Privacy Policy

How we collect, use, and protect your personal information.

Last Updated: March 13, 2026

Introduction

This Privacy Policy is issued in compliance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), and relevant National Privacy Commission (NPC) issuances. It explains how Chronoreon collects, uses, and protects your personal information when you use our HR management platform.

This policy applies to all users of our service, including employees of businesses (subscribers) that use Chronoreon. Chronoreon acts as a Personal Information Controller for account and platform data, and as a Personal Information Processor for employee data processed on behalf of subscriber-employers.

Legal Basis for Processing

We process personal data only when we have a lawful basis to do so under RA 10173. The legal bases we rely on are:

  • Performance of a contract β€” payroll processing, HR management, and account administration necessary to deliver the services you subscribed to
  • Compliance with a legal obligation β€” where applicable, maintaining records required by Philippine law (note: Chronoreon is a computation tool; actual government remittances are the sole responsibility of the employer-subscriber)
  • Consent β€” for optional features, marketing communications, and analytics; you may withdraw consent at any time by contacting us or through your account settings
  • Legitimate interests β€” for platform security, fraud prevention, and service improvement, where such interests are not overridden by your rights

Data Collection

We collect the following types of information to provide and improve our services.

Personal Information

  • Full name and contact details
  • Email address and phone number
  • Employment details, job title, and work history
  • Salary and compensation figures for payroll computation
  • An optional generic identification field (type and value chosen by the employer-subscriber; government ID numbers such as TIN, SSS, PhilHealth, and Pag-IBIG are NOT collected by Chronoreon)

Technical Information

  • IP address and device information
  • Browser type and version
  • Cookie data and usage analytics
  • Service usage patterns and interactions

Sensitive Personal Information

Chronoreon is a payroll computation and HR management tool. It computes payroll deductions (SSS, PhilHealth, Pag-IBIG, and withholding tax) based on salary β€” it does NOT collect, store, or process government ID numbers (TIN, SSS number, PhilHealth PIN, Pag-IBIG ID) or bank account details. Money disbursement is handled entirely outside of our platform by the employer.

  • Basic salary and compensation figures entered by the employer-subscriber
  • Computed deduction amounts (SSS, PhilHealth, Pag-IBIG, withholding tax) derived from salary β€” these are calculated figures, not government ID numbers
  • An optional generic identification field (e.g., company ID number) β€” the type and value are chosen by the employer-subscriber

Salary and compensation data is processed on the basis of contract performance β€” it is necessary to deliver the payroll computation service you subscribed to.

Access to compensation data is restricted to authorized personnel of the subscriber's organization and to Chronoreon's authorized technical staff, subject to strict need-to-know controls. This data is never sold or shared with third parties for commercial purposes.

Because Chronoreon does not store TINs, SSS numbers, PhilHealth PINs, Pag-IBIG IDs, or bank account numbers, the employer retains full responsibility for the safekeeping of those credentials and for the actual remittance of contributions and taxes to the relevant government agencies.

How We Use Your Data

We use your information strictly for the following purposes:

  • Provide and maintain our HR management and payroll service (legal basis: contract)
  • Communicate with you about your account, service updates, and compliance matters (legal basis: contract)
  • Improve our services and develop new features (legal basis: legitimate interests)
  • Ensure the security and integrity of our platform and detect fraud (legal basis: legitimate interests)
  • Comply with legal obligations under Philippine law, including BIR, SSS, PhilHealth, and HDMF reporting requirements (legal basis: legal obligation)

Data Sharing

We do not sell your personal information to any third party. We only share data in the following limited circumstances:

We may share your information:

  • With your explicit written consent
  • With third-party service providers (e.g., Paddle for payment processing, cloud hosting providers) under data processing agreements that bind them to confidentiality and security obligations
  • To comply with lawful orders from Philippine courts, the NPC, BIR, DOLE, SSS, PhilHealth, HDMF, or other competent government authorities
  • To protect the rights, property, or safety of Chronoreon, our users, or the public as required by law

Data Security

We implement industry-standard and RA 10173-compliant security measures to protect your information:

  • End-to-end data encryption at rest and in transit using industry-standard protocols
  • Strict role-based access controls, multi-factor authentication, and need-to-know access policies
  • Regular security monitoring, vulnerability assessments, and audits
  • Secure backup and disaster recovery systems with tested restoration procedures

Data Retention

We retain personal data in accordance with our legal obligations under Philippine law. Retention periods vary by data type:

  • Payroll records, tax computations, and BIR-related data: minimum 10 years, as required by BIR Revenue Regulations and Section 235 of the Tax Code
  • Employment records and DOLE-mandated records: minimum 3 years after end of employment, as required by the Labor Code
  • SSS, PhilHealth, and HDMF contribution records: retained for the period required by each agency's regulations
  • Platform account credentials: deleted within 90 days of account termination
  • Technical logs and access records: 12 months

Upon expiry of the applicable retention period, personal data is securely and permanently deleted or anonymized. Data retained solely for legal compliance purposes is isolated from active platform data.

Your Rights Under RA 10173

Under the Data Privacy Act of 2012, you have the following rights regarding your personal information:

  • Right to be informed β€” to know that your personal data is being collected and processed, including the purpose, scope, and method of processing, before or at the time of collection
  • Right to access β€” to request a copy of your personal information held by us
  • Right to rectification β€” to correct inaccurate or incomplete data
  • Right to erasure/blocking β€” to request deletion or blocking of your personal data where processing is no longer necessary or lawful
  • Right to data portability β€” to obtain your personal data in a structured, commonly used format
  • Right to object β€” to object to processing of your personal data, including for direct marketing
  • Right to damages β€” to claim compensation for any damages suffered due to inaccurate, incomplete, outdated, or unlawfully processed personal data (Section 16(f), RA 10173)
  • Right to lodge a complaint with the NPC β€” to file a complaint with the National Privacy Commission if you believe your data privacy rights under RA 10173 have been violated

To exercise any of these rights, contact our Data Protection Officer or email hello@chronoreon.com. We will respond within 15 business days.

Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Cookies

We use cookies and similar technologies to enhance your experience:

  • Essential cookies required for basic functionality and security (cannot be disabled)
  • Analytics cookies to understand how our platform is used (may be disabled)
  • Preference cookies to remember your settings and preferences (may be disabled)

International Data Transfers

Your data may be stored and processed on servers located outside the Philippines (for example, cloud infrastructure in Asia-Pacific regions). When data is transferred internationally, we ensure the recipient provides an adequate level of protection consistent with RA 10173.

Safeguards in place include data processing agreements with contractual clauses that mirror RA 10173 obligations. We conduct due diligence on the data protection practices of all third-party processors. Sensitive Personal Information transferred internationally is subject to additional contractual protections.

Privacy Impact Assessment

In compliance with NPC Circular No. 17-03, Chronoreon conducts Privacy Impact Assessments (PIA) for high-risk processing activities involving Sensitive Personal Information, such as the processing of payroll data, government contribution numbers, and banking information. Our PIA process is reviewed and updated regularly.

Children's Privacy

Our service is intended for businesses and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us personal data without appropriate consent, we will delete it immediately.

Data Protection Officer

In compliance with Section 21 of the Data Privacy Act of 2012 and NPC Circular No. 17-01, Chronoreon has designated a Data Protection Officer (DPO) responsible for ensuring compliance with RA 10173 and handling all data privacy concerns.

To exercise your data subject rights, raise a privacy concern, or request information about how we process your data, contact our DPO:

hello@chronoreon.com

Filing a Complaint with the NPC

If you are not satisfied with our response or believe your data privacy rights have been violated, you have the right to lodge a complaint with the National Privacy Commission (NPC):

  • Address: 3/F Core G, DICT Building, C.P. Garcia Avenue, Diliman, Quezon City 1101
  • Email: complaints@privacy.gov.ph
  • Website: privacy.gov.ph

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law.

We will notify you of significant changes via email or through our platform, and update the "Last Updated" date at the top of this policy. We encourage you to review this policy periodically.

Contact Us

For general questions about this Privacy Policy, please contact us. For data privacy rights requests, please contact the DPO directly.

Email us at: hello@chronoreon.com