is not intended for children and minors (under age eighteen) and we do not knowingly solicit or collect Personal Data from children and minors. As a parent or legal guardian, please do not allow your children to submit Personal Data without your permission.

I. Personal Data we collect and process
II. Using your Personal Data
III. Sharing of your Personal Data
IV. Commitment to Data Security
V. Tracking (Cookie) Technology
VI. Changes in Privacy Policy
VII. Your Rights
VIII. Contact Us


I. Personal Data we collect and process


Personal data refers to all types of personal information, sensitive and privileged information that can be used to identify you as an individual.

The following common type of data may be collected and processed:

  • Personal information when you submit a job application , such as full name, nickname, home addresses/billing address/shipping address, e-mail address, employment information, telephone, other personal contact numbers;
  • Sensitive Information such as age, nationality, marital status, gender, health, education and government issued identification document which includes, but not limited to identity (ID) cards, licenses, social security number;
  • Employment record such as educational background, employment history, certifications, trainings attended, resume and income information of your previous jobs;
  • Payment Information such as credit history, bank account, credit card, and debit card information you have provided as a result of our transaction.
  • Correspondence: any additional Personal Data that you may provide through your correspondence(s) with IOSI.
  • Details of your visits to the Website and use of computer or mobile applications: When you navigate through and interact with the Website, depending on your settings, we may use automatic data collection technologies (e.g., cookies, web beacons, small data text files or similar technologies) to obtain certain information about your equipment, browsing actions, and patterns, such as: traffic data, location data, logs, and other communication data and the resources that you access and use on the Website; as well as IP address, operating system, and browser type.


We collect the Personal Data when you:

  • Purchase any of our, products, or avail of services and promotions;
  • Submit information through any form on our digital platforms or contact us through any of our social media accounts;
  • Provide personal information in relation to enquiries, requests, and complaints
  • Respond to surveys, promotions, and other marketing and sales initiatives;
  • Subscribe to our newsletter by indicating your email address; and,
  • Submit a job application;
  • Submit a proposal and/or business-related documents;
  • Fill-out our forms and submit necessary documents;

Please note that you are responsible for ensuring that all such personal data you submit through this website is accurate, complete and up-to-date.


II. Using your Personal Data


To allow us to comply with our corporate policies to its employees as well as with regulatory requirements being observed by IOSI as an employer, developer, controller, processor and third party, it is important that I’M Onsen Spa collects, uses, stores and retains your personal data when it is reasonable and necessary for a declared and specific purpose.

We may use your Personal Data in the following ways:

  • To facilitate your booking;
  • To provide customer care activities, monitor our quality and security, and provide services timely and efficiently;
  • To respond to specific complaints, enquiries, requests or to provide requested information;
  • To notify and update you (through call, text or email) about our complimentary, commercial and promotional advertisements, loyalty and rewards offers, exclusive invites, discounts, surveys, and other direct marketing that we deemed relevant and beneficial to you based on your preference and interest initially provided to us or made aware of, with which you can opt-out anytime should you prefer not to receive these notifications.
  • For you to provide reviews in our products and services;
  • To generate statistical insights;
  • To conduct research and analysis (through surveys or polls) in order to improve customer experience/satisfaction;
  • To conduct appropriate due diligence checks;
  • To evaluate your proposal including your manpower, technical and operational capacity;
  • To assess the viability of your proposal and process your accreditation;
  • To communicate any decision on such proposal and issue a letter of award together with the contract; perform any other action as may be necessary to implement the terms and conditions of our contract
  • To comply with IOSI’s obligations under law and as required by government organizations and/or agencies such as, but not limited to, the following: NPC, BIR, HDMF or Pag-IBIG, PhilHealth, SSS and so on;
  • To comply with legal and regulatory requirements or obligations; and,
  • To perform such other processing or disclosure that may be required under law or regulations.


III. Sharing of your Personal Data


We may disclose and share your Personal Data, subject to compliance with applicable laws and regulations, or as necessary for the proper execution of processes related to the declared purposes in this Privacy Policy, as follows:

  • To help us undertake the activities described in Section II, we may share your Personal Data to our affiliates, subsidiaries, partner companies, organizations, or agencies who are bound by contractual obligations to process your Personal Data on our behalf. These parties are contractually prohibited from using Personal Data for any purpose other than for the purpose specified in their respective contracts, and will be subject to obligations to process Personal Data in compliance with the same safeguards that we deploy.
  • Law enforcement and government agencies and regulatory bodies; The use or disclosure is reasonably necessary, required or authorized by or under law (such as for criminal investigation, as requested by court of law).
  • If necessary or appropriate to protect the rights, property, or safety of IOSI, our subsidiaries and affiliates, officers, employees customers, or other third parties;
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all IOSI’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by IOSI about our Website users is among the assets transferred;
  • To conduct investigations of breaches of IOSI’s internal policies, laws and regulations, enforce appropriate sanctions and pursue legal actions if necessary.
  • All third parties, with which we share this personal data are required to use your personal data in a manner that is consistent with this Privacy Policy.


IV. Commitment to Data Security


Protecting your Personal Data


Your personally identifiable information is kept secure. Only authorized employees, agents and contractors (who have contractually agreed to keep information secure and confidential) will have access to this information.

We strictly enforce our Privacy Policy and we have implemented technical, organizational, and physical measures designed to protect the confidentiality, integrity, and availability of your Personal Data and secure such Data from destruction, unauthorized access, alteration, disclosure, fraudulent misuse and/or any other unlawful processing, as well as other natural and human dangers.

Please be aware that that there is a risk inherent in sending information online, use of e-mail and facsimile. We recommend that you do not include any sensitive information including credit card details when submitting information online, using e-mail, facsimile or when using any public computers/public WIFI.


Security Controls


We keep and protect your personal data in our Customer Information and Reservation System using a subcontractor’s secured server behind firewalls, deploying encryption on computing devices and physical security controls.

Any personal data that you provide on this Website is initially processed and stored by IOSI. Using a secured connection, only authorized IOSI personnel can then access and download your personal data from this website.


How we store your Personal Data


IOSI reserves the right to retain your personal data in our files located in the Philippines under certain circumstances such as when your personal data may be necessary to resolve disputes, or IOSI is required to do so by law or in the good faith; provided that such action is necessary to comply with a legal obligation and/or protect and defend the rights or property IOSI or its affiliates.

If IOSI is required to retain any portion of your personal data for such purposes, it shall use reasonable efforts to limit such data to what is necessary to accomplish the particular purpose until the purpose expires.

Retention periods is maximum of five (5) years counted from the date provided to WHMI or when they were collected. This shall be based on needs of IOSI and your Personal Data that is no longer needed is either irreversibly anonymized (and the anonymized information may be retained) or securely destroyed.


V. Tracking (Cookie) Technology


The Website may use cookie and tracking technology depending on the features offered.

Cookie and tracking technology is useful for gathering information such as browser settings and operating system. This helps us understand which parts of the website are the most frequently visited, number of visitors and the amount of time spent in browsing the website. Cookies can also help customize the Website for visitors. Personal information cannot be collected via cookies and other tracking technology. The information that is gathered through cookies is used solely to assist in improving Website design and functionality. An aggregate cookie and tracking information may be shared with third parties.


VI. Changes in Privacy Policy


From time to time, it may be necessary for IOSI to change this Privacy Policy. If we change our Privacy Policy, we will post the revised version here in the Website and will take effect immediately, so we suggest that you check here periodically for the most up-to-date version of our Privacy Policy. Rest assured, however, that any changes will not be retroactively applied and will not alter how we handle previously collected personal data without obtaining your consent, unless required by law.


VII. Your Rights


You have the right to access, modify, erase and object to processing your personal data within a reasonable time after such request subject to various exceptions and data protection laws in your country.

You may send us an email to request access to, correct and/or delete any Personal Data that you have provided to us. We may only delete your Personal data if we no longer have a lawful ground for use. We may not accommodate your request if we believe this would violate any law or legal requirement or cause the Personal Data to be incorrect.

In the unlikely event of a data breach, we are prepared to follow any laws and regulations which would require us to notify you of the disclosure of private information.

Should you have any enquiries, feedbacks on this Privacy Policy, and/or complaints to I’M Onsen Spa, you may reach us as set out in Section VIII below.


VIII. Contact Us


If you have any questions, concerns, or comments about our Privacy Policy or our processing of your Personal Data, you may contact us using the information below:

I’M Onsen Spa
Data Protection Officer: [email protected]
Upper Ground Floor, I’M Hotel, 7862 Makati Avenue corner Kalayaan Avenue,
Makati, Philippines 1210
+63277557877 | [email protected]